package id.onyx.obdp.server.serveraction.kerberos;

import com.google.common.util.concurrent.Striped;
import com.google.inject.Inject;
import id.onyx.obdp.server.OBDPException;
import id.onyx.obdp.server.actionmanager.HostRoleStatus;
import id.onyx.obdp.server.agent.CommandReport;
import id.onyx.obdp.server.audit.event.kerberos.CreatePrincipalKerberosAuditEvent;
import id.onyx.obdp.server.orm.dao.KerberosKeytabPrincipalDAO;
import id.onyx.obdp.server.orm.dao.KerberosPrincipalDAO;
import id.onyx.obdp.server.orm.entities.KerberosKeytabPrincipalEntity;
import id.onyx.obdp.server.orm.entities.KerberosPrincipalEntity;
import id.onyx.obdp.server.security.SecurePasswordHelper;
import id.onyx.obdp.server.serveraction.ActionLog;
import id.onyx.obdp.server.serveraction.kerberos.KerberosServerAction;
import id.onyx.obdp.server.serveraction.kerberos.stageutils.ResolvedKerberosPrincipal;
import java.io.File;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.locks.Lock;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:id/onyx/obdp/server/serveraction/kerberos/CreatePrincipalsServerAction.class */
public class CreatePrincipalsServerAction extends KerberosServerAction {
    private static final Logger LOG = LoggerFactory.getLogger(CreatePrincipalsServerAction.class);

    @Inject
    private KerberosPrincipalDAO kerberosPrincipalDAO;

    @Inject
    private SecurePasswordHelper securePasswordHelper;

    @Inject
    private KerberosKeytabPrincipalDAO kerberosKeytabPrincipalDAO;
    private Striped<Lock> locksByPrincipal = Striped.lazyWeakLock(25);
    private Set<String> seenPrincipals = new HashSet();

    /* loaded from: input_file:id/onyx/obdp/server/serveraction/kerberos/CreatePrincipalsServerAction$CreatePrincipalResult.class */
    public static class CreatePrincipalResult {
        private final String principal;
        private final String password;
        private final Integer keyNumber;

        public CreatePrincipalResult(String str, String str2, Integer num) {
            this.principal = str;
            this.password = str2;
            this.keyNumber = num;
        }

        public String getPrincipal() {
            return this.principal;
        }

        public String getPassword() {
            return this.password;
        }

        public Integer getKeyNumber() {
            return this.keyNumber;
        }
    }

    @Override // id.onyx.obdp.server.serveraction.ServerAction
    public CommandReport execute(ConcurrentMap<String, Object> concurrentMap) throws OBDPException, InterruptedException {
        return processIdentities(concurrentMap);
    }

    @Override // id.onyx.obdp.server.serveraction.kerberos.KerberosServerAction
    protected CommandReport processIdentity(ResolvedKerberosPrincipal resolvedKerberosPrincipal, KerberosOperationHandler kerberosOperationHandler, Map<String, String> map, boolean z, Map<String, Object> map2) throws OBDPException {
        boolean z2;
        CommandReport commandReport = null;
        if (!this.seenPrincipals.contains(resolvedKerberosPrincipal.getPrincipal())) {
            this.seenPrincipals.add(resolvedKerberosPrincipal.getPrincipal());
            KerberosPrincipalEntity find = this.kerberosPrincipalDAO.find(resolvedKerberosPrincipal.getPrincipal());
            boolean z3 = getOperationType(getCommandParameters()) == KerberosServerAction.OperationType.RECREATE_ALL;
            boolean isService = resolvedKerberosPrincipal.isService();
            if (!z) {
                z3 = false;
            }
            if (z3) {
                z2 = !hasHostFilters() || isService;
            } else if (find == null) {
                z2 = true;
            } else if (StringUtils.isEmpty(find.getCachedKeytabPath())) {
                z2 = true;
            } else {
                z2 = !new File(find.getCachedKeytabPath()).exists();
            }
            if (z2) {
                Map<String, String> principalPasswordMap = getPrincipalPasswordMap(map2);
                String principal = resolvedKerberosPrincipal.getPrincipal();
                Lock lock = (Lock) this.locksByPrincipal.get(principal);
                lock.lock();
                if (principalPasswordMap.get(principal) == null) {
                    try {
                        CreatePrincipalResult createPrincipal = createPrincipal(resolvedKerberosPrincipal.getPrincipal(), isService, map, kerberosOperationHandler, z3, this.actionLog);
                        if (createPrincipal == null) {
                            commandReport = createCommandReport(1, HostRoleStatus.FAILED, "{}", this.actionLog.getStdOut(), this.actionLog.getStdErr());
                        } else {
                            Map<String, Integer> principalKeyNumberMap = getPrincipalKeyNumberMap(map2);
                            principalPasswordMap.put(resolvedKerberosPrincipal.getPrincipal(), createPrincipal.getPassword());
                            principalKeyNumberMap.put(resolvedKerberosPrincipal.getPrincipal(), createPrincipal.getKeyNumber());
                            for (KerberosKeytabPrincipalEntity kerberosKeytabPrincipalEntity : this.kerberosKeytabPrincipalDAO.findByPrincipal(resolvedKerberosPrincipal.getPrincipal())) {
                                kerberosKeytabPrincipalEntity.setDistributed(false);
                                this.kerberosKeytabPrincipalDAO.merge(kerberosKeytabPrincipalEntity);
                            }
                            KerberosPrincipalEntity find2 = this.kerberosPrincipalDAO.find(resolvedKerberosPrincipal.getPrincipal());
                            try {
                                new File(find2.getCachedKeytabPath()).delete();
                            } catch (Exception e) {
                                LOG.debug("Failed to delete cache file '{}'", find2.getCachedKeytabPath());
                            }
                            find2.setCachedKeytabPath(null);
                            this.kerberosPrincipalDAO.merge(find2);
                        }
                    } finally {
                        lock.unlock();
                    }
                }
            }
        }
        return commandReport;
    }

