package org.apache.ambari.server.serveraction.kerberos;

import com.google.inject.Inject;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.agent.CommandReport;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.controller.KerberosHelper;
import org.apache.ambari.server.controller.RootComponent;
import org.apache.ambari.server.controller.RootService;
import org.apache.ambari.server.controller.UpdateConfigurationPolicy;
import org.apache.ambari.server.serveraction.kerberos.stageutils.ResolvedKerberosKeytab;
import org.apache.ambari.server.serveraction.kerberos.stageutils.ResolvedKerberosPrincipal;
import org.apache.ambari.server.stack.ServiceDirectory;
import org.apache.ambari.server.state.Cluster;
import org.apache.ambari.server.state.ConfigHelper;
import org.apache.ambari.server.state.ServiceComponentHost;
import org.apache.ambari.server.state.kerberos.AbstractKerberosDescriptorContainer;
import org.apache.ambari.server.state.kerberos.KerberosComponentDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosIdentityDescriptor;
import org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor;
import org.apache.ambari.server.utils.StageUtils;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ambari/server/serveraction/kerberos/AbstractPrepareKerberosServerAction.class */
public abstract class AbstractPrepareKerberosServerAction extends KerberosServerAction {
    private static final Logger LOG = LoggerFactory.getLogger(AbstractPrepareKerberosServerAction.class);

    @Inject
    private KerberosHelper kerberosHelper;

    @Inject
    private KerberosIdentityDataFileWriterFactory kerberosIdentityDataFileWriterFactory;

    @Inject
    private KerberosConfigDataFileWriterFactory kerberosConfigDataFileWriterFactory;

    @Inject
    private ConfigHelper configHelper;

    @Override // org.apache.ambari.server.serveraction.kerberos.KerberosServerAction
    protected CommandReport processIdentity(ResolvedKerberosPrincipal resolvedKerberosPrincipal, KerberosOperationHandler kerberosOperationHandler, Map<String, String> map, boolean z, Map<String, Object> map2) throws AmbariException {
        throw new UnsupportedOperationException();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KerberosHelper getKerberosHelper() {
        return this.kerberosHelper;
    }

