package id.onyx.obdp.server.controller;

import com.google.common.base.Stopwatch;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import com.google.inject.Inject;
import com.google.inject.Injector;
import com.google.inject.Singleton;
import com.google.inject.persist.Transactional;
import id.onyx.obdp.server.OBDPException;
import id.onyx.obdp.server.Role;
import id.onyx.obdp.server.RoleCommand;
import id.onyx.obdp.server.ServiceNotFoundException;
import id.onyx.obdp.server.actionmanager.ActionManager;
import id.onyx.obdp.server.actionmanager.RequestFactory;
import id.onyx.obdp.server.actionmanager.Stage;
import id.onyx.obdp.server.actionmanager.StageFactory;
import id.onyx.obdp.server.api.services.OBDPMetaInfo;
import id.onyx.obdp.server.api.services.stackadvisor.StackAdvisorException;
import id.onyx.obdp.server.api.services.stackadvisor.StackAdvisorHelper;
import id.onyx.obdp.server.api.services.stackadvisor.StackAdvisorRequest;
import id.onyx.obdp.server.api.services.stackadvisor.recommendations.RecommendationResponse;
import id.onyx.obdp.server.configuration.Configuration;
import id.onyx.obdp.server.controller.AuthToLocalBuilder;
import id.onyx.obdp.server.controller.DeleteIdentityHandler;
import id.onyx.obdp.server.controller.KerberosHelper;
import id.onyx.obdp.server.controller.internal.PrivilegeResourceProvider;
import id.onyx.obdp.server.controller.internal.ProvisionClusterRequest;
import id.onyx.obdp.server.controller.internal.RequestResourceFilter;
import id.onyx.obdp.server.controller.internal.RequestStageContainer;
import id.onyx.obdp.server.controller.utilities.KerberosChecker;
import id.onyx.obdp.server.metadata.RoleCommandOrder;
import id.onyx.obdp.server.orm.DBAccessorImpl;
import id.onyx.obdp.server.orm.dao.ArtifactDAO;
import id.onyx.obdp.server.orm.dao.HostDAO;
import id.onyx.obdp.server.orm.dao.KerberosKeytabDAO;
import id.onyx.obdp.server.orm.dao.KerberosKeytabPrincipalDAO;
import id.onyx.obdp.server.orm.dao.KerberosPrincipalDAO;
import id.onyx.obdp.server.orm.entities.ArtifactEntity;
import id.onyx.obdp.server.orm.entities.KerberosKeytabEntity;
import id.onyx.obdp.server.orm.entities.KerberosKeytabPrincipalEntity;
import id.onyx.obdp.server.orm.entities.KerberosPrincipalEntity;
import id.onyx.obdp.server.security.credential.Credential;
import id.onyx.obdp.server.security.credential.PrincipalKeyCredential;
import id.onyx.obdp.server.security.encryption.CredentialStoreService;
import id.onyx.obdp.server.serveraction.ServerAction;
import id.onyx.obdp.server.serveraction.kerberos.CleanupServerAction;
import id.onyx.obdp.server.serveraction.kerberos.Component;
import id.onyx.obdp.server.serveraction.kerberos.ConfigureOBDPIdentitiesServerAction;
import id.onyx.obdp.server.serveraction.kerberos.CreateKeytabFilesServerAction;
import id.onyx.obdp.server.serveraction.kerberos.CreatePrincipalsServerAction;
import id.onyx.obdp.server.serveraction.kerberos.DestroyPrincipalsServerAction;
import id.onyx.obdp.server.serveraction.kerberos.FinalizeKerberosServerAction;
import id.onyx.obdp.server.serveraction.kerberos.KDCType;
import id.onyx.obdp.server.serveraction.kerberos.KerberosAdminAuthenticationException;
import id.onyx.obdp.server.serveraction.kerberos.KerberosIdentityDataFile;
import id.onyx.obdp.server.serveraction.kerberos.KerberosIdentityDataFileWriter;
import id.onyx.obdp.server.serveraction.kerberos.KerberosInvalidConfigurationException;
import id.onyx.obdp.server.serveraction.kerberos.KerberosKDCConnectionException;
import id.onyx.obdp.server.serveraction.kerberos.KerberosKDCSSLConnectionException;
import id.onyx.obdp.server.serveraction.kerberos.KerberosLDAPContainerException;
import id.onyx.obdp.server.serveraction.kerberos.KerberosMissingAdminCredentialsException;
import id.onyx.obdp.server.serveraction.kerberos.KerberosOperationException;
import id.onyx.obdp.server.serveraction.kerberos.KerberosOperationHandler;
import id.onyx.obdp.server.serveraction.kerberos.KerberosOperationHandlerFactory;
import id.onyx.obdp.server.serveraction.kerberos.KerberosRealmException;
import id.onyx.obdp.server.serveraction.kerberos.KerberosServerAction;
import id.onyx.obdp.server.serveraction.kerberos.PrepareDisableKerberosServerAction;
import id.onyx.obdp.server.serveraction.kerberos.PrepareEnableKerberosServerAction;
import id.onyx.obdp.server.serveraction.kerberos.PrepareKerberosIdentitiesServerAction;
import id.onyx.obdp.server.serveraction.kerberos.UpdateKerberosConfigsServerAction;
import id.onyx.obdp.server.serveraction.kerberos.stageutils.ResolvedKerberosKeytab;
import id.onyx.obdp.server.serveraction.kerberos.stageutils.ResolvedKerberosPrincipal;
import id.onyx.obdp.server.stack.ServiceDirectory;
import id.onyx.obdp.server.stageplanner.RoleGraph;
import id.onyx.obdp.server.stageplanner.RoleGraphFactory;
import id.onyx.obdp.server.state.Cluster;
import id.onyx.obdp.server.state.Clusters;
import id.onyx.obdp.server.state.ComponentInfo;
import id.onyx.obdp.server.state.Config;
import id.onyx.obdp.server.state.ConfigHelper;
import id.onyx.obdp.server.state.DesiredConfig;
import id.onyx.obdp.server.state.Host;
import id.onyx.obdp.server.state.HostState;
import id.onyx.obdp.server.state.PropertyInfo;
import id.onyx.obdp.server.state.SecurityType;
import id.onyx.obdp.server.state.Service;
import id.onyx.obdp.server.state.ServiceComponent;
import id.onyx.obdp.server.state.ServiceComponentHost;
import id.onyx.obdp.server.state.ServiceInfo;
import id.onyx.obdp.server.state.StackId;
import id.onyx.obdp.server.state.State;
import id.onyx.obdp.server.state.ValueAttributesInfo;
import id.onyx.obdp.server.state.kerberos.AbstractKerberosDescriptorContainer;
import id.onyx.obdp.server.state.kerberos.KerberosComponentDescriptor;
import id.onyx.obdp.server.state.kerberos.KerberosConfigurationDescriptor;
import id.onyx.obdp.server.state.kerberos.KerberosDescriptor;
import id.onyx.obdp.server.state.kerberos.KerberosDescriptorFactory;
import id.onyx.obdp.server.state.kerberos.KerberosIdentityDescriptor;
import id.onyx.obdp.server.state.kerberos.KerberosKeytabDescriptor;
import id.onyx.obdp.server.state.kerberos.KerberosPrincipalDescriptor;
import id.onyx.obdp.server.state.kerberos.KerberosPrincipalType;
import id.onyx.obdp.server.state.kerberos.KerberosServiceDescriptor;
import id.onyx.obdp.server.state.kerberos.VariableReplacementHelper;
import id.onyx.obdp.server.state.svccomphost.ServiceComponentHostServerActionEvent;
import id.onyx.obdp.server.utils.StageUtils;
import java.io.File;
import java.io.IOException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import javax.annotation.Nullable;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.directory.server.kerberos.shared.keytab.Keytab;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:id/onyx/obdp/server/controller/KerberosHelperImpl.class */
public class KerberosHelperImpl implements KerberosHelper {
    public static final String BASE_LOG_DIR = "/tmp/obdp";
    private static final Logger LOG = LoggerFactory.getLogger(KerberosHelperImpl.class);
    private static final Set<State> PREVIOUSLY_INSTALLED_STATES = EnumSet.of(State.INSTALLED, State.STARTED, State.DISABLED);
    public static final String CHECK_KEYTABS = "CHECK_KEYTABS";
    public static final String SET_KEYTAB = "SET_KEYTAB";
    public static final String REMOVE_KEYTAB = "REMOVE_KEYTAB";

    @Inject
    private OBDPCustomCommandExecutionHelper customCommandExecutionHelper;

    @Inject
    private OBDPManagementController ambariManagementController;

    @Inject
    private OBDPMetaInfo obdpMetaInfo;

    @Inject
    private ActionManager actionManager;

    @Inject
    private RequestFactory requestFactory;

    @Inject
    private StageFactory stageFactory;

    @Inject
    private RoleGraphFactory roleGraphFactory;

    @Inject
    private Clusters clusters;

    @Inject
    private ConfigHelper configHelper;

    @Inject
    private VariableReplacementHelper variableReplacementHelper;

    @Inject
    private Configuration configuration;

    @Inject
    private KerberosOperationHandlerFactory kerberosOperationHandlerFactory;

    @Inject
    private KerberosDescriptorFactory kerberosDescriptorFactory;

    @Inject
    private ArtifactDAO artifactDAO;

    @Inject
    private KerberosPrincipalDAO kerberosPrincipalDAO;

    @Inject
    private KerberosKeytabDAO kerberosKeytabDAO;

    @Inject
    private KerberosKeytabPrincipalDAO kerberosKeytabPrincipalDAO;

    @Inject
    private HostDAO hostDAO;

    @Inject
    private Injector injector;

    @Inject
    private CredentialStoreService credentialStoreService;

    @Inject
    private StackAdvisorHelper stackAdvisorHelper;

    /* loaded from: input_file:id/onyx/obdp/server/controller/KerberosHelperImpl$CreatePrincipalsAndKeytabsHandler.class */
    private class CreatePrincipalsAndKeytabsHandler extends Handler {
        private KerberosServerAction.OperationType operationType;
        private UpdateConfigurationPolicy updateConfigurationPolicy;
        private boolean forceAllHosts;
        private boolean includeAmbariIdentity;

        CreatePrincipalsAndKeytabsHandler(KerberosServerAction.OperationType operationType, UpdateConfigurationPolicy updateConfigurationPolicy, boolean z, boolean z2) {
            super();
            this.operationType = operationType;
            this.updateConfigurationPolicy = updateConfigurationPolicy;
            this.forceAllHosts = z;
            this.includeAmbariIdentity = z2;
        }

        @Override // id.onyx.obdp.server.controller.KerberosHelperImpl.Handler
        public long createStages(Cluster cluster, String str, String str2, ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent, RoleCommandOrder roleCommandOrder, KerberosDetails kerberosDetails, File file, RequestStageContainer requestStageContainer, List<ServiceComponentHost> list, Map<String, ? extends Collection<String>> map, Set<String> set, Collection<String> collection, Set<String> set2) throws OBDPException {
            if (requestStageContainer == null) {
                requestStageContainer = new RequestStageContainer(Long.valueOf(KerberosHelperImpl.this.actionManager.getNextRequestId()), null, KerberosHelperImpl.this.requestFactory, KerberosHelperImpl.this.actionManager);
            }
            boolean z = this.includeAmbariIdentity;
            HashMap hashMap = new HashMap();
            hashMap.put(KerberosServerAction.AUTHENTICATED_USER_NAME, KerberosHelperImpl.this.ambariManagementController.getAuthName());
            hashMap.put(KerberosServerAction.DEFAULT_REALM, kerberosDetails.getDefaultRealm());
            if (file != null) {
                hashMap.put(KerberosServerAction.DATA_DIRECTORY, file.getAbsolutePath());
            }
            if (map != null) {
                hashMap.put(KerberosServerAction.SERVICE_COMPONENT_FILTER, StageUtils.getGson().toJson(map));
                z = map.containsKey(RootService.OBDP.name()) && (map.get(RootService.OBDP.name()) == null || map.get(RootService.OBDP.name()).contains("*") || map.get("OBDP").contains(RootComponent.OBDP_SERVER.name()));
            }
            if (set != null) {
                hashMap.put(KerberosServerAction.HOST_FILTER, StageUtils.getGson().toJson(set));
                z = set.contains("*") || set.contains(StageUtils.getHostName());
            }
            if (collection != null) {
                hashMap.put(KerberosServerAction.IDENTITY_FILTER, StageUtils.getGson().toJson(collection));
            }
            hashMap.put("operation_type", this.operationType == null ? KerberosServerAction.OperationType.DEFAULT.name() : this.operationType.name());
            hashMap.put(KerberosServerAction.INCLUDE_AMBARI_IDENTITY, z ? DBAccessorImpl.TRUE : "false");
            if (this.updateConfigurationPolicy != UpdateConfigurationPolicy.NONE) {
                hashMap.put(KerberosServerAction.UPDATE_CONFIGURATION_NOTE, "Updated Kerberos-related configurations");
                hashMap.put(KerberosServerAction.UPDATE_CONFIGURATION_POLICY, this.updateConfigurationPolicy.name());
            }
            List<String> calculateHosts = KerberosHelperImpl.this.calculateHosts(cluster, list, set2, this.forceAllHosts);
            addPrepareKerberosIdentitiesStage(cluster, str, str2, serviceComponentHostServerActionEvent, hashMap, roleCommandOrder, requestStageContainer);
            if (kerberosDetails.manageIdentities()) {
                hashMap.put("kdc_type", kerberosDetails.getKdcType().name());
                if (this.operationType != KerberosServerAction.OperationType.RECREATE_ALL) {
                    addCheckMissingKeytabsStage(cluster, str, str2, hashMap, roleCommandOrder, requestStageContainer, calculateHosts);
                }
                addCreatePrincipalsStage(cluster, str, str2, serviceComponentHostServerActionEvent, hashMap, roleCommandOrder, requestStageContainer);
                addCreateKeytabFilesStage(cluster, str, str2, serviceComponentHostServerActionEvent, hashMap, roleCommandOrder, requestStageContainer);
                if (z && kerberosDetails.createAmbariPrincipal()) {
                    addConfigureAmbariIdentityStage(cluster, str, str2, serviceComponentHostServerActionEvent, hashMap, roleCommandOrder, requestStageContainer);
                }
                addDistributeKeytabFilesStage(cluster, str, str2, hashMap, roleCommandOrder, requestStageContainer, calculateHosts);
            }
            if (this.updateConfigurationPolicy != UpdateConfigurationPolicy.NONE) {
                addUpdateConfigurationsStage(cluster, str, str2, serviceComponentHostServerActionEvent, hashMap, roleCommandOrder, requestStageContainer);
            }
            return requestStageContainer.getLastStageId();
        }
    }

    /* loaded from: input_file:id/onyx/obdp/server/controller/KerberosHelperImpl$DeletePrincipalsAndKeytabsHandler.class */
    private class DeletePrincipalsAndKeytabsHandler extends Handler {
        private DeletePrincipalsAndKeytabsHandler() {
            super();
        }

        @Override // id.onyx.obdp.server.controller.KerberosHelperImpl.Handler
        public long createStages(Cluster cluster, String str, String str2, ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent, RoleCommandOrder roleCommandOrder, KerberosDetails kerberosDetails, File file, RequestStageContainer requestStageContainer, List<ServiceComponentHost> list, Map<String, ? extends Collection<String>> map, Set<String> set, Collection<String> collection, Set<String> set2) throws OBDPException {
            if (requestStageContainer == null) {
                requestStageContainer = new RequestStageContainer(Long.valueOf(KerberosHelperImpl.this.actionManager.getNextRequestId()), null, KerberosHelperImpl.this.requestFactory, KerberosHelperImpl.this.actionManager);
            }
            if (kerberosDetails.manageIdentities()) {
                HashMap hashMap = new HashMap();
                hashMap.put(KerberosServerAction.AUTHENTICATED_USER_NAME, KerberosHelperImpl.this.ambariManagementController.getAuthName());
                hashMap.put(KerberosServerAction.DEFAULT_REALM, kerberosDetails.getDefaultRealm());
                if (file != null) {
                    hashMap.put(KerberosServerAction.DATA_DIRECTORY, file.getAbsolutePath());
                }
                if (map != null) {
                    hashMap.put(KerberosServerAction.SERVICE_COMPONENT_FILTER, StageUtils.getGson().toJson(map));
                }
                if (set != null) {
                    hashMap.put(KerberosServerAction.HOST_FILTER, StageUtils.getGson().toJson(set));
                }
                if (collection != null) {
                    hashMap.put(KerberosServerAction.IDENTITY_FILTER, StageUtils.getGson().toJson(collection));
                }
                hashMap.put("kdc_type", kerberosDetails.getKdcType().name());
                hashMap.put(KerberosServerAction.UPDATE_CONFIGURATION_POLICY, UpdateConfigurationPolicy.ALL.name());
                addPrepareKerberosIdentitiesStage(cluster, str, str2, serviceComponentHostServerActionEvent, hashMap, roleCommandOrder, requestStageContainer);
                addDeleteKeytabFilesStage(cluster, list, str, str2, hashMap, roleCommandOrder, requestStageContainer, set2);
                addDestroyPrincipalsStage(cluster, str, str2, serviceComponentHostServerActionEvent, hashMap, roleCommandOrder, requestStageContainer);
                addCleanupStage(cluster, str, str2, serviceComponentHostServerActionEvent, hashMap, roleCommandOrder, requestStageContainer);
            }
            return requestStageContainer.getLastStageId();
        }
    }

