package id.onyx.obdp.server.controller.internal;

import com.google.inject.Inject;
import com.google.inject.assistedinject.Assisted;
import com.google.inject.assistedinject.AssistedInject;
import id.onyx.obdp.server.DuplicateResourceException;
import id.onyx.obdp.server.OBDPException;
import id.onyx.obdp.server.StaticallyInject;
import id.onyx.obdp.server.controller.OBDPManagementController;
import id.onyx.obdp.server.controller.internal.AbstractResourceProvider;
import id.onyx.obdp.server.controller.spi.NoSuchParentResourceException;
import id.onyx.obdp.server.controller.spi.NoSuchResourceException;
import id.onyx.obdp.server.controller.spi.Predicate;
import id.onyx.obdp.server.controller.spi.Request;
import id.onyx.obdp.server.controller.spi.RequestStatus;
import id.onyx.obdp.server.controller.spi.Resource;
import id.onyx.obdp.server.controller.spi.ResourceAlreadyExistsException;
import id.onyx.obdp.server.controller.spi.SystemException;
import id.onyx.obdp.server.controller.spi.UnsupportedPropertyException;
import id.onyx.obdp.server.controller.utilities.PropertyHelper;
import id.onyx.obdp.server.security.authorization.RoleAuthorization;
import id.onyx.obdp.server.security.credential.Credential;
import id.onyx.obdp.server.security.credential.PrincipalKeyCredential;
import id.onyx.obdp.server.security.encryption.CredentialStoreService;
import id.onyx.obdp.server.security.encryption.CredentialStoreType;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@StaticallyInject
/* loaded from: input_file:id/onyx/obdp/server/controller/internal/CredentialResourceProvider.class */
public class CredentialResourceProvider extends AbstractControllerResourceProvider {
    private static final Logger LOG = LoggerFactory.getLogger(CredentialResourceProvider.class);
    public static final String CREDENTIAL_CLUSTER_NAME_PROPERTY_ID = PropertyHelper.getPropertyId("Credential", "cluster_name");
    public static final String CREDENTIAL_ALIAS_PROPERTY_ID = PropertyHelper.getPropertyId("Credential", ProvisionClusterRequest.ALIAS);
    public static final String CREDENTIAL_PRINCIPAL_PROPERTY_ID = PropertyHelper.getPropertyId("Credential", "principal");
    public static final String CREDENTIAL_KEY_PROPERTY_ID = PropertyHelper.getPropertyId("Credential", "key");
    public static final String CREDENTIAL_TYPE_PROPERTY_ID = PropertyHelper.getPropertyId("Credential", "type");
    private static final Set<String> PK_PROPERTY_IDS;
    private static final Set<String> PROPERTY_IDS;
    private static final Map<Resource.Type, String> KEY_PROPERTY_IDS;

    @Inject
    private CredentialStoreService credentialStoreService;

    /* loaded from: input_file:id/onyx/obdp/server/controller/internal/CredentialResourceProvider$CreateResourcesCommand.class */
    private class CreateResourcesCommand implements AbstractResourceProvider.Command<String> {
        private final Map<String, Object> properties;

        public CreateResourcesCommand(Map<String, Object> map) {
            this.properties = map;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // id.onyx.obdp.server.controller.internal.AbstractResourceProvider.Command
        public String invoke() throws OBDPException {
            CredentialStoreType credentialStoreType = CredentialResourceProvider.this.getCredentialStoreType(this.properties);
            CredentialResourceProvider.this.validateForCreateOrModify(credentialStoreType);
            String clusterName = CredentialResourceProvider.this.getClusterName(this.properties);
            String alias = CredentialResourceProvider.this.getAlias(this.properties);
            if (CredentialResourceProvider.this.credentialStoreService.containsCredential(clusterName, alias)) {
                throw new DuplicateResourceException("A credential with the alias of " + alias + " already exists");
            }
            CredentialResourceProvider.this.credentialStoreService.setCredential(clusterName, alias, CredentialResourceProvider.this.createCredential(this.properties), credentialStoreType);
            return alias;
        }
    }

