package com.mapr.web.security.verifier;

import com.mapr.admin.SecurityManager;
import com.mapr.baseutils.cldbutils.CLDBRpcCommonUtils;
import com.mapr.security.JNISecurity;
import com.mapr.security.SecurityConf;
import com.mapr.web.security.SslConfig;
import com.mapr.web.security.verifier.Tests;
import java.io.PrintStream;
import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mapr/web/security/verifier/SecurityVerifierMain.class */
public class SecurityVerifierMain {
    private static final String UG_MAPR = "mapr";
    private final boolean asServer;
    private final String maprUser;
    private final String maprGroup;
    private Tests test;
    private SecureFileVerifier secureFileVerifier;
    private SslConfigVerifier sslConfigVerifier;
    private SslManagerVerifier sslManagerVerifier;
    private static final String credProvider;
    private static final String currentClusterName;
    private static final boolean isSecured;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SecurityVerifierMain.class);
    private static final boolean isFipsEnabled = SecurityConf.isFipsEnabled();

    /* loaded from: input_file:com/mapr/web/security/verifier/SecurityVerifierMain$SecurityVerifierMainBuilder.class */
    public static class SecurityVerifierMainBuilder {
        private boolean asServer;
        private String maprUser;
        private String maprGroup;
        private Tests test;
        private SecureFileVerifier secureFileVerifier;
        private SslConfigVerifier sslConfigVerifier;
        private SslManagerVerifier sslManagerVerifier;

        SecurityVerifierMainBuilder() {
        }

        public SecurityVerifierMainBuilder asServer(boolean z) {
            this.asServer = z;
            return this;
        }

        public SecurityVerifierMainBuilder maprUser(String str) {
            this.maprUser = str;
            return this;
        }

        public SecurityVerifierMainBuilder maprGroup(String str) {
            this.maprGroup = str;
            return this;
        }

        public SecurityVerifierMainBuilder test(Tests tests) {
            this.test = tests;
            return this;
        }

        public SecurityVerifierMainBuilder secureFileVerifier(SecureFileVerifier secureFileVerifier) {
            this.secureFileVerifier = secureFileVerifier;
            return this;
        }

        public SecurityVerifierMainBuilder sslConfigVerifier(SslConfigVerifier sslConfigVerifier) {
            this.sslConfigVerifier = sslConfigVerifier;
            return this;
        }

        public SecurityVerifierMainBuilder sslManagerVerifier(SslManagerVerifier sslManagerVerifier) {
            this.sslManagerVerifier = sslManagerVerifier;
            return this;
        }

        public SecurityVerifierMain build() {
            return new SecurityVerifierMain(this.asServer, this.maprUser, this.maprGroup, this.test, this.secureFileVerifier, this.sslConfigVerifier, this.sslManagerVerifier);
        }

        public String toString() {
            return "SecurityVerifierMain.SecurityVerifierMainBuilder(asServer=" + this.asServer + ", maprUser=" + this.maprUser + ", maprGroup=" + this.maprGroup + ", test=" + this.test + ", secureFileVerifier=" + this.secureFileVerifier + ", sslConfigVerifier=" + this.sslConfigVerifier + ", sslManagerVerifier=" + this.sslManagerVerifier + ")";
        }
    }

    private static void usage(PrintStream printStream) {
        printStream.print("Usage: ");
        printStream.println("mapr secchk [ <options...>]");
        printStream.println("Options:");
        printStream.println("  --server true|false           Specifies if the security configurations tests include those for MapR Service process (default is true)");
        printStream.println("  --mapruser  <username>        Username that run the MapR Services on the node (default is 'mapr')");
        printStream.println("  --maprgroup <groupname>       Primary group name of the user that runs the MapR Services (default is 'mapr')");
        printStream.println("  --summary true|false          Prints a summary of errors at the end (default is false)");
        printStream.println("  --verbose true|false          Prints verbose output from tests (default is false)");
    }

