package id.onyx.obdp.server.serveraction.upgrades;

import com.google.inject.Inject;
import id.onyx.obdp.server.OBDPException;
import id.onyx.obdp.server.actionmanager.HostRoleStatus;
import id.onyx.obdp.server.agent.CommandReport;
import id.onyx.obdp.server.configuration.Configuration;
import id.onyx.obdp.server.controller.KerberosHelper;
import id.onyx.obdp.server.controller.OBDPManagementController;
import id.onyx.obdp.server.controller.RootComponent;
import id.onyx.obdp.server.controller.RootService;
import id.onyx.obdp.server.orm.dao.HostDAO;
import id.onyx.obdp.server.orm.dao.KerberosKeytabPrincipalDAO;
import id.onyx.obdp.server.orm.entities.HostEntity;
import id.onyx.obdp.server.orm.entities.KerberosKeytabPrincipalEntity;
import id.onyx.obdp.server.serveraction.kerberos.KerberosIdentityDataFile;
import id.onyx.obdp.server.serveraction.kerberos.PreconfigureServiceType;
import id.onyx.obdp.server.stack.ServiceDirectory;
import id.onyx.obdp.server.stack.upgrade.Direction;
import id.onyx.obdp.server.stack.upgrade.orchestrate.UpgradeContext;
import id.onyx.obdp.server.state.Cluster;
import id.onyx.obdp.server.state.ConfigHelper;
import id.onyx.obdp.server.state.Host;
import id.onyx.obdp.server.state.SecurityType;
import id.onyx.obdp.server.state.Service;
import id.onyx.obdp.server.state.ServiceComponentHost;
import id.onyx.obdp.server.state.StackId;
import id.onyx.obdp.server.state.kerberos.AbstractKerberosDescriptorContainer;
import id.onyx.obdp.server.state.kerberos.KerberosComponentDescriptor;
import id.onyx.obdp.server.state.kerberos.KerberosConfigurationDescriptor;
import id.onyx.obdp.server.state.kerberos.KerberosDescriptor;
import id.onyx.obdp.server.state.kerberos.KerberosIdentityDescriptor;
import id.onyx.obdp.server.state.kerberos.KerberosServiceDescriptor;
import id.onyx.obdp.server.state.kerberos.VariableReplacementHelper;
import id.onyx.obdp.server.utils.StageUtils;
import java.io.IOException;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentMap;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:id/onyx/obdp/server/serveraction/upgrades/PreconfigureKerberosAction.class */
public class PreconfigureKerberosAction extends AbstractUpgradeServerAction {
    static final String UPGRADE_DIRECTION_KEY = "upgrade_direction";

    @Inject
    private OBDPManagementController ambariManagementController;

    @Inject
    private KerberosHelper kerberosHelper;

    @Inject
    private ConfigHelper configHelper;

    @Inject
    private VariableReplacementHelper variableReplacementHelper;

    @Inject
    private HostDAO hostDAO;

    @Inject
    private KerberosKeytabPrincipalDAO kerberosKeytabPrincipalDAO;