    /* loaded from: input_file:id/onyx/obdp/server/controller/internal/CredentialResourceProvider$DeleteResourcesCommand.class */
    private class DeleteResourcesCommand implements AbstractResourceProvider.Command<String> {
        private final Map<String, Object> properties;

        public DeleteResourcesCommand(Map<String, Object> map) {
            this.properties = map;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // id.onyx.obdp.server.controller.internal.AbstractResourceProvider.Command
        public String invoke() throws OBDPException {
            String clusterName = CredentialResourceProvider.this.getClusterName(this.properties);
            String alias = CredentialResourceProvider.this.getAlias(this.properties);
            CredentialResourceProvider.this.credentialStoreService.removeCredential(clusterName, alias);
            return alias;
        }
    }

    /* loaded from: input_file:id/onyx/obdp/server/controller/internal/CredentialResourceProvider$ModifyResourcesCommand.class */
    private class ModifyResourcesCommand implements AbstractResourceProvider.Command<String> {
        private final Map<String, Object> properties;

        public ModifyResourcesCommand(Map<String, Object> map) {
            this.properties = map;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // id.onyx.obdp.server.controller.internal.AbstractResourceProvider.Command
        public String invoke() throws OBDPException {
            String clusterName = CredentialResourceProvider.this.getClusterName(this.properties);
            String alias = CredentialResourceProvider.this.getAlias(this.properties);
            CredentialStoreType credentialStoreType = this.properties.containsKey(CredentialResourceProvider.CREDENTIAL_TYPE_PROPERTY_ID) ? CredentialResourceProvider.this.getCredentialStoreType(this.properties) : CredentialResourceProvider.this.credentialStoreService.getCredentialStoreType(clusterName, alias);
            CredentialResourceProvider.this.validateForCreateOrModify(credentialStoreType);
            Credential credential = CredentialResourceProvider.this.credentialStoreService.getCredential(clusterName, alias);
            if (!(credential instanceof PrincipalKeyCredential)) {
                return null;
            }
            PrincipalKeyCredential principalKeyCredential = (PrincipalKeyCredential) credential;
            HashMap hashMap = new HashMap();
            CredentialResourceProvider.this.credentialStoreService.removeCredential(clusterName, alias);
            if (this.properties.containsKey(CredentialResourceProvider.CREDENTIAL_PRINCIPAL_PROPERTY_ID)) {
                hashMap.put(CredentialResourceProvider.CREDENTIAL_PRINCIPAL_PROPERTY_ID, this.properties.get(CredentialResourceProvider.CREDENTIAL_PRINCIPAL_PROPERTY_ID));
            } else {
                hashMap.put(CredentialResourceProvider.CREDENTIAL_PRINCIPAL_PROPERTY_ID, principalKeyCredential.getPrincipal());
            }
            if (this.properties.containsKey(CredentialResourceProvider.CREDENTIAL_KEY_PROPERTY_ID)) {
                hashMap.put(CredentialResourceProvider.CREDENTIAL_KEY_PROPERTY_ID, this.properties.get(CredentialResourceProvider.CREDENTIAL_KEY_PROPERTY_ID));
            } else {
                char[] key = principalKeyCredential.getKey();
                if (key != null) {
                    hashMap.put(CredentialResourceProvider.CREDENTIAL_KEY_PROPERTY_ID, String.valueOf(key));
                }
            }
            CredentialResourceProvider.this.credentialStoreService.setCredential(clusterName, alias, CredentialResourceProvider.this.createCredential(hashMap), credentialStoreType);
            return alias;
        }
    }

    @AssistedInject
    public CredentialResourceProvider(@Assisted OBDPManagementController oBDPManagementController) {
        super(Resource.Type.Credential, PROPERTY_IDS, KEY_PROPERTY_IDS, oBDPManagementController);
        EnumSet of = EnumSet.of(RoleAuthorization.CLUSTER_MANAGE_CREDENTIALS, RoleAuthorization.CLUSTER_TOGGLE_KERBEROS);
        setRequiredCreateAuthorizations(of);
        setRequiredGetAuthorizations(of);
        setRequiredUpdateAuthorizations(of);
        setRequiredDeleteAuthorizations(of);
    }

    @Override // id.onyx.obdp.server.controller.internal.AbstractAuthorizedResourceProvider
    protected RequestStatus createResourcesAuthorized(Request request) throws SystemException, UnsupportedPropertyException, ResourceAlreadyExistsException, NoSuchParentResourceException {
        Iterator<Map<String, Object>> it = request.getProperties().iterator();
        while (it.hasNext()) {
            createResources(new CreateResourcesCommand(it.next()));
        }
        notifyCreate(Resource.Type.Credential, request);
        return getRequestStatus(null);
    }