    public void processServiceComponentHosts(Cluster cluster, KerberosDescriptor kerberosDescriptor, List<ServiceComponentHost> list, Collection<String> collection, String str, Map<String, Map<String, String>> map, Map<String, Map<String, String>> map2, boolean z, Map<String, Set<String>> map3) throws AmbariException {
        ArrayList arrayList = new ArrayList();
        Iterator<ServiceComponentHost> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(Component.fromServiceComponentHost(it.next()));
        }
        processServiceComponents(cluster, kerberosDescriptor, arrayList, collection, str, map, map2, z, map3);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processServiceComponents(Cluster cluster, KerberosDescriptor kerberosDescriptor, List<Component> list, Collection<String> collection, String str, Map<String, Map<String, String>> map, Map<String, Map<String, String>> map2, boolean z, Map<String, Set<String>> map3) throws AmbariException {
        this.actionLog.writeStdOut("Processing Kerberos identities and configurations");
        if (list.isEmpty()) {
            return;
        }
        if (str == null) {
            LOG.error("The data directory has not been set.  Generated data can not be stored.");
            throw new AmbariException("The data directory has not been set.  Generated data can not be stored.");
        }
        File file = new File(str, KerberosIdentityDataFile.DATA_FILE_NAME);
        HashMap hashMap = new HashMap();
        hashMap.put("configurations", map);
        hashMap.put(ServiceDirectory.SERVICES_FOLDER_NAME, cluster.getServices().keySet());
        this.actionLog.writeStdOut(String.format("Writing Kerberos identity data metadata file to %s", file.getAbsolutePath()));
        try {
            KerberosIdentityDataFileWriter createKerberosIdentityDataFileWriter = this.kerberosIdentityDataFileWriterFactory.createKerberosIdentityDataFileWriter(file);
            HashMap hashMap2 = new HashMap();
            String defaultRealm = getDefaultRealm(getCommandParameters());
            try {
                try {
                    Map<String, Set<String>> map4 = null;
                    for (Component component : list) {
                        String hostName = component.getHostName();
                        Long hostId = component.getHostId();
                        String serviceName = component.getServiceName();
                        String serviceComponentName = component.getServiceComponentName();
                        KerberosServiceDescriptor service = kerberosDescriptor.getService(serviceName);
                        if (service != null) {
                            List<KerberosIdentityDescriptor> identities = service.getIdentities(true, hashMap);
                            if (!StringUtils.isEmpty(hostName)) {
                                Map<String, String> map5 = map.get(Configuration.JDBC_IN_MEMORY_PASSWORD);
                                if (map5 == null) {
                                    map5 = new HashMap();
                                    map.put(Configuration.JDBC_IN_MEMORY_PASSWORD, map5);
                                }
                                map5.put("host", hostName);
                                map5.put(KerberosIdentityDataFile.HOSTNAME, hostName);
                            }
                            this.kerberosHelper.addIdentities(createKerberosIdentityDataFileWriter, identities, collection, hostName, hostId, serviceName, serviceComponentName, map2, map, hashMap2, defaultRealm);
                            map4 = gatherPropertiesToIgnore(identities, map4);
                            KerberosComponentDescriptor component2 = service.getComponent(serviceComponentName);
                            if (component2 != null) {
                                List<KerberosIdentityDescriptor> identities2 = component2.getIdentities(true, hashMap);
                                this.kerberosHelper.mergeConfigurations(map2, component2.getConfigurations(true), map, null);
                                this.kerberosHelper.addIdentities(createKerberosIdentityDataFileWriter, identities2, collection, hostName, hostId, serviceName, serviceComponentName, map2, map, hashMap2, defaultRealm);
                                map4 = gatherPropertiesToIgnore(identities2, map4);
                            }
                        }
                    }
                    if (z && this.kerberosHelper.createAmbariIdentities(map.get(KerberosHelper.KERBEROS_ENV))) {
                        List<KerberosIdentityDescriptor> ambariServerIdentities = this.kerberosHelper.getAmbariServerIdentities(kerberosDescriptor);
                        if (!ambariServerIdentities.isEmpty()) {
                            for (KerberosIdentityDescriptor kerberosIdentityDescriptor : ambariServerIdentities) {
                                String name = "ambari-server".equals(kerberosIdentityDescriptor.getName()) ? "AMBARI_SERVER_SELF" : RootComponent.AMBARI_SERVER.name();
                                List<KerberosIdentityDescriptor> singletonList = Collections.singletonList(kerberosIdentityDescriptor);
                                this.kerberosHelper.addIdentities(createKerberosIdentityDataFileWriter, singletonList, collection, StageUtils.getHostName(), ambariServerHostID(), RootService.AMBARI.name(), name, map2, map, hashMap2, defaultRealm);
                                map4 = gatherPropertiesToIgnore(singletonList, map4);
                            }
                        }
                    }
                    if (map3 != null && map4 != null) {
                        map3.putAll(map4);
                    }
                    Iterator it = hashMap2.values().iterator();
                    while (it.hasNext()) {
                        this.kerberosHelper.createResolvedKeytab((ResolvedKerberosKeytab) it.next());
                    }
                    if (createKerberosIdentityDataFileWriter != null) {
                        try {
                            createKerberosIdentityDataFileWriter.close();
                        } catch (IOException e) {
                            LOG.warn("Failed to close the index file writer", e);
                            this.actionLog.writeStdOut("Failed to close the index file writer");
                            this.actionLog.writeStdErr("Failed to close the index file writer\n" + e.getLocalizedMessage());
                        }
                    }
                } catch (IOException e2) {
                    String format = String.format("Failed to write index file - %s", file.getAbsolutePath());
                    LOG.error(format, e2);
                    this.actionLog.writeStdOut(format);
                    this.actionLog.writeStdErr(format + "\n" + e2.getLocalizedMessage());
                    throw new AmbariException(format, e2);
                }
            } catch (Throwable th) {
                if (createKerberosIdentityDataFileWriter != null) {
                    try {
                        createKerberosIdentityDataFileWriter.close();
                    } catch (IOException e3) {
                        LOG.warn("Failed to close the index file writer", e3);
                        this.actionLog.writeStdOut("Failed to close the index file writer");
                        this.actionLog.writeStdErr("Failed to close the index file writer\n" + e3.getLocalizedMessage());
                    }
                }
                throw th;
            }
        } catch (IOException e4) {
            String format2 = String.format("Failed to write index file - %s", file.getAbsolutePath());
            LOG.error(format2, e4);
            this.actionLog.writeStdOut(format2);
            this.actionLog.writeStdErr(format2 + "\n" + e4.getLocalizedMessage());
            throw new AmbariException(format2, e4);
        }
    }

