package org.apache.ambari.server.credentialapi;

import java.io.IOException;
import java.util.ArrayList;
import org.apache.ambari.server.api.services.parsers.RequestBodyParser;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.conf.Configured;
import org.apache.hadoop.security.alias.CredentialProvider;
import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.apache.hadoop.security.alias.CredentialShell;
import org.apache.hadoop.util.Tool;
import org.apache.hadoop.util.ToolRunner;

/* loaded from: input_file:org/apache/ambari/server/credentialapi/CredentialUtil.class */
public class CredentialUtil extends Configured implements Tool {
    private static final String COMMANDS = "   [--help]\n   [create <alias> [-value credential] [-provider provider-path] [-f | -n]]\n   [delete <alias> [-f] [-provider provider-path]]\n   [list [-provider provider-path]]\n   [get <alias> [-provider provider-path]]\n";
    public static final String jceksPrefix = "jceks://file";
    public static final String localJceksPrefix = "localjceks://file";
    protected CredentialProvider provider;
    private String alias = null;
    private String value = null;
    private boolean overwrite = true;
    private boolean interactive = true;
    private Command command = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/ambari/server/credentialapi/CredentialUtil$Command.class */
    public abstract class Command {
        private Command() {
        }

        public boolean validate() {
            boolean z = true;
            if (CredentialUtil.this.alias == null || CredentialUtil.this.alias.isEmpty()) {
                System.out.println("There is no alias specified. Please provide themandatory <alias>. See the usage description with -help.");
                z = false;
            }
            if (CredentialUtil.this.provider == null) {
                System.out.println("There are no valid CredentialProviders configured.\nCredential will not be created.\nConsider using the -provider option to indicate the provider to use.");
                z = false;
            }
            return z;
        }

        public abstract String getUsage();

        public abstract int execute() throws Exception;
    }

    /* loaded from: input_file:org/apache/ambari/server/credentialapi/CredentialUtil$CreateCommand.class */
    private class CreateCommand extends Command {
        public static final String USAGE = "create <alias> [-value credential] [-provider provider-path] [-f | -n]";
        public static final String DESC = "The create subcommand creates a new credential or overwrites\nan existing credential for the name specified\nas the <alias> argument within the provider indicated through\nthe -provider argument. The command asks for confirmation to\noverwrite the existing credential unless the -f option is specified.\nSpecify -n to not overwrite if the credential exists.\nThe option specified last wins.";

        private CreateCommand() {
            super();
        }

        @Override // org.apache.ambari.server.credentialapi.CredentialUtil.Command
        public int execute() throws Exception {
            int i = 0;
            if (CredentialUtil.this.provider.getCredentialEntry(CredentialUtil.this.alias) != null) {
                if (CredentialUtil.this.interactive) {
                    CredentialUtil.this.overwrite = ToolRunner.confirmPrompt("You are about to OVERWRITE the credential " + CredentialUtil.this.alias + " from CredentialProvider " + CredentialUtil.this.provider + ". Continue? ");
                }
                if (!CredentialUtil.this.overwrite) {
                    return 0;
                }
                i = new DeleteCommand().execute();
            }
            if (i == 0) {
                i = createCredential();
            }
            return i;
        }

        @Override // org.apache.ambari.server.credentialapi.CredentialUtil.Command
        public String getUsage() {
            return "create <alias> [-value credential] [-provider provider-path] [-f | -n]:\n\nThe create subcommand creates a new credential or overwrites\nan existing credential for the name specified\nas the <alias> argument within the provider indicated through\nthe -provider argument. The command asks for confirmation to\noverwrite the existing credential unless the -f option is specified.\nSpecify -n to not overwrite if the credential exists.\nThe option specified last wins.";
        }

        private int createCredential() throws Exception {
            ArrayList arrayList = new ArrayList();
            arrayList.add("create");
            arrayList.add(CredentialUtil.this.alias);
            if (CredentialUtil.this.value != null) {
                arrayList.add("-value");
                arrayList.add(CredentialUtil.this.value);
            }
            return ToolRunner.run(CredentialUtil.this.getConf(), new CredentialShell(), (String[]) arrayList.toArray(new String[arrayList.size()]));
        }
    }