    @Override // id.onyx.obdp.server.controller.internal.AbstractAuthorizedResourceProvider
    protected Set<Resource> getResourcesAuthorized(Request request, Predicate predicate) throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
        Set<String> requestPropertyIds = getRequestPropertyIds(request, predicate);
        HashSet hashSet = new HashSet();
        boolean z = false;
        for (Map<String, Object> map : getPropertyMaps(predicate)) {
            String str = (String) map.get(CREDENTIAL_CLUSTER_NAME_PROPERTY_ID);
            if (null == str || str.isEmpty()) {
                throw new IllegalArgumentException("Invalid argument, cluster name is required");
            }
            String str2 = (String) map.get(CREDENTIAL_ALIAS_PROPERTY_ID);
            if (StringUtils.isEmpty(str2)) {
                try {
                    Map<String, CredentialStoreType> listCredentials = this.credentialStoreService.listCredentials(str);
                    if (listCredentials != null) {
                        for (Map.Entry<String, CredentialStoreType> entry : listCredentials.entrySet()) {
                            hashSet.add(toResource(str, entry.getKey(), entry.getValue(), requestPropertyIds));
                        }
                    }
                } catch (OBDPException e) {
                    throw new SystemException(e.getLocalizedMessage(), e);
                }
            } else {
                try {
                    if (this.credentialStoreService.containsCredential(str, str2)) {
                        hashSet.add(toResource(str, str2, this.credentialStoreService.getCredentialStoreType(str, str2), requestPropertyIds));
                    } else {
                        z = true;
                    }
                } catch (OBDPException e2) {
                    throw new SystemException(e2.getLocalizedMessage(), e2);
                }
            }
        }
        if (z && hashSet.isEmpty()) {
            throw new NoSuchResourceException("The requested resource doesn't exist: Credential not found, " + predicate);
        }
        return hashSet;
    }

    @Override // id.onyx.obdp.server.controller.internal.AbstractAuthorizedResourceProvider
    protected RequestStatus updateResourcesAuthorized(Request request, Predicate predicate) throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
        Iterator<Map<String, Object>> it = request.getProperties().iterator();
        while (it.hasNext()) {
            for (Map<String, Object> map : getPropertyMaps(it.next(), predicate)) {
                if (modifyResources(new ModifyResourcesCommand(map)) == null) {
                    throw new NoSuchResourceException("The requested resource doesn't exist: Credential not found, " + getAlias(map));
                }
            }
        }
        notifyUpdate(Resource.Type.Credential, request, predicate);
        return getRequestStatus(null);
    }

    @Override // id.onyx.obdp.server.controller.internal.AbstractAuthorizedResourceProvider
    protected RequestStatus deleteResourcesAuthorized(Request request, Predicate predicate) throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException {
        Iterator<Map<String, Object>> it = getPropertyMaps(predicate).iterator();
        while (it.hasNext()) {
            modifyResources(new DeleteResourcesCommand(it.next()));
        }
        notifyDelete(Resource.Type.Credential, predicate);
        return getRequestStatus(null);
    }

    @Override // id.onyx.obdp.server.controller.internal.AbstractResourceProvider
    protected Set<String> getPKPropertyIds() {
        return PK_PROPERTY_IDS;
    }

    private Credential createCredential(Map<String, Object> map) throws IllegalArgumentException {
        String valueOf;
        if (map.get(CREDENTIAL_PRINCIPAL_PROPERTY_ID) == null) {
            throw new IllegalArgumentException("Property " + CREDENTIAL_PRINCIPAL_PROPERTY_ID + " must be provided");
        }
        String valueOf2 = String.valueOf(map.get(CREDENTIAL_PRINCIPAL_PROPERTY_ID));
        if (map.get(CREDENTIAL_KEY_PROPERTY_ID) == null) {
            LOG.warn("The credential is being added without a key");
            valueOf = null;
        } else {
            valueOf = String.valueOf(map.get(CREDENTIAL_KEY_PROPERTY_ID));
        }
        return new PrincipalKeyCredential(valueOf2, valueOf);
    }

