package id.onyx.obdp.server.serveraction.kerberos;

import id.onyx.obdp.server.OBDPException;
import id.onyx.obdp.server.security.credential.PrincipalKeyCredential;
import id.onyx.obdp.server.utils.HTTPUtils;
import id.onyx.obdp.server.utils.HostAndPort;
import id.onyx.obdp.server.utils.ShellCommandUtil;
import java.io.File;
import java.io.IOException;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
import java.util.Queue;
import java.util.Set;
import org.apache.commons.collections4.MapUtils;
import org.apache.directory.server.kerberos.shared.keytab.Keytab;
import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:id/onyx/obdp/server/serveraction/kerberos/KDCKerberosOperationHandler.class */
abstract class KDCKerberosOperationHandler extends KerberosOperationHandler {
    private static final Logger LOG = LoggerFactory.getLogger(KDCKerberosOperationHandler.class);
    private String adminServerHost = null;
    private String adminServerHostAndPort = null;
    private HashMap<String, Keytab> cachedKeytabs = null;
    private String executableKinit = null;
    private File credentialsCacheFile = null;
    private Map<String, String> environmentMap = null;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:id/onyx/obdp/server/serveraction/kerberos/KDCKerberosOperationHandler$InteractivePasswordHandler.class */
    public static class InteractivePasswordHandler implements ShellCommandUtil.InteractiveHandler {
        private LinkedList<String> responses = new LinkedList<>();
        private Queue<String> currentResponses;

        InteractivePasswordHandler(String str, String str2) {
            if (str != null) {
                this.responses.offer(str);
            }
            if (str2 != null) {
                this.responses.offer(str2);
                this.responses.offer(str2);
            }
            this.currentResponses = new LinkedList(this.responses);
        }

        @Override // id.onyx.obdp.server.utils.ShellCommandUtil.InteractiveHandler
        public boolean done() {
            return this.currentResponses.size() == 0;
        }

        @Override // id.onyx.obdp.server.utils.ShellCommandUtil.InteractiveHandler
        public String getResponse(String str) {
            return this.currentResponses.poll();
        }

        @Override // id.onyx.obdp.server.utils.ShellCommandUtil.InteractiveHandler
        public void start() {
            this.currentResponses = new LinkedList(this.responses);
        }
    }

    @Override // id.onyx.obdp.server.serveraction.kerberos.KerberosOperationHandler
    public void open(PrincipalKeyCredential principalKeyCredential, String str, Map<String, String> map) throws KerberosOperationException {
        super.open(principalKeyCredential, str, map);
        if (map != null) {
            String str2 = map.get(KerberosOperationHandler.KERBEROS_ENV_ADMIN_SERVER_HOST);
            HostAndPort hostAndPortFromProperty = HTTPUtils.getHostAndPortFromProperty(str2);
            if (hostAndPortFromProperty == null) {
                this.adminServerHost = str2;
                this.adminServerHostAndPort = str2;
            } else {
                this.adminServerHost = hostAndPortFromProperty.host;
                this.adminServerHostAndPort = str2;
            }
        }
        this.executableKinit = getExecutable("kinit");
        setOpen(init(map));
    }

    @Override // id.onyx.obdp.server.serveraction.kerberos.KerberosOperationHandler
    public void close() throws KerberosOperationException {
        if (this.credentialsCacheFile != null) {
            if (this.credentialsCacheFile.delete()) {
                LOG.debug("Failed to remove the cache file, {}", this.credentialsCacheFile.getAbsolutePath());
            }
            this.credentialsCacheFile = null;
        }
        this.environmentMap = null;
        this.executableKinit = null;
        this.cachedKeytabs = null;
        this.adminServerHost = null;
        this.adminServerHostAndPort = null;
        super.close();
    }