    @Override // id.onyx.obdp.server.serveraction.ServerAction
    public CommandReport execute(ConcurrentMap<String, Object> concurrentMap) throws OBDPException, InterruptedException {
        Map<String, KerberosServiceDescriptor> services;
        Map<String, String> commandParameters = getCommandParameters();
        if (null == commandParameters || commandParameters.isEmpty()) {
            return createCommandReport(0, HostRoleStatus.FAILED, "{}", Configuration.JDBC_IN_MEMORY_PASSWORD, "Unable to change configuration values without command parameters");
        }
        if (isDowngrade()) {
            this.actionLog.writeStdOut("Skipping: This facility is only available during an upgrade");
        } else {
            Cluster cluster = getClusters().getCluster(commandParameters.get(UpgradeContext.COMMAND_PARAM_CLUSTER_NAME));
            if (cluster.getSecurityType() == SecurityType.KERBEROS) {
                try {
                    StackId targetStackId = getTargetStackId(cluster);
                    if (targetStackId == null) {
                        return createCommandReport(0, HostRoleStatus.FAILED, "{}", Configuration.JDBC_IN_MEMORY_PASSWORD, "The target stack Id was not specified.");
                    }
                    KerberosDescriptor kerberosDescriptor = this.kerberosHelper.getKerberosDescriptor(KerberosHelper.KerberosDescriptorType.COMPOSITE, cluster, targetStackId, true, null);
                    Map<String, Map<String, String>> calculateConfigurations = this.kerberosHelper.calculateConfigurations(cluster, null, kerberosDescriptor, true, false, null);
                    PreconfigureServiceType preconfigureServiceType = getPreconfigureServiceType(calculateConfigurations);
                    if (preconfigureServiceType != PreconfigureServiceType.NONE) {
                        HashMap hashMap = new HashMap();
                        HashMap hashMap2 = new HashMap();
                        HashMap hashMap3 = new HashMap();
                        if (preconfigureServiceType == PreconfigureServiceType.ALL && (services = kerberosDescriptor.getServices()) != null) {
                            Iterator<KerberosServiceDescriptor> it = services.values().iterator();
                            while (it.hasNext()) {
                                it.next().setPreconfigure(true);
                            }
                        }
                        processServiceComponentHosts(cluster, kerberosDescriptor, calculateConfigurations, hashMap, hashMap3, getDefaultRealm(calculateConfigurations));
                        Map<String, Map<String, String>> processPreconfiguredServiceConfigurations = this.kerberosHelper.processPreconfiguredServiceConfigurations(hashMap, calculateConfigurations, cluster, kerberosDescriptor);
                        Map<String, Set<String>> calculateInstalledServices = calculateInstalledServices(cluster);
                        this.kerberosHelper.applyStackAdvisorUpdates(cluster, calculateInstalledServices.keySet(), calculateConfigurations, processPreconfiguredServiceConfigurations, hashMap3, hashMap2, true);
                        this.kerberosHelper.setAuthToLocalRules(cluster, kerberosDescriptor, getDefaultRealm(calculateConfigurations), calculateInstalledServices, calculateConfigurations, processPreconfiguredServiceConfigurations, true);
                        processConfigurationChanges(cluster, targetStackId, kerberosDescriptor, processPreconfiguredServiceConfigurations, hashMap2, calculateConfigurations);
                    } else {
                        this.actionLog.writeStdOut("Skipping: This facility is only available when kerberos-env/preconfigure_services is not \"NONE\"");
                    }
                } catch (OBDPException e) {
                    return createCommandReport(0, HostRoleStatus.FAILED, "{}", Configuration.JDBC_IN_MEMORY_PASSWORD, e.getLocalizedMessage());
                }
            } else {
                this.actionLog.writeStdOut("Skipping: This facility is only available when Kerberos is enabled");
            }
        }
        return createCommandReport(0, HostRoleStatus.COMPLETED, "{}", this.actionLog.getStdOut(), this.actionLog.getStdErr());
    }

    private Map<String, Set<String>> calculateInstalledServices(Cluster cluster) {
        HashMap hashMap = new HashMap();
        for (Service service : cluster.getServices().values()) {
            hashMap.put(service.getName(), service.getServiceComponents().keySet());
        }
        return hashMap;
    }

    private String getValueFromConfiguration(Map<String, Map<String, String>> map, String str, String str2) {
        Map<String, String> map2;
        String str3 = null;
        if (map != null && (map2 = map.get(str)) != null) {
            str3 = map2.get(str2);
        }
        return str3;
    }

    private String getDefaultRealm(Map<String, Map<String, String>> map) {
        return getValueFromConfiguration(map, KerberosHelper.KERBEROS_ENV, KerberosHelper.DEFAULT_REALM);
    }

