package id.onyx.obdp.server.serveraction.kerberos;

import id.onyx.obdp.server.OBDPException;
import id.onyx.obdp.server.actionmanager.HostRoleStatus;
import id.onyx.obdp.server.agent.CommandReport;
import id.onyx.obdp.server.controller.KerberosHelper;
import id.onyx.obdp.server.controller.RootComponent;
import id.onyx.obdp.server.controller.RootService;
import id.onyx.obdp.server.controller.UpdateConfigurationPolicy;
import id.onyx.obdp.server.orm.DBAccessorImpl;
import id.onyx.obdp.server.serveraction.kerberos.KerberosServerAction;
import id.onyx.obdp.server.state.Cluster;
import id.onyx.obdp.server.state.ServiceComponentHost;
import id.onyx.obdp.server.state.kerberos.KerberosComponentDescriptor;
import id.onyx.obdp.server.state.kerberos.KerberosDescriptor;
import id.onyx.obdp.server.state.kerberos.KerberosIdentityDescriptor;
import id.onyx.obdp.server.state.kerberos.KerberosServiceDescriptor;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentMap;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:id/onyx/obdp/server/serveraction/kerberos/PrepareKerberosIdentitiesServerAction.class */
public class PrepareKerberosIdentitiesServerAction extends AbstractPrepareKerberosServerAction {
    private static final Logger LOG = LoggerFactory.getLogger(PrepareKerberosIdentitiesServerAction.class);

    @Override // id.onyx.obdp.server.serveraction.ServerAction
    public CommandReport execute(ConcurrentMap<String, Object> concurrentMap) throws OBDPException, InterruptedException {
        Cluster cluster = getCluster();
        if (cluster == null) {
            throw new OBDPException("Missing cluster object");
        }
        KerberosHelper kerberosHelper = getKerberosHelper();
        KerberosDescriptor kerberosDescriptor = getKerberosDescriptor(cluster, false);
        Map<String, String> commandParameters = getCommandParameters();
        KerberosServerAction.OperationType operationType = getOperationType(getCommandParameters());
        Map<String, Collection<String>> serviceComponentFilter = getServiceComponentFilter();
        Set<String> hostFilter = getHostFilter();
        Collection<String> identityFilter = getIdentityFilter();
        List<ServiceComponentHost> serviceComponentHostsToProcess = kerberosHelper.getServiceComponentHostsToProcess(cluster, kerberosDescriptor, operationType == KerberosServerAction.OperationType.DEFAULT ? serviceComponentFilter : null, hostFilter);
        String commandParameterValue = getCommandParameterValue(commandParameters, KerberosServerAction.DATA_DIRECTORY);
        HashMap hashMap = new HashMap();
        int size = serviceComponentHostsToProcess.size();
        if (size == 0) {
            this.actionLog.writeStdOut("There are no components to process");
        } else if (size == 1) {
            this.actionLog.writeStdOut(String.format("Processing %d component", Integer.valueOf(size)));
        } else {
            this.actionLog.writeStdOut(String.format("Processing %d components", Integer.valueOf(size)));
        }
        Set<String> keySet = cluster.getServices().keySet();
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = new HashMap();
        boolean equalsIgnoreCase = DBAccessorImpl.TRUE.equalsIgnoreCase(getCommandParameterValue(commandParameters, KerberosServerAction.INCLUDE_AMBARI_IDENTITY)) & (hostFilter == null);
        if (serviceComponentFilter != null) {
            equalsIgnoreCase &= serviceComponentFilter.get(RootService.OBDP.name()) != null && serviceComponentFilter.get(RootService.OBDP.name()).contains(RootComponent.OBDP_SERVER.name());
            if (operationType != KerberosServerAction.OperationType.DEFAULT) {
                identityFilter = updateIdentityFilter(kerberosDescriptor, identityFilter, serviceComponentFilter);
            }
        }
        Map<String, Map<String, String>> calculateConfigurations = kerberosHelper.calculateConfigurations(cluster, null, kerberosDescriptor, false, false, null);
        processServiceComponentHosts(cluster, kerberosDescriptor, serviceComponentHostsToProcess, identityFilter, commandParameterValue, calculateConfigurations, hashMap, equalsIgnoreCase, hashMap3);
        UpdateConfigurationPolicy updateConfigurationPolicy = getUpdateConfigurationPolicy(commandParameters);
        if (updateConfigurationPolicy != UpdateConfigurationPolicy.NONE) {
            if (updateConfigurationPolicy.invokeStackAdvisor()) {
                kerberosHelper.applyStackAdvisorUpdates(cluster, keySet, calculateConfigurations, hashMap, hashMap3, hashMap2, true);
            }
            Map<String, Map<String, String>> calculateConfigurations2 = kerberosHelper.calculateConfigurations(cluster, null, kerberosDescriptor, false, false, null);
            if (updateConfigurationPolicy.applyIdentityChanges()) {
                processAuthToLocalRules(cluster, calculateConfigurations2, kerberosDescriptor, serviceComponentHostsToProcess, hashMap, getDefaultRealm(commandParameters), false);
            }
            processConfigurationChanges(commandParameterValue, hashMap, hashMap2, kerberosDescriptor, updateConfigurationPolicy);
        }
        return createCommandReport(0, HostRoleStatus.COMPLETED, "{}", this.actionLog.getStdOut(), this.actionLog.getStdErr());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KerberosDescriptor getKerberosDescriptor(Cluster cluster, boolean z) throws OBDPException {
        return getKerberosHelper().getKerberosDescriptor(cluster, z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void processAuthToLocalRules(Cluster cluster, Map<String, Map<String, String>> map, KerberosDescriptor kerberosDescriptor, List<ServiceComponentHost> list, Map<String, Map<String, String>> map2, String str, boolean z) throws OBDPException {
        if (list.isEmpty()) {
            return;
        }
        this.actionLog.writeStdOut("Creating auth-to-local rules");
        HashMap hashMap = new HashMap();
        for (ServiceComponentHost serviceComponentHost : list) {
            Set<String> set = hashMap.get(serviceComponentHost.getServiceName());
            if (set == null) {
                set = new HashSet();
                hashMap.put(serviceComponentHost.getServiceName(), set);
            }
            set.add(serviceComponentHost.getServiceComponentName());
        }
        getKerberosHelper().setAuthToLocalRules(cluster, kerberosDescriptor, str, hashMap, map, map2, z);
    }

