package org.apache.ambari.server.serveraction.kerberos;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
import org.apache.ambari.server.utils.ShellCommandUtil;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KerberosKeyFactory;
import org.apache.directory.server.kerberos.shared.keytab.Keytab;
import org.apache.directory.server.kerberos.shared.keytab.KeytabEntry;
import org.apache.directory.shared.kerberos.KerberosTime;
import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
import org.apache.directory.shared.kerberos.components.EncryptionKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.class */
public abstract class KerberosOperationHandler {
    public static final String KERBEROS_ENV_LDAP_URL = "ldap_url";
    public static final String KERBEROS_ENV_PRINCIPAL_CONTAINER_DN = "container_dn";
    public static final String KERBEROS_ENV_USER_PRINCIPAL_GROUP = "ipa_user_group";
    public static final String KERBEROS_ENV_AD_CREATE_ATTRIBUTES_TEMPLATE = "ad_create_attributes_template";
    public static final String KERBEROS_ENV_KDC_CREATE_ATTRIBUTES = "kdc_create_attributes";
    public static final String KERBEROS_ENV_ENCRYPTION_TYPES = "encryption_types";
    public static final String KERBEROS_ENV_KDC_HOSTS = "kdc_hosts";
    public static final String KERBEROS_ENV_ADMIN_SERVER_HOST = "admin_server_host";
    public static final String KERBEROS_ENV_KADMIN_PRINCIPAL_NAME = "kadmin_principal_name";
    public static final String KERBEROS_ENV_EXECUTABLE_SEARCH_PATHS = "executable_search_paths";
    private PrincipalKeyCredential administratorCredential = null;
    private String defaultRealm = null;
    private Set<EncryptionType> keyEncryptionTypes = new HashSet(DEFAULT_CIPHERS);
    private boolean open = false;
    private String[] executableSearchPaths = null;
    private static final Logger LOG = LoggerFactory.getLogger(KerberosOperationHandler.class);
    private static final String[] DEFAULT_EXECUTABLE_SEARCH_PATHS = {"/usr/bin", "/usr/kerberos/bin", "/usr/sbin", "/usr/lib/mit/bin", "/usr/lib/mit/sbin"};
    private static final Map<String, Set<EncryptionType>> ENCRYPTION_TYPE_TRANSLATION_MAP = Collections.unmodifiableMap(new HashMap<String, Set<EncryptionType>>() { // from class: org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler.1
        {
            put("aes", EnumSet.of(EncryptionType.AES256_CTS_HMAC_SHA1_96, EncryptionType.AES128_CTS_HMAC_SHA1_96));
            put("aes256-cts-hmac-sha1-96", EnumSet.of(EncryptionType.AES256_CTS_HMAC_SHA1_96));
            put("aes256-cts", EnumSet.of(EncryptionType.AES256_CTS_HMAC_SHA1_96));
            put("aes-256", EnumSet.of(EncryptionType.AES256_CTS_HMAC_SHA1_96));
            put("aes128-cts-hmac-sha1-96", EnumSet.of(EncryptionType.AES128_CTS_HMAC_SHA1_96));
            put("aes128-cts", EnumSet.of(EncryptionType.AES128_CTS_HMAC_SHA1_96));
            put("aes-128", EnumSet.of(EncryptionType.AES128_CTS_HMAC_SHA1_96));
            put("rc4", EnumSet.of(EncryptionType.RC4_HMAC));
            put("arcfour-hmac", EnumSet.of(EncryptionType.RC4_HMAC));
            put("rc4-hmac", EnumSet.of(EncryptionType.RC4_HMAC));
            put("arcfour-hmac-md5", EnumSet.of(EncryptionType.UNKNOWN));
            put("arcfour-hmac-exp", EnumSet.of(EncryptionType.RC4_HMAC_EXP));
            put("rc4-hmac-exp", EnumSet.of(EncryptionType.RC4_HMAC_EXP));
            put("arcfour-hmac-md5-exp", EnumSet.of(EncryptionType.UNKNOWN));
            put("camellia", EnumSet.of(EncryptionType.UNKNOWN));
            put("camellia256-cts-cmac", EnumSet.of(EncryptionType.UNKNOWN));
            put("camellia256-cts", EnumSet.of(EncryptionType.UNKNOWN));
            put("camellia128-cts-cmac", EnumSet.of(EncryptionType.UNKNOWN));
            put("camellia128-cts", EnumSet.of(EncryptionType.UNKNOWN));
            put("des", EnumSet.of(EncryptionType.DES_CBC_CRC, EncryptionType.DES_CBC_MD5, EncryptionType.DES_CBC_MD4));
            put("des-cbc-md4", EnumSet.of(EncryptionType.DES_CBC_MD4));
            put("des-cbc-md5", EnumSet.of(EncryptionType.DES_CBC_MD5));
            put("des-cbc-crc", EnumSet.of(EncryptionType.DES_CBC_CRC));
            put("des-cbc-raw", EnumSet.of(EncryptionType.UNKNOWN));
            put("des-hmac-sha1", EnumSet.of(EncryptionType.UNKNOWN));
            put("des3", EnumSet.of(EncryptionType.DES3_CBC_SHA1_KD));
            put("des3-cbc-raw", EnumSet.of(EncryptionType.UNKNOWN));
            put("des3-cbc-sha1", EnumSet.of(EncryptionType.DES3_CBC_SHA1_KD));
            put("des3-hmac-sha1", EnumSet.of(EncryptionType.UNKNOWN));
            put("des3-cbc-sha1-kd", EnumSet.of(EncryptionType.DES3_CBC_SHA1_KD));
        }
    });
    private static final Set<EncryptionType> DEFAULT_CIPHERS = Collections.unmodifiableSet(new HashSet<EncryptionType>() { // from class: org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler.2
        {
            add(EncryptionType.DES_CBC_MD5);
            add(EncryptionType.DES3_CBC_SHA1_KD);
            add(EncryptionType.RC4_HMAC);
            add(EncryptionType.AES128_CTS_HMAC_SHA1_96);
            add(EncryptionType.AES256_CTS_HMAC_SHA1_96);
        }
    });