    private PreconfigureServiceType getPreconfigureServiceType(Map<String, Map<String, String>> map) {
        String valueFromConfiguration = getValueFromConfiguration(map, KerberosHelper.KERBEROS_ENV, "preconfigure_services");
        PreconfigureServiceType preconfigureServiceType = null;
        if (!StringUtils.isEmpty(valueFromConfiguration)) {
            try {
                preconfigureServiceType = PreconfigureServiceType.valueOf(valueFromConfiguration.toUpperCase());
            } catch (Throwable th) {
                preconfigureServiceType = PreconfigureServiceType.DEFAULT;
            }
        }
        return preconfigureServiceType == null ? PreconfigureServiceType.DEFAULT : preconfigureServiceType;
    }

    private boolean isDowngrade() {
        return Direction.DOWNGRADE.name().equalsIgnoreCase(getCommandParameterValue("upgrade_direction"));
    }

    private StackId getTargetStackId(Cluster cluster) throws OBDPException {
        UpgradeContext upgradeContext = getUpgradeContext(cluster);
        HashSet hashSet = new HashSet();
        Iterator<Service> it = cluster.getServices().values().iterator();
        while (it.hasNext()) {
            hashSet.add(upgradeContext.getTargetRepositoryVersion(it.next().getName()).getStackId());
        }
        if (1 != hashSet.size()) {
            throw new OBDPException("Services are deployed from multiple stacks and cannot determine a unique one.");
        }
        return (StackId) hashSet.iterator().next();
    }

    private void processServiceComponentHosts(Cluster cluster, KerberosDescriptor kerberosDescriptor, Map<String, Map<String, String>> map, Map<String, Map<String, String>> map2, Map<String, Set<String>> map3, String str) throws OBDPException {
        Collection<Host> hosts = cluster.getHosts();
        if (hosts.isEmpty()) {
            return;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("configurations", map);
        hashMap.put(ServiceDirectory.SERVICES_FOLDER_NAME, cluster.getServices().keySet());
        try {
            Map<String, Set<String>> map4 = null;
            HashMap hashMap2 = new HashMap();
            for (Host host : hosts) {
                for (ServiceComponentHost serviceComponentHost : cluster.getServiceComponentHosts(host.getHostName())) {
                    String hostName = serviceComponentHost.getHostName();
                    String serviceName = serviceComponentHost.getServiceName();
                    String serviceComponentName = serviceComponentHost.getServiceComponentName();
                    KerberosServiceDescriptor service = kerberosDescriptor.getService(serviceName);
                    if (!StringUtils.isEmpty(hostName)) {
                        Map<String, String> map5 = map.get(Configuration.JDBC_IN_MEMORY_PASSWORD);
                        if (map5 == null) {
                            map5 = new HashMap();
                            map.put(Configuration.JDBC_IN_MEMORY_PASSWORD, map5);
                        }
                        map5.put("host", hostName);
                        map5.put(KerberosIdentityDataFile.HOSTNAME, hostName);
                    }
                    if (service != null) {
                        List<KerberosIdentityDescriptor> identities = service.getIdentities(true, hashMap);
                        this.kerberosHelper.addIdentities(null, identities, null, hostName, host.getHostId(), serviceName, serviceComponentName, map2, map, hashMap2, str);
                        map4 = gatherPropertiesToIgnore(identities, map4);
                        KerberosComponentDescriptor component = service.getComponent(serviceComponentName);
                        if (component != null) {
                            List<KerberosIdentityDescriptor> identities2 = component.getIdentities(true, hashMap);
                            this.kerberosHelper.mergeConfigurations(map2, component.getConfigurations(true), map, null);
                            this.kerberosHelper.addIdentities(null, identities2, null, hostName, host.getHostId(), serviceName, serviceComponentName, map2, map, hashMap2, str);
                            map4 = gatherPropertiesToIgnore(identities2, map4);
                        }
                    }
                }
            }
            if (this.kerberosHelper.createAmbariIdentities(map.get(KerberosHelper.KERBEROS_ENV))) {
                for (KerberosIdentityDescriptor kerberosIdentityDescriptor : this.kerberosHelper.getAmbariServerIdentities(kerberosDescriptor)) {
                    String name = "obdp-server".equals(kerberosIdentityDescriptor.getName()) ? "AMBARI_SERVER_SELF" : RootComponent.OBDP_SERVER.name();
                    List<KerberosIdentityDescriptor> singletonList = Collections.singletonList(kerberosIdentityDescriptor);
                    this.kerberosHelper.addIdentities(null, singletonList, null, KerberosHelper.AMBARI_SERVER_HOST_NAME, ambariServerHostID(), RootService.OBDP.name(), name, map2, map, hashMap2, str);
                    map4 = gatherPropertiesToIgnore(singletonList, map4);
                }
            }
            if (map3 != null && map4 != null) {
                map3.putAll(map4);
            }
            List<KerberosKeytabPrincipalEntity> findAll = this.kerberosKeytabPrincipalDAO.findAll();
            hashMap2.values().forEach(resolvedKerberosKeytab -> {
                this.kerberosHelper.createResolvedKeytab(resolvedKerberosKeytab, findAll);
            });
        } catch (IOException e) {
            throw new OBDPException(e.getMessage(), e);
        }
    }

