package org.apache.accumulo.server.util;

import io.opentelemetry.api.trace.Span;
import io.opentelemetry.context.Scope;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import org.apache.accumulo.core.conf.AccumuloConfiguration;
import org.apache.accumulo.core.data.InstanceId;
import org.apache.accumulo.core.fate.zookeeper.ZooReader;
import org.apache.accumulo.core.fate.zookeeper.ZooReaderWriter;
import org.apache.accumulo.core.fate.zookeeper.ZooUtil;
import org.apache.accumulo.core.trace.TraceUtil;
import org.apache.accumulo.core.volume.Volume;
import org.apache.accumulo.server.ServerContext;
import org.apache.accumulo.server.ServerDirs;
import org.apache.accumulo.server.fs.VolumeManager;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.zookeeper.ZooDefs;
import org.apache.zookeeper.data.Stat;

/* loaded from: input_file:org/apache/accumulo/server/util/ChangeSecret.class */
public class ChangeSecret {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/accumulo/server/util/ChangeSecret$Visitor.class */
    public interface Visitor {
        void visit(ZooReader zooReader, String str) throws Exception;
    }

    /* JADX WARN: Finally extract failed */
    public static void execute(ServerContext serverContext, AccumuloConfiguration accumuloConfiguration) throws Exception {
        VolumeManager volumeManager = serverContext.getVolumeManager();
        try {
            ServerDirs serverDirs = new ServerDirs(accumuloConfiguration, new Configuration());
            verifyHdfsWritePermission(serverDirs, volumeManager);
            String valueOf = String.valueOf(System.console().readPassword("Old secret: ", new Object[0]));
            String valueOf2 = String.valueOf(System.console().readPassword("New secret: ", new Object[0]));
            Span startSpan = TraceUtil.startSpan(ChangeSecret.class, "main");
            try {
                Scope makeCurrent = startSpan.makeCurrent();
                try {
                    verifyAccumuloIsDown(serverContext, valueOf);
                    InstanceId of = InstanceId.of(UUID.randomUUID());
                    updateHdfs(serverDirs, volumeManager, of);
                    rewriteZooKeeperInstance(serverContext, of, valueOf, valueOf2);
                    if (!StringUtils.isBlank(valueOf)) {
                        deleteInstance(serverContext, valueOf);
                    }
                    System.out.println("New instance id is " + of);
                    System.out.println("Be sure to put your new secret in accumulo.properties");
                    if (makeCurrent != null) {
                        makeCurrent.close();
                    }
                    startSpan.end();
                    if (volumeManager != null) {
                        volumeManager.close();
                    }
                } catch (Throwable th) {
                    if (makeCurrent != null) {
                        try {
                            makeCurrent.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                startSpan.end();
                throw th3;
            }
        } catch (Throwable th4) {
            if (volumeManager != null) {
                try {
                    volumeManager.close();
                } catch (Throwable th5) {
                    th4.addSuppressed(th5);
                }
            }
            throw th4;
        }
    }

    private static void recurse(ZooReader zooReader, String str, Visitor visitor) {
        try {
            visitor.visit(zooReader, str);
            Iterator it = zooReader.getChildren(str).iterator();
            while (it.hasNext()) {
                recurse(zooReader, str + "/" + ((String) it.next()), visitor);
            }
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private static void verifyAccumuloIsDown(ServerContext serverContext, String str) throws Exception {
        ZooReaderWriter asWriter = serverContext.getZooReader().asWriter(str);
        String zooKeeperRoot = serverContext.getZooKeeperRoot();
        ArrayList arrayList = new ArrayList();
        recurse(asWriter, zooKeeperRoot, (zooReader, str2) -> {
            if (zooReader.getStatus(str2).getEphemeralOwner() != 0) {
                arrayList.add(str2);
            }
        });
        if (arrayList.isEmpty()) {
            return;
        }
        System.err.println("The following ephemeral nodes exist, something is still running:");
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            System.err.println((String) it.next());
        }
        throw new Exception("Accumulo must be shut down in order to run this tool.");
    }