    private Collection<String> updateIdentityFilter(KerberosDescriptor kerberosDescriptor, Collection<String> collection, Map<String, ? extends Collection<String>> map) {
        HashSet hashSet = collection == null ? new HashSet() : new HashSet(collection);
        Map<String, KerberosServiceDescriptor> services = kerberosDescriptor.getServices();
        if (services != null) {
            for (KerberosServiceDescriptor kerberosServiceDescriptor : services.values()) {
                String name = kerberosServiceDescriptor.getName();
                if (map.containsKey("*") || map.containsKey(name)) {
                    Collection<String> collection2 = map.get(name);
                    boolean z = collection2 == null || collection2.contains("*");
                    if (z) {
                        addIdentitiesToFilter(kerberosServiceDescriptor.getIdentities(), hashSet, true);
                    }
                    Map<String, KerberosComponentDescriptor> components = kerberosServiceDescriptor.getComponents();
                    if (components != null) {
                        for (KerberosComponentDescriptor kerberosComponentDescriptor : components.values()) {
                            String name2 = kerberosComponentDescriptor.getName();
                            if (z || collection2.contains(name2)) {
                                addIdentitiesToFilter(kerberosComponentDescriptor.getIdentities(), hashSet, true);
                            }
                        }
                    }
                }
            }
        }
        return hashSet;
    }

    private void addIdentitiesToFilter(List<KerberosIdentityDescriptor> list, Collection<String> collection, boolean z) {
        if (CollectionUtils.isEmpty(list)) {
            return;
        }
        for (KerberosIdentityDescriptor kerberosIdentityDescriptor : list) {
            if (!z || !kerberosIdentityDescriptor.isReference()) {
                String path = kerberosIdentityDescriptor.getPath();
                if (!StringUtils.isEmpty(path)) {
                    collection.add(path);
                    addIdentitiesToFilter(kerberosIdentityDescriptor.findReferences(), collection, false);
                }
            }
        }
    }
}
