package org.apache.ambari.server.serveraction.kerberos;

import java.util.Arrays;
import java.util.Map;
import java.util.Set;
import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
import org.apache.ambari.server.utils.ShellCommandUtil;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ambari/server/serveraction/kerberos/IPAKerberosOperationHandler.class */
public class IPAKerberosOperationHandler extends KDCKerberosOperationHandler {
    private static final Logger LOG = LoggerFactory.getLogger(IPAKerberosOperationHandler.class);
    private String userPrincipalGroup = null;
    private String executableIpaGetKeytab = null;
    private String executableIpa = null;

    @Override // org.apache.ambari.server.serveraction.kerberos.KDCKerberosOperationHandler, org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler
    public void open(PrincipalKeyCredential principalKeyCredential, String str, Map<String, String> map) throws KerberosOperationException {
        if (map != null) {
            this.userPrincipalGroup = map.get(KerberosOperationHandler.KERBEROS_ENV_USER_PRINCIPAL_GROUP);
        }
        this.executableIpa = getExecutable("ipa");
        this.executableIpaGetKeytab = getExecutable("ipa-getkeytab");
        super.open(principalKeyCredential, str, map);
    }

    @Override // org.apache.ambari.server.serveraction.kerberos.KDCKerberosOperationHandler, org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler
    public void close() throws KerberosOperationException {
        this.userPrincipalGroup = null;
        this.executableIpa = null;
        this.executableIpaGetKeytab = null;
        super.close();
    }

    @Override // org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler
    public boolean principalExists(String str, boolean z) throws KerberosOperationException {
        if (!isOpen()) {
            throw new KerberosOperationException("This operation handler has not been opened");
        }
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        String principalName = createDeconstructPrincipal(str).getPrincipalName();
        String[] strArr = new String[2];
        strArr[0] = z ? "service-show" : "user-show";
        strArr[1] = principalName;
        return invokeIpa(strArr).isSuccessful();
    }

    @Override // org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler
    public Integer createPrincipal(String str, String str2, boolean z) throws KerberosOperationException {
        String[] strArr;
        if (!isOpen()) {
            throw new KerberosOperationException("This operation handler has not been opened");
        }
        if (StringUtils.isEmpty(str)) {
            throw new KerberosOperationException("Failed to create new principal - no principal specified");
        }
        DeconstructedPrincipal createDeconstructPrincipal = createDeconstructPrincipal(str);
        String normalizedPrincipal = createDeconstructPrincipal.getNormalizedPrincipal();
        if (z) {
            strArr = new String[]{"service-add", normalizedPrincipal};
        } else {
            String principalName = createDeconstructPrincipal.getPrincipalName();
            if (!principalName.equals(principalName.toLowerCase())) {
                LOG.warn("{} is not in lowercase. FreeIPA does not recognize user principals that are not entirely in lowercase. This can lead to issues with kinit and keytabs. Make sure users are in lowercase.", principalName);
            }
            strArr = new String[]{"user-add", createDeconstructPrincipal.getPrimary(), "--principal", principalName, "--first", createDeconstructPrincipal.getPrimary(), "--last", createDeconstructPrincipal.getPrimary(), "--cn", createDeconstructPrincipal.getPrimary()};
        }
        ShellCommandUtil.Result invokeIpa = invokeIpa(strArr);
        if (invokeIpa.isSuccessful()) {
            if (!z && !StringUtils.isEmpty(this.userPrincipalGroup)) {
                ShellCommandUtil.Result invokeIpa2 = invokeIpa(new String[]{"group-add-member", this.userPrincipalGroup, "--users", createDeconstructPrincipal.getPrimary()});
                if (!invokeIpa2.isSuccessful()) {
                    LOG.warn("Failed to add account for {} to group {}: \nSTDOUT: {}\nSTDERR: {}", new Object[]{normalizedPrincipal, this.userPrincipalGroup, invokeIpa2.getStdout(), invokeIpa2.getStderr()});
                }
            }
            return 0;
        }
        LOG.error(String.format("Failed to create principal for %s\n%s\nSTDOUT: %s\nSTDERR: %s", normalizedPrincipal, StringUtils.join(strArr, " "), invokeIpa.getStdout(), invokeIpa.getStderr()));
        String stderr = invokeIpa.getStderr();
        if (stderr == null || (!(z && stderr.contains(String.format("service with name \"%s\" already exists", normalizedPrincipal))) && (z || !stderr.contains(String.format("user with name \"%s\" already exists", createDeconstructPrincipal.getPrimary()))))) {
            throw new KerberosOperationException(String.format("Failed to create principal for %s\nSTDOUT: %s\nSTDERR: %s", normalizedPrincipal, invokeIpa.getStdout(), invokeIpa.getStderr()));
        }
        throw new KerberosPrincipalAlreadyExistsException(str);
    }