    /* loaded from: input_file:id/onyx/obdp/server/controller/KerberosHelperImpl$DisableKerberosHandler.class */
    private class DisableKerberosHandler extends Handler {
        private DisableKerberosHandler() {
            super();
        }

        @Override // id.onyx.obdp.server.controller.KerberosHelperImpl.Handler
        public long createStages(Cluster cluster, String str, String str2, ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent, RoleCommandOrder roleCommandOrder, KerberosDetails kerberosDetails, File file, RequestStageContainer requestStageContainer, List<ServiceComponentHost> list, Map<String, ? extends Collection<String>> map, Set<String> set, Collection<String> collection, Set<String> set2) throws OBDPException {
            if (requestStageContainer == null) {
                requestStageContainer = new RequestStageContainer(Long.valueOf(KerberosHelperImpl.this.actionManager.getNextRequestId()), null, KerberosHelperImpl.this.requestFactory, KerberosHelperImpl.this.actionManager);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(KerberosServerAction.AUTHENTICATED_USER_NAME, KerberosHelperImpl.this.ambariManagementController.getAuthName());
            hashMap.put(KerberosServerAction.UPDATE_CONFIGURATION_NOTE, "Disabling Kerberos");
            hashMap.put(KerberosServerAction.UPDATE_CONFIGURATION_POLICY, UpdateConfigurationPolicy.ALL.name());
            hashMap.put(KerberosServerAction.DEFAULT_REALM, kerberosDetails.getDefaultRealm());
            if (file != null) {
                hashMap.put(KerberosServerAction.DATA_DIRECTORY, file.getAbsolutePath());
            }
            if (map != null) {
                hashMap.put(KerberosServerAction.SERVICE_COMPONENT_FILTER, StageUtils.getGson().toJson(map));
            }
            if (set != null) {
                hashMap.put(KerberosServerAction.HOST_FILTER, StageUtils.getGson().toJson(set));
            }
            if (collection != null) {
                hashMap.put(KerberosServerAction.IDENTITY_FILTER, StageUtils.getGson().toJson(collection));
            }
            addDisableSecurityHookStage(cluster, str, str2, hashMap, roleCommandOrder, requestStageContainer);
            addStopZookeeperStage(cluster, str, str2, hashMap, roleCommandOrder, requestStageContainer);
            addPrepareDisableKerberosOperationsStage(cluster, str, str2, serviceComponentHostServerActionEvent, hashMap, roleCommandOrder, requestStageContainer);
            addUpdateConfigurationsStage(cluster, str, str2, serviceComponentHostServerActionEvent, hashMap, roleCommandOrder, requestStageContainer);
            if (kerberosDetails.manageIdentities()) {
                hashMap.put("kdc_type", kerberosDetails.getKdcType().name());
                addDeleteKeytabFilesStage(cluster, list, str, str2, hashMap, roleCommandOrder, requestStageContainer, set2);
                addDestroyPrincipalsStage(cluster, str, str2, serviceComponentHostServerActionEvent, hashMap, roleCommandOrder, requestStageContainer);
            }
            addCleanupStage(cluster, str, str2, serviceComponentHostServerActionEvent, hashMap, roleCommandOrder, requestStageContainer);
            return requestStageContainer.getLastStageId();
        }
    }

    /* loaded from: input_file:id/onyx/obdp/server/controller/KerberosHelperImpl$EnableKerberosHandler.class */
    private class EnableKerberosHandler extends Handler {
        private EnableKerberosHandler() {
            super();
        }

        @Override // id.onyx.obdp.server.controller.KerberosHelperImpl.Handler
        public long createStages(Cluster cluster, String str, String str2, ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent, RoleCommandOrder roleCommandOrder, KerberosDetails kerberosDetails, File file, RequestStageContainer requestStageContainer, List<ServiceComponentHost> list, Map<String, ? extends Collection<String>> map, Set<String> set, Collection<String> collection, Set<String> set2) throws OBDPException {
            if (requestStageContainer == null) {
                requestStageContainer = new RequestStageContainer(Long.valueOf(KerberosHelperImpl.this.actionManager.getNextRequestId()), null, KerberosHelperImpl.this.requestFactory, KerberosHelperImpl.this.actionManager);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(KerberosServerAction.AUTHENTICATED_USER_NAME, KerberosHelperImpl.this.ambariManagementController.getAuthName());
            hashMap.put(KerberosServerAction.UPDATE_CONFIGURATION_NOTE, "Enabling Kerberos");
            hashMap.put(KerberosServerAction.UPDATE_CONFIGURATION_POLICY, UpdateConfigurationPolicy.ALL.name());
            hashMap.put(KerberosServerAction.DEFAULT_REALM, kerberosDetails.getDefaultRealm());
            hashMap.put(KerberosServerAction.INCLUDE_AMBARI_IDENTITY, kerberosDetails.createAmbariPrincipal() ? DBAccessorImpl.TRUE : "false");
            hashMap.put("preconfigure_services", kerberosDetails.getPreconfigureServices());
            if (file != null) {
                hashMap.put(KerberosServerAction.DATA_DIRECTORY, file.getAbsolutePath());
            }
            if (map != null) {
                hashMap.put(KerberosServerAction.SERVICE_COMPONENT_FILTER, StageUtils.getGson().toJson(map));
            }
            if (set != null) {
                hashMap.put(KerberosServerAction.HOST_FILTER, StageUtils.getGson().toJson(set));
            }
            if (collection != null) {
                hashMap.put(KerberosServerAction.IDENTITY_FILTER, StageUtils.getGson().toJson(collection));
            }
            addPrepareEnableKerberosOperationsStage(cluster, str, str2, serviceComponentHostServerActionEvent, hashMap, roleCommandOrder, requestStageContainer);
            if (kerberosDetails.manageIdentities()) {
                List<String> calculateHosts = KerberosHelperImpl.this.calculateHosts(cluster, list, set2, false);
                hashMap.put("kdc_type", kerberosDetails.getKdcType().name());
                addCreatePrincipalsStage(cluster, str, str2, serviceComponentHostServerActionEvent, hashMap, roleCommandOrder, requestStageContainer);
                addCreateKeytabFilesStage(cluster, str, str2, serviceComponentHostServerActionEvent, hashMap, roleCommandOrder, requestStageContainer);
                if (kerberosDetails.createAmbariPrincipal()) {
                    addConfigureAmbariIdentityStage(cluster, str, str2, serviceComponentHostServerActionEvent, hashMap, roleCommandOrder, requestStageContainer);
                }
                addDistributeKeytabFilesStage(cluster, str, str2, hashMap, roleCommandOrder, requestStageContainer, calculateHosts);
            }
            addUpdateConfigurationsStage(cluster, str, str2, serviceComponentHostServerActionEvent, hashMap, roleCommandOrder, requestStageContainer);
            return requestStageContainer.getLastStageId();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:id/onyx/obdp/server/controller/KerberosHelperImpl$Handler.class */
    public abstract class Handler {
        protected boolean retryAllowed = false;

        private Handler() {
        }

        void setRetryAllowed(boolean z) {
            this.retryAllowed = z;
        }

        abstract long createStages(Cluster cluster, String str, String str2, ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent, RoleCommandOrder roleCommandOrder, KerberosDetails kerberosDetails, File file, RequestStageContainer requestStageContainer, List<ServiceComponentHost> list, Map<String, ? extends Collection<String>> map, Set<String> set, Collection<String> collection, Set<String> set2) throws OBDPException;

        public void addPrepareEnableKerberosOperationsStage(Cluster cluster, String str, String str2, ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent, Map<String, String> map, RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer) throws OBDPException {
            Stage createServerActionStage = createServerActionStage(requestStageContainer.getLastStageId(), cluster, requestStageContainer.getId().longValue(), "Preparing Operations", "{}", str2, PrepareEnableKerberosServerAction.class, serviceComponentHostServerActionEvent, map, "Preparing Operations", KerberosHelperImpl.this.configuration.getDefaultServerTaskTimeout());
            RoleGraph createNew = KerberosHelperImpl.this.roleGraphFactory.createNew(roleCommandOrder);
            createNew.build(createServerActionStage);
            requestStageContainer.addStages(createNew.getStages());
        }

        public void addPrepareKerberosIdentitiesStage(Cluster cluster, String str, String str2, ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent, Map<String, String> map, RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer) throws OBDPException {
            Stage createServerActionStage = createServerActionStage(requestStageContainer.getLastStageId(), cluster, requestStageContainer.getId().longValue(), "Preparing Operations", "{}", str2, PrepareKerberosIdentitiesServerAction.class, serviceComponentHostServerActionEvent, map, "Preparing Operations", KerberosHelperImpl.this.configuration.getDefaultServerTaskTimeout());
            RoleGraph createNew = KerberosHelperImpl.this.roleGraphFactory.createNew(roleCommandOrder);
            createNew.build(createServerActionStage);
            requestStageContainer.addStages(createNew.getStages());
        }

        public void addPrepareDisableKerberosOperationsStage(Cluster cluster, String str, String str2, ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent, Map<String, String> map, RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer) throws OBDPException {
            Stage createServerActionStage = createServerActionStage(requestStageContainer.getLastStageId(), cluster, requestStageContainer.getId().longValue(), "Preparing Operations", "{}", str2, PrepareDisableKerberosServerAction.class, serviceComponentHostServerActionEvent, map, "Preparing Operations", KerberosHelperImpl.this.configuration.getDefaultServerTaskTimeout());
            RoleGraph createNew = KerberosHelperImpl.this.roleGraphFactory.createNew(roleCommandOrder);
            createNew.build(createServerActionStage);
            requestStageContainer.addStages(createNew.getStages());
        }

        public void addCreatePrincipalsStage(Cluster cluster, String str, String str2, ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent, Map<String, String> map, RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer) throws OBDPException {
            Stage createServerActionStage = createServerActionStage(requestStageContainer.getLastStageId(), cluster, requestStageContainer.getId().longValue(), "Create Principals", "{}", str2, CreatePrincipalsServerAction.class, serviceComponentHostServerActionEvent, map, "Create Principals", Integer.valueOf(Math.max(ServerAction.DEFAULT_LONG_RUNNING_TASK_TIMEOUT_SECONDS, KerberosHelperImpl.this.configuration.getDefaultServerTaskTimeout().intValue())));
            RoleGraph createNew = KerberosHelperImpl.this.roleGraphFactory.createNew(roleCommandOrder);
            createNew.build(createServerActionStage);
            requestStageContainer.addStages(createNew.getStages());
        }

        public void addDestroyPrincipalsStage(Cluster cluster, String str, String str2, ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent, Map<String, String> map, RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer) throws OBDPException {
            Stage createServerActionStage = createServerActionStage(requestStageContainer.getLastStageId(), cluster, requestStageContainer.getId().longValue(), "Destroy Principals", "{}", str2, DestroyPrincipalsServerAction.class, serviceComponentHostServerActionEvent, map, "Destroy Principals", Integer.valueOf(Math.max(ServerAction.DEFAULT_LONG_RUNNING_TASK_TIMEOUT_SECONDS, KerberosHelperImpl.this.configuration.getDefaultServerTaskTimeout().intValue())));
            RoleGraph createNew = KerberosHelperImpl.this.roleGraphFactory.createNew(roleCommandOrder);
            createNew.build(createServerActionStage);
            requestStageContainer.addStages(createNew.getStages());
        }

        public void addConfigureAmbariIdentityStage(Cluster cluster, String str, String str2, ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent, Map<String, String> map, RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer) throws OBDPException {
            Stage createServerActionStage = createServerActionStage(requestStageContainer.getLastStageId(), cluster, requestStageContainer.getId().longValue(), "Configure ONYX Big Data Platform Identity", "{}", str2, ConfigureOBDPIdentitiesServerAction.class, serviceComponentHostServerActionEvent, map, "Configure ONYX Big Data Platform Identity", KerberosHelperImpl.this.configuration.getDefaultServerTaskTimeout());
            RoleGraph createNew = KerberosHelperImpl.this.roleGraphFactory.createNew(roleCommandOrder);
            createNew.build(createServerActionStage);
            requestStageContainer.addStages(createNew.getStages());
        }

        public void addCreateKeytabFilesStage(Cluster cluster, String str, String str2, ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent, Map<String, String> map, RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer) throws OBDPException {
            Stage createServerActionStage = createServerActionStage(requestStageContainer.getLastStageId(), cluster, requestStageContainer.getId().longValue(), "Create Keytabs", "{}", str2, CreateKeytabFilesServerAction.class, serviceComponentHostServerActionEvent, map, "Create Keytabs", Integer.valueOf(Math.max(ServerAction.DEFAULT_LONG_RUNNING_TASK_TIMEOUT_SECONDS, KerberosHelperImpl.this.configuration.getDefaultServerTaskTimeout().intValue())));
            RoleGraph createNew = KerberosHelperImpl.this.roleGraphFactory.createNew(roleCommandOrder);
            createNew.build(createServerActionStage);
            requestStageContainer.addStages(createNew.getStages());
        }

        void addDistributeKeytabFilesStage(Cluster cluster, String str, String str2, Map<String, String> map, RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer, List<String> list) throws OBDPException {
            Stage createNewStage = KerberosHelperImpl.this.createNewStage(requestStageContainer.getLastStageId(), cluster, requestStageContainer.getId().longValue(), "Distribute Keytabs", StageUtils.getGson().toJson(map), str2);
            if (list.isEmpty()) {
                KerberosHelperImpl.LOG.warn("Skipping {} command. No suitable hosts found", KerberosHelperImpl.SET_KEYTAB);
            } else {
                HashMap hashMap = new HashMap();
                KerberosHelperImpl.this.customCommandExecutionHelper.addExecutionCommandsToStage(createActionExecutionContext(cluster.getClusterName(), KerberosHelperImpl.SET_KEYTAB, createRequestResourceFilters(list), hashMap, this.retryAllowed), createNewStage, hashMap, null);
            }
            RoleGraph createNew = KerberosHelperImpl.this.roleGraphFactory.createNew(roleCommandOrder);
            createNew.build(createNewStage);
            requestStageContainer.addStages(createNew.getStages());
        }

        void addCheckMissingKeytabsStage(Cluster cluster, String str, String str2, Map<String, String> map, RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer, List<String> list) throws OBDPException {
            Stage createNewStage = KerberosHelperImpl.this.createNewStage(requestStageContainer.getLastStageId(), cluster, requestStageContainer.getId().longValue(), "Checking keytabs", StageUtils.getGson().toJson(map), str2);
            if (!list.isEmpty()) {
                HashMap hashMap = new HashMap();
                KerberosHelperImpl.this.customCommandExecutionHelper.addExecutionCommandsToStage(createActionExecutionContext(cluster.getClusterName(), KerberosHelperImpl.CHECK_KEYTABS, createRequestResourceFilters(list), hashMap, this.retryAllowed), createNewStage, hashMap, null);
            }
            RoleGraph createNew = KerberosHelperImpl.this.roleGraphFactory.createNew(roleCommandOrder);
            createNew.build(createNewStage);
            requestStageContainer.addStages(createNew.getStages());
        }

        void addDisableSecurityHookStage(Cluster cluster, String str, String str2, Map<String, String> map, RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer) throws OBDPException {
            Stage createNewStage = KerberosHelperImpl.this.createNewStage(requestStageContainer.getLastStageId(), cluster, requestStageContainer.getId().longValue(), "Disable security", StageUtils.getGson().toJson(map), str2);
            addDisableSecurityCommandToAllServices(cluster, createNewStage);
            RoleGraph createNew = KerberosHelperImpl.this.roleGraphFactory.createNew(roleCommandOrder);
            createNew.build(createNewStage);
            requestStageContainer.addStages(createNew.getStages());
        }

        private void addDisableSecurityCommandToAllServices(Cluster cluster, Stage stage) throws OBDPException {
            for (Service service : cluster.getServices().values()) {
                for (ServiceComponent serviceComponent : service.getServiceComponents().values()) {
                    if (!serviceComponent.getServiceComponentHosts().isEmpty()) {
                        KerberosHelperImpl.this.customCommandExecutionHelper.addExecutionCommandsToStage(new ActionExecutionContext(cluster.getClusterName(), "DISABLE_SECURITY", Collections.singletonList(new RequestResourceFilter(service.getName(), serviceComponent.getName(), Collections.singletonList(serviceComponent.getServiceComponentHosts().keySet().iterator().next()))), Collections.emptyMap()), stage, Collections.emptyMap(), null);
                    }
                }
            }
        }