    /* JADX WARN: Removed duplicated region for block: B:44:0x0190  */
    /* JADX WARN: Removed duplicated region for block: B:47:0x019d  */
    /* JADX WARN: Removed duplicated region for block: B:49:0x01a8  */
    /* JADX WARN: Removed duplicated region for block: B:51:0x01b4  */
    /* JADX WARN: Removed duplicated region for block: B:53:0x01c1  */
    /* JADX WARN: Removed duplicated region for block: B:55:0x01ce  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void main(java.lang.String[] r7) {
        /*
            Method dump skipped, instructions count: 622
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.mapr.web.security.verifier.SecurityVerifierMain.main(java.lang.String[]):void");
    }

    private void run() {
        Object[] objArr = new Object[1];
        objArr[0] = this.asServer ? "Server" : "Client";
        Output.printfl("Running security health check as a %s", objArr);
        Output.printfl("===============================================", new Object[0]);
        Output.printH1("Checking Cluster Security configuration for Cluster '%s'", Output.yellow(currentClusterName));
        Object[] objArr2 = new Object[1];
        objArr2[0] = isSecured ? "" : " NOT";
        Output.info("Cluster is%s secured.", objArr2);
        Object[] objArr3 = new Object[1];
        objArr3[0] = isFipsEnabled ? "" : " NOT";
        Output.info("FIPS is%s enabled.", objArr3);
        if (this.asServer) {
            verifyServerSecuritySettings();
        }
        verifyClientSecuritySettings();
        Output.printfl("===============================================", new Object[0]);
        int errorCount = Tests.getErrorCount();
        Output.printfl("Tests complete, total error count: %d", Integer.valueOf(errorCount));
        if (Output.summary && errorCount > 0) {
            Output.printfl("Error summary:", new Object[0]);
            Iterator<Tests.Test> it = Tests.getAllTests().iterator();
            while (it.hasNext()) {
                Tests.Test next = it.next();
                if (next.errors.size() > 0) {
                    Output.printH2(next.name, new Object[0]);
                    for (String str : next.errors) {
                        Output.printf("   ", new Object[0]);
                        Output.error(str, new Object[0]);
                    }
                }
            }
            Output.printfl("===============================================", new Object[0]);
        }
        System.exit(errorCount);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void verifyServerSecuritySettings() {
        Output.printH1("Checking Server security configurations", new Object[0]);
        if (isSecured) {
            this.secureFileVerifier.verify("/opt/mapr/conf/maprserverticket", "rw-------");
            this.secureFileVerifier.verify("/opt/mapr/conf/mapruserticket", "rw-------");
        }
        for (Object[] objArr : new String[]{new String[]{"/opt/mapr/conf/ssl-server.xml", "rw-r-----"}, new String[]{"/opt/mapr/conf/ssl_keystore", "r--------"}, new String[]{"/opt/mapr/conf/ssl_keystore.pem", "r--------"}, new String[]{"/opt/mapr/conf/ssl_keystore.p12", "r--------"}, new String[]{"/opt/mapr/conf/ssl_userkeystore", "r--------"}, new String[]{"/opt/mapr/conf/ssl_userkeystore.pem", "r--------"}, new String[]{"/opt/mapr/conf/ssl_userkeystore.p12", "r--------"}, new String[]{"/opt/mapr/conf/private.key", "r--------"}, new String[]{"/opt/mapr/conf/maprkeycreds.conf", "rw-------"}, new String[]{"/opt/mapr/conf/maprkeycreds." + credProvider, "rw-------"}}) {
            this.secureFileVerifier.verify(objArr[0], objArr[1]);
        }
        this.secureFileVerifier.verifyFolder("/opt/mapr/conf/tokens", "rw-------");
        this.secureFileVerifier.verifyFolder("/opt/mapr/conf/ca/root-ca/private", "rw-------");
        this.sslConfigVerifier.verify(SslConfig.SslConfigScope.SCOPE_ALL);
        this.sslManagerVerifier.verifyServer();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void verifyClientSecuritySettings() {
        Output.printH1("Checking Client security configurations", new Object[0]);
        for (Object[] objArr : new String[]{new String[]{"/opt/mapr/conf/ssl-client.xml", "rw-r--r--"}, new String[]{"/opt/mapr/conf/ssl_truststore", "r--r--r--"}, new String[]{"/opt/mapr/conf/ssl_truststore.pem", "r--r--r--"}, new String[]{"/opt/mapr/conf/ssl_truststore.p12", "r--r--r--"}, new String[]{"/opt/mapr/conf/ssl_usertruststore", "r--r--r--"}, new String[]{"/opt/mapr/conf/ssl_usertruststore.pem", "r--r--r--"}, new String[]{"/opt/mapr/conf/ssl_usertruststore.p12", "r--r--r--"}, new String[]{"/opt/mapr/conf/public.crt", "r--r--r--"}, new String[]{"/opt/mapr/conf/maprtrustcreds.conf", "rw-r--r--"}, new String[]{"/opt/mapr/conf/maprtrustcreds." + credProvider, "rw-r--r--"}}) {
            this.secureFileVerifier.verify(objArr[0], objArr[1]);
        }
        this.secureFileVerifier.verifyFolder("/opt/mapr/conf/ca", "glob:*.{crt,csr,pem}", "rw-r--r--");
        this.sslConfigVerifier.verify(SslConfig.SslConfigScope.SCOPE_CLIENT_ONLY);
        this.sslManagerVerifier.verifyClient();
    }