    public void open(PrincipalKeyCredential principalKeyCredential, String str, Map<String, String> map) throws KerberosOperationException {
        setAdministratorCredential(principalKeyCredential);
        setDefaultRealm(str);
        if (map != null) {
            setKeyEncryptionTypes(translateEncryptionTypes(map.get(KERBEROS_ENV_ENCRYPTION_TYPES), "\\s+"));
            setExecutableSearchPaths(map.get(KERBEROS_ENV_EXECUTABLE_SEARCH_PATHS));
        }
    }

    public void close() throws KerberosOperationException {
        setOpen(false);
    }

    public abstract boolean principalExists(String str, boolean z) throws KerberosOperationException;

    public abstract Integer createPrincipal(String str, String str2, boolean z) throws KerberosOperationException;

    public abstract Integer setPrincipalPassword(String str, String str2, boolean z) throws KerberosOperationException;

    public abstract boolean removePrincipal(String str, boolean z) throws KerberosOperationException;

    public boolean testAdministratorCredentials() throws KerberosOperationException {
        if (!isOpen()) {
            throw new KerberosOperationException("This operation handler has not been opened");
        }
        PrincipalKeyCredential administratorCredential = getAdministratorCredential();
        if (administratorCredential == null) {
            throw new KerberosOperationException("Missing KDC administrator credential");
        }
        return principalExists(administratorCredential.getPrincipal(), false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Keytab createKeytab(String str, String str2, Integer num) throws KerberosOperationException {
        Map kerberosKeys;
        if (StringUtils.isEmpty(str)) {
            throw new KerberosOperationException("Failed to create keytab file, missing principal");
        }
        if (str2 == null) {
            throw new KerberosOperationException(String.format("Failed to create keytab file for %s, missing password", str));
        }
        HashSet hashSet = new HashSet(this.keyEncryptionTypes);
        ArrayList arrayList = new ArrayList();
        Keytab keytab = new Keytab();
        if (!hashSet.isEmpty() && (kerberosKeys = KerberosKeyFactory.getKerberosKeys(str, str2, hashSet)) != null) {
            byte byteValue = num == null ? (byte) 0 : num.byteValue();
            KerberosTime kerberosTime = new KerberosTime();
            Iterator it = kerberosKeys.values().iterator();
            while (it.hasNext()) {
                arrayList.add(new KeytabEntry(str, 1, kerberosTime, byteValue, (EncryptionKey) it.next()));
            }
            keytab.setEntries(arrayList);
        }
        return keytab;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean createKeytabFile(File file, File file2) throws KerberosOperationException {
        return createKeytabFile(readKeytabFile(file), file2);
    }