        void addStopZookeeperStage(Cluster cluster, String str, String str2, Map<String, String> map, RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer) throws OBDPException {
            try {
                Service service = cluster.getService("ZOOKEEPER");
                Stage createNewStage = KerberosHelperImpl.this.createNewStage(requestStageContainer.getLastStageId(), cluster, requestStageContainer.getId().longValue(), "Stopping ZooKeeper", StageUtils.getGson().toJson(map), str2);
                for (ServiceComponent serviceComponent : service.getServiceComponents().values()) {
                    KerberosHelperImpl.this.customCommandExecutionHelper.addExecutionCommandsToStage(new ActionExecutionContext(cluster.getClusterName(), "STOP", Collections.singletonList(new RequestResourceFilter(service.getName(), serviceComponent.getName(), new ArrayList(serviceComponent.getServiceComponentHosts().keySet()))), Collections.emptyMap()), createNewStage, Collections.emptyMap(), null);
                }
                RoleGraph createNew = KerberosHelperImpl.this.roleGraphFactory.createNew(roleCommandOrder);
                createNew.build(createNewStage);
                requestStageContainer.addStages(createNew.getStages());
            } catch (ServiceNotFoundException e) {
            }
        }

        public void addDeleteKeytabFilesStage(Cluster cluster, List<ServiceComponentHost> list, String str, String str2, Map<String, String> map, RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer, Set<String> set) throws OBDPException {
            Stage createNewStage = KerberosHelperImpl.this.createNewStage(requestStageContainer.getLastStageId(), cluster, requestStageContainer.getId().longValue(), "Delete Keytabs", StageUtils.getGson().toJson(map), str2);
            Collection<ServiceComponentHost> filterServiceComponentHostsForHosts = KerberosHelperImpl.this.filterServiceComponentHostsForHosts(new ArrayList(list), set);
            if (!filterServiceComponentHostsForHosts.isEmpty()) {
                List<String> createUniqueHostList = KerberosHelperImpl.this.createUniqueHostList(filterServiceComponentHostsForHosts, Collections.singleton(HostState.HEALTHY));
                if (!createUniqueHostList.isEmpty()) {
                    HashMap hashMap = new HashMap();
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(new RequestResourceFilter("KERBEROS", "KERBEROS_CLIENT", createUniqueHostList));
                    KerberosHelperImpl.this.customCommandExecutionHelper.addExecutionCommandsToStage(new ActionExecutionContext(cluster.getClusterName(), KerberosHelperImpl.REMOVE_KEYTAB, arrayList, hashMap), createNewStage, hashMap, null);
                }
            }
            RoleGraph createNew = KerberosHelperImpl.this.roleGraphFactory.createNew(roleCommandOrder);
            createNew.build(createNewStage);
            requestStageContainer.addStages(createNew.getStages());
        }

        public void addUpdateConfigurationsStage(Cluster cluster, String str, String str2, ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent, Map<String, String> map, RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer) throws OBDPException {
            Stage createServerActionStage = createServerActionStage(requestStageContainer.getLastStageId(), cluster, requestStageContainer.getId().longValue(), "Update Configurations", "{}", str2, UpdateKerberosConfigsServerAction.class, serviceComponentHostServerActionEvent, map, "Update Service Configurations", KerberosHelperImpl.this.configuration.getDefaultServerTaskTimeout());
            RoleGraph createNew = KerberosHelperImpl.this.roleGraphFactory.createNew(roleCommandOrder);
            createNew.build(createServerActionStage);
            requestStageContainer.addStages(createNew.getStages());
        }

        public void addFinalizeOperationStage(Cluster cluster, String str, String str2, ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent, File file, RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer, KerberosDetails kerberosDetails) throws OBDPException {
            HashMap hashMap = new HashMap();
            hashMap.put(KerberosServerAction.DEFAULT_REALM, kerberosDetails.getDefaultRealm());
            hashMap.put("kdc_type", kerberosDetails.getKdcType().name());
            hashMap.put(KerberosServerAction.AUTHENTICATED_USER_NAME, KerberosHelperImpl.this.ambariManagementController.getAuthName());
            if (file != null) {
                hashMap.put(KerberosServerAction.DATA_DIRECTORY, file.getAbsolutePath());
            }
            Stage createServerActionStage = createServerActionStage(requestStageContainer.getLastStageId(), cluster, requestStageContainer.getId().longValue(), "Finalize Operations", "{}", str2, FinalizeKerberosServerAction.class, serviceComponentHostServerActionEvent, hashMap, "Finalize Operations", Integer.valueOf(KerberosHelperImpl.this.configuration.getKerberosServerActionFinalizeTimeout()));
            RoleGraph createNew = KerberosHelperImpl.this.roleGraphFactory.createNew(roleCommandOrder);
            createNew.build(createServerActionStage);
            requestStageContainer.addStages(createNew.getStages());
        }

        public void addCleanupStage(Cluster cluster, String str, String str2, ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent, Map<String, String> map, RoleCommandOrder roleCommandOrder, RequestStageContainer requestStageContainer) throws OBDPException {
            Stage createServerActionStage = createServerActionStage(requestStageContainer.getLastStageId(), cluster, requestStageContainer.getId().longValue(), "Kerberization Clean Up", "{}", str2, CleanupServerAction.class, serviceComponentHostServerActionEvent, map, "Kerberization Clean Up", KerberosHelperImpl.this.configuration.getDefaultServerTaskTimeout());
            RoleGraph createNew = KerberosHelperImpl.this.roleGraphFactory.createNew(roleCommandOrder);
            createNew.build(createServerActionStage);
            requestStageContainer.addStages(createNew.getStages());
        }

        private List<RequestResourceFilter> createRequestResourceFilters(List<String> list) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new RequestResourceFilter(Service.Type.KERBEROS.name(), Role.KERBEROS_CLIENT.name(), list));
            return arrayList;
        }

        private Stage createServerActionStage(long j, Cluster cluster, long j2, String str, String str2, String str3, Class<? extends ServerAction> cls, ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent, Map<String, String> map, String str4, Integer num) throws OBDPException {
            Stage createNewStage = KerberosHelperImpl.this.createNewStage(j, cluster, j2, str, str2, str3);
            createNewStage.addServerActionCommand(cls.getName(), null, Role.AMBARI_SERVER_ACTION, RoleCommand.EXECUTE, cluster.getClusterName(), serviceComponentHostServerActionEvent, map, str4, KerberosHelperImpl.this.ambariManagementController.findConfigurationTagsWithOverrides(cluster, null, null), num, this.retryAllowed, false);
            return createNewStage;
        }

        private ActionExecutionContext createActionExecutionContext(String str, String str2, List<RequestResourceFilter> list, Map<String, String> map, boolean z) {
            ActionExecutionContext actionExecutionContext = new ActionExecutionContext(str, str2, list, map);
            actionExecutionContext.setRetryAllowed(z);
            return actionExecutionContext;
        }
    }

    /* loaded from: input_file:id/onyx/obdp/server/controller/KerberosHelperImpl$SupportedCustomOperation.class */
    public enum SupportedCustomOperation {
        REGENERATE_KEYTABS
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public RequestStageContainer toggleKerberos(Cluster cluster, SecurityType securityType, RequestStageContainer requestStageContainer, Boolean bool) throws OBDPException, KerberosOperationException {
        RequestStageContainer handle;
        KerberosDetails kerberosDetails = getKerberosDetails(cluster, bool);
        kerberosDetails.setSecurityType(securityType);
        if (securityType == SecurityType.KERBEROS) {
            LOG.info("Configuring Kerberos for realm {} on cluster, {}", kerberosDetails.getDefaultRealm(), cluster.getClusterName());
            handle = handle(cluster, kerberosDetails, null, null, null, null, requestStageContainer, new EnableKerberosHandler());
        } else {
            if (securityType != SecurityType.NONE) {
                throw new OBDPException(String.format("Unexpected security type value: %s", securityType.name()));
            }
            LOG.info("Disabling Kerberos from cluster, {}", cluster.getClusterName());
            handle = handle(cluster, kerberosDetails, null, null, null, null, requestStageContainer, new DisableKerberosHandler());
        }
        return handle;
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public RequestStageContainer executeCustomOperations(Cluster cluster, Map<String, String> map, RequestStageContainer requestStageContainer, Boolean bool) throws OBDPException, KerberosOperationException {
        KerberosServerAction.OperationType operationType;
        if (map != null) {
            for (SupportedCustomOperation supportedCustomOperation : SupportedCustomOperation.values()) {
                if (map.containsKey(supportedCustomOperation.name().toLowerCase())) {
                    String str = map.get(supportedCustomOperation.name().toLowerCase());
                    switch (supportedCustomOperation) {
                        case REGENERATE_KEYTABS:
                            if (cluster.getSecurityType() != SecurityType.KERBEROS) {
                                throw new OBDPException(String.format("Custom operation %s can only be requested with the security type cluster property: %s", supportedCustomOperation.name(), SecurityType.KERBEROS.name()));
                            }
                            if (DBAccessorImpl.TRUE.equalsIgnoreCase(str) || "all".equalsIgnoreCase(str)) {
                                operationType = KerberosServerAction.OperationType.RECREATE_ALL;
                            } else {
                                if (!"missing".equalsIgnoreCase(str)) {
                                    throw new OBDPException(String.format("Unexpected directive value: %s", str));
                                }
                                operationType = KerberosServerAction.OperationType.CREATE_MISSING;
                            }
                            boolean parseBoolean = map.containsKey(KerberosHelper.ALLOW_RETRY) ? Boolean.parseBoolean(map.get(KerberosHelper.ALLOW_RETRY)) : false;
                            Set<String> parseHostFilter = parseHostFilter(map);
                            Map<String, Set<String>> parseComponentFilter = parseComponentFilter(map);
                            UpdateConfigurationPolicy updateConfigurationPolicy = UpdateConfigurationPolicy.ALL;
                            if (map.containsKey(KerberosHelper.DIRECTIVE_CONFIG_UPDATE_POLICY)) {
                                String str2 = map.get(KerberosHelper.DIRECTIVE_CONFIG_UPDATE_POLICY);
                                updateConfigurationPolicy = UpdateConfigurationPolicy.translate(str2);
                                if (updateConfigurationPolicy == null) {
                                    throw new OBDPException(String.format("Unexpected comfiguration policy value: %s", str2));
                                }
                            } else if (map.containsKey(KerberosHelper.DIRECTIVE_IGNORE_CONFIGS) && DBAccessorImpl.TRUE.equalsIgnoreCase(map.get(KerberosHelper.DIRECTIVE_IGNORE_CONFIGS))) {
                                updateConfigurationPolicy = UpdateConfigurationPolicy.NEW_AND_IDENTITIES;
                            }
                            CreatePrincipalsAndKeytabsHandler createPrincipalsAndKeytabsHandler = new CreatePrincipalsAndKeytabsHandler(operationType, updateConfigurationPolicy, parseHostFilter == null || parseHostFilter.contains("*"), true);
                            createPrincipalsAndKeytabsHandler.setRetryAllowed(parseBoolean);
                            requestStageContainer = handle(cluster, getKerberosDetails(cluster, bool), parseComponentFilter, parseHostFilter, null, null, requestStageContainer, createPrincipalsAndKeytabsHandler);
                            break;
                        default:
                            throw new OBDPException(String.format("Custom operation not supported: %s", supportedCustomOperation.name()));
                    }
                }
            }
        }
        return requestStageContainer;
    }

    public static Set<String> parseHostFilter(Map<String, String> map) {
        if (map.containsKey(KerberosHelper.DIRECTIVE_HOSTS)) {
            return ImmutableSet.copyOf(map.get(KerberosHelper.DIRECTIVE_HOSTS).split(","));
        }
        return null;
    }

    public static Map<String, Set<String>> parseComponentFilter(Map<String, String> map) {
        if (!map.containsKey(KerberosHelper.DIRECTIVE_COMPONENTS)) {
            return null;
        }
        ImmutableMap.Builder builder = ImmutableMap.builder();
        for (String str : map.get(KerberosHelper.DIRECTIVE_COMPONENTS).split(",")) {
            String[] split = str.split(":");
            String str2 = split[0];
            if (split.length == 2) {
                builder.put(str2, ImmutableSet.copyOf(split[1].split(";")));
            } else {
                builder.put(str2, ImmutableSet.of("*"));
            }
        }
        return builder.build();
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public RequestStageContainer ensureIdentities(Cluster cluster, Map<String, ? extends Collection<String>> map, Set<String> set, Collection<String> collection, Set<String> set2, RequestStageContainer requestStageContainer, Boolean bool) throws OBDPException, KerberosOperationException {
        return handle(cluster, getKerberosDetails(cluster, bool), map, set, collection, set2, requestStageContainer, new CreatePrincipalsAndKeytabsHandler(KerberosServerAction.OperationType.DEFAULT, UpdateConfigurationPolicy.NONE, false, false));
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public RequestStageContainer deleteIdentities(Cluster cluster, Map<String, ? extends Collection<String>> map, Set<String> set, Collection<String> collection, RequestStageContainer requestStageContainer, Boolean bool) throws OBDPException, KerberosOperationException {
        return handle(cluster, getKerberosDetails(cluster, bool), map, set, collection, null, requestStageContainer, new DeletePrincipalsAndKeytabsHandler());
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public void deleteIdentities(Cluster cluster, List<Component> list, Set<String> set) throws OBDPException, KerberosOperationException {
        LOG.info("Deleting identities: ", set);
        KerberosDetails kerberosDetails = getKerberosDetails(cluster, null);
        validateKDCCredentials(kerberosDetails, cluster);
        File createTemporaryDirectory = createTemporaryDirectory();
        RoleCommandOrder roleCommandOrder = this.ambariManagementController.getRoleCommandOrder(cluster);
        DeleteIdentityHandler deleteIdentityHandler = new DeleteIdentityHandler(this.customCommandExecutionHelper, this.configuration.getDefaultServerTaskTimeout(), this.stageFactory, this.ambariManagementController);
        DeleteIdentityHandler.CommandParams commandParams = new DeleteIdentityHandler.CommandParams(list, set, this.ambariManagementController.getAuthName(), createTemporaryDirectory, kerberosDetails.getDefaultRealm(), kerberosDetails.getKdcType());
        OrderedRequestStageContainer orderedRequestStageContainer = new OrderedRequestStageContainer(this.roleGraphFactory, roleCommandOrder, new RequestStageContainer(Long.valueOf(this.actionManager.getNextRequestId()), null, this.requestFactory, this.actionManager));
        deleteIdentityHandler.addDeleteIdentityStages(cluster, orderedRequestStageContainer, commandParams, kerberosDetails.manageIdentities());
        orderedRequestStageContainer.getRequestStageContainer().persist();
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public void configureServices(Cluster cluster, Map<String, Collection<String>> map) throws OBDPException, KerberosInvalidConfigurationException {
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        getServiceComponentHosts(cluster, serviceComponentHost -> {
            if (serviceComponentHost == null) {
                return false;
            }
            String serviceName = serviceComponentHost.getServiceName();
            ((Set) hashMap.computeIfAbsent(serviceName, str -> {
                return new HashSet();
            })).add(serviceComponentHost.getServiceComponentName());
            if (!hashSet.contains(serviceName) && PREVIOUSLY_INSTALLED_STATES.contains(serviceComponentHost.getState())) {
                hashSet.add(serviceName);
            }
            return true;
        });
        for (Map.Entry<String, Map<String, String>> entry : getServiceConfigurationUpdates(cluster, this.configHelper.calculateExistingConfigurations(this.ambariManagementController, cluster, null, null), hashMap, map, hashSet, true, true).entrySet()) {
            this.configHelper.updateConfigType(cluster, cluster.getDesiredStackVersion(), this.ambariManagementController, entry.getKey(), entry.getValue(), null, this.ambariManagementController.getAuthName(), "Enabling Kerberos for added components");
        }
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public Map<String, Map<String, String>> getServiceConfigurationUpdates(Cluster cluster, Map<String, Map<String, String>> map, Map<String, Set<String>> map2, Map<String, Collection<String>> map3, Set<String> set, boolean z, boolean z2) throws KerberosInvalidConfigurationException, OBDPException {
        HashMap hashMap = new HashMap();
        KerberosDetails kerberosDetails = getKerberosDetails(cluster, null);
        KerberosDescriptor kerberosDescriptor = getKerberosDescriptor(cluster, false);
        Map<String, Map<String, String>> addAdditionalConfigurations = addAdditionalConfigurations(cluster, deepCopy(map), null, kerberosDescriptor.getProperties(), null);
        HashMap hashMap2 = new HashMap();
        if (createAmbariIdentities(map.get(KerberosHelper.KERBEROS_ENV))) {
            map2 = new HashMap(map2);
            map2.put(RootService.OBDP.name(), Collections.singleton(RootComponent.OBDP_SERVER.name()));
        }
        HashMap hashMap3 = new HashMap();
        hashMap3.put("configurations", addAdditionalConfigurations);
        hashMap3.put(ServiceDirectory.SERVICES_FOLDER_NAME, map2.keySet());
        for (Map.Entry<String, Set<String>> entry : map2.entrySet()) {
            String key = entry.getKey();
            if (map3 == null || map3.containsKey(key)) {
                Collection<String> collection = map3 == null ? null : map3.get(key);
                Set<String> value = entry.getValue();
                KerberosServiceDescriptor service = kerberosDescriptor.getService(key);
                if (service != null && value != null) {
                    boolean z3 = set != null && set.contains(key);
                    for (String str : value) {
                        if (collection == null || collection.contains(str)) {
                            KerberosComponentDescriptor component = service.getComponent(str);
                            if (component != null) {
                                processIdentityConfigurations(getIdentityConfigurations(service.getIdentities(true, hashMap3)), hashMap, addAdditionalConfigurations, hashMap2);
                                processIdentityConfigurations(getIdentityConfigurations(component.getIdentities(true, hashMap3)), hashMap, addAdditionalConfigurations, hashMap2);
                                mergeConfigurations(hashMap, component.getConfigurations(!z3), addAdditionalConfigurations, (Set<String>) null);
                            }
                        }
                    }
                }
            }
        }
        setAuthToLocalRules(cluster, kerberosDescriptor, kerberosDetails.getDefaultRealm(), map2, addAdditionalConfigurations, hashMap, false);
        return z2 ? applyStackAdvisorUpdates(cluster, map2.keySet(), addAdditionalConfigurations, hashMap, hashMap2, new HashMap(), z) : hashMap;
    }