    private static boolean getBoolArgVal(int i, String[] strArr, boolean z) {
        int i2 = i + 1;
        return (i2 >= strArr.length || strArr[i2].startsWith("-")) ? z : Boolean.getBoolean(strArr[i2]);
    }

    private static String getStrArgVal(int i, String[] strArr, String str) {
        int i2 = i + 1;
        return (i2 >= strArr.length || strArr[i2].startsWith("-")) ? str : strArr[i2];
    }

    public static SecurityVerifierMainBuilder builder() {
        return new SecurityVerifierMainBuilder();
    }

    public SecurityVerifierMain(boolean z, String str, String str2, Tests tests, SecureFileVerifier secureFileVerifier, SslConfigVerifier sslConfigVerifier, SslManagerVerifier sslManagerVerifier) {
        this.asServer = z;
        this.maprUser = str;
        this.maprGroup = str2;
        this.test = tests;
        this.secureFileVerifier = secureFileVerifier;
        this.sslConfigVerifier = sslConfigVerifier;
        this.sslManagerVerifier = sslManagerVerifier;
    }

    public String getMaprUser() {
        return this.maprUser;
    }

    public String getMaprGroup() {
        return this.maprGroup;
    }

    private SecurityVerifierMain setTest(Tests tests) {
        this.test = tests;
        return this;
    }

    public Tests getTest() {
        return this.test;
    }

    private SecurityVerifierMain setSecureFileVerifier(SecureFileVerifier secureFileVerifier) {
        this.secureFileVerifier = secureFileVerifier;
        return this;
    }

    public SecureFileVerifier getSecureFileVerifier() {
        return this.secureFileVerifier;
    }

    private SecurityVerifierMain setSslConfigVerifier(SslConfigVerifier sslConfigVerifier) {
        this.sslConfigVerifier = sslConfigVerifier;
        return this;
    }

    public SslConfigVerifier getSslConfigVerifier() {
        return this.sslConfigVerifier;
    }

    private SecurityVerifierMain setSslManagerVerifier(SslManagerVerifier sslManagerVerifier) {
        this.sslManagerVerifier = sslManagerVerifier;
        return this;
    }

    public SslManagerVerifier getSslManagerVerifier() {
        return this.sslManagerVerifier;
    }

    static {
        credProvider = isFipsEnabled ? SecurityManager.FIPS_STORE_TYPE : "jceks";
        currentClusterName = CLDBRpcCommonUtils.getInstance().getCurrentClusterName();
        isSecured = JNISecurity.IsSecurityEnabled(currentClusterName);
    }
}