    private Map<String, Set<String>> gatherPropertiesToIgnore(List<KerberosIdentityDescriptor> list, Map<String, Set<String>> map) {
        Map<String, Map<String, String>> identityConfigurations = this.kerberosHelper.getIdentityConfigurations(list);
        if (!MapUtils.isEmpty(identityConfigurations)) {
            if (map == null) {
                map = new HashMap();
            }
            for (Map.Entry<String, Map<String, String>> entry : identityConfigurations.entrySet()) {
                String key = entry.getKey();
                Map<String, String> value = entry.getValue();
                if (MapUtils.isEmpty(value)) {
                    Set<String> set = map.get(key);
                    if (set == null) {
                        set = new HashSet();
                        map.put(key, set);
                    }
                    set.addAll(value.keySet());
                }
            }
        }
        return map;
    }

    private void processConfigurationChanges(Cluster cluster, StackId stackId, KerberosDescriptor kerberosDescriptor, Map<String, Map<String, String>> map, Map<String, Set<String>> map2, Map<String, Map<String, String>> map3) throws OBDPException {
        this.actionLog.writeStdOut("Determining configuration changes");
        if (map.isEmpty()) {
            return;
        }
        Map<String, Service> services = cluster.getServices();
        HashMap hashMap = new HashMap();
        Map<String, KerberosServiceDescriptor> services2 = kerberosDescriptor.getServices();
        if (services2 != null) {
            for (KerberosServiceDescriptor kerberosServiceDescriptor : services2.values()) {
                if (!services.containsKey(kerberosServiceDescriptor.getName()) && kerberosServiceDescriptor.shouldPreconfigure()) {
                    buildFilter(Collections.singleton(kerberosServiceDescriptor), hashMap, map3);
                }
            }
        }
        Map<String, Set<String>> translateConfigurationSpecifications = this.kerberosHelper.translateConfigurationSpecifications(kerberosDescriptor.getAllAuthToLocalProperties());
        if (!MapUtils.isEmpty(translateConfigurationSpecifications)) {
            for (Map.Entry<String, Set<String>> entry : translateConfigurationSpecifications.entrySet()) {
                Set<String> value = entry.getValue();
                if (!CollectionUtils.isEmpty(value)) {
                    String key = entry.getKey();
                    Set<String> set = hashMap.get(key);
                    if (set == null) {
                        set = new HashSet();
                        hashMap.put(key, set);
                    }
                    set.addAll(value);
                }
            }
        }
        HashSet hashSet = new HashSet();
        for (Map.Entry<String, Map<String, String>> entry2 : map.entrySet()) {
            String key2 = entry2.getKey();
            String serviceByConfigType = cluster.getServiceByConfigType(key2);
            Set<String> set2 = hashMap.get(key2);
            if (services.containsKey(serviceByConfigType) && !CollectionUtils.isEmpty(set2)) {
                Map<String, String> value2 = entry2.getValue();
                Set<String> set3 = map2 == null ? null : map2.get(key2);
                if (value2 != null) {
                    Iterator<Map.Entry<String, String>> it = value2.entrySet().iterator();
                    while (it.hasNext()) {
                        if (!set2.contains(it.next().getKey())) {
                            it.remove();
                        }
                    }
                }
                if (set3 != null) {
                    Iterator<String> it2 = set3.iterator();
                    while (it2.hasNext()) {
                        if (!set2.contains(it2.next())) {
                            it2.remove();
                        }
                    }