    private void applyStackAdvisorHostRecommendations(Cluster cluster, Set<String> set, Set<String> set2, Map<String, Map<String, String>> map) throws OBDPException {
        RecommendationResponse.BindingHostGroup bindingHostGroup;
        Set<Map<String, String>> hosts;
        Set<RecommendationResponse.BindingHostGroup> hostGroups;
        StackId currentStackVersion = cluster.getCurrentStackVersion();
        ArrayList arrayList = new ArrayList();
        Collection<Host> hosts2 = cluster.getHosts();
        if (hosts2 != null) {
            Iterator<Host> it = hosts2.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getHostName());
            }
        }
        try {
            RecommendationResponse recommend = this.stackAdvisorHelper.recommend(StackAdvisorRequest.StackAdvisorRequestBuilder.forStack(currentStackVersion.getStackName(), currentStackVersion.getStackVersion()).forServices(set).forHosts(arrayList).withComponentHostsMap(cluster.getServiceComponentHostMap(null, set)).ofType(StackAdvisorRequest.StackAdvisorRequestType.HOST_GROUPS).build());
            RecommendationResponse.Recommendation recommendations = recommend == null ? null : recommend.getRecommendations();
            RecommendationResponse.Blueprint blueprint = recommendations == null ? null : recommendations.getBlueprint();
            Set<RecommendationResponse.HostGroup> hostGroups2 = blueprint == null ? null : blueprint.getHostGroups();
            if (hostGroups2 != null) {
                RecommendationResponse.BlueprintClusterBinding blueprintClusterBinding = recommendations.getBlueprintClusterBinding();
                HashMap hashMap = new HashMap();
                if (blueprintClusterBinding != null && (hostGroups = blueprintClusterBinding.getHostGroups()) != null) {
                    for (RecommendationResponse.BindingHostGroup bindingHostGroup2 : hostGroups) {
                        hashMap.put(bindingHostGroup2.getName(), bindingHostGroup2);
                    }
                }
                Map<String, String> computeIfAbsent = map.computeIfAbsent(KerberosHelper.CLUSTER_HOST_INFO, str -> {
                    return new HashMap();
                });
                for (RecommendationResponse.HostGroup hostGroup : hostGroups2) {
                    Set<Map<String, String>> components = hostGroup.getComponents();
                    if (components != null && (bindingHostGroup = (RecommendationResponse.BindingHostGroup) hashMap.get(hostGroup.getName())) != null && (hosts = bindingHostGroup.getHosts()) != null) {
                        Iterator<Map<String, String>> it2 = components.iterator();
                        while (it2.hasNext()) {
                            String str2 = it2.next().get("name");
                            if (set2 == null || set2.contains(str2)) {
                                String clusterHostInfoKey = StageUtils.getClusterHostInfoKey(str2);
                                TreeSet treeSet = new TreeSet();
                                if (!StringUtils.isEmpty(computeIfAbsent.get(clusterHostInfoKey))) {
                                    treeSet.addAll(Arrays.asList(computeIfAbsent.get(clusterHostInfoKey).split(",")));
                                }
                                Iterator<Map<String, String>> it3 = hosts.iterator();
                                while (it3.hasNext()) {
                                    String str3 = it3.next().get(ProvisionClusterRequest.HOSTGROUP_HOST_FQDN_PROPERTY);
                                    if (!StringUtils.isEmpty(str3)) {
                                        treeSet.add(str3);
                                    }
                                }
                                computeIfAbsent.put(clusterHostInfoKey, StringUtils.join(treeSet, ','));
                            }
                        }
                    }
                }
            }
        } catch (StackAdvisorException e) {
            LOG.error("Failed to obtain the recommended host groups for the preconfigured components.", e);
            throw new OBDPException(e.getMessage(), e);
        }
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public Map<String, Map<String, String>> applyStackAdvisorUpdates(Cluster cluster, Set<String> set, Map<String, Map<String, String>> map, Map<String, Map<String, String>> map2, Map<String, Set<String>> map3, Map<String, Set<String>> map4, boolean z) throws OBDPException {
        ArrayList arrayList = new ArrayList();
        Collection<Host> hosts = cluster.getHosts();
        if (hosts != null) {
            Iterator<Host> it = hosts.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getHostName());
            }
        }
        if (!arrayList.isEmpty()) {
            HashMap hashMap = new HashMap();
            if (map != null) {
                for (Map.Entry<String, Map<String, String>> entry : map.entrySet()) {
                    HashMap hashMap2 = new HashMap();
                    String key = entry.getKey();
                    Map<String, String> value = entry.getValue();
                    if (value == null) {
                        value = Collections.emptyMap();
                    }
                    if ("cluster-env".equals(key)) {
                        value = new HashMap(value);
                        value.put(KerberosHelper.SECURITY_ENABLED_PROPERTY_NAME, z ? DBAccessorImpl.TRUE : "false");
                    }
                    hashMap2.put("properties", value);
                    hashMap.put(key, hashMap2);
                }
            }
            for (Map.Entry<String, Map<String, String>> entry2 : map2.entrySet()) {
                String key2 = entry2.getKey();
                Map<String, String> value2 = entry2.getValue();
                if (value2 != null && !value2.isEmpty()) {
                    Map map5 = (Map) hashMap.get(key2);
                    if (map5 == null) {
                        map5 = new HashMap();
                        hashMap.put(key2, map5);
                    }
                    Map map6 = (Map) map5.get("properties");
                    HashMap hashMap3 = map6 == null ? new HashMap() : new HashMap(map6);
                    hashMap3.putAll(value2);
                    map5.put("properties", hashMap3);
                }
            }
            HashSet hashSet = new HashSet();
            Map<String, Service> services = cluster.getServices();
            Iterator<String> it2 = set.iterator();
            while (it2.hasNext()) {
                Service service = services.get(it2.next());
                if (service != null) {
                    StackId desiredStackId = service.getDesiredStackId();
                    if (hashSet.contains(desiredStackId)) {
                        continue;
                    } else {
                        try {
                            RecommendationResponse recommend = this.stackAdvisorHelper.recommend(StackAdvisorRequest.StackAdvisorRequestBuilder.forStack(desiredStackId.getStackName(), desiredStackId.getStackVersion()).forServices(set).forHosts(arrayList).withComponentHostsMap(cluster.getServiceComponentHostMap(null, set)).withConfigurations(hashMap).ofType(StackAdvisorRequest.StackAdvisorRequestType.KERBEROS_CONFIGURATIONS).build());
                            RecommendationResponse.Recommendation recommendations = recommend == null ? null : recommend.getRecommendations();
                            RecommendationResponse.Blueprint blueprint = recommendations == null ? null : recommendations.getBlueprint();
                            Map<String, RecommendationResponse.BlueprintConfigurations> configurations = blueprint == null ? null : blueprint.getConfigurations();
                            if (configurations != null) {
                                for (Map.Entry<String, RecommendationResponse.BlueprintConfigurations> entry3 : configurations.entrySet()) {
                                    String key3 = entry3.getKey();
                                    Map<String, String> properties = entry3.getValue().getProperties();
                                    Map<String, ValueAttributesInfo> propertyAttributes = entry3.getValue().getPropertyAttributes();
                                    Map<String, String> map7 = map == null ? null : map.get(key3);
                                    Map<String, String> map8 = map2.get(key3);
                                    Set<String> set2 = map3 == null ? null : map3.get(key3);
                                    addRecommendedPropertiesForConfigType(map2, key3, properties, map7, map8, set2);
                                    if (propertyAttributes != null) {
                                        removeRecommendedPropertiesForConfigType(key3, propertyAttributes, map7, map2, set2, map4);
                                    }
                                }
                            }
                            hashSet.add(desiredStackId);
                        } catch (Exception e) {
                            throw new OBDPException(e.getMessage(), e);
                        }
                    }
                }
            }
        }
        return map2;
    }

    /* JADX WARN: Removed duplicated region for block: B:36:0x00f1  */
    /* JADX WARN: Removed duplicated region for block: B:39:0x0101  */
    /* JADX WARN: Removed duplicated region for block: B:42:0x0107  */
    /* JADX WARN: Removed duplicated region for block: B:43:0x00f7  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void addRecommendedPropertiesForConfigType(java.util.Map<java.lang.String, java.util.Map<java.lang.String, java.lang.String>> r8, java.lang.String r9, java.util.Map<java.lang.String, java.lang.String> r10, java.util.Map<java.lang.String, java.lang.String> r11, java.util.Map<java.lang.String, java.lang.String> r12, java.util.Set<java.lang.String> r13) {
        /*
            Method dump skipped, instructions count: 287
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: id.onyx.obdp.server.controller.KerberosHelperImpl.addRecommendedPropertiesForConfigType(java.util.Map, java.lang.String, java.util.Map, java.util.Map, java.util.Map, java.util.Set):void");
    }

    private void removeRecommendedPropertiesForConfigType(String str, Map<String, ValueAttributesInfo> map, Map<String, String> map2, Map<String, Map<String, String>> map3, Set<String> set, Map<String, Set<String>> map4) {
        for (Map.Entry<String, ValueAttributesInfo> entry : map.entrySet()) {
            String key = entry.getKey();
            if (DBAccessorImpl.TRUE.equalsIgnoreCase(entry.getValue().getDelete())) {
                Map<String, String> map5 = map3.get(str);
                if (set == null || !set.contains(key)) {
                    if (map5 == null || map5.get(key) == null) {
                        if (map2 != null && map2.containsKey(key)) {
                            LOG.debug("Property to remove from configuration based on StackAdvisor recommendation:\n\tConfigType: {}\n\tProperty: {}", str, key);
                            if (map4 != null) {
                                Set<String> set2 = map4.get(str);
                                if (set2 == null) {
                                    set2 = new HashSet();
                                    map4.put(str, set2);
                                }
                                set2.add(key);
                            } else {
                                if (map5 == null) {
                                    map5 = new HashMap();
                                    map3.put(str, map5);
                                }
                                map5.put(key, Configuration.JDBC_IN_MEMORY_PASSWORD);
                            }
                        }
                    }
                }
            }
        }
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public boolean ensureHeadlessIdentities(Cluster cluster, Map<String, Map<String, String>> map, Set<String> set) throws KerberosInvalidConfigurationException, OBDPException {
        Map<String, KerberosComponentDescriptor> components;
        KerberosDetails kerberosDetails = getKerberosDetails(cluster, null);
        if (!kerberosDetails.manageIdentities()) {
            return true;
        }
        KerberosDescriptor kerberosDescriptor = getKerberosDescriptor(cluster, false);
        Map<String, Map<String, String>> addAdditionalConfigurations = addAdditionalConfigurations(cluster, deepCopy(map), null, kerberosDescriptor.getProperties(), null);
        Map<String, String> kerberosEnvProperties = kerberosDetails.getKerberosEnvProperties();
        KerberosOperationHandler kerberosOperationHandler = this.kerberosOperationHandlerFactory.getKerberosOperationHandler(kerberosDetails.getKdcType());
        try {
            kerberosOperationHandler.open(getKDCAdministratorCredentials(cluster.getClusterName()), kerberosDetails.getDefaultRealm(), kerberosEnvProperties);
            HashMap hashMap = new HashMap();
            hashMap.put("configurations", addAdditionalConfigurations);
            hashMap.put(ServiceDirectory.SERVICES_FOLDER_NAME, set);
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                KerberosServiceDescriptor service = kerberosDescriptor.getService(it.next());
                if (service != null && null != (components = service.getComponents())) {
                    for (KerberosComponentDescriptor kerberosComponentDescriptor : components.values()) {
                        if (kerberosComponentDescriptor != null) {
                            List<KerberosIdentityDescriptor> identities = service.getIdentities(true, hashMap);
                            if (identities != null) {
                                Iterator<KerberosIdentityDescriptor> it2 = identities.iterator();
                                while (it2.hasNext()) {
                                    createIdentity(it2.next(), KerberosPrincipalType.USER, kerberosEnvProperties, kerberosOperationHandler, addAdditionalConfigurations, null);
                                }
                            }
                            List<KerberosIdentityDescriptor> identities2 = kerberosComponentDescriptor.getIdentities(true, hashMap);
                            if (identities2 != null) {
                                Iterator<KerberosIdentityDescriptor> it3 = identities2.iterator();
                                while (it3.hasNext()) {
                                    createIdentity(it3.next(), KerberosPrincipalType.USER, kerberosEnvProperties, kerberosOperationHandler, addAdditionalConfigurations, null);
                                }
                            }
                        }
                    }
                }
            }
            if (kerberosDetails.createAmbariPrincipal()) {
                installAmbariIdentities(kerberosDescriptor, kerberosOperationHandler, kerberosEnvProperties, addAdditionalConfigurations, kerberosDetails);
            }
            try {
                kerberosOperationHandler.close();
                return true;
            } catch (KerberosOperationException e) {
                return true;
            }
        } catch (KerberosOperationException e2) {
            String format = String.format("Failed to process the identities, could not properly open the KDC operation handler: %s", e2.getMessage());
            LOG.error(format);
            throw new OBDPException(format, e2);
        }
    }

    private void installAmbariIdentities(KerberosDescriptor kerberosDescriptor, KerberosOperationHandler kerberosOperationHandler, Map<String, String> map, Map<String, Map<String, String>> map2, KerberosDetails kerberosDetails) throws OBDPException {
        KerberosPrincipalDescriptor principalDescriptor;
        List<KerberosIdentityDescriptor> ambariServerIdentities = getAmbariServerIdentities(kerberosDescriptor);
        if (ambariServerIdentities.isEmpty()) {
            return;
        }
        String hostName = StageUtils.getHostName();
        for (KerberosIdentityDescriptor kerberosIdentityDescriptor : ambariServerIdentities) {
            if (kerberosIdentityDescriptor != null && (principalDescriptor = kerberosIdentityDescriptor.getPrincipalDescriptor()) != null) {
                boolean equals = "obdp-server".equals(kerberosIdentityDescriptor.getName());
                installAmbariIdentity(kerberosIdentityDescriptor, createIdentity(kerberosIdentityDescriptor, principalDescriptor.getType(), map, kerberosOperationHandler, map2, hostName), map2, hostName, kerberosDetails, equals);
                if (equals) {
                    try {
                        KerberosChecker.checkJaasConfiguration();
                    } catch (OBDPException e) {
                        LOG.error("Error in Ambari JAAS configuration: " + e.getLocalizedMessage(), e);
                    }
                }
            }
        }
    }

