package co.cask.cdap.security.guice;

import co.cask.cdap.api.security.store.SecureStore;
import co.cask.cdap.api.security.store.SecureStoreManager;
import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.conf.SConfiguration;
import co.cask.cdap.common.runtime.RuntimeModule;
import co.cask.cdap.security.store.DefaultSecureStoreService;
import co.cask.cdap.security.store.DummySecureStore;
import co.cask.cdap.security.store.FileSecureStore;
import co.cask.cdap.security.store.SecureStoreUtils;
import com.google.common.base.Strings;
import com.google.inject.Inject;
import com.google.inject.Injector;
import com.google.inject.Module;
import com.google.inject.PrivateModule;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import com.google.inject.TypeLiteral;
import com.google.inject.name.Names;

/* loaded from: input_file:co/cask/cdap/security/guice/SecureStoreModules.class */
public class SecureStoreModules extends RuntimeModule {
    public static final String DELEGATE_SECURE_STORE = "delegateSecureStore";
    public static final String DELEGATE_SECURE_STORE_MANAGER = "delegateSecureStoreManager";

    @Singleton
    /* loaded from: input_file:co/cask/cdap/security/guice/SecureStoreModules$DistributedStoreProvider.class */
    private static final class DistributedStoreProvider<T> implements Provider<T> {
        private final CConfiguration cConf;
        private final Injector injector;

        @Inject
        private DistributedStoreProvider(CConfiguration cConfiguration, Injector injector) {
            this.cConf = cConfiguration;
            this.injector = injector;
        }

        public T get() {
            boolean isKMSBacked = SecureStoreUtils.isKMSBacked(this.cConf);
            if (isKMSBacked && SecureStoreUtils.isKMSCapable()) {
                return (T) this.injector.getInstance(SecureStoreUtils.getKMSSecureStore());
            }
            if (isKMSBacked) {
                throw new IllegalArgumentException("Could not find classes required for supporting KMS based secure store. KMS backed secure store depends on org.apache.hadoop.crypto.key.kms.KMSClientProvider being available. This is supported in Apache Hadoop 2.6.0 and up and on distribution versions that are based on Apache Hadoop 2.6.0 and up.");
            }
            if (SecureStoreUtils.isFileBacked(this.cConf)) {
                throw new IllegalArgumentException("Only KMS based provider is supported in distributed mode. To be able to use secure store in a distributed environment youwill need to use the Hadoop KMS based provider.");
            }
            return (T) this.injector.getInstance(DummySecureStore.class);
        }
    }

    @Singleton
    /* loaded from: input_file:co/cask/cdap/security/guice/SecureStoreModules$StoreProvider.class */
    private static final class StoreProvider<T> implements Provider<T> {
        private final CConfiguration cConf;
        private final SConfiguration sConf;
        private final Injector injector;

        @Inject
        private StoreProvider(CConfiguration cConfiguration, SConfiguration sConfiguration, Injector injector) {
            this.cConf = cConfiguration;
            this.sConf = sConfiguration;
            this.injector = injector;
        }

        public T get() {
            boolean isFileBacked = SecureStoreUtils.isFileBacked(this.cConf);
            boolean z = !Strings.isNullOrEmpty(this.sConf.get("security.store.file.password"));
            if (isFileBacked && z) {
                return (T) this.injector.getInstance(FileSecureStore.class);
            }
            if (isFileBacked) {
                throw new IllegalArgumentException("File secure store password is not set. Please set the \"security.store.file.password\" property in your cdap-security.xml.");
            }
            if (SecureStoreUtils.isKMSBacked(this.cConf)) {
                throw new IllegalArgumentException("Only file based secure store is supported in InMemory/Standalone modes. Please set the \"security.store.provider\" property in cdap-site.xml to file and set the \"security.store.file.password\" property in your cdap-security.xml.");
            }
            return (T) this.injector.getInstance(DummySecureStore.class);
        }
    }

    public final Module getInMemoryModules() {
        return new PrivateModule() { // from class: co.cask.cdap.security.guice.SecureStoreModules.1
            protected void configure() {
                bind(SecureStore.class).annotatedWith(Names.named(SecureStoreModules.DELEGATE_SECURE_STORE)).toProvider(new TypeLiteral<StoreProvider<SecureStore>>() { // from class: co.cask.cdap.security.guice.SecureStoreModules.1.1
                });
                bind(SecureStoreManager.class).annotatedWith(Names.named(SecureStoreModules.DELEGATE_SECURE_STORE_MANAGER)).toProvider(new TypeLiteral<StoreProvider<SecureStoreManager>>() { // from class: co.cask.cdap.security.guice.SecureStoreModules.1.2
                });
                bind(SecureStore.class).to(DefaultSecureStoreService.class);
                bind(SecureStoreManager.class).to(DefaultSecureStoreService.class);
                expose(SecureStore.class);
                expose(SecureStoreManager.class);
            }
        };
    }

    public final Module getStandaloneModules() {
        return new PrivateModule() { // from class: co.cask.cdap.security.guice.SecureStoreModules.2
            protected void configure() {
                bind(SecureStore.class).annotatedWith(Names.named(SecureStoreModules.DELEGATE_SECURE_STORE)).toProvider(new TypeLiteral<StoreProvider<SecureStore>>() { // from class: co.cask.cdap.security.guice.SecureStoreModules.2.1
                });
                bind(SecureStoreManager.class).annotatedWith(Names.named(SecureStoreModules.DELEGATE_SECURE_STORE_MANAGER)).toProvider(new TypeLiteral<StoreProvider<SecureStoreManager>>() { // from class: co.cask.cdap.security.guice.SecureStoreModules.2.2
                });
                bind(SecureStore.class).to(DefaultSecureStoreService.class);
                expose(SecureStore.class);
                bind(SecureStoreManager.class).to(DefaultSecureStoreService.class);
                expose(SecureStoreManager.class);
            }
        };
    }

    public final Module getDistributedModules() {
        return new PrivateModule() { // from class: co.cask.cdap.security.guice.SecureStoreModules.3
            protected void configure() {
                bind(SecureStore.class).annotatedWith(Names.named(SecureStoreModules.DELEGATE_SECURE_STORE)).toProvider(new TypeLiteral<DistributedStoreProvider<SecureStore>>() { // from class: co.cask.cdap.security.guice.SecureStoreModules.3.1
                });
                bind(SecureStoreManager.class).annotatedWith(Names.named(SecureStoreModules.DELEGATE_SECURE_STORE_MANAGER)).toProvider(new TypeLiteral<DistributedStoreProvider<SecureStoreManager>>() { // from class: co.cask.cdap.security.guice.SecureStoreModules.3.2
                });
                bind(SecureStore.class).to(DefaultSecureStoreService.class);
                bind(SecureStoreManager.class).to(DefaultSecureStoreService.class);
                expose(SecureStore.class);
                expose(SecureStoreManager.class);
            }
        };
    }
}
