package org.apache.ambari.server.serveraction.kerberos;

import com.google.inject.Inject;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.configuration.Configuration;
import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
import org.apache.ambari.server.state.kerberos.VariableReplacementHelper;
import org.apache.ambari.server.utils.ShellCommandUtil;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ambari/server/serveraction/kerberos/MITKerberosOperationHandler.class */
public class MITKerberosOperationHandler extends KDCKerberosOperationHandler {
    private static final Logger LOG = LoggerFactory.getLogger(MITKerberosOperationHandler.class);

    @Inject
    private Configuration configuration;

    @Inject
    private VariableReplacementHelper variableReplacementHelper;
    private String createAttributes = null;
    private String executableKadmin = null;

    @Override // org.apache.ambari.server.serveraction.kerberos.KDCKerberosOperationHandler, org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler
    public void open(PrincipalKeyCredential principalKeyCredential, String str, Map<String, String> map) throws KerberosOperationException {
        if (map != null) {
            this.createAttributes = map.get(KerberosOperationHandler.KERBEROS_ENV_KDC_CREATE_ATTRIBUTES);
        }
        this.executableKadmin = getExecutable("kadmin");
        super.open(principalKeyCredential, str, map);
    }

    @Override // org.apache.ambari.server.serveraction.kerberos.KDCKerberosOperationHandler, org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler
    public void close() throws KerberosOperationException {
        this.createAttributes = null;
        this.executableKadmin = null;
        super.close();
    }

    @Override // org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler
    public boolean principalExists(String str, boolean z) throws KerberosOperationException {
        String stdout;
        if (isOpen()) {
            return (StringUtils.isEmpty(str) || (stdout = invokeKAdmin(String.format("get_principal %s", str)).getStdout()) == null || !stdout.contains(String.format("Principal: %s", str))) ? false : true;
        }
        throw new KerberosOperationException("This operation handler has not been opened");
    }

    @Override // org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler
    public Integer createPrincipal(String str, String str2, boolean z) throws KerberosOperationException {
        if (!isOpen()) {
            throw new KerberosOperationException("This operation handler has not been opened");
        }
        if (StringUtils.isEmpty(str)) {
            throw new KerberosOperationException("Failed to create new principal - no principal specified");
        }
        Object[] objArr = new Object[2];
        objArr[0] = this.createAttributes == null ? Configuration.JDBC_IN_MEMORY_PASSWORD : this.createAttributes;
        objArr[1] = str;
        ShellCommandUtil.Result invokeKAdmin = invokeKAdmin(String.format("add_principal -randkey %s %s", objArr));
        String stdout = invokeKAdmin.getStdout();
        String stderr = invokeKAdmin.getStderr();
        if (stdout != null && stdout.contains(String.format("Principal \"%s\" created", str))) {
            return 0;
        }
        if (stderr != null && stderr.contains(String.format("Principal or policy already exists while creating \"%s\"", str))) {
            throw new KerberosPrincipalAlreadyExistsException(str);
        }
        Logger logger = LOG;
        Object[] objArr2 = new Object[4];
        objArr2[0] = this.createAttributes == null ? Configuration.JDBC_IN_MEMORY_PASSWORD : this.createAttributes;
        objArr2[1] = str;
        objArr2[2] = stdout;
        objArr2[3] = invokeKAdmin.getStderr();
        logger.error("Failed to execute kadmin query: add_principal -pw \"********\" {} {}\nSTDOUT: {}\nSTDERR: {}", objArr2);
        throw new KerberosOperationException(String.format("Failed to create service principal for %s\nSTDOUT: %s\nSTDERR: %s", str, stdout, invokeKAdmin.getStderr()));
    }

    @Override // org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler
    public boolean removePrincipal(String str, boolean z) throws KerberosOperationException {
        if (!isOpen()) {
            throw new KerberosOperationException("This operation handler has not been opened");
        }
        if (StringUtils.isEmpty(str)) {
            throw new KerberosOperationException("Failed to remove principal - no principal specified");
        }
        String stdout = invokeKAdmin(String.format("delete_principal -force %s", str)).getStdout();
        return (stdout == null || stdout.contains("Principal does not exist")) ? false : true;
    }