    @Override // id.onyx.obdp.server.serveraction.kerberos.KerberosOperationHandler
    public Integer setPrincipalPassword(String str, String str2, boolean z) throws KerberosOperationException {
        if (!isOpen()) {
            throw new KerberosOperationException("This operation handler has not been opened");
        }
        if (principalExists(str, z)) {
            return 0;
        }
        throw new KerberosPrincipalDoesNotExistException(String.format("Principal does not exist while attempting to set its password: %s", str));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // id.onyx.obdp.server.serveraction.kerberos.KerberosOperationHandler
    public Keytab createKeytab(String str, String str2, Integer num) throws KerberosOperationException {
        if (str == null || str.isEmpty()) {
            throw new KerberosOperationException("Failed to create keytab file, missing principal");
        }
        if (this.cachedKeytabs.containsKey(str)) {
            return this.cachedKeytabs.get(str);
        }
        File file = null;
        try {
            try {
                file = File.createTempFile("obdp_tmp", ".keytab");
                if (!file.delete()) {
                    LOG.warn("Failed to remove temporary file to hold keytab.  Exporting the keytab file for {} may fail.", str);
                }
                exportKeytabFile(str, file.getAbsolutePath(), getKeyEncryptionTypes());
                Keytab readKeytabFile = readKeytabFile(file);
                this.cachedKeytabs.put(str, readKeytabFile);
                if (file != null && file.exists() && !file.delete()) {
                    LOG.debug("Failed to remove the temporary keytab file, {}", file.getAbsolutePath());
                }
                return readKeytabFile;
            } catch (IOException e) {
                throw new KerberosOperationException(String.format("Failed to create the temporary file needed to hold the exported keytab file for %s: %s", str, e.getLocalizedMessage()), e);
            }
        } catch (Throwable th) {
            if (file != null && file.exists() && !file.delete()) {
                LOG.debug("Failed to remove the temporary keytab file, {}", file.getAbsolutePath());
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // id.onyx.obdp.server.serveraction.kerberos.KerberosOperationHandler
    public ShellCommandUtil.Result executeCommand(String[] strArr, Map<String, String> map, ShellCommandUtil.InteractiveHandler interactiveHandler) throws KerberosOperationException {
        Map<String, String> hashMap;
        if (MapUtils.isEmpty(this.environmentMap)) {
            hashMap = map;
        } else if (MapUtils.isEmpty(map)) {
            hashMap = this.environmentMap;
        } else {
            hashMap = new HashMap();
            hashMap.putAll(map);
            hashMap.putAll(this.environmentMap);
        }
        return super.executeCommand(strArr, hashMap, interactiveHandler);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getAdminServerHost(boolean z) {
        return z ? this.adminServerHostAndPort : this.adminServerHost;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getCredentialCacheFilePath() {
        if (this.credentialsCacheFile == null) {
            return null;
        }
        return this.credentialsCacheFile.getAbsolutePath();
    }

    protected abstract String[] getKinitCommand(String str, PrincipalKeyCredential principalKeyCredential, String str2, Map<String, String> map) throws KerberosOperationException;

    protected abstract void exportKeytabFile(String str, String str2, Set<EncryptionType> set) throws KerberosOperationException;

    protected boolean init(Map<String, String> map) throws KerberosOperationException {
        if (this.credentialsCacheFile != null) {
            if (!this.credentialsCacheFile.delete()) {
                LOG.debug("Failed to remove the orphaned cache file, {}", this.credentialsCacheFile.getAbsolutePath());
            }
            this.credentialsCacheFile = null;
        }
        try {
            this.credentialsCacheFile = File.createTempFile("obdp_krb_", "cc");
            this.credentialsCacheFile.deleteOnExit();
            ensureAmbariOnlyAccess(this.credentialsCacheFile);
            String format = String.format("FILE:%s", this.credentialsCacheFile.getAbsolutePath());
            this.environmentMap = new HashMap();
            this.environmentMap.put("KRB5CCNAME", format);
            PrincipalKeyCredential administratorCredential = getAdministratorCredential();
            ShellCommandUtil.Result executeCommand = executeCommand(getKinitCommand(this.executableKinit, administratorCredential, format, map), this.environmentMap, new InteractivePasswordHandler(String.valueOf(administratorCredential.getKey()), null));
            if (executeCommand.isSuccessful()) {
                this.cachedKeytabs = new HashMap<>();
                return true;
            }
            String format2 = String.format("Failed to kinit as the KDC administrator user, %s:\n\tExitCode: %s\n\tSTDOUT: %s\n\tSTDERR: %s", administratorCredential.getPrincipal(), Integer.valueOf(executeCommand.getExitCode()), executeCommand.getStdout(), executeCommand.getStderr());
            LOG.warn(format2);
            throw new KerberosAdminAuthenticationException(format2);
        } catch (IOException e) {
            throw new KerberosOperationException(String.format("Failed to create the temporary file needed to hold the administrator ticket cache: %s", e.getLocalizedMessage()), e);
        }
    }

    private void ensureAmbariOnlyAccess(File file) throws OBDPException {
        if (file.exists()) {
            if (!file.setReadable(false, false) || !file.setReadable(true, true)) {
                String format = String.format("Failed to set %s readable only by OBDP", file.getAbsolutePath());
                LOG.warn(format);
                throw new OBDPException(format);
            }
            if (!file.setWritable(false, false) || !file.setWritable(true, true)) {
                String format2 = String.format("Failed to set %s writable only by OBDP", file.getAbsolutePath());
                LOG.warn(format2);
                throw new OBDPException(format2);
            }
            if (!file.isDirectory()) {
                if (file.setExecutable(false, false)) {
                    return;
                }
                String format3 = String.format("Failed to set %s not executable", file.getAbsolutePath());
                LOG.warn(format3);
                throw new OBDPException(format3);
            }
            if (file.setExecutable(false, false) && file.setExecutable(true, true)) {
                return;
            }
            String format4 = String.format("Failed to set %s executable by OBDP", file.getAbsolutePath());
            LOG.warn(format4);
            throw new OBDPException(format4);
        }
    }
}
