package org.apache.falcon.entity.parser;

import java.io.IOException;
import java.net.URI;
import java.util.HashSet;
import java.util.List;
import javax.jms.ConnectionFactory;
import org.apache.commons.httpclient.cookie.Cookie2;
import org.apache.commons.lang.Validate;
import org.apache.commons.lang3.StringUtils;
import org.apache.falcon.FalconException;
import org.apache.falcon.catalog.CatalogServiceFactory;
import org.apache.falcon.entity.ClusterHelper;
import org.apache.falcon.entity.EntityUtil;
import org.apache.falcon.entity.v0.EntityType;
import org.apache.falcon.entity.v0.cluster.ACL;
import org.apache.falcon.entity.v0.cluster.Cluster;
import org.apache.falcon.entity.v0.cluster.ClusterLocationType;
import org.apache.falcon.entity.v0.cluster.Interface;
import org.apache.falcon.entity.v0.cluster.Interfacetype;
import org.apache.falcon.entity.v0.cluster.Location;
import org.apache.falcon.entity.v0.cluster.Property;
import org.apache.falcon.hadoop.HadoopClientFactory;
import org.apache.falcon.security.SecurityUtil;
import org.apache.falcon.util.StartupProperties;
import org.apache.falcon.workflow.WorkflowEngineFactory;
import org.apache.falcon.workflow.util.OozieConstants;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.fs.permission.FsPermission;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AuthorizationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/falcon-common-0.8.jar:org/apache/falcon/entity/parser/ClusterEntityParser.class */
public class ClusterEntityParser extends EntityParser<Cluster> {
    private static final Logger LOG = LoggerFactory.getLogger(ClusterEntityParser.class);

    public ClusterEntityParser() {
        super(EntityType.CLUSTER);
    }

    @Override // org.apache.falcon.entity.parser.EntityParser
    public void validate(Cluster cluster) throws ValidationException {
        validateScheme(cluster, Interfacetype.READONLY);
        validateScheme(cluster, Interfacetype.WRITE);
        validateScheme(cluster, Interfacetype.WORKFLOW);
        if (ClusterHelper.getInterface(cluster, Interfacetype.MESSAGING) != null) {
            validateScheme(cluster, Interfacetype.MESSAGING);
        }
        if (CatalogServiceFactory.isEnabled() && ClusterHelper.getInterface(cluster, Interfacetype.REGISTRY) != null) {
            validateScheme(cluster, Interfacetype.REGISTRY);
        }
        validateACL(cluster);
        if (EntityUtil.responsibleFor(cluster.getColo())) {
            validateReadInterface(cluster);
            validateWriteInterface(cluster);
            validateExecuteInterface(cluster);
            validateWorkflowInterface(cluster);
            validateMessagingInterface(cluster);
            validateRegistryInterface(cluster);
            validateLocations(cluster);
            validateProperties(cluster);
        }
    }

    private void validateScheme(Cluster cluster, Interfacetype interfacetype) throws ValidationException {
        URI uri = new Path(ClusterHelper.getInterface(cluster, interfacetype).getEndpoint()).toUri();
        if (uri.getScheme() == null) {
            if (Interfacetype.WORKFLOW != interfacetype || !uri.toString().equals(OozieConstants.LOCAL_OOZIE)) {
                throw new ValidationException("Cannot get valid scheme for interface: " + interfacetype + " of cluster: " + cluster.getName());
            }
        }
    }

    private void validateReadInterface(Cluster cluster) throws ValidationException {
        String readOnlyStorageUrl = ClusterHelper.getReadOnlyStorageUrl(cluster);
        LOG.info("Validating read interface: {}", readOnlyStorageUrl);
        validateFileSystem(cluster, readOnlyStorageUrl);
    }

    private void validateWriteInterface(Cluster cluster) throws ValidationException {
        String storageUrl = ClusterHelper.getStorageUrl(cluster);
        LOG.info("Validating write interface: {}", storageUrl);
        validateFileSystem(cluster, storageUrl);
    }

