package org.apache.ambari.server.serveraction.kerberos;

import com.google.common.util.concurrent.Striped;
import com.google.inject.Inject;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.locks.Lock;
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.actionmanager.HostRoleStatus;
import org.apache.ambari.server.agent.CommandReport;
import org.apache.ambari.server.agent.stomp.TopologyHolder;
import org.apache.ambari.server.serveraction.kerberos.stageutils.ResolvedKerberosPrincipal;
import org.apache.ambari.server.utils.ShellCommandUtil;
import org.apache.ambari.server.utils.StageUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.class */
public class FinalizeKerberosServerAction extends KerberosServerAction {
    private static final Logger LOG = LoggerFactory.getLogger(FinalizeKerberosServerAction.class);
    private final TopologyHolder topologyHolder;
    private Striped<Lock> m_locksByKeytab = Striped.lazyWeakLock(25);

    @Inject
    public FinalizeKerberosServerAction(TopologyHolder topologyHolder) {
        this.topologyHolder = topologyHolder;
    }

    @Override // org.apache.ambari.server.serveraction.kerberos.KerberosServerAction
    protected CommandReport processIdentity(ResolvedKerberosPrincipal resolvedKerberosPrincipal, KerberosOperationHandler kerberosOperationHandler, Map<String, String> map, boolean z, Map<String, Object> map2) throws AmbariException {
        if (resolvedKerberosPrincipal == null || !StageUtils.getHostName().equals(resolvedKerberosPrincipal.getHostName())) {
            return null;
        }
        Map<String, String> principalPasswordMap = getPrincipalPasswordMap(map2);
        if (principalPasswordMap != null && principalPasswordMap.containsKey(resolvedKerberosPrincipal.getPrincipal())) {
            return null;
        }
        String keytabPath = resolvedKerberosPrincipal.getKeytabPath();
        if (StringUtils.isEmpty(keytabPath)) {
            return null;
        }
        Lock lock = (Lock) this.m_locksByKeytab.get(keytabPath);
        lock.lock();
        try {
            Set set = (Set) map2.get(getClass().getName() + "_visited");
            if (!set.contains(keytabPath)) {
                String ownerName = resolvedKerberosPrincipal.getResolvedKerberosKeytab().getOwnerName();
                String ownerAccess = resolvedKerberosPrincipal.getResolvedKerberosKeytab().getOwnerAccess();
                boolean z2 = "w".equalsIgnoreCase(ownerAccess) || "rw".equalsIgnoreCase(ownerAccess);
                boolean z3 = "r".equalsIgnoreCase(ownerAccess) || "rw".equalsIgnoreCase(ownerAccess);
                String groupName = resolvedKerberosPrincipal.getResolvedKerberosKeytab().getGroupName();
                String groupAccess = resolvedKerberosPrincipal.getResolvedKerberosKeytab().getGroupAccess();
                boolean z4 = "w".equalsIgnoreCase(groupAccess) || "rw".equalsIgnoreCase(groupAccess);
                boolean z5 = "r".equalsIgnoreCase(groupAccess) || "rw".equalsIgnoreCase(groupAccess);
                ShellCommandUtil.Result fileOwner = ShellCommandUtil.setFileOwner(keytabPath, ownerName);
                if (fileOwner.isSuccessful()) {
                    String format = String.format("Updated the owner of the keytab file at %s to %s", keytabPath, ownerName);
                    LOG.info(format);
                    this.actionLog.writeStdOut(format);
                } else {
                    String format2 = String.format("Failed to update the owner of the keytab file at %s to %s: %s", keytabPath, ownerName, fileOwner.getStderr());
                    LOG.error(format2);
                    this.actionLog.writeStdOut(format2);
                    this.actionLog.writeStdErr(format2);
                }
                ShellCommandUtil.Result fileGroup = ShellCommandUtil.setFileGroup(keytabPath, groupName);
                if (fileGroup.isSuccessful()) {
                    String format3 = String.format("Updated the group of the keytab file at %s to %s", keytabPath, groupName);
                    LOG.info(format3);
                    this.actionLog.writeStdOut(format3);
                } else {
                    String format4 = String.format("Failed to update the group of the keytab file at %s to %s: %s", keytabPath, groupName, fileGroup.getStderr());
                    LOG.error(format4);
                    this.actionLog.writeStdOut(format4);
                    this.actionLog.writeStdErr(format4);
                }
                ShellCommandUtil.Result fileMode = ShellCommandUtil.setFileMode(keytabPath, z3, z2, false, z5, z4, false, false, false, false);
                if (fileMode.isSuccessful()) {
                    String format5 = String.format("Updated the access mode of the keytab file at %s to owner:'%s' and group:'%s'", keytabPath, ownerAccess, groupAccess);
                    LOG.info(format5);
                    this.actionLog.writeStdOut(format5);
                } else {
                    String format6 = String.format("Failed to update the access mode of the keytab file at %s to owner:'%s' and group:'%s': %s", keytabPath, ownerAccess, groupAccess, fileMode.getStderr());
                    LOG.error(format6);
                    this.actionLog.writeStdOut(format6);
                    this.actionLog.writeStdErr(format6);
                }
                set.add(keytabPath);
            }
            return null;
        } finally {
            lock.unlock();
        }
    }

    @Override // org.apache.ambari.server.serveraction.ServerAction
    public CommandReport execute(ConcurrentMap<String, Object> concurrentMap) throws AmbariException, InterruptedException {
        String commandParameterValue = getCommandParameterValue(KerberosServerAction.DATA_DIRECTORY);
        if (getKDCType(getCommandParameters()) != KDCType.NONE) {
            concurrentMap.put(getClass().getName() + "_visited", new HashSet());
            processIdentities(concurrentMap);
            concurrentMap.remove(getClass().getName() + "_visited");
        }
        deleteDataDirectory(commandParameterValue);
        return sendTopologyUpdateEvent();
    }

    private CommandReport sendTopologyUpdateEvent() throws AmbariException, InterruptedException {
        CommandReport commandReport = null;
        try {
            this.topologyHolder.updateData(this.topologyHolder.getCurrentData());
        } catch (Exception e) {
            this.actionLog.writeStdErr("Could not send topology update event when enabling kerberos");
            LOG.error("Could not send topology update event when enabling kerberos", e);
            commandReport = createCommandReport(1, HostRoleStatus.FAILED, "{}", this.actionLog.getStdOut(), this.actionLog.getStdErr());
        }
        return commandReport == null ? createCompletedCommandReport() : commandReport;
    }
}
