package id.onyx.obdp.server.checks;

import com.google.common.collect.ImmutableMap;
import com.google.inject.Inject;
import id.onyx.obdp.annotations.UpgradeCheckInfo;
import id.onyx.obdp.server.OBDPException;
import id.onyx.obdp.server.controller.KerberosHelper;
import id.onyx.obdp.server.orm.DBAccessorImpl;
import id.onyx.obdp.server.security.encryption.CredentialStoreService;
import id.onyx.obdp.server.security.encryption.CredentialStoreType;
import id.onyx.obdp.server.stack.upgrade.Direction;
import id.onyx.obdp.server.stack.upgrade.Task;
import id.onyx.obdp.server.stack.upgrade.UpgradePack;
import id.onyx.obdp.server.stack.upgrade.orchestrate.UpgradeHelper;
import id.onyx.obdp.server.state.Clusters;
import id.onyx.obdp.server.state.SecurityType;
import id.onyx.obdp.server.state.StackId;
import id.onyx.obdp.spi.upgrade.UpgradeCheckDescription;
import id.onyx.obdp.spi.upgrade.UpgradeCheckGroup;
import id.onyx.obdp.spi.upgrade.UpgradeCheckRequest;
import id.onyx.obdp.spi.upgrade.UpgradeCheckResult;
import id.onyx.obdp.spi.upgrade.UpgradeCheckStatus;
import id.onyx.obdp.spi.upgrade.UpgradeCheckType;
import id.onyx.obdp.spi.upgrade.UpgradeType;
import java.util.Collections;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@UpgradeCheckInfo(group = UpgradeCheckGroup.KERBEROS, required = {UpgradeType.ROLLING, UpgradeType.NON_ROLLING, UpgradeType.HOST_ORDERED})
/* loaded from: input_file:id/onyx/obdp/server/checks/KerberosAdminPersistedCredentialCheck.class */
public class KerberosAdminPersistedCredentialCheck extends ClusterCheck {

    @Inject
    private CredentialStoreService credentialStoreService;

    @Inject
    private UpgradeHelper upgradeHelper;
    private static final Logger LOG = LoggerFactory.getLogger(KerberosAdminPersistedCredentialCheck.class);
    public static final String KEY_PERSISTED_STORE_NOT_CONFIGURED = "persisted_store_no_configured";
    public static final String KEY_CREDENTIAL_NOT_STORED = "admin_credential_not_stored";
    static final UpgradeCheckDescription KERBEROS_ADMIN_CREDENTIAL_CHECK = new UpgradeCheckDescription("KERBEROS_ADMIN_CREDENTIAL_CHECK", UpgradeCheckType.CLUSTER, "The KDC administrator credentials need to be stored in Ambari persisted credential store.", new ImmutableMap.Builder().put(KEY_PERSISTED_STORE_NOT_CONFIGURED, "Ambari's credential store has not been configured.  This is needed so the KDC administrator credential may be stored long enough to ensure it will be around if needed during the upgrade process.").put(KEY_CREDENTIAL_NOT_STORED, "The KDC administrator credential has not been stored in the persisted credential store. Visit the Kerberos administrator page to set the credential. This is needed so the KDC administrator credential may be stored long enough to ensure it will be around if needed during the upgrade process.").build());

    @Inject
    public KerberosAdminPersistedCredentialCheck() {
        super(KERBEROS_ADMIN_CREDENTIAL_CHECK);
    }

    @Override // id.onyx.obdp.server.checks.ClusterCheck
    public Set<String> getApplicableServices() {
        return Collections.emptySet();
    }

    public UpgradeCheckResult perform(UpgradeCheckRequest upgradeCheckRequest) throws OBDPException {
        UpgradeCheckResult upgradeCheckResult = new UpgradeCheckResult(this);
        String clusterName = upgradeCheckRequest.getClusterName();
        if (((Clusters) this.clustersProvider.get()).getCluster(clusterName).getSecurityType() != SecurityType.KERBEROS) {
            return upgradeCheckResult;
        }
        if (!upgradePack(upgradeCheckRequest).anyGroupTaskMatch(task -> {
            return task.getType() == Task.Type.REGENERATE_KEYTABS;
        })) {
            LOG.info("Skipping upgrade check {} because there is no {} in the upgrade pack.", getClass().getSimpleName(), Task.Type.REGENERATE_KEYTABS);
            return upgradeCheckResult;
        }
        if (!DBAccessorImpl.TRUE.equalsIgnoreCase(getProperty(upgradeCheckRequest, KerberosHelper.KERBEROS_ENV, KerberosHelper.MANAGE_IDENTITIES))) {
            return upgradeCheckResult;
        }
        if (!this.credentialStoreService.isInitialized(CredentialStoreType.PERSISTED)) {
            upgradeCheckResult.setFailReason(getFailReason(KEY_PERSISTED_STORE_NOT_CONFIGURED, upgradeCheckResult, upgradeCheckRequest));
            upgradeCheckResult.setStatus(UpgradeCheckStatus.FAIL);
            upgradeCheckResult.getFailedOn().add(upgradeCheckRequest.getClusterName());
        } else if (this.credentialStoreService.getCredential(clusterName, "kdc.admin.credential", CredentialStoreType.PERSISTED) == null) {
            upgradeCheckResult.setFailReason(getFailReason(KEY_CREDENTIAL_NOT_STORED, upgradeCheckResult, upgradeCheckRequest));
            upgradeCheckResult.setStatus(UpgradeCheckStatus.FAIL);
            upgradeCheckResult.getFailedOn().add(upgradeCheckRequest.getClusterName());
        }
        return upgradeCheckResult;
    }

    private UpgradePack upgradePack(UpgradeCheckRequest upgradeCheckRequest) throws OBDPException {
        return this.upgradeHelper.suggestUpgradePack(upgradeCheckRequest.getClusterName(), ((Clusters) this.clustersProvider.get()).getCluster(upgradeCheckRequest.getClusterName()).getCurrentStackVersion(), new StackId(upgradeCheckRequest.getTargetRepositoryVersion().getStackId()), Direction.UPGRADE, upgradeCheckRequest.getUpgradeType(), null);
    }
}
