package id.onyx.obdp.server.serveraction.kerberos;

import com.google.common.util.concurrent.Striped;
import com.google.inject.Inject;
import id.onyx.obdp.server.OBDPException;
import id.onyx.obdp.server.agent.CommandReport;
import id.onyx.obdp.server.controller.RootService;
import id.onyx.obdp.server.controller.utilities.KerberosChecker;
import id.onyx.obdp.server.orm.dao.HostDAO;
import id.onyx.obdp.server.orm.dao.KerberosKeytabDAO;
import id.onyx.obdp.server.orm.dao.KerberosKeytabPrincipalDAO;
import id.onyx.obdp.server.orm.dao.KerberosPrincipalDAO;
import id.onyx.obdp.server.orm.entities.HostEntity;
import id.onyx.obdp.server.orm.entities.KerberosKeytabEntity;
import id.onyx.obdp.server.orm.entities.KerberosKeytabPrincipalEntity;
import id.onyx.obdp.server.orm.entities.KerberosPrincipalEntity;
import id.onyx.obdp.server.serveraction.ActionLog;
import id.onyx.obdp.server.serveraction.kerberos.stageutils.ResolvedKerberosKeytab;
import id.onyx.obdp.server.serveraction.kerberos.stageutils.ResolvedKerberosPrincipal;
import id.onyx.obdp.server.utils.ShellCommandUtil;
import id.onyx.obdp.server.utils.StageUtils;
import java.io.File;
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.Map;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.locks.Lock;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.io.FileUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:id/onyx/obdp/server/serveraction/kerberos/ConfigureOBDPIdentitiesServerAction.class */
public class ConfigureOBDPIdentitiesServerAction extends KerberosServerAction {
    private static final String KEYTAB_PATTERN = "keyTab=\"(.+)?\"";
    private static final String PRINCIPAL_PATTERN = "principal=\"(.+)?\"";
    private static final Logger LOG = LoggerFactory.getLogger(ConfigureOBDPIdentitiesServerAction.class);

    @Inject
    private KerberosKeytabDAO kerberosKeytabDAO;

    @Inject
    private KerberosKeytabPrincipalDAO kerberosKeytabPrincipalDAO;

    @Inject
    private KerberosPrincipalDAO kerberosPrincipalDAO;

    @Inject
    private HostDAO hostDAO;
    private Striped<Lock> m_locksByKeytab = Striped.lazyWeakLock(25);

    @Override // id.onyx.obdp.server.serveraction.ServerAction
    public CommandReport execute(ConcurrentMap<String, Object> concurrentMap) throws OBDPException, InterruptedException {
        return processIdentities(concurrentMap);
    }

    @Override // id.onyx.obdp.server.serveraction.kerberos.KerberosServerAction
    protected CommandReport processIdentity(ResolvedKerberosPrincipal resolvedKerberosPrincipal, KerberosOperationHandler kerberosOperationHandler, Map<String, String> map, boolean z, Map<String, Object> map2) throws OBDPException {
        if (z && resolvedKerberosPrincipal != null && StageUtils.getHostName().equals(resolvedKerberosPrincipal.getHostName())) {
            String hostName = resolvedKerberosPrincipal.getHostName();
            String dataDirectoryPath = getDataDirectoryPath();
            for (Map.Entry entry : resolvedKerberosPrincipal.getServiceMapping().entries()) {
                if (RootService.OBDP.name().equals(entry.getKey())) {
                    ResolvedKerberosKeytab resolvedKerberosKeytab = resolvedKerberosPrincipal.getResolvedKerberosKeytab();
                    String file = resolvedKerberosPrincipal.getResolvedKerberosKeytab().getFile();
                    File file2 = new File(new File(dataDirectoryPath, hostName), DigestUtils.sha256Hex(file));
                    Lock lock = (Lock) this.m_locksByKeytab.get(file);
                    lock.lock();
                    try {
                        if (file2.exists()) {
                            installAmbariServerIdentity(resolvedKerberosPrincipal, file2.getAbsolutePath(), file, resolvedKerberosKeytab.getOwnerName(), resolvedKerberosKeytab.getOwnerAccess(), resolvedKerberosKeytab.getGroupName(), resolvedKerberosKeytab.getGroupAccess(), this.actionLog);
                            if (((String) entry.getValue()).contains("AMBARI_SERVER_SELF")) {
                                configureJAAS(resolvedKerberosPrincipal.getPrincipal(), file, this.actionLog);
                            }
                        }
                    } finally {
                        lock.unlock();
                    }
                }
            }
        }
        return null;
    }