    protected boolean createKeytabFile(String str, String str2, Integer num, File file) throws KerberosOperationException {
        return createKeytabFile(createKeytab(str, str2, num), file);
    }

    public boolean createKeytabFile(Keytab keytab, File file) throws KerberosOperationException {
        if (file == null) {
            throw new KerberosOperationException("The destination file path is null");
        }
        try {
            mergeKeytabs(readKeytabFile(file), keytab).write(file);
            return true;
        } catch (IOException e) {
            LOG.error("Failed to export keytab file", e);
            if (!file.delete()) {
                file.deleteOnExit();
            }
            throw new KerberosOperationException("Failed to export keytab file", e);
        }
    }

    protected Keytab mergeKeytabs(Keytab keytab, Keytab keytab2) {
        List emptyList = keytab == null ? Collections.emptyList() : new ArrayList(keytab.getEntries());
        List emptyList2 = keytab2 == null ? Collections.emptyList() : new ArrayList(keytab2.getEntries());
        ArrayList arrayList = new ArrayList();
        if (emptyList.isEmpty()) {
            arrayList.addAll(emptyList2);
        } else if (emptyList2.isEmpty()) {
            arrayList.addAll(emptyList);
        } else {
            Iterator it = emptyList.iterator();
            while (it.hasNext()) {
                KeytabEntry keytabEntry = (KeytabEntry) it.next();
                Iterator it2 = emptyList2.iterator();
                while (true) {
                    if (it2.hasNext()) {
                        KeytabEntry keytabEntry2 = (KeytabEntry) it2.next();
                        if (keytabEntry2.getPrincipalName().equals(keytabEntry.getPrincipalName()) && keytabEntry2.getKey().getKeyType().equals(keytabEntry.getKey().getKeyType())) {
                            it.remove();
                            break;
                        }
                    }
                }
            }
            arrayList.addAll(emptyList);
            arrayList.addAll(emptyList2);
        }
        Keytab keytab3 = new Keytab();
        keytab3.setEntries(arrayList);
        return keytab3;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Keytab readKeytabFile(File file) {
        Keytab keytab;
        if (file.exists() && file.canRead() && file.length() > 0) {
            try {
                keytab = Keytab.read(file);
            } catch (IOException e) {
                keytab = null;
            }
        } else {
            keytab = null;
        }
        return keytab;
    }

    public PrincipalKeyCredential getAdministratorCredential() {
        return this.administratorCredential;
    }

    public void setAdministratorCredential(PrincipalKeyCredential principalKeyCredential) throws KerberosAdminAuthenticationException {
        if (principalKeyCredential == null) {
            throw new KerberosAdminAuthenticationException("The administrator credential must not be null");
        }
        if (StringUtils.isEmpty(principalKeyCredential.getPrincipal())) {
            throw new KerberosAdminAuthenticationException("Must specify a principal but it is null or empty");
        }
        if (ArrayUtils.isEmpty(principalKeyCredential.getKey())) {
            throw new KerberosAdminAuthenticationException("Must specify a password but it is null or empty");
        }
        this.administratorCredential = principalKeyCredential;
    }

    public String getDefaultRealm() {
        return this.defaultRealm;
    }

    public void setDefaultRealm(String str) {
        this.defaultRealm = str;
    }

    public Set<EncryptionType> getKeyEncryptionTypes() {
        return this.keyEncryptionTypes;
    }

    public void setKeyEncryptionTypes(Set<EncryptionType> set) {
        this.keyEncryptionTypes = Collections.unmodifiableSet(new HashSet(set == null ? DEFAULT_CIPHERS : set));
    }

    public String[] getExecutableSearchPaths() {
        return this.executableSearchPaths;
    }

    public void setExecutableSearchPaths(String[] strArr) {
        this.executableSearchPaths = strArr;
    }

    public void setExecutableSearchPaths(String str) {
        ArrayList arrayList = null;
        if (str != null) {
            arrayList = new ArrayList();
            for (String str2 : str.split(",")) {
                String trim = str2.trim();
                if (!trim.isEmpty()) {
                    arrayList.add(trim);
                }
            }
        }
        setExecutableSearchPaths(arrayList == null ? null : (String[]) arrayList.toArray(new String[arrayList.size()]));
    }