                }
                hashSet.add(key2);
                if (!MapUtils.isEmpty(value2) || !CollectionUtils.isEmpty(set3)) {
                    if (!MapUtils.isEmpty(value2)) {
                        for (Map.Entry<String, String> entry3 : value2.entrySet()) {
                            this.actionLog.writeStdOut(String.format("Setting: %s/%s = %s", key2, entry3.getKey(), entry3.getValue()));
                        }
                    }
                    if (!CollectionUtils.isEmpty(set3)) {
                        Iterator<String> it3 = set3.iterator();
                        while (it3.hasNext()) {
                            this.actionLog.writeStdOut(String.format("Removing: %s/%s", key2, it3.next()));
                        }
                    }
                    this.configHelper.updateConfigType(cluster, stackId, this.ambariManagementController, key2, value2, set3, this.ambariManagementController.getAuthName(), "Preconfiguring for Kerberos during upgrade");
                }
            }
        }
        if (MapUtils.isEmpty(map2)) {
            return;
        }
        for (Map.Entry<String, Set<String>> entry4 : map2.entrySet()) {
            String key3 = entry4.getKey();
            if (!hashSet.contains(key3)) {
                Set<String> value3 = entry4.getValue();
                if (!CollectionUtils.isEmpty(value3)) {
                    Iterator<String> it4 = value3.iterator();
                    while (it4.hasNext()) {
                        this.actionLog.writeStdOut(String.format("Removing: %s/%s", key3, it4.next()));
                    }
                    this.configHelper.updateConfigType(cluster, stackId, this.ambariManagementController, key3, null, entry4.getValue(), this.ambariManagementController.getAuthName(), "Preconfiguring for Kerberos during upgrade");
                }
            }
        }
    }

    private void buildFilter(Collection<? extends AbstractKerberosDescriptorContainer> collection, Map<String, Set<String>> map, Map<String, Map<String, String>> map2) throws OBDPException {
        if (collection != null) {
            for (AbstractKerberosDescriptorContainer abstractKerberosDescriptorContainer : collection) {
                Map<String, KerberosConfigurationDescriptor> configurations = abstractKerberosDescriptorContainer.getConfigurations(false);
                if (!MapUtils.isEmpty(configurations)) {
                    for (KerberosConfigurationDescriptor kerberosConfigurationDescriptor : configurations.values()) {
                        Map<String, String> properties = kerberosConfigurationDescriptor.getProperties();
                        if (!MapUtils.isEmpty(properties)) {
                            String type = kerberosConfigurationDescriptor.getType();
                            Set<String> set = map.get(type);
                            if (set == null) {
                                set = new HashSet();
                                map.put(type, set);
                            }
                            Iterator<String> it = properties.keySet().iterator();
                            while (it.hasNext()) {
                                set.add(this.variableReplacementHelper.replaceVariables(it.next(), map2));
                            }
                        }
                    }
                }
                Collection<? extends AbstractKerberosDescriptorContainer> childContainers = abstractKerberosDescriptorContainer.getChildContainers();
                if (childContainers != null) {
                    buildFilter(childContainers, map, map2);
                }
            }
        }
    }

    protected Long ambariServerHostID() {
        HostEntity findByName = this.hostDAO.findByName(StageUtils.getHostName());
        if (findByName == null) {
            return null;
        }
        return findByName.getHostId();
    }
}