    /* JADX WARN: Finally extract failed */
    private void installAmbariIdentity(KerberosIdentityDescriptor kerberosIdentityDescriptor, Keytab keytab, Map<String, Map<String, String>> map, String str, KerberosDetails kerberosDetails, boolean z) throws OBDPException {
        KerberosPrincipalDescriptor principalDescriptor = kerberosIdentityDescriptor.getPrincipalDescriptor();
        if (principalDescriptor != null) {
            String replaceVariables = this.variableReplacementHelper.replaceVariables(principalDescriptor.getValue(), map);
            if (!StringUtils.isEmpty(str)) {
                replaceVariables = replaceVariables.replace("_HOST", str);
            }
            KerberosKeytabDescriptor keytabDescriptor = kerberosIdentityDescriptor.getKeytabDescriptor();
            if (keytabDescriptor != null) {
                String replaceVariables2 = this.variableReplacementHelper.replaceVariables(keytabDescriptor.getFile(), map);
                File file = new File(replaceVariables2);
                ConfigureOBDPIdentitiesServerAction configureOBDPIdentitiesServerAction = (ConfigureOBDPIdentitiesServerAction) this.injector.getInstance(ConfigureOBDPIdentitiesServerAction.class);
                if (keytab != null) {
                    try {
                        KerberosOperationHandler kerberosOperationHandler = this.kerberosOperationHandlerFactory.getKerberosOperationHandler(kerberosDetails.getKdcType());
                        File createTemporaryFile = createTemporaryFile();
                        if (kerberosOperationHandler != null) {
                            try {
                                if (kerberosOperationHandler.createKeytabFile(keytab, createTemporaryFile)) {
                                    configureOBDPIdentitiesServerAction.installAmbariServerIdentity(new ResolvedKerberosPrincipal(null, str, replaceVariables, false, null, RootService.OBDP.name(), replaceVariables.contains("obdp-server") ? "AMBARI_SERVER_SELF" : RootComponent.OBDP_SERVER.name(), replaceVariables2), createTemporaryFile.getAbsolutePath(), replaceVariables2, this.variableReplacementHelper.replaceVariables(keytabDescriptor.getOwnerName(), map), keytabDescriptor.getOwnerAccess(), this.variableReplacementHelper.replaceVariables(keytabDescriptor.getGroupName(), map), keytabDescriptor.getGroupAccess(), null);
                                    LOG.debug("Successfully created keytab file for {} at {}", replaceVariables, file.getAbsolutePath());
                                    createTemporaryFile.delete();
                                }
                            } catch (Throwable th) {
                                createTemporaryFile.delete();
                                throw th;
                            }
                        }
                        LOG.error("Failed to create keytab file for {} at {}", replaceVariables, file.getAbsolutePath());
                        createTemporaryFile.delete();
                    } catch (KerberosOperationException e) {
                        throw new OBDPException(String.format("Failed to create keytab file for %s at %s: %s:", replaceVariables, file.getAbsolutePath(), e.getLocalizedMessage()), e);
                    }
                } else {
                    LOG.error("No keytab data is available to create the keytab file for {} at {}", replaceVariables, file.getAbsolutePath());
                }
                if (z) {
                    configureOBDPIdentitiesServerAction.configureJAAS(replaceVariables, file.getAbsolutePath(), null);
                }
            }
        }
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public RequestStageContainer createTestIdentity(Cluster cluster, Map<String, String> map, RequestStageContainer requestStageContainer) throws KerberosOperationException, OBDPException {
        return handleTestIdentity(cluster, getKerberosDetails(cluster, null), map, requestStageContainer, new CreatePrincipalsAndKeytabsHandler(KerberosServerAction.OperationType.DEFAULT, UpdateConfigurationPolicy.NONE, false, false));
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public RequestStageContainer deleteTestIdentity(Cluster cluster, Map<String, String> map, RequestStageContainer requestStageContainer) throws KerberosOperationException, OBDPException {
        return handleTestIdentity(cluster, getKerberosDetails(cluster, null), map, requestStageContainer, new DeletePrincipalsAndKeytabsHandler());
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public void validateKDCCredentials(Cluster cluster) throws KerberosMissingAdminCredentialsException, KerberosAdminAuthenticationException, KerberosInvalidConfigurationException, OBDPException {
        validateKDCCredentials(null, cluster);
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public void setAuthToLocalRules(Cluster cluster, KerberosDescriptor kerberosDescriptor, String str, Map<String, Set<String>> map, Map<String, Map<String, String>> map2, Map<String, Map<String, String>> map3, boolean z) throws OBDPException {
        Map<String, String> map4 = map2.get(KerberosHelper.KERBEROS_ENV);
        boolean booleanValue = map4.containsKey(KerberosHelper.MANAGE_AUTH_TO_LOCAL_RULES) ? Boolean.valueOf(map4.get(KerberosHelper.MANAGE_AUTH_TO_LOCAL_RULES)).booleanValue() : true;
        if (kerberosDescriptor == null || !booleanValue) {
            return;
        }
        HashSet hashSet = new HashSet();
        boolean booleanValue2 = Boolean.valueOf(map2.get(KerberosHelper.KERBEROS_ENV).get(KerberosHelper.CASE_INSENSITIVE_USERNAME_RULES)).booleanValue();
        String property = kerberosDescriptor.getProperty("additional_realms");
        HashMap hashMap = new HashMap();
        hashMap.put("configurations", map2);
        hashMap.put(ServiceDirectory.SERVICES_FOLDER_NAME, map.keySet());
        AuthToLocalBuilder authToLocalBuilder = new AuthToLocalBuilder(str, property, booleanValue2);
        Map<String, Map<String, String>> addConfigurationsForPreProcessedServices = z ? addConfigurationsForPreProcessedServices(deepCopy(map2), cluster, kerberosDescriptor, false) : map2;
        addIdentities(authToLocalBuilder, kerberosDescriptor.getIdentities(true, hashMap), null, addConfigurationsForPreProcessedServices);
        Set<String> authToLocalProperties = kerberosDescriptor.getAuthToLocalProperties();
        if (authToLocalProperties != null) {
            hashSet.addAll(authToLocalProperties);
        }
        Map<String, KerberosServiceDescriptor> services = kerberosDescriptor.getServices();
        if (services != null) {
            boolean booleanValue3 = Boolean.valueOf(map4.get(KerberosHelper.INCLUDE_ALL_COMPONENTS_IN_AUTH_TO_LOCAL_RULES)).booleanValue();
            for (KerberosServiceDescriptor kerberosServiceDescriptor : services.values()) {
                String name = kerberosServiceDescriptor.getName();
                boolean z2 = z && kerberosServiceDescriptor.shouldPreconfigure();
                boolean containsKey = map.containsKey(name);
                if (z2 || containsKey) {
                    LOG.info("Adding identities for service {} to auth to local mapping [{}]", name, containsKey ? "explicit" : "preconfigured");
                    addIdentities(authToLocalBuilder, kerberosServiceDescriptor.getIdentities(true, hashMap), null, addConfigurationsForPreProcessedServices);
                    Set<String> authToLocalProperties2 = kerberosServiceDescriptor.getAuthToLocalProperties();
                    if (authToLocalProperties2 != null) {
                        hashSet.addAll(authToLocalProperties2);
                    }
                    Map<String, KerberosComponentDescriptor> components = kerberosServiceDescriptor.getComponents();
                    if (components != null) {
                        Set<String> set = map.get(name);
                        if (set == null) {
                            set = Collections.emptySet();
                        }
                        for (KerberosComponentDescriptor kerberosComponentDescriptor : components.values()) {
                            String name2 = kerberosComponentDescriptor.getName();
                            if (z2 || booleanValue3 || set.contains(name2)) {
                                LOG.info("Adding identities for component {} to auth to local mapping", name2);
                                addIdentities(authToLocalBuilder, kerberosComponentDescriptor.getIdentities(true, hashMap), null, addConfigurationsForPreProcessedServices);
                                Set<String> authToLocalProperties3 = kerberosComponentDescriptor.getAuthToLocalProperties();
                                if (authToLocalProperties3 != null) {
                                    hashSet.addAll(authToLocalProperties3);
                                }
                            }
                        }
                    }
                }
            }
        }
        if (hashSet.isEmpty()) {
            return;
        }
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            Matcher matcher = KerberosDescriptor.AUTH_TO_LOCAL_PROPERTY_SPECIFICATION_PATTERN.matcher((String) it.next());
            if (matcher.matches()) {
                try {
                    AuthToLocalBuilder authToLocalBuilder2 = (AuthToLocalBuilder) authToLocalBuilder.clone();
                    String group = matcher.group(1);
                    String group2 = matcher.group(2);
                    if (group == null) {
                        group = Configuration.JDBC_IN_MEMORY_PASSWORD;
                    }
                    Map<String, String> map5 = map2.get(group);
                    if (map5 != null) {
                        authToLocalBuilder2.addRules(map5.get(group2));
                    }
                    Map<String, String> map6 = map3.get(group);
                    if (map6 != null) {
                        authToLocalBuilder2.addRules(map6.get(group2));
                    } else {
                        map6 = new HashMap();
                        map3.put(group, map6);
                    }
                    map6.put(group2, authToLocalBuilder2.generate(AuthToLocalBuilder.ConcatenationType.translate(matcher.group(3))));
                } catch (CloneNotSupportedException e) {
                    LOG.error("Failed to clone the AuthToLocalBuilder: " + e.getLocalizedMessage(), e);
                    throw new OBDPException("Failed to clone the AuthToLocalBuilder: " + e.getLocalizedMessage(), e);
                }
            }
        }
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public List<ServiceComponentHost> getServiceComponentHostsToProcess(Cluster cluster, final KerberosDescriptor kerberosDescriptor, final Map<String, ? extends Collection<String>> map, final Collection<String> collection) throws OBDPException {
        return getServiceComponentHosts(cluster, new KerberosHelper.Command<Boolean, ServiceComponentHost>() { // from class: id.onyx.obdp.server.controller.KerberosHelperImpl.1
            @Override // id.onyx.obdp.server.controller.KerberosHelper.Command
            public Boolean invoke(ServiceComponentHost serviceComponentHost) throws OBDPException {
                if (serviceComponentHost != null && (collection == null || collection.contains("*") || collection.contains(serviceComponentHost.getHostName()))) {
                    String serviceName = serviceComponentHost.getServiceName();
                    if ((map == null || map.containsKey("*") || map.containsKey(serviceName)) && kerberosDescriptor.getService(serviceName) != null) {
                        Collection collection2 = (map == null || map.containsKey("*")) ? null : (Collection) map.get(serviceName);
                        return Boolean.valueOf(collection2 == null || collection2.contains("*") || collection2.contains(serviceComponentHost.getServiceComponentName()));
                    }
                }
                return false;
            }
        });
    }

    private List<ServiceComponentHost> getServiceComponentHosts(Cluster cluster, KerberosHelper.Command<Boolean, ServiceComponentHost> command) throws OBDPException {
        ArrayList arrayList = new ArrayList();
        Collection<Host> hosts = cluster.getHosts();
        if (hosts != null && !hosts.isEmpty()) {
            Iterator<Host> it = hosts.iterator();
            while (it.hasNext()) {
                List<ServiceComponentHost> serviceComponentHosts = cluster.getServiceComponentHosts(it.next().getHostName());
                if (serviceComponentHosts != null && !serviceComponentHosts.isEmpty()) {
                    for (ServiceComponentHost serviceComponentHost : serviceComponentHosts) {
                        if (command == null || command.invoke(serviceComponentHost).booleanValue()) {
                            arrayList.add(serviceComponentHost);
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public Set<String> getHostsWithValidKerberosClient(Cluster cluster) throws OBDPException {
        HashSet hashSet = new HashSet();
        List<ServiceComponentHost> serviceComponentHosts = cluster.getServiceComponentHosts(Service.Type.KERBEROS.name(), Role.KERBEROS_CLIENT.name());
        if (serviceComponentHosts != null) {
            for (ServiceComponentHost serviceComponentHost : serviceComponentHosts) {
                if (serviceComponentHost.getState() == State.INSTALLED) {
                    hashSet.add(serviceComponentHost.getHostName());
                }
            }
        }
        return hashSet;
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public KerberosDescriptor getKerberosDescriptor(Cluster cluster, boolean z, @Nullable KerberosDescriptor kerberosDescriptor, @Nullable Map<String, DesiredConfig> map) throws OBDPException {
        return getKerberosDescriptor(KerberosHelper.KerberosDescriptorType.COMPOSITE, cluster, false, null, z, kerberosDescriptor, map);
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public KerberosDescriptor getKerberosDescriptor(Cluster cluster, boolean z) throws OBDPException {
        return getKerberosDescriptor(KerberosHelper.KerberosDescriptorType.COMPOSITE, cluster, false, null, z, null, null);
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public KerberosDescriptor getKerberosDescriptor(KerberosHelper.KerberosDescriptorType kerberosDescriptorType, Cluster cluster, boolean z, Collection<String> collection, boolean z2, @Nullable KerberosDescriptor kerberosDescriptor, @Nullable Map<String, DesiredConfig> map) throws OBDPException {
        KerberosDescriptor kerberosDescriptor2 = getKerberosDescriptor(kerberosDescriptorType, cluster, cluster.getDesiredStackVersion(), z2, kerberosDescriptor);
        if (z) {
            HashSet hashSet = new HashSet(cluster.getServices().keySet());
            if (collection != null) {
                hashSet.addAll(collection);
            }
            Map<String, Object> hashMap = new HashMap<>();
            hashMap.put("configurations", calculateConfigurations(cluster, null, kerberosDescriptor2, false, false, map));
            hashMap.put(ServiceDirectory.SERVICES_FOLDER_NAME, hashSet);
            for (Map.Entry<String, Set<String>> entry : processWhenClauses(Configuration.JDBC_IN_MEMORY_PASSWORD, kerberosDescriptor2, hashMap, new HashMap<>()).entrySet()) {
                KerberosDescriptor kerberosDescriptor3 = null;
                for (String str : entry.getKey().split("/")) {
                    if (kerberosDescriptor3 != null) {
                        kerberosDescriptor3 = kerberosDescriptor3.getChildContainer(str);
                        if (kerberosDescriptor3 == null) {
                            break;
                        }
                    } else {
                        kerberosDescriptor3 = kerberosDescriptor2;
                    }
                }
                if (kerberosDescriptor3 != null) {
                    Iterator<String> it = entry.getValue().iterator();
                    while (it.hasNext()) {
                        kerberosDescriptor3.removeIdentity(it.next());
                    }
                }
            }
        }
        return kerberosDescriptor2;
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public KerberosDescriptor getKerberosDescriptor(KerberosHelper.KerberosDescriptorType kerberosDescriptorType, Cluster cluster, StackId stackId, boolean z, @Nullable KerberosDescriptor kerberosDescriptor) throws OBDPException {
        return combineKerberosDescriptors((kerberosDescriptorType == KerberosHelper.KerberosDescriptorType.STACK || kerberosDescriptorType == KerberosHelper.KerberosDescriptorType.COMPOSITE) ? getKerberosDescriptorFromStack(stackId, z) : null, (kerberosDescriptorType == KerberosHelper.KerberosDescriptorType.USER || kerberosDescriptorType == KerberosHelper.KerberosDescriptorType.COMPOSITE) ? kerberosDescriptor == null ? getKerberosDescriptorUpdates(cluster) : kerberosDescriptor : null);
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public Map<String, Map<String, String>> mergeConfigurations(Map<String, Map<String, String>> map, Map<String, KerberosConfigurationDescriptor> map2, Map<String, Map<String, String>> map3, Set<String> set) throws OBDPException {
        if (map2 != null && !map2.isEmpty()) {
            if (map == null) {
                map = new HashMap();
            }
            for (Map.Entry<String, KerberosConfigurationDescriptor> entry : map2.entrySet()) {
                String key = entry.getKey();
                if (set == null || set.contains(key)) {
                    KerberosConfigurationDescriptor value = entry.getValue();
                    if (value != null) {
                        mergeConfigurations(map, key, value.getProperties(), map3);
                    }
                }
            }
        }
        return map;
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public Map<String, Map<String, String>> processPreconfiguredServiceConfigurations(Map<String, Map<String, String>> map, Map<String, Map<String, String>> map2, Cluster cluster, KerberosDescriptor kerberosDescriptor) throws OBDPException {
        if (kerberosDescriptor == null) {
            kerberosDescriptor = getKerberosDescriptor(cluster, true);
        }
        Map<String, KerberosServiceDescriptor> services = kerberosDescriptor.getServices();
        if (services != null) {
            if (map == null) {
                map = new HashMap();
            }
            Map<String, Map<String, String>> addConfigurationsForPreProcessedServices = addConfigurationsForPreProcessedServices(deepCopy(map2), cluster, kerberosDescriptor, true);
            Map<String, Service> services2 = cluster.getServices();
            for (KerberosServiceDescriptor kerberosServiceDescriptor : services.values()) {
                String name = kerberosServiceDescriptor.getName();
                boolean shouldPreconfigure = kerberosServiceDescriptor.shouldPreconfigure();
                if (!services2.containsKey(name) && shouldPreconfigure) {
                    map = mergeConfigurations(map, kerberosServiceDescriptor.getConfigurations(), addConfigurationsForPreProcessedServices, map2.keySet());
                    Map<String, KerberosComponentDescriptor> components = kerberosServiceDescriptor.getComponents();
                    if (components != null) {
                        Iterator<KerberosComponentDescriptor> it = components.values().iterator();
                        while (it.hasNext()) {
                            map = mergeConfigurations(map, it.next().getConfigurations(), addConfigurationsForPreProcessedServices, map2.keySet());
                        }
                    }
                }
            }
        }
        return map;
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public int addIdentities(KerberosIdentityDataFileWriter kerberosIdentityDataFileWriter, Collection<KerberosIdentityDescriptor> collection, Collection<String> collection2, String str, Long l, String str2, String str3, Map<String, Map<String, String>> map, Map<String, Map<String, String>> map2, Map<String, ResolvedKerberosKeytab> map3, String str4) throws IOException {
        int i = 0;
        if (collection != null) {
            for (KerberosIdentityDescriptor kerberosIdentityDescriptor : collection) {
                if (collection2 == null || collection2.contains(kerberosIdentityDescriptor.getPath())) {
                    KerberosPrincipalDescriptor principalDescriptor = kerberosIdentityDescriptor.getPrincipalDescriptor();
                    String str5 = null;
                    String str6 = null;
                    String str7 = null;
                    if (principalDescriptor != null) {
                        str5 = this.variableReplacementHelper.replaceVariables(principalDescriptor.getValue(), map2);
                        str6 = KerberosPrincipalType.translate(principalDescriptor.getType());
                        str7 = this.variableReplacementHelper.replaceVariables(principalDescriptor.getConfiguration(), map2);
                    }
                    if (str5 == null) {
                        continue;
                    } else {
                        KerberosKeytabDescriptor keytabDescriptor = kerberosIdentityDescriptor.getKeytabDescriptor();
                        if (keytabDescriptor == null) {
                            throw new OBDPException("Missing keytab descriptor for " + kerberosIdentityDescriptor.getName());
                        }
                        String replaceVariables = this.variableReplacementHelper.replaceVariables(keytabDescriptor.getFile(), map2);
                        String replaceVariables2 = this.variableReplacementHelper.replaceVariables(keytabDescriptor.getOwnerName(), map2);
                        String replaceVariables3 = this.variableReplacementHelper.replaceVariables(keytabDescriptor.getOwnerAccess(), map2);
                        String replaceVariables4 = this.variableReplacementHelper.replaceVariables(keytabDescriptor.getGroupName(), map2);
                        String replaceVariables5 = this.variableReplacementHelper.replaceVariables(keytabDescriptor.getGroupAccess(), map2);
                        String replaceVariables6 = this.variableReplacementHelper.replaceVariables(keytabDescriptor.getConfiguration(), map2);
                        if (replaceVariables2 == null || replaceVariables4 == null) {
                            LOG.warn("Missing owner ({}) or group name ({}) of kerberos descriptor {}", new Object[]{replaceVariables2, replaceVariables4, keytabDescriptor.getName()});
                        }
                        String replace = str5.replace("_HOST", str).replace("_REALM", str4);
                        ResolvedKerberosKeytab resolvedKerberosKeytab = new ResolvedKerberosKeytab(replaceVariables, replaceVariables2, replaceVariables3, replaceVariables4, replaceVariables5, Sets.newHashSet(new ResolvedKerberosPrincipal[]{new ResolvedKerberosPrincipal(l, str, replace, KerberosIdentityDataFile.SERVICE.equalsIgnoreCase(str6), null, str2, str3, replaceVariables)}), str2.equalsIgnoreCase(RootService.OBDP.name()), str3.equalsIgnoreCase("AMBARI_SERVER_SELF"));
                        if (map3.containsKey(replaceVariables)) {
                            ResolvedKerberosKeytab resolvedKerberosKeytab2 = map3.get(replaceVariables);
                            boolean z = false;
                            if (!StringUtils.equals(resolvedKerberosKeytab.getOwnerName(), resolvedKerberosKeytab2.getOwnerName())) {
                                LOG.warn("Keytab '{}' on host '{}' has different {}, originally set to '{}' and '{}:{}' has '{}', using '{}'", new Object[]{replaceVariables, str, "owners", resolvedKerberosKeytab2.getOwnerName(), str2, str3, resolvedKerberosKeytab.getOwnerName(), resolvedKerberosKeytab2.getOwnerName()});
                                z = true;
                            }
                            if (!StringUtils.equals(resolvedKerberosKeytab.getOwnerAccess(), resolvedKerberosKeytab2.getOwnerAccess())) {
                                LOG.warn("Keytab '{}' on host '{}' has different {}, originally set to '{}' and '{}:{}' has '{}', using '{}'", new Object[]{replaceVariables, str, "owner access", resolvedKerberosKeytab2.getOwnerAccess(), str2, str3, resolvedKerberosKeytab.getOwnerAccess(), resolvedKerberosKeytab2.getOwnerAccess()});
                            }
                            if (!StringUtils.equals(resolvedKerberosKeytab.getGroupName(), resolvedKerberosKeytab2.getGroupName())) {
                                if (z) {
                                    LOG.error("Keytab '{}' on host '{}' has different {}, originally set to '{}' and '{}:{}' has '{}', using '{}'", new Object[]{replaceVariables, str, "groups", resolvedKerberosKeytab2.getGroupName(), str2, str3, resolvedKerberosKeytab.getGroupName(), resolvedKerberosKeytab2.getGroupName()});
                                } else {
                                    LOG.warn("Keytab '{}' on host '{}' has different {}, originally set to '{}' and '{}:{}' has '{}', using '{}'", new Object[]{replaceVariables, str, "groups", resolvedKerberosKeytab2.getGroupName(), str2, str3, resolvedKerberosKeytab.getGroupName(), resolvedKerberosKeytab2.getGroupName()});
                                }
                            }
                            if (!StringUtils.equals(resolvedKerberosKeytab.getGroupAccess(), resolvedKerberosKeytab2.getGroupAccess())) {
                                if (z) {
                                    if (!resolvedKerberosKeytab2.getGroupAccess().contains("r")) {
                                        LOG.error("Keytab '{}' on host '{}' referenced by multiple identities which have different owners,but 'r' attribute missing for group. Make sure all users (that need this keytab) are in '{}' +group and keytab can be read by this group", new Object[]{replaceVariables, str, resolvedKerberosKeytab2.getGroupName()});
                                    }
                                    LOG.error("Keytab '{}' on host '{}' has different {}, originally set to '{}' and '{}:{}' has '{}', using '{}'", new Object[]{replaceVariables, str, "group access", resolvedKerberosKeytab2.getGroupAccess(), str2, str3, resolvedKerberosKeytab.getGroupAccess(), resolvedKerberosKeytab2.getGroupAccess()});
                                } else {
                                    LOG.warn("Keytab '{}' on host '{}' has different {}, originally set to '{}' and '{}:{}' has '{}', using '{}'", new Object[]{replaceVariables, str, "group access", resolvedKerberosKeytab2.getGroupAccess(), str2, str3, resolvedKerberosKeytab.getGroupAccess(), resolvedKerberosKeytab2.getGroupAccess()});
                                }
                            }
                            resolvedKerberosKeytab2.mergePrincipals(resolvedKerberosKeytab);
                            if (resolvedKerberosKeytab2.isMustWriteAmbariJaasFile() || resolvedKerberosKeytab.isMustWriteAmbariJaasFile()) {
                                resolvedKerberosKeytab2.setMustWriteAmbariJaasFile(true);
                            }
                            if (resolvedKerberosKeytab2.isAmbariServerKeytab() || resolvedKerberosKeytab.isAmbariServerKeytab()) {
                                resolvedKerberosKeytab2.setAmbariServerKeytab(true);
                            }
                        } else {
                            map3.put(replaceVariables, resolvedKerberosKeytab);
                            LOG.info("Keytab {} owner:'{}:{}', group:'{}:{}' is defined", new Object[]{replaceVariables, replaceVariables2, replaceVariables3, replaceVariables4, replaceVariables5});
                        }
                        if (kerberosIdentityDataFileWriter != null) {
                            kerberosIdentityDataFileWriter.writeRecord(str, str2, str3, replace, str6, replaceVariables, replaceVariables2, replaceVariables3, replaceVariables4, replaceVariables5, DBAccessorImpl.TRUE);
                        }
                        mergeConfiguration(map, str7, str5, null);
                        mergeConfiguration(map, replaceVariables6, replaceVariables, null);
                        i++;
                    }
                }
            }
        }
        return i;
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public Map<String, Map<String, String>> calculateConfigurations(Cluster cluster, String str, KerberosDescriptor kerberosDescriptor, boolean z, boolean z2, Map<String, String> map, @Nullable Map<String, DesiredConfig> map2) throws OBDPException {
        return calculateConfigurations(cluster, str, kerberosDescriptor, null, z, z2, map, map2);
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public Map<String, Map<String, String>> calculateConfigurations(Cluster cluster, String str, KerberosDescriptor kerberosDescriptor, KerberosDescriptor kerberosDescriptor2, boolean z, boolean z2, Map<String, String> map, @Nullable Map<String, DesiredConfig> map2) throws OBDPException {
        Map<String, Map<String, String>> addAdditionalConfigurations = addAdditionalConfigurations(cluster, this.configHelper.calculateExistingConfigurations(this.ambariManagementController, cluster, str, map2), str, kerberosDescriptor == null ? null : kerberosDescriptor.getProperties(), kerberosDescriptor2, map, map2);
        if (z) {
            addAdditionalConfigurations = addConfigurationsForPreProcessedServices(addAdditionalConfigurations, cluster, kerberosDescriptor, z2);
        }
        return addAdditionalConfigurations;
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public Map<String, Map<String, String>> calculateConfigurations(Cluster cluster, String str, KerberosDescriptor kerberosDescriptor, boolean z, boolean z2, @Nullable Map<String, DesiredConfig> map) throws OBDPException {
        return calculateConfigurations(cluster, str, kerberosDescriptor, z, z2, null, map);
    }