    private static void rewriteZooKeeperInstance(ServerContext serverContext, InstanceId instanceId, String str, String str2) throws Exception {
        ZooReaderWriter asWriter = serverContext.getZooReader().asWriter(str);
        ZooReaderWriter asWriter2 = serverContext.getZooReader().asWriter(str2);
        recurse(asWriter, serverContext.getZooKeeperRoot(), (zooReader, str3) -> {
            String replace = str3.replace(serverContext.getInstanceID().canonical(), instanceId.canonical());
            byte[] data = zooReader.getData(str3);
            List acl = asWriter.getZooKeeper().getACL(str3, new Stat());
            if (acl.containsAll(ZooDefs.Ids.READ_ACL_UNSAFE)) {
                asWriter2.putPersistentData(replace, data, ZooUtil.NodeExistsPolicy.FAIL);
                return;
            }
            if (!acl.containsAll(ZooDefs.Ids.OPEN_ACL_UNSAFE)) {
                asWriter2.putPrivatePersistentData(replace, data, ZooUtil.NodeExistsPolicy.FAIL);
                return;
            }
            String[] split = str3.split("/");
            if (split[split.length - 2].equals("users")) {
                asWriter2.putPrivatePersistentData(replace, data, ZooUtil.NodeExistsPolicy.FAIL);
            } else {
                asWriter2.putPersistentData(replace, data, ZooUtil.NodeExistsPolicy.FAIL);
            }
        });
        String str4 = "/accumulo/instances/" + serverContext.getInstanceName();
        asWriter.recursiveDelete(str4, ZooUtil.NodeMissingPolicy.SKIP);
        asWriter2.putPersistentData(str4, instanceId.canonical().getBytes(StandardCharsets.UTF_8), ZooUtil.NodeExistsPolicy.OVERWRITE);
    }

    private static void updateHdfs(ServerDirs serverDirs, VolumeManager volumeManager, InstanceId instanceId) throws IOException {
        for (Volume volume : volumeManager.getVolumes()) {
            Path instanceIdLocation = serverDirs.getInstanceIdLocation(volume);
            if (!volume.getFileSystem().delete(instanceIdLocation, true)) {
                throw new IOException("Could not recursively delete " + instanceIdLocation);
            }
            if (!volume.getFileSystem().mkdirs(instanceIdLocation)) {
                throw new IOException("Could not create directory " + instanceIdLocation);
            }
            volume.getFileSystem().create(new Path(instanceIdLocation, instanceId.canonical())).close();
        }
    }

    private static void verifyHdfsWritePermission(ServerDirs serverDirs, VolumeManager volumeManager) throws Exception {
        for (Volume volume : volumeManager.getVolumes()) {
            checkHdfsAccessPermissions(volume.getFileSystem().getFileStatus(serverDirs.getInstanceIdLocation(volume)), FsAction.WRITE);
        }
    }

    private static void checkHdfsAccessPermissions(FileStatus fileStatus, FsAction fsAction) throws Exception {
        FsPermission permission = fileStatus.getPermission();
        UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
        String shortUserName = currentUser.getShortUserName();
        List asList = Arrays.asList(currentUser.getGroupNames());
        if (shortUserName.equals(fileStatus.getOwner())) {
            if (permission.getUserAction().implies(fsAction)) {
                return;
            }
        } else if (asList.contains(fileStatus.getGroup())) {
            if (permission.getGroupAction().implies(fsAction)) {
                return;
            }
        } else if (permission.getOtherAction().implies(fsAction)) {
            return;
        }
        Object[] objArr = new Object[6];
        objArr[0] = shortUserName;
        objArr[1] = fileStatus.getPath();
        objArr[2] = fileStatus.getOwner();
        objArr[3] = fileStatus.getGroup();
        objArr[4] = fileStatus.isDirectory() ? "d" : "-";
        objArr[5] = permission;
        throw new Exception(String.format("Permission denied: user=%s, path=\"%s\":%s:%s:%s%s", objArr));
    }

    private static void deleteInstance(ServerContext serverContext, String str) throws Exception {
        serverContext.getZooReader().asWriter(str).recursiveDelete("/accumulo/" + serverContext.getInstanceID(), ZooUtil.NodeMissingPolicy.SKIP);
    }
}