    public boolean installAmbariServerIdentity(ResolvedKerberosPrincipal resolvedKerberosPrincipal, String str, String str2, String str3, String str4, String str5, String str6, ActionLog actionLog) throws OBDPException {
        try {
            boolean z = "w".equalsIgnoreCase(str4) || "rw".equalsIgnoreCase(str4);
            boolean z2 = "r".equalsIgnoreCase(str4) || "rw".equalsIgnoreCase(str4);
            boolean z3 = "w".equalsIgnoreCase(str6) || "rw".equalsIgnoreCase(str6);
            boolean z4 = "r".equalsIgnoreCase(str6) || "rw".equalsIgnoreCase(str6);
            copyFile(str, str2);
            setFileACL(str2, str3, z2, z, str5, z4, z3);
            Long ambariServerHostID = ambariServerHostID();
            HostEntity findById = ambariServerHostID != null ? this.hostDAO.findById(ambariServerHostID.longValue()) : null;
            KerberosKeytabEntity find = this.kerberosKeytabDAO.find(str2);
            if (find == null) {
                find = new KerberosKeytabEntity(str2);
                find.setOwnerName(str3);
                find.setOwnerAccess(str4);
                find.setGroupName(str5);
                find.setGroupAccess(str6);
                this.kerberosKeytabDAO.create(find);
            }
            KerberosPrincipalEntity find2 = this.kerberosPrincipalDAO.find(resolvedKerberosPrincipal.getPrincipal());
            if (find2 == null) {
                find2 = new KerberosPrincipalEntity(resolvedKerberosPrincipal.getPrincipal(), resolvedKerberosPrincipal.isService(), resolvedKerberosPrincipal.getCacheFile());
                this.kerberosPrincipalDAO.create(find2);
            }
            for (Map.Entry entry : resolvedKerberosPrincipal.getServiceMapping().entries()) {
                String str7 = (String) entry.getKey();
                String str8 = (String) entry.getValue();
                KerberosKeytabPrincipalEntity kerberosKeytabPrincipalEntity = this.kerberosKeytabPrincipalDAO.findOrCreate(find, findById, find2, null).kkp;
                kerberosKeytabPrincipalEntity.setDistributed(true);
                kerberosKeytabPrincipalEntity.putServiceMapping(str7, str8);
                this.kerberosKeytabPrincipalDAO.merge(kerberosKeytabPrincipalEntity);
                find.addKerberosKeytabPrincipal(kerberosKeytabPrincipalEntity);
                this.kerberosKeytabDAO.merge(find);
                find2.addKerberosKeytabPrincipal(kerberosKeytabPrincipalEntity);
                this.kerberosPrincipalDAO.merge(find2);
            }
            if (actionLog != null) {
                actionLog.writeStdOut(String.format("Created Ambari server keytab file for %s at %s", resolvedKerberosPrincipal, str2));
            }
            return true;
        } catch (IOException | InterruptedException e) {
            throw new OBDPException(e.getLocalizedMessage(), e);
        }
    }

    public void configureJAAS(String str, String str2, ActionLog actionLog) {
        String jAASConfFilePath = getJAASConfFilePath();
        if (jAASConfFilePath == null) {
            String format = String.format("Failed to configure JAAS, config file should be passed to Ambari server as: %s.", KerberosChecker.JAVA_SECURITY_AUTH_LOGIN_CONFIG);
            if (actionLog != null) {
                actionLog.writeStdErr(format);
            }
            LOG.error(format);
            return;
        }
        File file = new File(jAASConfFilePath);
        try {
            String readFileToString = FileUtils.readFileToString(file, Charset.defaultCharset());
            FileUtils.writeStringToFile(new File(jAASConfFilePath + ".bak"), readFileToString, Charset.defaultCharset());
            FileUtils.writeStringToFile(file, readFileToString.replaceFirst(KEYTAB_PATTERN, "keyTab=\"" + str2 + "\"").replaceFirst(PRINCIPAL_PATTERN, "principal=\"" + str + "\""), Charset.defaultCharset());
            String format2 = String.format("JAAS config file %s modified successfully for principal %s.", file.getName(), str);
            if (actionLog != null) {
                actionLog.writeStdOut(format2);
            }
        } catch (IOException e) {
            String format3 = String.format("Failed to configure JAAS file %s for %s - %s", file, str, e.getMessage());
            if (actionLog != null) {
                actionLog.writeStdErr(format3);
            }
            LOG.error(format3, e);
        }
    }

    void copyFile(String str, String str2) throws IOException, InterruptedException {
        ShellCommandUtil.Result mkdir = ShellCommandUtil.mkdir(new File(str2).getParent(), true);
        if (!mkdir.isSuccessful()) {
            throw new OBDPException(mkdir.getStderr());
        }
        ShellCommandUtil.Result copyFile = ShellCommandUtil.copyFile(str, str2, true, true);
        if (!copyFile.isSuccessful()) {
            throw new OBDPException(copyFile.getStderr());
        }
    }

    void setFileACL(String str, String str2, boolean z, boolean z2, String str3, boolean z3, boolean z4) throws OBDPException {
        ShellCommandUtil.Result fileOwner = ShellCommandUtil.setFileOwner(str, str2);
        if (fileOwner.isSuccessful()) {
            ShellCommandUtil.Result fileGroup = ShellCommandUtil.setFileGroup(str, str3);
            if (!fileGroup.isSuccessful()) {
                LOG.warn("Failed to set the group for the file at {} to {}: {}", new Object[]{str, str3, fileGroup.getStderr()});
            }
            fileOwner = ShellCommandUtil.setFileMode(str, z, z2, false, z3, z4, false, false, false, false);
        }
        if (!fileOwner.isSuccessful()) {
            throw new OBDPException(fileOwner.getStderr());
        }
    }

    String getJAASConfFilePath() {
        return System.getProperty(KerberosChecker.JAVA_SECURITY_AUTH_LOGIN_CONFIG);
    }
}