    private Map<String, String> principalNames(Cluster cluster, Map<String, Map<String, String>> map, @Nullable KerberosDescriptor kerberosDescriptor, @Nullable Map<String, DesiredConfig> map2) throws OBDPException {
        HashMap hashMap = new HashMap();
        getKerberosDescriptor(cluster, false, kerberosDescriptor, map2).principals().forEach((str, str2) -> {
            hashMap.put(str, this.variableReplacementHelper.replaceVariables(str2, map));
        });
        return hashMap;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v12, types: [java.lang.Object, java.lang.String] */
    /* JADX WARN: Type inference failed for: r0v124, types: [java.util.Collection, java.util.ArrayList] */
    /* JADX WARN: Type inference failed for: r0v32, types: [java.lang.CharSequence, java.lang.Object, java.lang.String] */
    /* JADX WARN: Type inference failed for: r0v91, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r11v0, types: [id.onyx.obdp.server.controller.KerberosHelperImpl] */
    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public Map<String, Collection<KerberosIdentityDescriptor>> getActiveIdentities(String str, String str2, String str3, String str4, boolean z, Map<String, Map<String, Map<String, String>>> map, KerberosDescriptor kerberosDescriptor, @Nullable Map<String, DesiredConfig> map2) throws OBDPException {
        Set<String> singleton;
        List<KerberosIdentityDescriptor> ambariServerIdentities;
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("Invalid argument, cluster name is required");
        }
        Cluster cluster = this.clusters.getCluster(str);
        if (cluster == null) {
            throw new OBDPException(String.format("The cluster object for the cluster name %s is not available", str));
        }
        HashMap hashMap = new HashMap();
        Config desiredConfigByType = cluster.getDesiredConfigByType(KerberosHelper.KERBEROS_ENV, map2);
        if (desiredConfigByType == null) {
            LOG.debug("Calculating the active identities for {} is being skipped since the kerberos-env configuration is not available", new Object[]{str, cluster.getSecurityType().name(), SecurityType.KERBEROS.name()});
            return hashMap;
        }
        ?? hostName = StageUtils.getHostName();
        boolean z2 = false;
        if (str2 == null) {
            Map<String, Host> hostsForCluster = this.clusters.getHostsForCluster(str);
            singleton = hostsForCluster == null ? Collections.emptySet() : hostsForCluster.keySet();
            if (!singleton.contains(hostName)) {
                ?? arrayList = new ArrayList(singleton.size() + 1);
                arrayList.addAll(singleton);
                arrayList.add(hostName);
                singleton = arrayList;
                z2 = true;
            }
        } else {
            singleton = Collections.singleton(str2);
        }
        if (null == map) {
            map = new HashMap();
        }
        if (singleton.isEmpty()) {
            return hashMap;
        }
        if (null == kerberosDescriptor) {
            kerberosDescriptor = getKerberosDescriptor(cluster, false);
        }
        if (kerberosDescriptor == null) {
            return hashMap;
        }
        Set<String> keySet = cluster.getServices().keySet();
        for (String str5 : singleton) {
            Map<String, Map<String, String>> map3 = map.get(str5);
            if (map3 == null) {
                map3 = calculateConfigurations(cluster, (z2 && hostName.equals(str5)) ? null : str5, kerberosDescriptor, false, false, map2);
                map.put(str5, map3);
            }
            HashMap hashMap2 = new HashMap();
            hashMap2.put("configurations", map3);
            hashMap2.put(ServiceDirectory.SERVICES_FOLDER_NAME, keySet);
            HashMap hashMap3 = new HashMap();
            List<KerberosIdentityDescriptor> activeIdentities = getActiveIdentities(cluster, str5, str3, str4, kerberosDescriptor, hashMap2);
            if (str5.equals(hostName) && createAmbariIdentities(desiredConfigByType.getProperties()) && (ambariServerIdentities = getAmbariServerIdentities(kerberosDescriptor)) != null) {
                activeIdentities.addAll(ambariServerIdentities);
            }
            if (!activeIdentities.isEmpty()) {
                for (KerberosIdentityDescriptor kerberosIdentityDescriptor : activeIdentities) {
                    KerberosPrincipalDescriptor principalDescriptor = kerberosIdentityDescriptor.getPrincipalDescriptor();
                    String replaceVariables = principalDescriptor != null ? this.variableReplacementHelper.replaceVariables(principalDescriptor.getValue(), map3) : null;
                    if (replaceVariables != null) {
                        KerberosKeytabDescriptor keytabDescriptor = kerberosIdentityDescriptor.getKeytabDescriptor();
                        String replaceVariables2 = keytabDescriptor != null ? this.variableReplacementHelper.replaceVariables(keytabDescriptor.getFile(), map3) : null;
                        if (z) {
                            replaceVariables = replaceVariables.replace("_HOST", str5);
                        }
                        Object[] objArr = new Object[2];
                        objArr[0] = replaceVariables;
                        objArr[1] = replaceVariables2 == null ? Configuration.JDBC_IN_MEMORY_PASSWORD : replaceVariables2;
                        String format = String.format("%s|%s", objArr);
                        if (!hashMap3.containsKey(format) || (StringUtils.isNotBlank(((KerberosIdentityDescriptor) hashMap3.get(format)).getReference()) && StringUtils.isBlank(kerberosIdentityDescriptor.getReference()))) {
                            KerberosPrincipalType type = principalDescriptor.getType();
                            if (type == null) {
                                type = KerberosPrincipalType.SERVICE;
                            }
                            hashMap3.put(format, new KerberosIdentityDescriptor(kerberosIdentityDescriptor.getName(), kerberosIdentityDescriptor.getReference(), new KerberosPrincipalDescriptor(replaceVariables, type, this.variableReplacementHelper.replaceVariables(principalDescriptor.getConfiguration(), map3), this.variableReplacementHelper.replaceVariables(principalDescriptor.getLocalUsername(), map3)), replaceVariables2 == null ? null : new KerberosKeytabDescriptor(replaceVariables2, this.variableReplacementHelper.replaceVariables(keytabDescriptor.getOwnerName(), map3), this.variableReplacementHelper.replaceVariables(keytabDescriptor.getOwnerAccess(), map3), this.variableReplacementHelper.replaceVariables(keytabDescriptor.getGroupName(), map3), this.variableReplacementHelper.replaceVariables(keytabDescriptor.getGroupAccess(), map3), this.variableReplacementHelper.replaceVariables(keytabDescriptor.getConfiguration(), map3), keytabDescriptor.isCachable()), kerberosIdentityDescriptor.getWhen()));
                        }
                    }
                }
            }
            hashMap.put(str5, hashMap3.values());
        }
        return hashMap;
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public List<KerberosIdentityDescriptor> getAmbariServerIdentities(KerberosDescriptor kerberosDescriptor) throws OBDPException {
        List<KerberosIdentityDescriptor> identities;
        ArrayList arrayList = new ArrayList();
        KerberosServiceDescriptor service = kerberosDescriptor.getService(RootService.OBDP.name());
        if (service != null) {
            List<KerberosIdentityDescriptor> identities2 = service.getIdentities(true, null);
            KerberosComponentDescriptor component = service.getComponent(RootComponent.OBDP_SERVER.name());
            if (identities2 != null) {
                arrayList.addAll(identities2);
            }
            if (component != null && (identities = component.getIdentities(true, null)) != null) {
                arrayList.addAll(identities);
            }
        }
        return arrayList;
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public boolean createAmbariIdentities(Map<String, String> map) {
        return map == null || !"false".equalsIgnoreCase(map.get(KerberosHelper.CREATE_AMBARI_PRINCIPAL));
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public PrincipalKeyCredential getKDCAdministratorCredentials(String str) throws OBDPException {
        Credential credential = this.credentialStoreService.getCredential(str, "kdc.admin.credential");
        if (credential instanceof PrincipalKeyCredential) {
            return (PrincipalKeyCredential) credential;
        }
        return null;
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    @Transactional
    public void createResolvedKeytab(ResolvedKerberosKeytab resolvedKerberosKeytab, @Nullable List<KerberosKeytabPrincipalEntity> list) {
        Stopwatch createStarted = Stopwatch.createStarted();
        KerberosKeytabEntity findOrCreate = this.kerberosKeytabDAO.findOrCreate(resolvedKerberosKeytab);
        resolvedKerberosKeytab.getPrincipals().forEach(resolvedKerberosPrincipal -> {
            KerberosPrincipalEntity find = this.kerberosPrincipalDAO.find(resolvedKerberosPrincipal.getPrincipal());
            if (find == null) {
                find = this.kerberosPrincipalDAO.create(resolvedKerberosPrincipal.getPrincipal(), resolvedKerberosPrincipal.isService());
            }
            Boolean[] boolArr = {false};
            KerberosPrincipalEntity kerberosPrincipalEntity = find;
            resolvedKerberosPrincipal.getServiceMapping().forEach((str, str2) -> {
                KerberosKeytabPrincipalDAO.KeytabPrincipalFindOrCreateResult findOrCreate2 = this.kerberosKeytabPrincipalDAO.findOrCreate(findOrCreate, resolvedKerberosPrincipal.getHostId() != null ? this.hostDAO.findById(resolvedKerberosPrincipal.getHostId().longValue()) : null, kerberosPrincipalEntity, list);
                KerberosKeytabPrincipalEntity kerberosKeytabPrincipalEntity = findOrCreate2.kkp;
                if (list != null && findOrCreate2.created) {
                    list.add(findOrCreate2.kkp);
                }
                boolArr[0] = Boolean.valueOf(boolArr[0].booleanValue() || findOrCreate2.created);
                if (kerberosKeytabPrincipalEntity.putServiceMapping(str, str2)) {
                    this.kerberosKeytabPrincipalDAO.merge(kerberosKeytabPrincipalEntity);
                }
            });
            if (boolArr[0].booleanValue()) {
                this.kerberosKeytabDAO.merge(findOrCreate);
                this.kerberosPrincipalDAO.merge(find);
            }
        });
        LOG.info("Resolving this keytab and all associated principals took {} ms ", Long.valueOf(createStarted.elapsed(TimeUnit.MILLISECONDS)));
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public void removeStaleKeytabs(Collection<ResolvedKerberosKeytab> collection) {
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public Map<String, Set<String>> translateConfigurationSpecifications(Collection<String> collection) {
        HashMap hashMap = null;
        if (collection != null) {
            hashMap = new HashMap();
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                Matcher matcher = KerberosDescriptor.AUTH_TO_LOCAL_PROPERTY_SPECIFICATION_PATTERN.matcher(it.next());
                if (matcher.matches()) {
                    String group = matcher.group(1);
                    String group2 = matcher.group(2);
                    if (group == null) {
                        group = Configuration.JDBC_IN_MEMORY_PASSWORD;
                    }
                    Set<String> set = hashMap.get(group);
                    if (set == null) {
                        set = new HashSet();
                        hashMap.put(group, set);
                    }
                    set.add(group2);
                }
            }
        }
        return hashMap;
    }

