package io.fabric8.commands;

import io.fabric8.api.DataStore;
import io.fabric8.api.FabricService;
import io.fabric8.api.ProfileBuilder;
import io.fabric8.api.ProfileService;
import io.fabric8.api.ZooKeeperClusterService;
import io.fabric8.commands.EnsembleSecurity;
import io.fabric8.utils.shell.ShellUtils;
import io.fabric8.zookeeper.ZkPath;
import io.fabric8.zookeeper.utils.ZooKeeperUtils;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.curator.framework.CuratorFramework;
import org.apache.curator.framework.state.ConnectionState;
import org.apache.curator.framework.state.ConnectionStateListener;
import org.apache.felix.gogo.commands.Command;
import org.apache.felix.gogo.commands.Option;
import org.apache.karaf.shell.console.AbstractAction;
import org.apache.zookeeper.server.quorum.auth.QuorumAuth;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:fabric-commands-1.2.0.redhat-630371.jar:io/fabric8/commands/EnsembleSecurityAction.class
 */
@Command(name = EnsembleSecurity.FUNCTION_VALUE, scope = "fabric", description = EnsembleSecurity.DESCRIPTION)
/* loaded from: input_file:io/fabric8/commands/EnsembleSecurityAction.class */
public class EnsembleSecurityAction extends AbstractAction {
    public static Logger LOG = LoggerFactory.getLogger((Class<?>) EnsembleSecurityAction.class);
    private final ZooKeeperClusterService zooKeeperClusterService;
    private final ProfileService profileService;
    private final FabricService fabricService;

    @Option(name = "--enable-sasl", multiValued = false, required = false, description = "Enables SASL/DIGEST-MD5 mutual peer authentication.")
    protected Boolean enable = null;

    @Option(name = "--disable-sasl", multiValued = false, required = false, description = "Disables SASL/DIGEST-MD5 mutual peer authentication.")
    protected Boolean disable = null;

    public EnsembleSecurityAction(FabricService fabricService, ZooKeeperClusterService zooKeeperClusterService, ProfileService profileService) {
        this.fabricService = fabricService;
        this.zooKeeperClusterService = zooKeeperClusterService;
        this.profileService = profileService;
    }

    protected Object doExecute() throws Exception {
        if (this.enable != null && this.disable != null) {
            System.out.println("Please specify whether to disable or enable SASL/DIGEST-MD5 mutual peer authentication");
            return null;
        }
        EnsembleSecurity.EnsembleSASL isSASLEnabled = EnsembleSecurity.isSASLEnabled(this.zooKeeperClusterService.getEnsembleConfiguration());
        if (this.enable == null && this.disable == null) {
            if (isSASLEnabled == EnsembleSecurity.EnsembleSASL.NO_QUORUM) {
                System.out.println("Zookeeper works in single server mode");
                return null;
            }
            System.out.println("SASL/DIGEST-MD5 mutual peer authentication is currently " + (isSASLEnabled == EnsembleSecurity.EnsembleSASL.ENABLED ? "enabled" : "disabled"));
            return null;
        }
        if (isSASLEnabled == EnsembleSecurity.EnsembleSASL.NO_QUORUM) {
            System.out.println("Can't configure SASL/DIGEST-MD5 mutual peer authentication - Zookeeper works in single server mode");
            return null;
        }
        if (Boolean.TRUE.equals(this.enable) && isSASLEnabled == EnsembleSecurity.EnsembleSASL.ENABLED) {
            System.out.println("SASL/DIGEST-MD5 mutual peer authentication is already enabled");
            return null;
        }
        if (Boolean.TRUE.equals(this.disable) && isSASLEnabled == EnsembleSecurity.EnsembleSASL.DISABLED) {
            System.out.println("SASL/DIGEST-MD5 mutual peer authentication is already disabled");
            return null;
        }
        boolean equals = Boolean.TRUE.equals(this.enable);
        String readLine = ShellUtils.readLine(this.session, "This will " + (equals ? "enable" : "disable") + " mutual QuorumPeer authentication using SASL/DIGEST-MD5 mechanism.\nIt is recommended to backup data/git and data/zookeeper directories.\nDuring the process, Zookeeper connection may be suspended and resumed several times.\nAre you sure want to proceed? (yes/no): ", false);
        if (readLine == null) {
            return null;
        }
        if (!readLine.toLowerCase().equals("yes") && !readLine.toLowerCase().equals("y")) {
            return null;
        }
        try {
            CuratorFramework curatorFramework = (CuratorFramework) this.fabricService.adapt(CuratorFramework.class);
            DataStore dataStore = (DataStore) this.fabricService.adapt(DataStore.class);
            String stringData = ZooKeeperUtils.getStringData(curatorFramework, ZkPath.CONFIG_ENSEMBLES.getPath(new String[0]));
            ProfileBuilder createFrom = ProfileBuilder.Factory.createFrom(this.profileService.getRequiredProfile(dataStore.getDefaultVersion(), "fabric-ensemble-" + stringData));
            Map<String, String> configuration = createFrom.getConfiguration("io.fabric8.zookeeper.server-" + stringData);
            configuration.put(QuorumAuth.QUORUM_SASL_AUTH_ENABLED, Boolean.toString(equals));
            createFrom.addConfiguration("io.fabric8.zookeeper.server-" + stringData, configuration);
            final AtomicBoolean atomicBoolean = new AtomicBoolean(false);
            ConnectionStateListener connectionStateListener = new ConnectionStateListener() { // from class: io.fabric8.commands.EnsembleSecurityAction.1
                @Override // org.apache.curator.framework.state.ConnectionStateListener
                public void stateChanged(CuratorFramework curatorFramework2, ConnectionState connectionState) {
                    System.out.println("Zookeeper connection state changed to: " + connectionState.name());
                    atomicBoolean.set(true);
                }
            };
            curatorFramework.getConnectionStateListenable().addListener(connectionStateListener);
            try {
                LOG.info((equals ? "Enabling" : "Disabling") + " SASL/DIGEST-MD5 mutual peer authentication");
                this.profileService.updateProfile(createFrom.getProfile());
                Thread.sleep(5000L);
                for (int i = 12; i > 0; i--) {
                    try {
                        if (atomicBoolean.compareAndSet(false, false)) {
                            break;
                        }
                        atomicBoolean.set(false);
                        LOG.info("Monitoring Zookeeper connection state change");
                        Thread.sleep(5000L);
                    } catch (InterruptedException e) {
                        Thread.currentThread().interrupt();
                    }
                }
                System.out.println("Ensemble security configuration changed.");
                curatorFramework.getConnectionStateListenable().removeListener(connectionStateListener);
                return null;
            } catch (Throwable th) {
                curatorFramework.getConnectionStateListenable().removeListener(connectionStateListener);
                throw th;
            }
        } catch (Exception e2) {
            LOG.error(e2.getMessage(), (Throwable) e2);
            System.err.println("Problem during ensemble security configuration (please check log for details): " + e2.getMessage());
            return null;
        }
    }
}