    private CredentialStoreType getCredentialStoreType(Map<String, Object> map) throws IllegalArgumentException {
        Object obj = map.get(CREDENTIAL_TYPE_PROPERTY_ID);
        if (obj == null) {
            throw new IllegalArgumentException("Property " + CREDENTIAL_TYPE_PROPERTY_ID + " must be provided");
        }
        if (!(obj instanceof String)) {
            throw new IllegalArgumentException("Property " + CREDENTIAL_TYPE_PROPERTY_ID + " must be a String");
        }
        try {
            return CredentialStoreType.valueOf(((String) obj).toUpperCase());
        } catch (IllegalArgumentException e) {
            throw new IllegalArgumentException("Property " + CREDENTIAL_TYPE_PROPERTY_ID + " must be either 'persisted' or 'temporary'", e);
        }
    }

    private String getClusterName(Map<String, Object> map) throws IllegalArgumentException {
        if (map.get(CREDENTIAL_CLUSTER_NAME_PROPERTY_ID) == null) {
            throw new IllegalArgumentException("Property " + CREDENTIAL_CLUSTER_NAME_PROPERTY_ID + " must be provided");
        }
        return String.valueOf(map.get(CREDENTIAL_CLUSTER_NAME_PROPERTY_ID));
    }

    private String getAlias(Map<String, Object> map) throws IllegalArgumentException {
        if (map.get(CREDENTIAL_ALIAS_PROPERTY_ID) == null) {
            throw new IllegalArgumentException("Property " + CREDENTIAL_ALIAS_PROPERTY_ID + " must be provided");
        }
        return String.valueOf(map.get(CREDENTIAL_ALIAS_PROPERTY_ID));
    }

    private void validateForCreateOrModify(CredentialStoreType credentialStoreType) throws IllegalArgumentException {
        if (this.credentialStoreService.isInitialized(credentialStoreType)) {
            return;
        }
        if (CredentialStoreType.PERSISTED == credentialStoreType) {
            throw new IllegalArgumentException("Credentials cannot be stored in Ambari's persistent secure credential store since secure persistent storage has not yet be configured.  Use obdp-server setup-security to enable this feature.");
        }
        if (CredentialStoreType.TEMPORARY == credentialStoreType) {
            throw new IllegalArgumentException("Credentials cannot be stored in Ambari's temporary secure credential store since secure temporary storage has not yet be configured.");
        }
    }

    private Resource toResource(String str, String str2, CredentialStoreType credentialStoreType, Set<String> set) {
        ResourceImpl resourceImpl = new ResourceImpl(Resource.Type.Credential);
        setResourceProperty(resourceImpl, CREDENTIAL_CLUSTER_NAME_PROPERTY_ID, str, set);
        setResourceProperty(resourceImpl, CREDENTIAL_ALIAS_PROPERTY_ID, str2, set);
        setResourceProperty(resourceImpl, CREDENTIAL_TYPE_PROPERTY_ID, credentialStoreType.name().toLowerCase(), set);
        return resourceImpl;
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add(CREDENTIAL_CLUSTER_NAME_PROPERTY_ID);
        hashSet.add(CREDENTIAL_ALIAS_PROPERTY_ID);
        PK_PROPERTY_IDS = Collections.unmodifiableSet(hashSet);
        HashSet hashSet2 = new HashSet();
        hashSet2.add(CREDENTIAL_CLUSTER_NAME_PROPERTY_ID);
        hashSet2.add(CREDENTIAL_ALIAS_PROPERTY_ID);
        hashSet2.add(CREDENTIAL_PRINCIPAL_PROPERTY_ID);
        hashSet2.add(CREDENTIAL_KEY_PROPERTY_ID);
        hashSet2.add(CREDENTIAL_TYPE_PROPERTY_ID);
        PROPERTY_IDS = Collections.unmodifiableSet(hashSet2);
        HashMap hashMap = new HashMap();
        hashMap.put(Resource.Type.Cluster, CREDENTIAL_CLUSTER_NAME_PROPERTY_ID);
        hashMap.put(Resource.Type.Credential, CREDENTIAL_ALIAS_PROPERTY_ID);
        KEY_PROPERTY_IDS = Collections.unmodifiableMap(hashMap);
    }
}