    /* loaded from: input_file:org/apache/ambari/server/credentialapi/CredentialUtil$DeleteCommand.class */
    private class DeleteCommand extends Command {
        public static final String USAGE = "delete <alias> [-f] [-provider provider-path]";
        public static final String DESC = "The delete subcommand deletes the credential specified\nas the <alias> argument from within the provider indicated\nthrough the -provider argument. The command asks for\nconfirmation unless the -f option is specified.";

        private DeleteCommand() {
            super();
        }

        @Override // org.apache.ambari.server.credentialapi.CredentialUtil.Command
        public int execute() throws Exception {
            ArrayList arrayList = new ArrayList();
            arrayList.add("delete");
            arrayList.add(CredentialUtil.this.alias);
            if (!CredentialUtil.this.interactive) {
                arrayList.add("-f");
            }
            return ToolRunner.run(CredentialUtil.this.getConf(), new CredentialShell(), (String[]) arrayList.toArray(new String[arrayList.size()]));
        }

        @Override // org.apache.ambari.server.credentialapi.CredentialUtil.Command
        public String getUsage() {
            return "delete <alias> [-f] [-provider provider-path]:\n\nThe delete subcommand deletes the credential specified\nas the <alias> argument from within the provider indicated\nthrough the -provider argument. The command asks for\nconfirmation unless the -f option is specified.";
        }
    }

    /* loaded from: input_file:org/apache/ambari/server/credentialapi/CredentialUtil$GetCommand.class */
    private class GetCommand extends Command {
        public static final String USAGE = "get <alias> [-provider provider-path]";
        public static final String DESC = "The get subcommand gets the credential for the specified alias\nfrom the provider specified through the -provider argument.\n";

        private GetCommand() {
            super();
        }

        @Override // org.apache.ambari.server.credentialapi.CredentialUtil.Command
        public int execute() throws IOException {
            int i = 0;
            try {
                String credential = getCredential();
                if (credential == null) {
                    i = 1;
                } else {
                    System.out.println(credential);
                }
                return i;
            } catch (IOException e) {
                System.out.println("Cannot get the credential for the specified alias.: " + e.getMessage());
                throw e;
            }
        }

        private String getCredential() throws IOException {
            char[] credential;
            String str = null;
            CredentialProvider.CredentialEntry credentialEntry = CredentialUtil.this.provider.getCredentialEntry(CredentialUtil.this.alias);
            if (credentialEntry != null && (credential = credentialEntry.getCredential()) != null) {
                str = String.valueOf(credential);
            }
            return str;
        }

        @Override // org.apache.ambari.server.credentialapi.CredentialUtil.Command
        public String getUsage() {
            return "get <alias> [-provider provider-path]:\n\nThe get subcommand gets the credential for the specified alias\nfrom the provider specified through the -provider argument.\n";
        }
    }

    /* loaded from: input_file:org/apache/ambari/server/credentialapi/CredentialUtil$ListCommand.class */
    private class ListCommand extends Command {
        public static final String USAGE = "list [-provider provider-path]";
        public static final String DESC = "The list subcommand displays the aliases contained within \na particular provider - as configured in core-site.xml or\n indicated through the -provider argument.";

        private ListCommand() {
            super();
        }

        @Override // org.apache.ambari.server.credentialapi.CredentialUtil.Command
        public int execute() throws Exception {
            ArrayList arrayList = new ArrayList();
            arrayList.add("list");
            return ToolRunner.run(CredentialUtil.this.getConf(), new CredentialShell(), (String[]) arrayList.toArray(new String[arrayList.size()]));
        }

        @Override // org.apache.ambari.server.credentialapi.CredentialUtil.Command
        public String getUsage() {
            return "list [-provider provider-path]:\n\nThe list subcommand displays the aliases contained within \na particular provider - as configured in core-site.xml or\n indicated through the -provider argument.";
        }
    }

    public static void main(String[] strArr) throws Exception {
        System.exit(ToolRunner.run(new Configuration(), new CredentialUtil(), strArr));
    }

