package org.apache.ambari.server.serveraction.kerberos;

import com.google.inject.Inject;
import java.io.File;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentMap;
import org.apache.ambari.server.AmbariException;
import org.apache.ambari.server.actionmanager.HostRoleStatus;
import org.apache.ambari.server.agent.CommandReport;
import org.apache.ambari.server.audit.event.kerberos.DestroyPrincipalKerberosAuditEvent;
import org.apache.ambari.server.controller.KerberosHelper;
import org.apache.ambari.server.orm.dao.KerberosKeytabDAO;
import org.apache.ambari.server.orm.dao.KerberosKeytabPrincipalDAO;
import org.apache.ambari.server.orm.dao.KerberosPrincipalDAO;
import org.apache.ambari.server.orm.entities.KerberosKeytabEntity;
import org.apache.ambari.server.orm.entities.KerberosKeytabPrincipalEntity;
import org.apache.ambari.server.orm.entities.KerberosKeytabServiceMappingEntity;
import org.apache.ambari.server.orm.entities.KerberosPrincipalEntity;
import org.apache.ambari.server.security.credential.PrincipalKeyCredential;
import org.apache.ambari.server.serveraction.kerberos.stageutils.ResolvedKerberosPrincipal;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.MapUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.class */
public class DestroyPrincipalsServerAction extends KerberosServerAction {
    private static final Logger LOG = LoggerFactory.getLogger(DestroyPrincipalsServerAction.class);

    @Inject
    private KerberosOperationHandlerFactory kerberosOperationHandlerFactory;

    @Inject
    private KerberosHelper kerberosHelper;

    @Inject
    private KerberosPrincipalDAO kerberosPrincipalDAO;

    @Inject
    private KerberosKeytabPrincipalDAO kerberosKeytabPrincipalDAO;

    @Inject
    private KerberosKeytabDAO kerberosKeytabDAO;
    private Set<String> seenPrincipals = new HashSet();

    @Override // org.apache.ambari.server.serveraction.ServerAction
    public CommandReport execute(ConcurrentMap<String, Object> concurrentMap) throws AmbariException, InterruptedException {
        List<KerberosKeytabPrincipalEntity> findByFilters;
        Map<String, String> commandParameters = getCommandParameters();
        KDCType kDCType = getKDCType(commandParameters);
        PrincipalKeyCredential kDCAdministratorCredentials = this.kerberosHelper.getKDCAdministratorCredentials(getClusterName());
        String defaultRealm = getDefaultRealm(commandParameters);
        KerberosOperationHandler kerberosOperationHandler = this.kerberosOperationHandlerFactory.getKerberosOperationHandler(kDCType);
        try {
            kerberosOperationHandler.open(kDCAdministratorCredentials, defaultRealm, getConfigurationProperties(KerberosHelper.KERBEROS_ENV));
            this.actionLog.writeStdOut("Cleaning up Kerberos identities.");
            Map<String, Collection<String>> serviceComponentFilter = getServiceComponentFilter();
            Set<String> hostFilter = getHostFilter();
            Collection<String> identityFilter = getIdentityFilter();
            if (MapUtils.isEmpty(serviceComponentFilter) && CollectionUtils.isEmpty(hostFilter) && CollectionUtils.isEmpty(identityFilter)) {
                findByFilters = this.kerberosKeytabPrincipalDAO.findAll();
            } else {
                ArrayList arrayList = new ArrayList();
                if (MapUtils.isEmpty(serviceComponentFilter)) {
                    arrayList.add(KerberosKeytabPrincipalDAO.KerberosKeytabPrincipalFilter.createFilter(null, null, hostFilter, identityFilter));
                } else {
                    for (Map.Entry<String, Collection<String>> entry : serviceComponentFilter.entrySet()) {
                        arrayList.add(KerberosKeytabPrincipalDAO.KerberosKeytabPrincipalFilter.createFilter(entry.getKey(), entry.getValue(), hostFilter, identityFilter));
                    }
                }
                findByFilters = this.kerberosKeytabPrincipalDAO.findByFilters(arrayList);
            }
            if (findByFilters != null) {
                try {
                    HashSet hashSet = new HashSet();
                    for (KerberosKeytabPrincipalEntity kerberosKeytabPrincipalEntity : findByFilters) {
                        if (!hashSet.contains(kerberosKeytabPrincipalEntity.getKkpId())) {
                            hashSet.add(kerberosKeytabPrincipalEntity.getKkpId());
                            KerberosKeytabEntity kerberosKeytabEntity = kerberosKeytabPrincipalEntity.getKerberosKeytabEntity();
                            KerberosPrincipalEntity kerberosPrincipalEntity = kerberosKeytabPrincipalEntity.getKerberosPrincipalEntity();
                            if (serviceComponentFilter == null) {
                                kerberosKeytabPrincipalEntity.setServiceMapping(null);
                            } else {
                                List<KerberosKeytabServiceMappingEntity> serviceMapping = kerberosKeytabPrincipalEntity.getServiceMapping();
                                if (CollectionUtils.isNotEmpty(serviceMapping)) {
                                    Iterator<KerberosKeytabServiceMappingEntity> it = serviceMapping.iterator();
                                    while (it.hasNext()) {
                                        KerberosKeytabServiceMappingEntity next = it.next();
                                        if (serviceComponentFilter.containsKey(next.getServiceName())) {
                                            Collection<String> collection = serviceComponentFilter.get(next.getServiceName());
                                            if (CollectionUtils.isEmpty(collection) || collection.contains(next.getComponentName())) {
                                                it.remove();
                                            }
                                        }
                                    }
                                    kerberosKeytabPrincipalEntity.setServiceMapping(serviceMapping);
                                }
                            }
                            KerberosKeytabPrincipalEntity merge = this.kerberosKeytabPrincipalDAO.merge(kerberosKeytabPrincipalEntity);
                            if (CollectionUtils.isEmpty(merge.getServiceMapping())) {
                                this.kerberosKeytabPrincipalDAO.remove(merge);
                                if (LOG.isDebugEnabled()) {
                                    LOG.debug("Cleaning up keytab/principal entry: {}:{}:{}:{}", new Object[]{merge.getKkpId(), kerberosKeytabEntity.getKeytabPath(), kerberosPrincipalEntity.getPrincipalName(), merge.getHostName()});
                                } else {
                                    LOG.info("Cleaning up keytab/principal entry: {}:{}:{}", new Object[]{kerberosKeytabEntity.getKeytabPath(), kerberosPrincipalEntity.getPrincipalName(), merge.getHostName()});
                                }
                                kerberosKeytabEntity.getKerberosKeytabPrincipalEntities().remove(merge);
                                kerberosKeytabEntity = this.kerberosKeytabDAO.merge(kerberosKeytabEntity);
                                kerberosPrincipalEntity.getKerberosKeytabPrincipalEntities().remove(merge);
                                kerberosPrincipalEntity = this.kerberosPrincipalDAO.merge(kerberosPrincipalEntity);
                            }
                            if (this.kerberosKeytabDAO.removeIfNotReferenced(kerberosKeytabEntity)) {
                                String format = String.format("Cleaning up keytab entry: %s", kerberosKeytabEntity.getKeytabPath());
                                LOG.info(format);
                                this.actionLog.writeStdOut(format);
                            }
                            if (this.kerberosPrincipalDAO.removeIfNotReferenced(kerberosPrincipalEntity)) {
                                String format2 = String.format("Cleaning up principal entry: %s", kerberosPrincipalEntity.getPrincipalName());
                                LOG.info(format2);
                                this.actionLog.writeStdOut(format2);
                                destroyIdentity(kerberosOperationHandler, kerberosPrincipalEntity);
                            }
                        }
                    }
                } finally {
                    try {
                        kerberosOperationHandler.close();
                    } catch (KerberosOperationException e) {
                    }
                }
            }
            return createCommandReport(0, HostRoleStatus.COMPLETED, "{}", this.actionLog.getStdOut(), this.actionLog.getStdErr());
        } catch (KerberosOperationException e2) {
            String format3 = String.format("Failed to process the identities, could not properly open the KDC operation handler: %s", e2.getMessage());
            this.actionLog.writeStdErr(format3);
            LOG.error(format3);
            throw new AmbariException(format3, e2);
        }
    }

