package org.apache.hadoop.security.alias;

import java.io.IOException;
import java.io.PrintStream;
import java.security.InvalidParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.conf.Configured;
import org.apache.hadoop.util.Tool;
import org.apache.hadoop.util.ToolRunner;

/* loaded from: input_file:hadoop-client-2.7.0-mapr-1506/share/hadoop/client/lib/hadoop-common-2.7.0-mapr-1506.jar:org/apache/hadoop/security/alias/CredentialShell.class */
public class CredentialShell extends Configured implements Tool {
    private static final String USAGE_PREFIX = "Usage: hadoop credential [generic options]\n";
    private static final String COMMANDS = "   [--help]\n   [create <alias> [-provider provider-path]]\n   [delete <alias> [-f] [-provider provider-path]]\n   [list [-provider provider-path]]\n";
    private boolean interactive = true;
    private Command command = null;
    public PrintStream out = System.out;
    public PrintStream err = System.err;
    private boolean userSuppliedProvider = false;
    private String value = null;
    private PasswordReader passwordReader;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:hadoop-client-2.7.0-mapr-1506/share/hadoop/client/lib/hadoop-common-2.7.0-mapr-1506.jar:org/apache/hadoop/security/alias/CredentialShell$Command.class */
    public abstract class Command {
        protected CredentialProvider provider;

        private Command() {
            this.provider = null;
        }

        public boolean validate() {
            return true;
        }

        protected CredentialProvider getCredentialProvider() {
            CredentialProvider credentialProvider = null;
            try {
                List<CredentialProvider> providers = CredentialProviderFactory.getProviders(CredentialShell.this.getConf());
                if (!CredentialShell.this.userSuppliedProvider) {
                    Iterator<CredentialProvider> it = providers.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        CredentialProvider next = it.next();
                        if (!next.isTransient()) {
                            credentialProvider = next;
                            break;
                        }
                    }
                } else {
                    credentialProvider = providers.get(0);
                }
            } catch (IOException e) {
                e.printStackTrace(CredentialShell.this.err);
            }
            return credentialProvider;
        }

        protected void printProviderWritten() {
            CredentialShell.this.out.println(this.provider.getClass().getName() + " has been updated.");
        }

        protected void warnIfTransientProvider() {
            if (this.provider.isTransient()) {
                CredentialShell.this.out.println("WARNING: you are modifying a transient provider.");
            }
        }

        public abstract void execute() throws Exception;

        public abstract String getUsage();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:hadoop-client-2.7.0-mapr-1506/share/hadoop/client/lib/hadoop-common-2.7.0-mapr-1506.jar:org/apache/hadoop/security/alias/CredentialShell$CreateCommand.class */
    public class CreateCommand extends Command {
        public static final String USAGE = "create <alias> [-provider provider-path]";
        public static final String DESC = "The create subcommand creates a new credential for the name specified\nas the <alias> argument within the provider indicated through\nthe -provider argument.";
        String alias;

        public CreateCommand(String str) {
            super();
            this.alias = null;
            this.alias = str;
        }

        @Override // org.apache.hadoop.security.alias.CredentialShell.Command
        public boolean validate() {
            boolean z = true;
            this.provider = getCredentialProvider();
            if (this.provider == null) {
                CredentialShell.this.out.println("There are no valid CredentialProviders configured.\nCredential will not be created.\nConsider using the -provider option to indicate the provider to use.");
                z = false;
            }
            if (this.alias == null) {
                CredentialShell.this.out.println("There is no alias specified. Please provide themandatory <alias>. See the usage description with -help.");
                z = false;
            }
            return z;
        }

        @Override // org.apache.hadoop.security.alias.CredentialShell.Command
        public void execute() throws IOException, NoSuchAlgorithmException {
            warnIfTransientProvider();
            try {
                this.provider.createCredentialEntry(this.alias, CredentialShell.this.value != null ? CredentialShell.this.value.toCharArray() : CredentialShell.this.promptForCredential());
                CredentialShell.this.out.println(this.alias + " has been successfully created.");
                this.provider.flush();
                printProviderWritten();
            } catch (IOException e) {
                CredentialShell.this.out.println(this.alias + " has NOT been created. " + e.getMessage());
                throw e;
            } catch (InvalidParameterException e2) {
                CredentialShell.this.out.println(this.alias + " has NOT been created. " + e2.getMessage());
                throw e2;
            }
        }

        @Override // org.apache.hadoop.security.alias.CredentialShell.Command
        public String getUsage() {
            return "create <alias> [-provider provider-path]:\n\nThe create subcommand creates a new credential for the name specified\nas the <alias> argument within the provider indicated through\nthe -provider argument.";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:hadoop-client-2.7.0-mapr-1506/share/hadoop/client/lib/hadoop-common-2.7.0-mapr-1506.jar:org/apache/hadoop/security/alias/CredentialShell$DeleteCommand.class */
    public class DeleteCommand extends Command {
        public static final String USAGE = "delete <alias> [-f] [-provider provider-path]";
        public static final String DESC = "The delete subcommand deletes the credential\nspecified as the <alias> argument from within the provider\nindicated through the -provider argument. The command asks for\nconfirmation unless the -f option is specified.";
        String alias;
        boolean cont;

        public DeleteCommand(String str) {
            super();
            this.alias = null;
            this.cont = true;
            this.alias = str;
        }