    protected ShellCommandUtil.Result invokeKAdmin(String str) throws KerberosOperationException {
        if (StringUtils.isEmpty(str)) {
            throw new KerberosOperationException("Missing kadmin query");
        }
        if (StringUtils.isEmpty(this.executableKadmin)) {
            throw new KerberosOperationException("No path for kadmin is available - this KerberosOperationHandler may not have been opened.");
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.executableKadmin);
        String credentialCacheFilePath = getCredentialCacheFilePath();
        if (!StringUtils.isEmpty(credentialCacheFilePath)) {
            arrayList.add("-c");
            arrayList.add(credentialCacheFilePath);
        }
        String adminServerHost = getAdminServerHost(true);
        if (!StringUtils.isEmpty(adminServerHost)) {
            arrayList.add("-s");
            arrayList.add(adminServerHost);
        }
        String defaultRealm = getDefaultRealm();
        if (!StringUtils.isEmpty(defaultRealm)) {
            arrayList.add("-r");
            arrayList.add(defaultRealm);
        }
        arrayList.add("-q");
        arrayList.add(str);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Executing: {}", arrayList);
        }
        ShellCommandUtil.Result result = null;
        int kerberosOperationRetries = this.configuration.getKerberosOperationRetries();
        int i = 0;
        while (i <= kerberosOperationRetries) {
            try {
                result = executeCommand((String[]) arrayList.toArray(new String[arrayList.size()]));
            } catch (KerberosOperationException e) {
                if (i == kerberosOperationRetries) {
                    throw e;
                }
            }
            if (result != null && result.isSuccessful()) {
                break;
            }
            i++;
            try {
                Thread.sleep(1000 * this.configuration.getKerberosOperationRetryTimeout());
            } catch (InterruptedException e2) {
            }
            LOG.warn(String.format("Retrying to execute kadmin after a wait of %d seconds :\n\tCommand: %s", Integer.valueOf(this.configuration.getKerberosOperationRetryTimeout()), arrayList));
        }
        if (result != null && result.isSuccessful()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Executed the following command:\n{}\nSTDOUT: {}\nSTDERR: {}", new Object[]{StringUtils.join(arrayList, " "), result.getStdout(), result.getStderr()});
            }
            return result;
        }
        int exitCode = result == null ? -999 : result.getExitCode();
        String stdout = result == null ? Configuration.JDBC_IN_MEMORY_PASSWORD : result.getStdout();
        String stderr = result == null ? Configuration.JDBC_IN_MEMORY_PASSWORD : result.getStderr();
        LOG.warn(String.format("Failed to execute kadmin:\n\tCommand: %s\n\tExitCode: %s\n\tSTDOUT: %s\n\tSTDERR: %s", arrayList, Integer.valueOf(exitCode), stdout, stderr));
        if (stderr.contains("Client not found in Kerberos database")) {
            throw new KerberosAdminAuthenticationException(stderr);
        }
        if (stderr.contains("Incorrect password while initializing")) {
            throw new KerberosAdminAuthenticationException(stderr);
        }
        if (stderr.contains("Cannot contact any KDC")) {
            throw new KerberosKDCConnectionException(stderr);
        }
        if (stderr.contains("Cannot resolve network address for admin server in requested realm while initializing kadmin interface")) {
            throw new KerberosKDCConnectionException(stderr);
        }
        if (stderr.contains("Missing parameters in krb5.conf required for kadmin client")) {
            throw new KerberosRealmException(stderr);
        }
        if (stderr.contains("Cannot find KDC for requested realm while initializing kadmin interface")) {
            throw new KerberosRealmException(stderr);
        }
        throw new KerberosOperationException(String.format("Unexpected error condition executing the kadmin command. STDERR: %s", stderr));
    }

    @Override // org.apache.ambari.server.serveraction.kerberos.KDCKerberosOperationHandler
    protected String[] getKinitCommand(String str, PrincipalKeyCredential principalKeyCredential, String str2, Map<String, String> map) throws KerberosOperationException {
        try {
            String replaceVariables = this.variableReplacementHelper.replaceVariables(map.get(KerberosOperationHandler.KERBEROS_ENV_KADMIN_PRINCIPAL_NAME), buildReplacementsMap(map));
            if (replaceVariables == null) {
                replaceVariables = String.format("kadmin/%s", getAdminServerHost(false));
            }
            String[] strArr = {str, "-c", str2, "-S", replaceVariables, principalKeyCredential.getPrincipal()};
            if (Arrays.asList(strArr).contains(null)) {
                throw new KerberosOperationException("Got a null value, can not create 'kinit' command");
            }
            return strArr;
        } catch (AmbariException e) {
            throw new KerberosOperationException("Error while getting 'kinit' command", e);
        }
    }

    private Map<String, Map<String, String>> buildReplacementsMap(Map<String, String> map) {
        HashMap hashMap = new HashMap();
        hashMap.put(Configuration.JDBC_IN_MEMORY_PASSWORD, map);
        return hashMap;
    }

    @Override // org.apache.ambari.server.serveraction.kerberos.KDCKerberosOperationHandler
    protected void exportKeytabFile(String str, String str2, Set<EncryptionType> set) throws KerberosOperationException {
        String str3 = null;
        if (!CollectionUtils.isEmpty(set)) {
            StringBuilder sb = new StringBuilder();
            for (EncryptionType encryptionType : set) {
                if (sb.length() > 0) {
                    sb.append(',');
                }
                sb.append(encryptionType.getName());
                sb.append(":normal");
            }
            str3 = sb.toString();
        }
        ShellCommandUtil.Result invokeKAdmin = invokeKAdmin(StringUtils.isEmpty(str3) ? String.format("xst -k \"%s\" %s", str2, str) : String.format("xst -k \"%s\" -e %s %s", str2, str3, str));
        if (invokeKAdmin.isSuccessful()) {
            return;
        }
        String format = String.format("Failed to export the keytab file for %s:\n\tExitCode: %s\n\tSTDOUT: %s\n\tSTDERR: %s", str, Integer.valueOf(invokeKAdmin.getExitCode()), invokeKAdmin.getStdout(), invokeKAdmin.getStderr());
        LOG.warn(format);
        throw new KerberosOperationException(format);
    }

    @Override // org.apache.ambari.server.serveraction.kerberos.KDCKerberosOperationHandler, org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler
    public /* bridge */ /* synthetic */ Integer setPrincipalPassword(String str, String str2, boolean z) throws KerberosOperationException {
        return super.setPrincipalPassword(str, str2, z);
    }
}