    private Map<String, Set<String>> gatherPropertiesToIgnore(List<KerberosIdentityDescriptor> list, Map<String, Set<String>> map) {
        Map<String, Map<String, String>> identityConfigurations = this.kerberosHelper.getIdentityConfigurations(list);
        if (identityConfigurations != null && !identityConfigurations.isEmpty()) {
            if (map == null) {
                map = new HashMap();
            }
            for (Map.Entry<String, Map<String, String>> entry : identityConfigurations.entrySet()) {
                String key = entry.getKey();
                Map<String, String> value = entry.getValue();
                if (value != null && !value.isEmpty()) {
                    Set<String> set = map.get(key);
                    if (set == null) {
                        set = new HashSet();
                        map.put(key, set);
                    }
                    set.addAll(value.keySet());
                }
            }
        }
        return map;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processConfigurationChanges(String str, Map<String, Map<String, String>> map, Map<String, Set<String>> map2, KerberosDescriptor kerberosDescriptor, UpdateConfigurationPolicy updateConfigurationPolicy) throws AmbariException {
        this.actionLog.writeStdOut("Determining configuration changes");
        if (map.isEmpty()) {
            return;
        }
        if (str == null) {
            LOG.error("The data directory has not been set.  Generated data can not be stored.");
            throw new AmbariException("The data directory has not been set.  Generated data can not be stored.");
        }
        Map<String, Set<String>> identityProperties = getIdentityProperties(kerberosDescriptor, null);
        Map<String, Map<String, String>> effectiveConfigProperties = this.configHelper.getEffectiveConfigProperties(getClusterName(), (String) null);
        File file = new File(str, KerberosConfigDataFile.DATA_FILE_NAME);
        KerberosConfigDataFileWriter kerberosConfigDataFileWriter = null;
        this.actionLog.writeStdOut(String.format("Writing configuration changes metadata file to %s", file.getAbsolutePath()));
        try {
            try {
                kerberosConfigDataFileWriter = this.kerberosConfigDataFileWriterFactory.createKerberosConfigDataFileWriter(file);
                for (Map.Entry<String, Map<String, String>> entry : map.entrySet()) {
                    String key = entry.getKey();
                    Map<String, String> value = entry.getValue();
                    if (value != null) {
                        for (Map.Entry<String, String> entry2 : value.entrySet()) {
                            String key2 = entry2.getKey();
                            if (includeConfiguration(key, key2, updateConfigurationPolicy, effectiveConfigProperties, identityProperties)) {
                                kerberosConfigDataFileWriter.addRecord(key, key2, entry2.getValue(), KerberosConfigDataFile.OPERATION_TYPE_SET);
                            }
                        }
                    }
                }
                if (map2 != null) {
                    for (Map.Entry<String, Set<String>> entry3 : map2.entrySet()) {
                        String key3 = entry3.getKey();
                        Set<String> value2 = entry3.getValue();
                        if (value2 != null) {
                            Iterator<String> it = value2.iterator();
                            while (it.hasNext()) {
                                kerberosConfigDataFileWriter.addRecord(key3, it.next(), Configuration.JDBC_IN_MEMORY_PASSWORD, KerberosConfigDataFile.OPERATION_TYPE_REMOVE);
                            }
                        }
                    }
                }
                if (kerberosConfigDataFileWriter != null) {
                    try {
                        kerberosConfigDataFileWriter.close();
                    } catch (IOException e) {
                        LOG.warn("Failed to close the kerberos configurations file writer", e);
                        this.actionLog.writeStdOut("Failed to close the kerberos configurations file writer");
                        this.actionLog.writeStdErr("Failed to close the kerberos configurations file writer\n" + e.getLocalizedMessage());
                    }
                }
            } catch (IOException e2) {
                String format = String.format("Failed to write kerberos configurations file - %s", file.getAbsolutePath());
                LOG.error(format, e2);
                this.actionLog.writeStdOut(format);
                this.actionLog.writeStdErr(format + "\n" + e2.getLocalizedMessage());
                throw new AmbariException(format, e2);
            }
        } catch (Throwable th) {
            if (kerberosConfigDataFileWriter != null) {
                try {
                    kerberosConfigDataFileWriter.close();
                } catch (IOException e3) {
                    LOG.warn("Failed to close the kerberos configurations file writer", e3);
                    this.actionLog.writeStdOut("Failed to close the kerberos configurations file writer");
                    this.actionLog.writeStdErr("Failed to close the kerberos configurations file writer\n" + e3.getLocalizedMessage());
                }
            }
            throw th;
        }
    }

