package id.onyx.obdp.server.serveraction.kerberos;

import com.google.common.util.concurrent.Striped;
import com.google.inject.Inject;
import id.onyx.obdp.server.OBDPException;
import id.onyx.obdp.server.actionmanager.HostRoleStatus;
import id.onyx.obdp.server.agent.CommandReport;
import id.onyx.obdp.server.audit.event.kerberos.CreateKeyTabKerberosAuditEvent;
import id.onyx.obdp.server.configuration.Configuration;
import id.onyx.obdp.server.controller.KerberosHelper;
import id.onyx.obdp.server.orm.dao.KerberosPrincipalDAO;
import id.onyx.obdp.server.orm.entities.KerberosPrincipalEntity;
import id.onyx.obdp.server.serveraction.ActionLog;
import id.onyx.obdp.server.serveraction.kerberos.KerberosServerAction;
import id.onyx.obdp.server.serveraction.kerberos.stageutils.KerberosKeytabController;
import id.onyx.obdp.server.serveraction.kerberos.stageutils.ResolvedKerberosKeytab;
import id.onyx.obdp.server.serveraction.kerberos.stageutils.ResolvedKerberosPrincipal;
import java.io.File;
import java.io.IOException;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.locks.Lock;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.directory.server.kerberos.shared.keytab.Keytab;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:id/onyx/obdp/server/serveraction/kerberos/CreateKeytabFilesServerAction.class */
public class CreateKeytabFilesServerAction extends KerberosServerAction {
    private static final Logger LOG = LoggerFactory.getLogger(CreateKeytabFilesServerAction.class);

    @Inject
    private KerberosPrincipalDAO kerberosPrincipalDAO;

    @Inject
    private Configuration configuration;

    @Inject
    private KerberosKeytabController kerberosKeytabController;
    private Striped<Lock> m_locksByKeytab = Striped.lazyWeakLock(25);
    Map<String, Set<String>> visitedIdentities = new ConcurrentHashMap();

    @Override // id.onyx.obdp.server.serveraction.ServerAction
    public CommandReport execute(ConcurrentMap<String, Object> concurrentMap) throws OBDPException, InterruptedException {
        return processIdentities(concurrentMap);
    }