    private Keytab createIdentity(KerberosIdentityDescriptor kerberosIdentityDescriptor, KerberosPrincipalType kerberosPrincipalType, Map<String, String> map, KerberosOperationHandler kerberosOperationHandler, Map<String, Map<String, String>> map2, String str) throws OBDPException {
        KerberosPrincipalDescriptor principalDescriptor;
        Keytab keytab = null;
        if (kerberosIdentityDescriptor != null && (principalDescriptor = kerberosIdentityDescriptor.getPrincipalDescriptor()) != null && kerberosPrincipalType == principalDescriptor.getType()) {
            String replaceVariables = this.variableReplacementHelper.replaceVariables(principalDescriptor.getValue(), map2);
            if (!StringUtils.isEmpty(str)) {
                replaceVariables = replaceVariables.replace("_HOST", str);
            }
            if (!this.kerberosPrincipalDAO.exists(replaceVariables)) {
                CreatePrincipalsServerAction.CreatePrincipalResult createPrincipal = ((CreatePrincipalsServerAction) this.injector.getInstance(CreatePrincipalsServerAction.class)).createPrincipal(replaceVariables, KerberosPrincipalType.SERVICE.equals(kerberosPrincipalType), map, kerberosOperationHandler, false, null);
                if (createPrincipal == null) {
                    throw new OBDPException("Failed to create the account for " + replaceVariables);
                }
                if (kerberosIdentityDescriptor.getKeytabDescriptor() != null) {
                    keytab = ((CreateKeytabFilesServerAction) this.injector.getInstance(CreateKeytabFilesServerAction.class)).createKeytab(replaceVariables, this.kerberosPrincipalDAO.find(replaceVariables), createPrincipal.getPassword(), createPrincipal.getKeyNumber(), kerberosOperationHandler, true, true, null);
                    if (keytab == null) {
                        throw new OBDPException("Failed to create the keytab for " + replaceVariables);
                    }
                }
            }
        }
        return keytab;
    }

    private void validateKDCCredentials(KerberosDetails kerberosDetails, Cluster cluster) throws KerberosMissingAdminCredentialsException, KerberosAdminAuthenticationException, KerberosInvalidConfigurationException, OBDPException {
        if (kerberosDetails == null) {
            kerberosDetails = getKerberosDetails(cluster, null);
        }
        if (kerberosDetails.manageIdentities()) {
            PrincipalKeyCredential kDCAdministratorCredentials = getKDCAdministratorCredentials(cluster.getClusterName());
            if (kDCAdministratorCredentials == null) {
                throw new KerberosMissingAdminCredentialsException();
            }
            KerberosOperationHandler kerberosOperationHandler = this.kerberosOperationHandlerFactory.getKerberosOperationHandler(kerberosDetails.getKdcType());
            if (kerberosOperationHandler == null) {
                throw new OBDPException("Failed to get an appropriate Kerberos operation handler.");
            }
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    kerberosOperationHandler.open(kDCAdministratorCredentials, kerberosDetails.getDefaultRealm(), kerberosDetails.getKerberosEnvProperties());
                                    if (!kerberosOperationHandler.testAdministratorCredentials()) {
                                        throw new KerberosMissingAdminCredentialsException();
                                    }
                                } catch (KerberosKDCConnectionException e) {
                                    throw new KerberosInvalidConfigurationException("Failed to connect to KDC - " + e.getMessage() + "\nUpdate the KDC settings in krb5-conf and kerberos-env configurations to correct this issue.", e);
                                }
                            } catch (KerberosLDAPContainerException e2) {
                                throw new KerberosInvalidConfigurationException("The principal container was not specified\nSet the 'container_dn' value in the kerberos-env configuration to correct this issue.", e2);
                            }
                        } catch (KerberosRealmException e3) {
                            throw new KerberosInvalidConfigurationException("Failed to find a KDC for the specified realm - " + e3.getMessage() + "\nUpdate the KDC settings in krb5-conf and kerberos-env configurations to correct this issue.", e3);
                        }
                    } catch (KerberosAdminAuthenticationException e4) {
                        throw new KerberosAdminAuthenticationException("Invalid KDC administrator credentials.\nThe KDC administrator credentials must be set as a persisted or temporary credential resource.This may be done by issuing a POST (or PUT for updating) to the /api/v1/clusters/:clusterName/credentials/kdc.admin.credential API entry point with the following payload:\n{\n  \"Credential\" : {\n    \"principal\" : \"(PRINCIPAL)\", \"key\" : \"(PASSWORD)\", \"type\" : \"(persisted|temporary)\"}\n  }\n}", e4);
                    } catch (KerberosOperationException e5) {
                        throw new OBDPException(e5.getMessage(), e5);
                    }
                } finally {
                    try {
                        kerberosOperationHandler.close();
                    } catch (KerberosOperationException e6) {
                    }
                }
            } catch (KerberosKDCSSLConnectionException e7) {
                throw new KerberosInvalidConfigurationException("Failed to connect to KDC - " + e7.getMessage() + "\nMake sure the server's SSL certificate or CA certificates have been imported into Ambari's truststore.", e7);
            }
        }
    }

    @Transactional
    RequestStageContainer handle(Cluster cluster, KerberosDetails kerberosDetails, Map<String, ? extends Collection<String>> map, Set<String> set, Collection<String> collection, Set<String> set2, RequestStageContainer requestStageContainer, Handler handler) throws OBDPException, KerberosOperationException {
        List<ServiceComponentHost> serviceComponentHostsToProcess = getServiceComponentHostsToProcess(cluster, getKerberosDescriptor(cluster, false), map, set);
        Set<String> set3 = null;
        File file = null;
        if (!serviceComponentHostsToProcess.isEmpty()) {
            validateKDCCredentials(kerberosDetails, cluster);
            file = createTemporaryDirectory();
            set3 = getHostsWithValidKerberosClient(cluster);
            if (set2 != null) {
                set3.addAll(set2);
            }
        }
        String json = StageUtils.getGson().toJson(StageUtils.getClusterHostInfo(cluster));
        String json2 = StageUtils.getGson().toJson(this.customCommandExecutionHelper.createDefaultHostParams(cluster, cluster.getDesiredStackVersion()));
        ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent = new ServiceComponentHostServerActionEvent(RootComponent.OBDP_SERVER.name(), StageUtils.getHostName(), System.currentTimeMillis());
        RoleCommandOrder roleCommandOrder = this.ambariManagementController.getRoleCommandOrder(cluster);
        if (requestStageContainer == null) {
            requestStageContainer = new RequestStageContainer(Long.valueOf(this.actionManager.getNextRequestId()), null, this.requestFactory, this.actionManager);
        }
        handler.createStages(cluster, json, json2, serviceComponentHostServerActionEvent, roleCommandOrder, kerberosDetails, file, requestStageContainer, serviceComponentHostsToProcess, map, set, collection, set3);
        handler.addFinalizeOperationStage(cluster, json, json2, serviceComponentHostServerActionEvent, file, roleCommandOrder, requestStageContainer, kerberosDetails);
        return requestStageContainer;
    }

    private RequestStageContainer handleTestIdentity(Cluster cluster, KerberosDetails kerberosDetails, Map<String, String> map, RequestStageContainer requestStageContainer, Handler handler) throws OBDPException, KerberosOperationException {
        if (kerberosDetails.manageIdentities()) {
            if (map == null) {
                throw new OBDPException("The properties map must not be null.  It is needed to store data related to the service check identity");
            }
            ArrayList arrayList = new ArrayList();
            KerberosDescriptor kerberosDescriptor = getKerberosDescriptor(cluster, false);
            Set<String> hostsWithValidKerberosClient = getHostsWithValidKerberosClient(cluster);
            File createTemporaryDirectory = createTemporaryDirectory();
            Map<String, Map<String, String>> calculateConfigurations = calculateConfigurations(cluster, null, kerberosDescriptor, false, false, null);
            String replaceVariables = this.variableReplacementHelper.replaceVariables("${kerberos-env/service_check_principal_name}@${realm}", calculateConfigurations);
            String replaceVariables2 = this.variableReplacementHelper.replaceVariables("${keytab_dir}/kerberos.service_check.${short_date}.keytab", calculateConfigurations);
            String replaceVariables3 = this.variableReplacementHelper.replaceVariables("${cluster-env/smokeuser}", calculateConfigurations);
            String replaceVariables4 = this.variableReplacementHelper.replaceVariables("${cluster-env/user_group}", calculateConfigurations);
            map.put(PrivilegeResourceProvider.PRINCIPAL_NAME_PROPERTY_ID, replaceVariables);
            map.put("keytab_file", replaceVariables2);
            try {
                List<ServiceComponentHost> serviceComponentHosts = cluster.getServiceComponentHosts(Service.Type.KERBEROS.name(), Role.KERBEROS_CLIENT.name());
                if (serviceComponentHosts != null && !serviceComponentHosts.isEmpty()) {
                    for (ServiceComponentHost serviceComponentHost : serviceComponentHosts) {
                        if (serviceComponentHost.getState() == State.INSTALLED) {
                            String hostName = serviceComponentHost.getHostName();
                            KerberosKeytabEntity find = this.kerberosKeytabDAO.find(replaceVariables2);
                            if (find == null) {
                                find = new KerberosKeytabEntity();
                                find.setKeytabPath(replaceVariables2);
                                find.setOwnerName(replaceVariables3);
                                find.setOwnerAccess("rw");
                                find.setGroupName(replaceVariables4);
                                find.setGroupAccess("r");
                                this.kerberosKeytabDAO.create(find);
                            }
                            KerberosPrincipalEntity find2 = this.kerberosPrincipalDAO.find(replaceVariables);
                            if (find2 == null) {
                                find2 = new KerberosPrincipalEntity(replaceVariables, false, null);
                                this.kerberosPrincipalDAO.create(find2);
                            }
                            KerberosKeytabPrincipalEntity kerberosKeytabPrincipalEntity = this.kerberosKeytabPrincipalDAO.findOrCreate(find, this.hostDAO.findById(serviceComponentHost.getHost().getHostId().longValue()), find2, null).kkp;
                            if (kerberosKeytabPrincipalEntity.putServiceMapping(serviceComponentHost.getServiceName(), serviceComponentHost.getServiceComponentName())) {
                                this.kerberosKeytabPrincipalDAO.merge(kerberosKeytabPrincipalEntity);
                            }
                            this.kerberosKeytabDAO.merge(find);
                            this.kerberosPrincipalDAO.merge(find2);
                            hostsWithValidKerberosClient.add(hostName);
                            arrayList.add(serviceComponentHost);
                        }
                    }
                }
                if (!arrayList.isEmpty()) {
                    try {
                        validateKDCCredentials(kerberosDetails, cluster);
                    } catch (Exception e) {
                        LOG.error("Cannot validate credentials: " + e);
                        try {
                            FileUtils.deleteDirectory(createTemporaryDirectory);
                        } catch (Throwable th) {
                            LOG.warn(String.format("The data directory (%s) was not deleted due to an error condition - {%s}", createTemporaryDirectory.getAbsolutePath(), th.getMessage()), th);
                        }
                        throw e;
                    }
                }
                String json = StageUtils.getGson().toJson(StageUtils.getClusterHostInfo(cluster));
                String json2 = StageUtils.getGson().toJson(this.customCommandExecutionHelper.createDefaultHostParams(cluster, cluster.getDesiredStackVersion()));
                ServiceComponentHostServerActionEvent serviceComponentHostServerActionEvent = new ServiceComponentHostServerActionEvent(RootComponent.OBDP_SERVER.name(), StageUtils.getHostName(), System.currentTimeMillis());
                RoleCommandOrder roleCommandOrder = this.ambariManagementController.getRoleCommandOrder(cluster);
                if (requestStageContainer == null) {
                    requestStageContainer = new RequestStageContainer(Long.valueOf(this.actionManager.getNextRequestId()), null, this.requestFactory, this.actionManager);
                }
                handler.createStages(cluster, json, json2, serviceComponentHostServerActionEvent, roleCommandOrder, kerberosDetails, createTemporaryDirectory, requestStageContainer, arrayList, null, null, Sets.newHashSet(new String[]{replaceVariables}), hostsWithValidKerberosClient);
                handler.addFinalizeOperationStage(cluster, json, json2, serviceComponentHostServerActionEvent, createTemporaryDirectory, roleCommandOrder, requestStageContainer, kerberosDetails);
            } catch (Exception e2) {
                LOG.error("Failed " + e2);
                throw e2;
            }
        }
        return requestStageContainer;
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public KerberosDetails getKerberosDetails(Cluster cluster, Boolean bool) throws KerberosInvalidConfigurationException, OBDPException {
        KerberosDetails kerberosDetails = new KerberosDetails();
        if (cluster == null) {
            LOG.error("The cluster object is not available");
            throw new OBDPException("The cluster object is not available");
        }
        Config desiredConfigByType = cluster.getDesiredConfigByType("krb5-conf");
        if (desiredConfigByType == null) {
            LOG.error("The 'krb5-conf' configuration is not available");
            throw new OBDPException("The 'krb5-conf' configuration is not available");
        }
        if (desiredConfigByType.getProperties() == null) {
            LOG.error("The 'krb5-conf' configuration properties are not available");
            throw new OBDPException("The 'krb5-conf' configuration properties are not available");
        }
        Config desiredConfigByType2 = cluster.getDesiredConfigByType(KerberosHelper.KERBEROS_ENV);
        if (desiredConfigByType2 == null) {
            LOG.error("The 'kerberos-env' configuration is not available");
            throw new OBDPException("The 'kerberos-env' configuration is not available");
        }
        Map<String, String> properties = desiredConfigByType2.getProperties();
        if (properties == null) {
            LOG.error("The 'kerberos-env' configuration properties are not available");
            throw new OBDPException("The 'kerberos-env' configuration properties are not available");
        }
        kerberosDetails.setSecurityType(cluster.getSecurityType());
        kerberosDetails.setDefaultRealm(properties.get(KerberosHelper.DEFAULT_REALM));
        kerberosDetails.setKerberosEnvProperties(properties);
        kerberosDetails.setManageIdentities(bool);
        String str = properties.get("kdc_type");
        if (str == null && kerberosDetails.manageIdentities()) {
            LOG.error("The 'kerberos-env/kdc_type' value must be set to a valid KDC type");
            throw new KerberosInvalidConfigurationException("The 'kerberos-env/kdc_type' value must be set to a valid KDC type");
        }
        try {
            KDCType translate = KDCType.translate(str);
            kerberosDetails.setKdcType(translate == null ? KDCType.MIT_KDC : translate);
            return kerberosDetails;
        } catch (IllegalArgumentException e) {
            String format = String.format("Invalid 'kdc_type' value: %s", str);
            LOG.error(format);
            throw new OBDPException(format);
        }
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public File createTemporaryDirectory() throws OBDPException {
        File file;
        try {
            File configuredTemporaryDirectory = getConfiguredTemporaryDirectory();
            int i = 0;
            long currentTimeMillis = System.currentTimeMillis();
            do {
                file = new File(configuredTemporaryDirectory, String.format("%s%d-%d.d", KerberosServerAction.DATA_DIRECTORY_PREFIX, Long.valueOf(currentTimeMillis), Integer.valueOf(i)));
                if (file.exists() || !file.mkdirs()) {
                    file = null;
                } else {
                    LOG.debug("Created temporary directory: {}", file.getAbsolutePath());
                }
                if (file != null) {
                    break;
                }
                i++;
            } while (i < 100);
            if (file == null) {
                throw new IOException(String.format("Failed to create a temporary directory in %s", configuredTemporaryDirectory));
            }
            return file;
        } catch (IOException e) {
            LOG.error("Failed to create the temporary data directory.", e);
            throw new OBDPException("Failed to create the temporary data directory.", e);
        }
    }