    private boolean includeConfiguration(String str, String str2, UpdateConfigurationPolicy updateConfigurationPolicy, Map<String, Map<String, String>> map, Map<String, Set<String>> map2) {
        boolean z;
        boolean z2;
        if (map2 == null) {
            z = false;
        } else {
            Set<String> set = map2.get(str);
            z = !CollectionUtils.isEmpty(set) && set.contains(str2);
        }
        if (z) {
            return updateConfigurationPolicy.applyIdentityChanges();
        }
        if (map == null) {
            z2 = true;
        } else {
            Map<String, String> map3 = map.get(str);
            z2 = map3 == null || !map3.containsKey(str2);
        }
        return z2 ? updateConfigurationPolicy.applyAdditions() : updateConfigurationPolicy.applyOtherChanges();
    }

    private Map<String, Set<String>> getIdentityProperties(AbstractKerberosDescriptorContainer abstractKerberosDescriptorContainer, Map<String, Set<String>> map) {
        List<KerberosIdentityDescriptor> list;
        Map<String, Map<String, String>> identityConfigurations;
        if (abstractKerberosDescriptorContainer != null) {
            if (map == null) {
                map = new HashMap();
            }
            try {
                list = abstractKerberosDescriptorContainer.getIdentities(false, null);
            } catch (AmbariException e) {
                LOG.error("An exception occurred getting the Kerberos identity descriptors.  No configurations will be identified.", e);
                list = null;
            }
            if (list != null && (identityConfigurations = this.kerberosHelper.getIdentityConfigurations(list)) != null) {
                for (Map.Entry<String, Map<String, String>> entry : identityConfigurations.entrySet()) {
                    Map<String, String> value = entry.getValue();
                    if (value != null) {
                        ((Set) map.computeIfAbsent(entry.getKey(), str -> {
                            return new HashSet();
                        })).addAll(value.keySet());
                    }
                }
            }
            Map<String, Set<String>> translateConfigurationSpecifications = this.kerberosHelper.translateConfigurationSpecifications(abstractKerberosDescriptorContainer.getAuthToLocalProperties());
            if (translateConfigurationSpecifications != null) {
                for (Map.Entry<String, Set<String>> entry2 : translateConfigurationSpecifications.entrySet()) {
                    String key = entry2.getKey();
                    Set<String> value2 = entry2.getValue();
                    if (value2 != null) {
                        map.computeIfAbsent(key, str2 -> {
                            return new HashSet();
                        }).addAll(value2);
                    }
                }
            }
            Collection<? extends AbstractKerberosDescriptorContainer> childContainers = abstractKerberosDescriptorContainer.getChildContainers();
            if (childContainers != null) {
                Iterator<? extends AbstractKerberosDescriptorContainer> it = childContainers.iterator();
                while (it.hasNext()) {
                    getIdentityProperties(it.next(), map);
                }
            }
        }
        return map;
    }
}