    @Override // org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler
    public boolean removePrincipal(String str, boolean z) throws KerberosOperationException {
        if (!isOpen()) {
            throw new KerberosOperationException("This operation handler has not been opened");
        }
        if (StringUtils.isEmpty(str)) {
            throw new KerberosOperationException("Failed to remove principal - no principal specified");
        }
        DeconstructedPrincipal createDeconstructPrincipal = createDeconstructPrincipal(str);
        return invokeIpa(z ? new String[]{"service-del", createDeconstructPrincipal.getNormalizedPrincipal()} : new String[]{"user-del", createDeconstructPrincipal.getPrincipalName()}).isSuccessful();
    }

    @Override // org.apache.ambari.server.serveraction.kerberos.KDCKerberosOperationHandler
    protected String[] getKinitCommand(String str, PrincipalKeyCredential principalKeyCredential, String str2, Map<String, String> map) throws KerberosOperationException {
        String[] strArr = {str, "-c", str2, principalKeyCredential.getPrincipal()};
        if (Arrays.asList(strArr).contains(null)) {
            throw new KerberosOperationException("Got a null value, can not create 'kinit' command");
        }
        return strArr;
    }

    @Override // org.apache.ambari.server.serveraction.kerberos.KDCKerberosOperationHandler
    protected void exportKeytabFile(String str, String str2, Set<EncryptionType> set) throws KerberosOperationException {
        String str3 = null;
        if (!CollectionUtils.isEmpty(set)) {
            StringBuilder sb = new StringBuilder();
            for (EncryptionType encryptionType : set) {
                if (sb.length() > 0) {
                    sb.append(',');
                }
                sb.append(encryptionType.getName());
            }
            str3 = sb.toString();
        }
        ShellCommandUtil.Result executeCommand = executeCommand(StringUtils.isEmpty(str3) ? new String[]{this.executableIpaGetKeytab, "-s", getAdminServerHost(true), "-p", str, "-k", str2} : new String[]{this.executableIpaGetKeytab, "-s", getAdminServerHost(true), "-e", str3, "-p", str, "-k", str2});
        if (executeCommand.isSuccessful()) {
            return;
        }
        String format = String.format("Failed to export the keytab file for %s:\n\tExitCode: %s\n\tSTDOUT: %s\n\tSTDERR: %s", str, Integer.valueOf(executeCommand.getExitCode()), executeCommand.getStdout(), executeCommand.getStderr());
        LOG.warn(format);
        throw new KerberosOperationException(format);
    }

    private ShellCommandUtil.Result invokeIpa(String[] strArr) throws KerberosOperationException {
        if (strArr == null || strArr.length == 0) {
            throw new KerberosOperationException("Missing ipa query");
        }
        if (StringUtils.isEmpty(this.executableIpa)) {
            throw new KerberosOperationException("No path for ipa is available - this KerberosOperationHandler may not have been opened.");
        }
        String[] strArr2 = new String[strArr.length + 1];
        strArr2[0] = this.executableIpa;
        System.arraycopy(strArr, 0, strArr2, 1, strArr.length);
        ShellCommandUtil.Result executeCommand = executeCommand(strArr2);
        if (!executeCommand.isSuccessful()) {
            LOG.error("Failed to execute the following command:\n{}\nSTDOUT: {}\nSTDERR: {}", new Object[]{StringUtils.join(strArr2, " "), executeCommand.getStdout(), executeCommand.getStderr()});
        } else if (LOG.isDebugEnabled()) {
            LOG.debug("Executed the following command:\n{}\nSTDOUT: {}\nSTDERR: {}", new Object[]{StringUtils.join(strArr2, " "), executeCommand.getStdout(), executeCommand.getStderr()});
        }
        return executeCommand;
    }

    @Override // org.apache.ambari.server.serveraction.kerberos.KDCKerberosOperationHandler, org.apache.ambari.server.serveraction.kerberos.KerberosOperationHandler
    public /* bridge */ /* synthetic */ Integer setPrincipalPassword(String str, String str2, boolean z) throws KerberosOperationException {
        return super.setPrincipalPassword(str, str2, z);
    }
}