    private void validateFileSystem(Cluster cluster, String str) throws ValidationException {
        try {
            Configuration configuration = new Configuration();
            configuration.set("fs.defaultFS", str);
            configuration.setInt("ipc.client.connect.max.retries", 10);
            if (UserGroupInformation.isSecurityEnabled()) {
                String propertyValue = ClusterHelper.getPropertyValue(cluster, "dfs.namenode.kerberos.principal");
                Validate.notEmpty(propertyValue, "Cluster definition missing required namenode credential property: dfs.namenode.kerberos.principal");
                configuration.set("dfs.namenode.kerberos.principal", propertyValue);
            }
            HadoopClientFactory.get().createProxiedFileSystem(configuration).exists(new Path("/"));
        } catch (Exception e) {
            throw new ValidationException("Invalid storage server or port: " + str + ", " + e.getMessage(), e);
        }
    }

    private void validateExecuteInterface(Cluster cluster) throws ValidationException {
        String mREndPoint = ClusterHelper.getMREndPoint(cluster);
        LOG.info("Validating execute interface: {}", mREndPoint);
        try {
            HadoopClientFactory.get().validateJobClient(mREndPoint);
        } catch (IOException e) {
            throw new ValidationException("Invalid Execute server or port: " + mREndPoint, e);
        }
    }

    protected void validateWorkflowInterface(Cluster cluster) throws ValidationException {
        String oozieUrl = ClusterHelper.getOozieUrl(cluster);
        LOG.info("Validating workflow interface: {}", oozieUrl);
        if (OozieConstants.LOCAL_OOZIE.equals(oozieUrl)) {
            return;
        }
        try {
            if (WorkflowEngineFactory.getWorkflowEngine().isAlive(cluster)) {
            } else {
                throw new ValidationException("Unable to reach Workflow server:" + oozieUrl);
            }
        } catch (FalconException e) {
            throw new ValidationException("Invalid Workflow server or port: " + oozieUrl, e);
        }
    }

    protected void validateMessagingInterface(Cluster cluster) throws ValidationException {
        if (ClusterHelper.getInterface(cluster, Interfacetype.MESSAGING) == null) {
            LOG.info("Messaging service is not enabled for cluster: {}", cluster.getName());
            return;
        }
        String messageBrokerUrl = ClusterHelper.getMessageBrokerUrl(cluster);
        String property = StartupProperties.get().getProperty("broker.impl.class", ClusterHelper.DEFAULT_BROKER_IMPL_CLASS);
        LOG.info("Validating messaging interface: {}, implementation: {}", messageBrokerUrl, property);
        try {
            ((ConnectionFactory) getClass().getClassLoader().loadClass(property).getConstructor(String.class, String.class, String.class).newInstance("", "", messageBrokerUrl)).createConnection();
        } catch (Exception e) {
            throw new ValidationException("Invalid Messaging server or port: " + messageBrokerUrl + " for: " + property, e);
        }
    }

    protected void validateRegistryInterface(Cluster cluster) throws ValidationException {
        if (CatalogServiceFactory.isEnabled()) {
            Interface r0 = ClusterHelper.getInterface(cluster, Interfacetype.REGISTRY);
            if (r0 == null) {
                LOG.info("Catalog service is not enabled for cluster: {}", cluster.getName());
                return;
            }
            String endpoint = r0.getEndpoint();
            LOG.info("Validating catalog registry interface: {}", endpoint);
            try {
                Configuration configuration = ClusterHelper.getConfiguration(cluster);
                if (UserGroupInformation.isSecurityEnabled()) {
                    Validate.notEmpty(configuration.get(SecurityUtil.HIVE_METASTORE_KERBEROS_PRINCIPAL), "Cluster definition missing required metastore credential property: hive.metastore.kerberos.principal");
                }
                if (CatalogServiceFactory.getCatalogService().isAlive(configuration, endpoint)) {
                } else {
                    throw new ValidationException("Unable to reach Catalog server:" + endpoint);
                }
            } catch (FalconException e) {
                throw new ValidationException("Invalid Catalog server or port: " + endpoint, e);
            }
        }
    }

    private void validateACL(Cluster cluster) throws ValidationException {
        if (this.isAuthorizationDisabled) {
            return;
        }
        ACL acl = cluster.getACL();
        if (acl == null) {
            throw new ValidationException("Cluster ACL cannot be empty for:  " + cluster.getName());
        }
        validateACLOwnerAndGroup(acl);
        try {
            authorize(cluster.getName(), acl);
        } catch (AuthorizationException e) {
            throw new ValidationException((Exception) e);
        }
    }