    public boolean isOpen() {
        return this.open;
    }

    public void setOpen(boolean z) {
        this.open = z;
    }

    protected File createKeytabFile(String str) throws KerberosOperationException {
        boolean z = false;
        File file = null;
        try {
            file = File.createTempFile("temp", ".dat");
        } catch (IOException e) {
            LOG.error(String.format("Failed to create temporary keytab file: %s", e.getLocalizedMessage()), e);
        }
        if (file != null && str != null) {
            FileOutputStream fileOutputStream = null;
            try {
                try {
                    fileOutputStream = new FileOutputStream(file);
                    fileOutputStream.write(Base64.decodeBase64(str));
                    z = true;
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (IOException e2) {
                        }
                    }
                    if (1 == 0) {
                        if (!file.delete()) {
                            file.deleteOnExit();
                        }
                        file = null;
                    }
                } catch (Throwable th) {
                    if (fileOutputStream != null) {
                        try {
                            fileOutputStream.close();
                        } catch (IOException e3) {
                        }
                    }
                    if (!z) {
                        if (!file.delete()) {
                            file.deleteOnExit();
                        }
                    }
                    throw th;
                }
            } catch (IOException e4) {
                String format = String.format("Failed to write to temporary keytab file %s: %s", file.getAbsolutePath(), e4.getLocalizedMessage());
                LOG.error(format, e4);
                throw new KerberosOperationException(format, e4);
            }
        }
        return file;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ShellCommandUtil.Result executeCommand(String[] strArr, Map<String, String> map, ShellCommandUtil.InteractiveHandler interactiveHandler) throws KerberosOperationException {
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        try {
            return ShellCommandUtil.runCommand(strArr, map, interactiveHandler, false);
        } catch (IOException e) {
            String format = String.format("Failed to execute the command: %s", e.getLocalizedMessage());
            LOG.error(format, e);
            throw new KerberosOperationException(format, e);
        } catch (InterruptedException e2) {
            String format2 = String.format("Failed to wait for the command to complete: %s", e2.getLocalizedMessage());
            LOG.error(format2, e2);
            throw new KerberosOperationException(format2, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ShellCommandUtil.Result executeCommand(String[] strArr) throws KerberosOperationException {
        return executeCommand(strArr, null);
    }

    protected ShellCommandUtil.Result executeCommand(String[] strArr, ShellCommandUtil.InteractiveHandler interactiveHandler) throws KerberosOperationException {
        return executeCommand(strArr, null, interactiveHandler);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DeconstructedPrincipal createDeconstructPrincipal(String str) throws KerberosOperationException {
        try {
            return DeconstructedPrincipal.valueOf(str, getDefaultRealm());
        } catch (IllegalArgumentException e) {
            throw new KerberosOperationException(e.getMessage(), e);
        }
    }

    protected Set<EncryptionType> translateEncryptionType(String str) {
        Set<EncryptionType> set = null;
        if (!StringUtils.isEmpty(str)) {
            set = ENCRYPTION_TYPE_TRANSLATION_MAP.get(str.toLowerCase());
        }
        if (set != null) {
            return set;
        }
        LOG.warn("The given encryption type name ({}) is not supported.", str);
        return Collections.emptySet();
    }

    protected Set<EncryptionType> translateEncryptionTypes(String str, String str2) throws KerberosOperationException {
        HashSet hashSet = new HashSet();
        if (!StringUtils.isEmpty(str)) {
            for (String str3 : str.split(str2 == null ? "\\s+" : str2)) {
                hashSet.addAll(translateEncryptionType(str3.trim()));
            }
        }
        if (hashSet.isEmpty()) {
            throw new KerberosOperationException("All the encryption type names you set are not supported. Aborting.");
        }
        return hashSet;
    }

    protected String escapeCharacters(String str, Set<Character> set, Character ch) {
        if (StringUtils.isEmpty(str) || set == null || set.isEmpty()) {
            return str;
        }
        StringBuilder sb = new StringBuilder();
        for (char c : str.toCharArray()) {
            if (set.contains(Character.valueOf(c))) {
                sb.append(ch);
            }
            sb.append(c);
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getExecutable(String str) {
        String[] executableSearchPaths = getExecutableSearchPaths();
        String str2 = null;
        if (executableSearchPaths == null) {
            executableSearchPaths = DEFAULT_EXECUTABLE_SEARCH_PATHS;
        }
        String[] strArr = executableSearchPaths;
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            File file = new File(strArr[i], str);
            if (file.canExecute()) {
                str2 = file.getAbsolutePath();
                break;
            }
            i++;
        }
        return str2 == null ? str : str2;
    }
}