    private void mergeConfiguration(Map<String, Map<String, String>> map, String str, String str2, Map<String, Map<String, String>> map2) throws OBDPException {
        if (str != null) {
            String[] split = str.split("/");
            if (split.length == 2) {
                mergeConfigurations(map, split[0], Collections.singletonMap(split[1], str2), map2);
            }
        }
    }

    private void mergeConfigurations(Map<String, Map<String, String>> map, String str, Map<String, String> map2, Map<String, Map<String, String>> map3) throws OBDPException {
        if (map2 != null) {
            Map<String, String> map4 = map.get(str);
            if (map4 == null) {
                map4 = new HashMap();
                map.put(str, map4);
            }
            for (Map.Entry<String, String> entry : map2.entrySet()) {
                map4.put(this.variableReplacementHelper.replaceVariables(entry.getKey(), map3), this.variableReplacementHelper.replaceVariables(entry.getValue(), map3));
            }
        }
    }

    private void addIdentities(AuthToLocalBuilder authToLocalBuilder, List<KerberosIdentityDescriptor> list, Collection<String> collection, Map<String, Map<String, String>> map) throws OBDPException {
        if (list != null) {
            for (KerberosIdentityDescriptor kerberosIdentityDescriptor : list) {
                if (collection == null || collection.contains(kerberosIdentityDescriptor.getName())) {
                    KerberosPrincipalDescriptor principalDescriptor = kerberosIdentityDescriptor.getPrincipalDescriptor();
                    if (principalDescriptor != null) {
                        authToLocalBuilder.addRule(this.variableReplacementHelper.replaceVariables(principalDescriptor.getValue(), map), this.variableReplacementHelper.replaceVariables(principalDescriptor.getLocalUsername(), map));
                    }
                }
            }
        }
    }

    protected File createTemporaryFile() throws OBDPException {
        try {
            return File.createTempFile("tmp", ".tmp", getConfiguredTemporaryDirectory());
        } catch (IOException e) {
            LOG.error("Failed to create a temporary file.", e);
            throw new OBDPException("Failed to create a temporary file.", e);
        }
    }

    protected File getConfiguredTemporaryDirectory() throws IOException {
        String serverTempDir = this.configuration.getServerTempDir();
        if (StringUtils.isEmpty(serverTempDir)) {
            serverTempDir = System.getProperty("java.io.tmpdir");
        }
        if (serverTempDir == null) {
            throw new IOException("The System property 'java.io.tmpdir' does not specify a temporary directory");
        }
        return new File(serverTempDir);
    }

    private Stage createNewStage(long j, Cluster cluster, long j2, String str, String str2, String str3) {
        Stage createNew = this.stageFactory.createNew(j2, "/tmp/obdp" + File.pathSeparator + j2, cluster.getClusterName(), cluster.getClusterId(), str, str2, str3);
        createNew.setStageId(j);
        return createNew;
    }

    private List<String> createUniqueHostList(Collection<ServiceComponentHost> collection, Set<HostState> set) throws OBDPException {
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        if (collection != null) {
            Iterator<ServiceComponentHost> it = collection.iterator();
            while (it.hasNext()) {
                String hostName = it.next().getHostName();
                if (!hashSet2.contains(hostName)) {
                    if (set == null) {
                        hashSet.add(hostName);
                    } else {
                        Host host = this.clusters.getHost(hostName);
                        if (set.contains(host.getState())) {
                            hashSet.add(hostName);
                        } else {
                            LOG.warn("Host {} was excluded due {} state is not allowed. Allowed states: {}", new Object[]{hostName, host.getState(), set});
                        }
                    }
                    hashSet2.add(hostName);
                }
            }
        }
        return new ArrayList(hashSet);
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public boolean isClusterKerberosEnabled(Cluster cluster) {
        return cluster.getSecurityType() == SecurityType.KERBEROS;
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public boolean shouldExecuteCustomOperations(SecurityType securityType, Map<String, String> map) {
        if ((securityType != SecurityType.KERBEROS && securityType != SecurityType.NONE) || map == null || map.isEmpty()) {
            return false;
        }
        for (SupportedCustomOperation supportedCustomOperation : SupportedCustomOperation.values()) {
            if (map.containsKey(supportedCustomOperation.name().toLowerCase())) {
                return true;
            }
        }
        return false;
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public Boolean getManageIdentitiesDirective(Map<String, String> map) {
        String str = map == null ? null : map.get(KerberosHelper.DIRECTIVE_MANAGE_KERBEROS_IDENTITIES);
        if (str == null) {
            return null;
        }
        return Boolean.valueOf(!"false".equalsIgnoreCase(str));
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public boolean getForceToggleKerberosDirective(Map<String, String> map) {
        return map != null && DBAccessorImpl.TRUE.equalsIgnoreCase(map.get(KerberosHelper.DIRECTIVE_FORCE_TOGGLE_KERBEROS));
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public Map<String, Map<String, String>> getIdentityConfigurations(List<KerberosIdentityDescriptor> list) {
        HashMap hashMap = new HashMap();
        if (list != null) {
            for (KerberosIdentityDescriptor kerberosIdentityDescriptor : list) {
                KerberosPrincipalDescriptor principalDescriptor = kerberosIdentityDescriptor.getPrincipalDescriptor();
                if (principalDescriptor != null) {
                    putConfiguration(hashMap, principalDescriptor.getConfiguration(), principalDescriptor.getValue());
                }
                KerberosKeytabDescriptor keytabDescriptor = kerberosIdentityDescriptor.getKeytabDescriptor();
                if (keytabDescriptor != null) {
                    putConfiguration(hashMap, keytabDescriptor.getConfiguration(), keytabDescriptor.getFile());
                }
            }
        }
        return hashMap;
    }

    private void putConfiguration(Map<String, Map<String, String>> map, String str, String str2) {
        if (str != null) {
            String[] split = str.split("/");
            if (split.length == 2) {
                String str3 = split[0];
                String str4 = split[1];
                Map<String, String> map2 = map.get(str3);
                if (map2 == null) {
                    map2 = new HashMap();
                    map.put(str3, map2);
                }
                map2.put(str4, str2);
            }
        }
    }

    private List<KerberosIdentityDescriptor> getActiveIdentities(Cluster cluster, String str, String str2, String str3, KerberosDescriptor kerberosDescriptor, Map<String, Object> map) {
        ArrayList arrayList = new ArrayList();
        List<ServiceComponentHost> serviceComponentHosts = cluster.getServiceComponentHosts(str);
        if (serviceComponentHosts == null) {
            return arrayList;
        }
        serviceComponentHosts.forEach(serviceComponentHost -> {
            KerberosServiceDescriptor service;
            List<KerberosIdentityDescriptor> list;
            List<KerberosIdentityDescriptor> list2;
            String serviceName = serviceComponentHost.getServiceName();
            String serviceComponentName = serviceComponentHost.getServiceComponentName();
            if (str2 == null || str2.equals(serviceName)) {
                if ((str3 == null || str3.equals(serviceComponentName)) && (service = kerberosDescriptor.getService(serviceName)) != null) {
                    try {
                        list = service.getIdentities(true, map);
                    } catch (OBDPException e) {
                        list = null;
                    }
                    if (list != null) {
                        arrayList.addAll(list);
                    }
                    KerberosComponentDescriptor component = service.getComponent(serviceComponentName);
                    if (component != null) {
                        try {
                            list2 = component.getIdentities(true, map);
                        } catch (OBDPException e2) {
                            list2 = null;
                        }
                        if (list2 != null) {
                            arrayList.addAll(list2);
                        }
                    }
                }
            }
        });
        return arrayList;
    }

    private Map<String, Map<String, String>> addAdditionalConfigurations(Cluster cluster, Map<String, Map<String, String>> map, String str, Map<String, String> map2, @Nullable KerberosDescriptor kerberosDescriptor, Map<String, String> map3, @Nullable Map<String, DesiredConfig> map4) throws OBDPException {
        Map<String, Set<String>> clusterHostInfo;
        Map<String, String> computeIfAbsent = map.computeIfAbsent(Configuration.JDBC_IN_MEMORY_PASSWORD, str2 -> {
            return new HashMap();
        });
        if (map2 != null) {
            computeIfAbsent.putAll(map2);
        }
        if (!StringUtils.isEmpty(str)) {
            computeIfAbsent.put("host", str);
            computeIfAbsent.put(KerberosIdentityDataFile.HOSTNAME, str);
        }
        computeIfAbsent.put("cluster_name", cluster.getClusterName());
        computeIfAbsent.put("short_date", new SimpleDateFormat("MMddyy").format(new Date()));
        if (map.get(KerberosHelper.CLUSTER_HOST_INFO) == null) {
            if (map3 == null) {
                map3 = new HashMap();
            }
            if (map3.isEmpty() && (clusterHostInfo = StageUtils.getClusterHostInfo(cluster)) != null) {
                for (Map.Entry<String, Set<String>> entry : StageUtils.substituteHostIndexes(clusterHostInfo).entrySet()) {
                    map3.put(entry.getKey(), StringUtils.join(entry.getValue(), ","));
                }
            }
            if (!map3.isEmpty()) {
                map.put(KerberosHelper.CLUSTER_HOST_INFO, map3);
            }
        }
        map.put("principals", principalNames(cluster, map, kerberosDescriptor, map4));
        return map;
    }

    private Map<String, Map<String, String>> addAdditionalConfigurations(Cluster cluster, Map<String, Map<String, String>> map, String str, Map<String, String> map2, KerberosDescriptor kerberosDescriptor) throws OBDPException {
        return addAdditionalConfigurations(cluster, map, str, map2, kerberosDescriptor, null, null);
    }

    private Map<String, Map<String, String>> deepCopy(Map<String, Map<String, String>> map) {
        if (map == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Map<String, String>> entry : map.entrySet()) {
            Map<String, String> value = entry.getValue();
            hashMap.put(entry.getKey(), value == null ? null : new HashMap(value));
        }
        return hashMap;
    }

    @Override // id.onyx.obdp.server.controller.KerberosHelper
    public KerberosDescriptor getKerberosDescriptorUpdates(Cluster cluster) {
        TreeMap<String, String> treeMap = new TreeMap<>();
        treeMap.put("cluster", String.valueOf(cluster.getClusterId()));
        ArtifactEntity findByNameAndForeignKeys = this.artifactDAO.findByNameAndForeignKeys("kerberos_descriptor", treeMap);
        if (findByNameAndForeignKeys == null) {
            return null;
        }
        return this.kerberosDescriptorFactory.createInstance(findByNameAndForeignKeys.getArtifactData());
    }

    private KerberosDescriptor getKerberosDescriptorFromStack(StackId stackId, boolean z) throws OBDPException {
        return this.obdpMetaInfo.getKerberosDescriptor(stackId.getStackName(), stackId.getStackVersion(), z);
    }

    private Map<String, Set<String>> processWhenClauses(String str, AbstractKerberosDescriptorContainer abstractKerberosDescriptorContainer, Map<String, Object> map, Map<String, Set<String>> map2) throws OBDPException {
        List<KerberosIdentityDescriptor> identities = abstractKerberosDescriptorContainer.getIdentities(true, null);
        if (identities != null && !identities.isEmpty()) {
            HashSet hashSet = null;
            for (KerberosIdentityDescriptor kerberosIdentityDescriptor : identities) {
                if (!kerberosIdentityDescriptor.shouldInclude(map)) {
                    if (hashSet == null) {
                        hashSet = new HashSet();
                        map2.put(str, hashSet);
                    }
                    hashSet.add(kerberosIdentityDescriptor.getName());
                }
            }
        }
        Collection<? extends AbstractKerberosDescriptorContainer> childContainers = abstractKerberosDescriptorContainer.getChildContainers();
        if (childContainers != null) {
            for (AbstractKerberosDescriptorContainer abstractKerberosDescriptorContainer2 : childContainers) {
                map2 = processWhenClauses(str + "/" + abstractKerberosDescriptorContainer2.getName(), abstractKerberosDescriptorContainer2, map, map2);
            }
        }
        return map2;
    }

    private void processIdentityConfigurations(Map<String, Map<String, String>> map, Map<String, Map<String, String>> map2, Map<String, Map<String, String>> map3, Map<String, Set<String>> map4) throws OBDPException {
        if (map != null) {
            for (Map.Entry<String, Map<String, String>> entry : map.entrySet()) {
                String key = entry.getKey();
                Map<String, String> value = entry.getValue();
                mergeConfigurations(map2, key, entry.getValue(), map3);
                if (value != null && !value.isEmpty()) {
                    Set<String> set = map4.get(key);
                    if (set == null) {
                        set = new HashSet();
                        map4.put(key, set);
                    }
                    set.addAll(value.keySet());
                }
            }
        }
    }

    private Map<String, Map<String, String>> addConfigurationsForPreProcessedServices(Map<String, Map<String, String>> map, Cluster cluster, @Nullable KerberosDescriptor kerberosDescriptor, boolean z) throws OBDPException {
        Map<String, KerberosServiceDescriptor> services = kerberosDescriptor.getServices();
        if (services != null) {
            Map<String, Service> services2 = cluster.getServices();
            HashSet hashSet = new HashSet(services2.keySet());
            HashSet hashSet2 = new HashSet();
            StackId currentStackVersion = cluster.getCurrentStackVersion();
            for (KerberosServiceDescriptor kerberosServiceDescriptor : services.values()) {
                String name = kerberosServiceDescriptor.getName();
                if (kerberosServiceDescriptor.shouldPreconfigure() && !services2.containsKey(name) && this.obdpMetaInfo.isValidService(currentStackVersion.getStackName(), currentStackVersion.getStackVersion(), name)) {
                    ServiceInfo service = this.obdpMetaInfo.getService(currentStackVersion.getStackName(), currentStackVersion.getStackVersion(), name);
                    List<PropertyInfo> properties = service.getProperties();
                    if (properties != null) {
                        HashMap hashMap = new HashMap();
                        for (PropertyInfo propertyInfo : properties) {
                            String fileNameToConfigType = ConfigHelper.fileNameToConfigType(propertyInfo.getFilename());
                            Map map2 = (Map) hashMap.get(fileNameToConfigType);
                            if (map2 == null) {
                                map2 = new HashMap();
                                hashMap.put(fileNameToConfigType, map2);
                            }
                            map2.put(propertyInfo.getName(), propertyInfo.getValue());
                        }
                        for (Map.Entry entry : hashMap.entrySet()) {
                            if (!map.containsKey(entry.getKey())) {
                                map.put((String) entry.getKey(), (Map) entry.getValue());
                            }
                        }
                    }
                    if (z) {
                        hashSet.add(name);
                        List<ComponentInfo> components = service.getComponents();
                        if (components != null) {
                            Iterator<ComponentInfo> it = components.iterator();
                            while (it.hasNext()) {
                                hashSet2.add(it.next().getName());
                            }
                        }
                    }
                }
            }
            if (z && hashSet.size() > services2.size()) {
                applyStackAdvisorHostRecommendations(cluster, hashSet, hashSet2, map);
            }
        }
        return map;
    }

    private KerberosDescriptor combineKerberosDescriptors(KerberosDescriptor kerberosDescriptor, KerberosDescriptor kerberosDescriptor2) {
        KerberosDescriptor kerberosDescriptor3;
        if (kerberosDescriptor != null) {
            if (kerberosDescriptor2 != null) {
                kerberosDescriptor.update(kerberosDescriptor2);
            }
            kerberosDescriptor3 = kerberosDescriptor;
        } else {
            if (kerberosDescriptor2 == null) {
                return new KerberosDescriptor();
            }
            kerberosDescriptor3 = kerberosDescriptor2;
        }
        return kerberosDescriptor3;
    }

    private Collection<ServiceComponentHost> filterServiceComponentHostsForHosts(Collection<ServiceComponentHost> collection, Set<String> set) {
        if (collection != null && set != null) {
            Iterator<ServiceComponentHost> it = collection.iterator();
            while (it.hasNext()) {
                if (!set.contains(it.next().getHostName())) {
                    it.remove();
                }
            }
        }
        return collection;
    }

    private List<String> calculateHosts(Cluster cluster, List<ServiceComponentHost> list, Set<String> set, boolean z) throws OBDPException {
        if (!z) {
            Collection<ServiceComponentHost> filterServiceComponentHostsForHosts = filterServiceComponentHostsForHosts(new ArrayList(list), set);
            return filterServiceComponentHostsForHosts.isEmpty() ? Collections.emptyList() : createUniqueHostList(filterServiceComponentHostsForHosts, Collections.singleton(HostState.HEALTHY));
        }
        ArrayList arrayList = new ArrayList();
        Collection<Host> hosts = cluster.getHosts();
        if (!CollectionUtils.isEmpty(hosts)) {
            for (Host host : hosts) {
                if (host.getState() == HostState.HEALTHY) {
                    arrayList.add(host.getHostName());
                } else {
                    LOG.warn("Host {} was excluded due {} state", host.getHostName(), host.getState());
                }
            }
        }
        return arrayList;
    }
}