    public int run(String[] strArr) throws Exception {
        int i = 1;
        int i2 = 0;
        while (i2 < strArr.length) {
            if (strArr[i2].equals("create")) {
                if (i2 == strArr.length - 1) {
                    return 1;
                }
                this.command = new CreateCommand();
                i2++;
                this.alias = strArr[i2];
                if (this.alias.equals("-h") || this.alias.equals("-help")) {
                    printUsage();
                    return 0;
                }
            } else if (strArr[i2].equals("get")) {
                if (i2 == strArr.length - 1) {
                    return 1;
                }
                this.command = new GetCommand();
                i2++;
                this.alias = strArr[i2];
                if (this.alias.equals("-h") || this.alias.equals("-help")) {
                    printUsage();
                    return 0;
                }
            } else if (strArr[i2].equals("delete")) {
                if (i2 == strArr.length - 1) {
                    printUsage();
                    return 1;
                }
                this.command = new DeleteCommand();
                i2++;
                this.alias = strArr[i2];
                if (this.alias.equals("-help")) {
                    printUsage();
                    return 0;
                }
            } else if (strArr[i2].equals("list")) {
                if (i2 < strArr.length - 1) {
                    this.alias = strArr[i2 + 1];
                }
                this.command = new ListCommand();
                if (this.alias.equals("-h") || this.alias.equals("-help")) {
                    printUsage();
                    return 0;
                }
                this.alias = "not required";
            } else if (strArr[i2].equals("-provider")) {
                if (i2 == strArr.length - 1) {
                    return 1;
                }
                i2++;
                getConf().set("hadoop.security.credential.provider.path", getNormalizedPath(strArr[i2]));
                this.provider = getCredentialProvider();
            } else if (strArr[i2].equals("-f") || strArr[i2].equals("-force")) {
                this.interactive = false;
                this.overwrite = true;
            } else if (strArr[i2].equals("-n")) {
                this.interactive = false;
                this.overwrite = false;
            } else {
                if (!strArr[i2].equals("-v") && !strArr[i2].equals("-value")) {
                    if (strArr[i2].equals("-h") || strArr[i2].equals("-help")) {
                        printUsage();
                        return 0;
                    }
                    printUsage();
                    ToolRunner.printGenericCommandUsage(System.err);
                    return 1;
                }
                i2++;
                this.value = strArr[i2];
            }
            i2++;
        }
        if (this.command == null) {
            printUsage();
        } else if (this.command.validate()) {
            i = this.command.execute();
        }
        return i;
    }

    protected void printUsage() {
        System.out.println(getUsagePrefix() + COMMANDS);
        if (this.command != null) {
            System.out.println(this.command.getUsage());
            return;
        }
        System.out.println("===============================================================");
        System.out.println("create <alias> [-value credential] [-provider provider-path] [-f | -n]:\n\nThe create subcommand creates a new credential or overwrites\nan existing credential for the name specified\nas the <alias> argument within the provider indicated through\nthe -provider argument. The command asks for confirmation to\noverwrite the existing credential unless the -f option is specified.\nSpecify -n to not overwrite if the credential exists.\nThe option specified last wins.");
        System.out.println("===============================================================");
        System.out.println("delete <alias> [-f] [-provider provider-path]:\n\nThe delete subcommand deletes the credential specified\nas the <alias> argument from within the provider indicated\nthrough the -provider argument. The command asks for\nconfirmation unless the -f option is specified.");
        System.out.println("===============================================================");
        System.out.println("list [-provider provider-path]:\n\nThe list subcommand displays the aliases contained within \na particular provider - as configured in core-site.xml or\n indicated through the -provider argument.");
        System.out.println("===============================================================");
        System.out.println("get <alias> [-provider provider-path]:\n\nThe get subcommand gets the credential for the specified alias\nfrom the provider specified through the -provider argument.\n");
    }

    protected String getUsagePrefix() {
        return "Usage: ";
    }

    private static String getNormalizedPath(String str) {
        if (str != null) {
            if (str.startsWith(RequestBodyParser.SLASH)) {
                str = str.substring(1);
            }
            String lowerCase = StringUtils.lowerCase(str.trim());
            if (!lowerCase.startsWith(StringUtils.lowerCase(jceksPrefix)) && !lowerCase.startsWith(localJceksPrefix)) {
                str = "jceks://file/" + str;
            }
        }
        return str;
    }

    private CredentialProvider getCredentialProvider() {
        CredentialProvider credentialProvider = null;
        try {
            credentialProvider = (CredentialProvider) CredentialProviderFactory.getProviders(getConf()).get(0);
        } catch (IOException e) {
            e.printStackTrace(System.err);
        }
        return credentialProvider;
    }
}