    /* JADX WARN: Finally extract failed */
    @Override // id.onyx.obdp.server.serveraction.kerberos.KerberosServerAction
    protected CommandReport processIdentity(ResolvedKerberosPrincipal resolvedKerberosPrincipal, KerberosOperationHandler kerberosOperationHandler, Map<String, String> map, boolean z, Map<String, Object> map2) throws OBDPException {
        CreateKeyTabKerberosAuditEvent.CreateKeyTabKerberosAuditEventBuilder builder = CreateKeyTabKerberosAuditEvent.builder();
        builder.withTimestamp(Long.valueOf(System.currentTimeMillis()));
        builder.withRequestId(Long.valueOf(getHostRoleCommand() != null ? getHostRoleCommand().getRequestId() : -1L));
        builder.withTaskId(Long.valueOf(getHostRoleCommand() != null ? getHostRoleCommand().getTaskId() : -1L));
        CommandReport commandReport = null;
        String str = null;
        Set<ResolvedKerberosKeytab> fromPrincipalExceptServiceMapping = this.kerberosKeytabController.getFromPrincipalExceptServiceMapping(resolvedKerberosPrincipal);
        KerberosPrincipalEntity find = this.kerberosPrincipalDAO.find(resolvedKerberosPrincipal.getPrincipal());
        try {
            String dataDirectoryPath = getDataDirectoryPath();
            if (kerberosOperationHandler == null) {
                str = String.format("Failed to create keytab file for %s, missing KerberosOperationHandler", resolvedKerberosPrincipal.getPrincipal());
                this.actionLog.writeStdErr(str);
                LOG.error(str);
                commandReport = createCommandReport(1, HostRoleStatus.FAILED, "{}", this.actionLog.getStdOut(), this.actionLog.getStdErr());
            } else if (dataDirectoryPath == null) {
                str = "The data directory has not been set. Generated keytab files can not be stored.";
                LOG.error(str);
                commandReport = createCommandReport(1, HostRoleStatus.FAILED, "{}", this.actionLog.getStdOut(), this.actionLog.getStdErr());
            } else {
                Map<String, String> principalPasswordMap = getPrincipalPasswordMap(map2);
                Map<String, Integer> principalKeyNumberMap = getPrincipalKeyNumberMap(map2);
                for (ResolvedKerberosKeytab resolvedKerberosKeytab : fromPrincipalExceptServiceMapping) {
                    String hostName = resolvedKerberosPrincipal.getHostName();
                    String file = resolvedKerberosKeytab.getFile();
                    if (hostName != null && !hostName.isEmpty() && file != null && !file.isEmpty()) {
                        Lock lock = (Lock) this.m_locksByKeytab.get(file);
                        lock.lock();
                        try {
                            Set<String> set = this.visitedIdentities.get(resolvedKerberosPrincipal.getPrincipal());
                            String format = String.format("%s|%s", hostName, file);
                            if (set == null || !set.contains(format)) {
                                String str2 = principalPasswordMap.get(resolvedKerberosPrincipal.getPrincipal());
                                Integer num = principalKeyNumberMap.get(resolvedKerberosPrincipal.getPrincipal());
                                str = String.format("Creating keytab file for %s on host %s", resolvedKerberosPrincipal.getPrincipal(), hostName);
                                LOG.info(str);
                                this.actionLog.writeStdOut(str);
                                builder.withPrincipal(resolvedKerberosPrincipal.getPrincipal()).withHostName(hostName).withKeyTabFilePath(file);
                                File file2 = new File(dataDirectoryPath, hostName);
                                if (!file2.exists() && file2.mkdirs()) {
                                    ensureAmbariOnlyAccess(file2);
                                }
                                if (file2.exists()) {
                                    File file3 = new File(file2, DigestUtils.sha256Hex(file));
                                    boolean z2 = getOperationType(getCommandParameters()) == KerberosServerAction.OperationType.RECREATE_ALL;
                                    if (!z) {
                                        z2 = false;
                                    }
                                    String cachedKeytabPath = find == null ? null : find.getCachedKeytabPath();
                                    if (str2 != null) {
                                        Keytab createKeytab = createKeytab(resolvedKerberosPrincipal.getPrincipal(), find, str2, num, kerberosOperationHandler, set != null, true, this.actionLog);
                                        if (createKeytab != null) {
                                            try {
                                                if (kerberosOperationHandler.createKeytabFile(createKeytab, file3)) {
                                                    ensureAmbariOnlyAccess(file3);
                                                    str = String.format("Successfully created keytab file for %s at %s", resolvedKerberosPrincipal.getPrincipal(), file3.getAbsolutePath());
                                                    LOG.info(str);
                                                    builder.withPrincipal(resolvedKerberosPrincipal.getPrincipal()).withHostName(hostName).withKeyTabFilePath(file3.getAbsolutePath());
                                                } else {
                                                    str = String.format("Failed to create keytab file for %s at %s", resolvedKerberosPrincipal.getPrincipal(), file3.getAbsolutePath());
                                                    this.actionLog.writeStdErr(str);
                                                    LOG.error(str);
                                                    commandReport = createCommandReport(1, HostRoleStatus.FAILED, "{}", this.actionLog.getStdOut(), this.actionLog.getStdErr());
                                                }
                                            } catch (KerberosOperationException e) {
                                                str = String.format("Failed to create keytab file for %s - %s", resolvedKerberosPrincipal.getPrincipal(), e.getMessage());
                                                this.actionLog.writeStdErr(str);
                                                LOG.error(str, e);
                                                commandReport = createCommandReport(1, HostRoleStatus.FAILED, "{}", this.actionLog.getStdOut(), this.actionLog.getStdErr());
                                            }
                                        } else {
                                            commandReport = createCommandReport(1, HostRoleStatus.FAILED, "{}", this.actionLog.getStdOut(), this.actionLog.getStdErr());
                                        }
                                        if (set == null) {
                                            set = new HashSet();
                                            this.visitedIdentities.put(resolvedKerberosPrincipal.getPrincipal(), set);
                                        }
                                        set.add(format);
                                    } else if (!z2 && hostName.equalsIgnoreCase(KerberosHelper.AMBARI_SERVER_HOST_NAME)) {
                                        str = String.format("Skipping keytab file for %s, missing password indicates nothing to do", resolvedKerberosPrincipal.getPrincipal());
                                        LOG.info(str);
                                    } else if (cachedKeytabPath == null) {
                                        str = String.format("Failed to create keytab for %s, missing cached file", resolvedKerberosPrincipal.getPrincipal());
                                        this.actionLog.writeStdErr(str);
                                        LOG.error(str);
                                        commandReport = createCommandReport(1, HostRoleStatus.FAILED, "{}", this.actionLog.getStdOut(), this.actionLog.getStdErr());
                                    } else {
                                        try {
                                            kerberosOperationHandler.createKeytabFile(new File(cachedKeytabPath), file3);
                                        } catch (KerberosOperationException e2) {
                                            str = String.format("Failed to create keytab file for %s - %s", resolvedKerberosPrincipal.getPrincipal(), e2.getMessage());
                                            this.actionLog.writeStdErr(str);
                                            LOG.error(str, e2);
                                            commandReport = createCommandReport(1, HostRoleStatus.FAILED, "{}", this.actionLog.getStdOut(), this.actionLog.getStdErr());
                                        }
                                    }
                                } else {
                                    str = String.format("Failed to create keytab file for %s, the container directory does not exist: %s", resolvedKerberosPrincipal.getPrincipal(), file2.getAbsolutePath());
                                    this.actionLog.writeStdErr(str);
                                    LOG.error(str);
                                    commandReport = createCommandReport(1, HostRoleStatus.FAILED, "{}", this.actionLog.getStdOut(), this.actionLog.getStdErr());
                                }
                            } else {
                                LOG.debug("Skipping previously processed keytab for {} on host {}", resolvedKerberosPrincipal.getPrincipal(), hostName);
                            }
                            lock.unlock();
                        } catch (Throwable th) {
                            lock.unlock();
                            throw th;
                        }
                    }
                }
            }
            return commandReport;
        } finally {
            if (commandReport != null && HostRoleStatus.FAILED.toString().equals(commandReport.getStatus())) {
                builder.withReasonOfFailure(str == null ? "Unknown error" : str);
            }
            if (commandReport != null || builder.hasPrincipal()) {
                auditLog(builder.build());
            }
        }
    }