    protected void validateLocations(Cluster cluster) throws ValidationException {
        try {
            FileSystem createProxiedFileSystem = HadoopClientFactory.get().createProxiedFileSystem(ClusterHelper.getConfiguration(cluster));
            Location location = ClusterHelper.getLocation(cluster, ClusterLocationType.STAGING);
            if (location == null) {
                throw new ValidationException("Unable to find the mandatory location of name: " + ClusterLocationType.STAGING.value() + " for cluster " + cluster.getName());
            }
            checkPathOwnerAndPermission(cluster.getName(), location.getPath(), createProxiedFileSystem, HadoopClientFactory.ALL_PERMISSION);
            if (ClusterHelper.checkWorkingLocationExists(cluster)) {
                Location location2 = ClusterHelper.getLocation(cluster, ClusterLocationType.WORKING);
                if (location.getPath().equals(location2.getPath())) {
                    throw new ValidationException("Location with name: " + location.getName().value() + " and " + location2.getName().value() + " cannot have same path: " + location.getPath() + " for cluster :" + cluster.getName());
                }
                checkPathOwnerAndPermission(cluster.getName(), location2.getPath(), createProxiedFileSystem, HadoopClientFactory.READ_EXECUTE_PERMISSION);
                return;
            }
            Path path = new Path(location.getPath(), "working");
            try {
                if (!createProxiedFileSystem.exists(path)) {
                    HadoopClientFactory.mkdirs(createProxiedFileSystem, path, HadoopClientFactory.READ_EXECUTE_PERMISSION);
                } else {
                    if (!createProxiedFileSystem.isDirectory(path)) {
                        throw new ValidationException("Falcon needs subdir working inside staging dir:" + location.getPath() + " when staging location not specified. Got a file at " + path.toString());
                    }
                    FsPermission permission = createProxiedFileSystem.getFileStatus(path).getPermission();
                    if (!permission.equals(HadoopClientFactory.READ_EXECUTE_PERMISSION)) {
                        throw new ValidationException("Falcon needs subdir working inside staging dir:" + location.getPath() + " when staging location not specified with " + HadoopClientFactory.READ_EXECUTE_PERMISSION.toString() + " got " + permission.toString());
                    }
                }
            } catch (IOException e) {
                throw new ValidationException("Unable to create path for " + path.toString() + " with path: " + path.toString() + " for cluster " + cluster.getName(), e);
            }
        } catch (FalconException e2) {
            throw new ValidationException("Unable to get file system handle for cluster " + cluster.getName(), e2);
        }
    }

    protected void validateProperties(Cluster cluster) throws ValidationException {
        if (cluster.getProperties() == null) {
            return;
        }
        List<Property> properties = cluster.getProperties().getProperties();
        HashSet hashSet = new HashSet();
        for (Property property : properties) {
            if (StringUtils.isBlank(property.getName())) {
                throw new ValidationException("Property name and value cannot be empty for Cluster: " + cluster.getName());
            }
            if (!hashSet.add(property.getName())) {
                throw new ValidationException("Multiple properties with same name found for Cluster: " + cluster.getName());
            }
        }
    }

    private void checkPathOwnerAndPermission(String str, String str2, FileSystem fileSystem, FsPermission fsPermission) throws ValidationException {
        Path path = new Path(str2);
        try {
            if (!fileSystem.exists(path)) {
                throw new ValidationException("Location " + str2 + " for cluster " + str + " must exist.");
            }
            String shortUserName = UserGroupInformation.getLoginUser().getShortUserName();
            FileStatus fileStatus = fileSystem.getFileStatus(path);
            String owner = fileStatus.getOwner();
            if (!owner.equals(shortUserName)) {
                LOG.error("Owner of the location {} is {} for cluster {}. Current user {} is not the owner of the location.", path, owner, str, shortUserName);
                throw new ValidationException("Path [" + path + "] on the cluster [" + str + "] has owner [" + owner + "]. Current user [" + shortUserName + "] is not the owner of the " + Cookie2.PATH);
            }
            String str3 = "Path " + path + " has permissions: " + fileStatus.getPermission().toString() + ", should be " + fsPermission;
            if (fileStatus.getPermission().toShort() != fsPermission.toShort()) {
                LOG.error(str3);
                throw new ValidationException(str3);
            }
            fileSystem.listStatus(path);
        } catch (IOException e) {
            throw new ValidationException("Unable to validate the location with path: " + str2 + " for cluster:" + str + " due to transient failures ", e);
        }
    }
}