    public CreatePrincipalResult createPrincipal(String str, boolean z, Map<String, String> map, KerberosOperationHandler kerberosOperationHandler, boolean z2, ActionLog actionLog) {
        Integer num;
        Integer num2;
        Integer num3;
        Integer num4;
        Integer num5;
        Integer num6;
        Integer createPrincipal;
        boolean z3;
        CreatePrincipalKerberosAuditEvent.CreatePrincipalKerberosAuditEventBuilder withPrincipal = ((CreatePrincipalKerberosAuditEvent.CreatePrincipalKerberosAuditEventBuilder) ((CreatePrincipalKerberosAuditEvent.CreatePrincipalKerberosAuditEventBuilder) ((CreatePrincipalKerberosAuditEvent.CreatePrincipalKerberosAuditEventBuilder) CreatePrincipalKerberosAuditEvent.builder().withTimestamp(Long.valueOf(System.currentTimeMillis()))).withRequestId(Long.valueOf(getHostRoleCommand() != null ? getHostRoleCommand().getRequestId() : -1L))).withTaskId(Long.valueOf(getHostRoleCommand() != null ? getHostRoleCommand().getTaskId() : -1L))).withPrincipal(str);
        CreatePrincipalResult createPrincipalResult = null;
        String str2 = null;
        try {
            str2 = String.format("Processing principal, %s", str);
            LOG.info(str2);
            if (actionLog != null) {
                actionLog.writeStdOut(str2);
            }
            if (map == null) {
                num = null;
                num2 = null;
                num3 = null;
                num4 = null;
                num5 = null;
                num6 = null;
            } else {
                num = toInt(map.get("password_length"));
                num2 = toInt(map.get("password_min_lowercase_letters"));
                num3 = toInt(map.get("password_min_uppercase_letters"));
                num4 = toInt(map.get("password_min_digits"));
                num5 = toInt(map.get("password_min_punctuation"));
                num6 = toInt(map.get("password_min_whitespace"));
            }
            String createSecurePassword = this.securePasswordHelper.createSecurePassword(num, num2, num3, num4, num5, num6);
            try {
                if (z2) {
                    try {
                        createPrincipal = kerberosOperationHandler.setPrincipalPassword(str, createSecurePassword, z);
                        z3 = false;
                    } catch (KerberosPrincipalDoesNotExistException e) {
                        String format = String.format("Principal, %s, does not exist, creating new principal", str);
                        LOG.warn(format);
                        if (actionLog != null) {
                            actionLog.writeStdOut(format);
                        }
                        createPrincipal = kerberosOperationHandler.createPrincipal(str, createSecurePassword, z);
                        z3 = true;
                    }
                } else {
                    try {
                        createPrincipal = kerberosOperationHandler.createPrincipal(str, createSecurePassword, z);
                        z3 = true;
                    } catch (KerberosPrincipalAlreadyExistsException e2) {
                        String format2 = String.format("Principal, %s, already exists, setting new password", str);
                        LOG.warn(format2);
                        if (actionLog != null) {
                            actionLog.writeStdOut(format2);
                        }
                        createPrincipal = kerberosOperationHandler.setPrincipalPassword(str, createSecurePassword, z);
                        z3 = false;
                    }
                }
                if (createPrincipal != null) {
                    createPrincipalResult = new CreatePrincipalResult(str, createSecurePassword, createPrincipal);
                    str2 = z3 ? String.format("Successfully created new principal, %s", str) : String.format("Successfully set password for %s", str);
                    LOG.debug(str2);
                } else {
                    str2 = z3 ? String.format("Failed to create principal, %s - unknown reason", str) : String.format("Failed to set password for %s - unknown reason", str);
                    LOG.error(str2);
                    if (actionLog != null) {
                        actionLog.writeStdErr(str2);
                    }
                }
                if (!this.kerberosPrincipalDAO.exists(str)) {
                    this.kerberosPrincipalDAO.create(str, z);
                }
            } catch (KerberosOperationException e3) {
                str2 = String.format("Failed to create principal, %s - %s", str, e3.getMessage());
                LOG.error(str2, e3);
                if (actionLog != null) {
                    actionLog.writeStdErr(str2);
                }
            }
            return createPrincipalResult;
        } finally {
            if (createPrincipalResult == null) {
                withPrincipal.withReasonOfFailure(str2 == null ? "Unknown error" : str2);
            }
            auditLog(withPrincipal.build());
        }
    }

    private static Integer toInt(String str) {
        if (str == null || str.isEmpty()) {
            return null;
        }
        try {
            return Integer.valueOf(Integer.parseInt(str));
        } catch (NumberFormatException e) {
            return null;
        }
    }
}