    public Keytab createKeytab(String str, KerberosPrincipalEntity kerberosPrincipalEntity, String str2, Integer num, KerberosOperationHandler kerberosOperationHandler, boolean z, boolean z2, ActionLog actionLog) throws OBDPException {
        LOG.debug("Creating keytab for {} with kvno {}", str, num);
        Keytab keytab = null;
        if (z) {
            String cachedKeytabPath = kerberosPrincipalEntity == null ? null : kerberosPrincipalEntity.getCachedKeytabPath();
            if (cachedKeytabPath != null) {
                try {
                    keytab = Keytab.read(new File(cachedKeytabPath));
                } catch (IOException e) {
                    LOG.warn("Failed to read the cached keytab for {}, recreating if possible - {}", str, e.getMessage());
                }
            }
        }
        if (keytab == null) {
            try {
                keytab = kerberosOperationHandler.createKeytab(str, str2, num);
                if (kerberosPrincipalEntity != null && z2) {
                    File cacheKeytab = cacheKeytab(str, keytab);
                    String cachedKeytabPath2 = kerberosPrincipalEntity.getCachedKeytabPath();
                    String absolutePath = cacheKeytab.exists() ? cacheKeytab.getAbsolutePath() : null;
                    if (cachedKeytabPath2 == null || !cachedKeytabPath2.equals(absolutePath)) {
                        kerberosPrincipalEntity.setCachedKeytabPath(absolutePath);
                        this.kerberosPrincipalDAO.merge(kerberosPrincipalEntity);
                    }
                    if (cachedKeytabPath2 != null && !new File(cachedKeytabPath2).delete()) {
                        LOG.debug("Failed to remove orphaned cache file {}", cachedKeytabPath2);
                    }
                }
            } catch (KerberosOperationException e2) {
                String format = String.format("Failed to create keytab file for %s - %s", str, e2.getMessage());
                if (actionLog != null) {
                    actionLog.writeStdErr(format);
                }
                LOG.error(format, e2);
            }
        }
        return keytab;
    }

    private File cacheKeytab(String str, Keytab keytab) throws OBDPException {
        File kerberosKeytabCacheDir = this.configuration.getKerberosKeytabCacheDir();
        if (kerberosKeytabCacheDir == null) {
            LOG.error("The Kerberos keytab cache directory is not configured in the Ambari properties");
            throw new OBDPException("The Kerberos keytab cache directory is not configured in the Ambari properties");
        }
        if (!kerberosKeytabCacheDir.exists() && kerberosKeytabCacheDir.mkdirs()) {
            ensureAmbariOnlyAccess(kerberosKeytabCacheDir);
            if (!kerberosKeytabCacheDir.exists()) {
                String format = String.format("Failed to create the keytab cache directory %s", kerberosKeytabCacheDir.getAbsolutePath());
                LOG.error(format);
                throw new OBDPException(format);
            }
        }
        File file = new File(kerberosKeytabCacheDir, DigestUtils.sha256Hex(str + String.valueOf(System.currentTimeMillis())));
        try {
            keytab.write(file);
            ensureAmbariOnlyAccess(file);
            return file;
        } catch (IOException e) {
            String format2 = String.format("Failed to write the keytab for %s to the cache location (%s)", str, file.getAbsolutePath());
            LOG.error(format2, e);
            throw new OBDPException(format2, e);
        }
    }

    protected void ensureAmbariOnlyAccess(File file) throws OBDPException {
        if (file.exists()) {
            if (!file.setReadable(false, false) || !file.setReadable(true, true)) {
                String format = String.format("Failed to set %s readable only by Ambari", file.getAbsolutePath());
                LOG.warn(format);
                throw new OBDPException(format);
            }
            if (!file.setWritable(false, false) || !file.setWritable(true, true)) {
                String format2 = String.format("Failed to set %s writable only by Ambari", file.getAbsolutePath());
                LOG.warn(format2);
                throw new OBDPException(format2);
            }
            if (!file.isDirectory()) {
                if (file.setExecutable(false, false)) {
                    return;
                }
                String format3 = String.format("Failed to set %s not executable", file.getAbsolutePath());
                LOG.warn(format3);
                throw new OBDPException(format3);
            }
            if (file.setExecutable(false, false) && file.setExecutable(true, true)) {
                return;
            }
            String format4 = String.format("Failed to set %s executable by Ambari", file.getAbsolutePath());
            LOG.warn(format4);
            throw new OBDPException(format4);
        }
    }
}