    @Override // org.apache.ambari.server.serveraction.kerberos.KerberosServerAction
    protected boolean pruneServiceFilter() {
        return false;
    }

    @Override // org.apache.ambari.server.serveraction.kerberos.KerberosServerAction
    protected CommandReport processIdentity(ResolvedKerberosPrincipal resolvedKerberosPrincipal, KerberosOperationHandler kerberosOperationHandler, Map<String, String> map, boolean z, Map<String, Object> map2) throws AmbariException {
        throw new UnsupportedOperationException();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void destroyIdentity(KerberosOperationHandler kerberosOperationHandler, KerberosPrincipalEntity kerberosPrincipalEntity) {
        String cachedKeytabPath;
        String principalName = kerberosPrincipalEntity.getPrincipalName();
        String format = String.format("Destroying identity, %s", principalName);
        LOG.info(format);
        this.actionLog.writeStdOut(format);
        DestroyPrincipalKerberosAuditEvent.DestroyPrincipalKerberosAuditEventBuilder withPrincipal = ((DestroyPrincipalKerberosAuditEvent.DestroyPrincipalKerberosAuditEventBuilder) DestroyPrincipalKerberosAuditEvent.builder().withTimestamp(Long.valueOf(System.currentTimeMillis()))).withRequestId(Long.valueOf(getHostRoleCommand().getRequestId())).withTaskId(Long.valueOf(getHostRoleCommand().getTaskId())).withPrincipal(principalName);
        try {
            try {
                kerberosOperationHandler.removePrincipal(principalName, kerberosPrincipalEntity.isService());
            } catch (KerberosOperationException e) {
                String format2 = String.format("Failed to remove identity for %s from the KDC - %s", principalName, e.getMessage());
                LOG.warn(format2, e);
                this.actionLog.writeStdErr(format2);
                withPrincipal.withReasonOfFailure(format2);
            }
            try {
                KerberosPrincipalEntity find = this.kerberosPrincipalDAO.find(principalName);
                if (find != null && (cachedKeytabPath = find.getCachedKeytabPath()) != null && !new File(cachedKeytabPath).delete()) {
                    LOG.debug("Failed to remove cached keytab for {}", principalName);
                }
            } catch (Throwable th) {
                String format3 = String.format("Failed to remove identity for %s from the Ambari database - %s", principalName, th.getMessage());
                LOG.warn(format3, th);
                this.actionLog.writeStdErr(format3);
                withPrincipal.withReasonOfFailure(format3);
            }
        } finally {
            auditLog(withPrincipal.build());
        }
    }
}