        @Override // org.apache.hadoop.security.alias.CredentialShell.Command
        public boolean validate() {
            this.provider = getCredentialProvider();
            if (this.provider == null) {
                CredentialShell.this.out.println("There are no valid CredentialProviders configured.\nNothing will be deleted.\nConsider using the -provider option to indicate the provider to use.");
                return false;
            }
            if (this.alias == null) {
                CredentialShell.this.out.println("There is no alias specified. Please provide themandatory <alias>. See the usage description with -help.");
                return false;
            }
            if (!CredentialShell.this.interactive) {
                return true;
            }
            try {
                this.cont = ToolRunner.confirmPrompt("You are about to DELETE the credential " + this.alias + " from CredentialProvider " + this.provider.toString() + ". Continue? ");
                if (!this.cont) {
                    CredentialShell.this.out.println("Nothing has been be deleted.");
                }
                return this.cont;
            } catch (IOException e) {
                CredentialShell.this.out.println(this.alias + " will not be deleted.");
                e.printStackTrace(CredentialShell.this.err);
                return true;
            }
        }

        @Override // org.apache.hadoop.security.alias.CredentialShell.Command
        public void execute() throws IOException {
            warnIfTransientProvider();
            CredentialShell.this.out.println("Deleting credential: " + this.alias + " from CredentialProvider: " + this.provider.toString());
            if (this.cont) {
                try {
                    this.provider.deleteCredentialEntry(this.alias);
                    CredentialShell.this.out.println(this.alias + " has been successfully deleted.");
                    this.provider.flush();
                    printProviderWritten();
                } catch (IOException e) {
                    CredentialShell.this.out.println(this.alias + " has NOT been deleted.");
                    throw e;
                }
            }
        }

        @Override // org.apache.hadoop.security.alias.CredentialShell.Command
        public String getUsage() {
            return "delete <alias> [-f] [-provider provider-path]:\n\nThe delete subcommand deletes the credential\nspecified as the <alias> argument from within the provider\nindicated through the -provider argument. The command asks for\nconfirmation unless the -f option is specified.";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:hadoop-client-2.7.0-mapr-1506/share/hadoop/client/lib/hadoop-common-2.7.0-mapr-1506.jar:org/apache/hadoop/security/alias/CredentialShell$ListCommand.class */
    public class ListCommand extends Command {
        public static final String USAGE = "list [-provider provider-path]";
        public static final String DESC = "The list subcommand displays the aliases contained within \na particular provider - as configured in core-site.xml or indicated\nthrough the -provider argument.";

        private ListCommand() {
            super();
        }

        @Override // org.apache.hadoop.security.alias.CredentialShell.Command
        public boolean validate() {
            boolean z = true;
            this.provider = getCredentialProvider();
            if (this.provider == null) {
                CredentialShell.this.out.println("There are no non-transient CredentialProviders configured.\nConsider using the -provider option to indicate the provider\nto use. If you want to list a transient provider then you\nyou MUST use the -provider argument.");
                z = false;
            }
            return z;
        }

        @Override // org.apache.hadoop.security.alias.CredentialShell.Command
        public void execute() throws IOException {
            try {
                List<String> aliases = this.provider.getAliases();
                CredentialShell.this.out.println("Listing aliases for CredentialProvider: " + this.provider.toString());
                Iterator<String> it = aliases.iterator();
                while (it.hasNext()) {
                    CredentialShell.this.out.println(it.next());
                }
            } catch (IOException e) {
                CredentialShell.this.out.println("Cannot list aliases for CredentialProvider: " + this.provider.toString() + ": " + e.getMessage());
                throw e;
            }
        }

        @Override // org.apache.hadoop.security.alias.CredentialShell.Command
        public String getUsage() {
            return "list [-provider provider-path]:\n\nThe list subcommand displays the aliases contained within \na particular provider - as configured in core-site.xml or indicated\nthrough the -provider argument.";
        }
    }

    /* loaded from: input_file:hadoop-client-2.7.0-mapr-1506/share/hadoop/client/lib/hadoop-common-2.7.0-mapr-1506.jar:org/apache/hadoop/security/alias/CredentialShell$PasswordReader.class */
    public static class PasswordReader {
        public char[] readPassword(String str) {
            return System.console().readPassword(str, new Object[0]);
        }

        public void format(String str) {
            System.console().format(str, new Object[0]);
        }
    }

    @Override // org.apache.hadoop.util.Tool
    public int run(String[] strArr) throws Exception {
        try {
            int init = init(strArr);
            if (init != 0) {
                return init;
            }
            if (this.command.validate()) {
                this.command.execute();
            } else {
                init = 1;
            }
            return init;
        } catch (Exception e) {
            e.printStackTrace(this.err);
            return 1;
        }
    }

    protected int init(String[] strArr) throws IOException {
        if (0 == strArr.length) {
            printCredShellUsage();
            ToolRunner.printGenericCommandUsage(System.err);
            return 1;
        }
        int i = 0;
        while (i < strArr.length) {
            if (strArr[i].equals("create")) {
                if (i == strArr.length - 1) {
                    printCredShellUsage();
                    return 1;
                }
                i++;
                String str = strArr[i];
                this.command = new CreateCommand(str);
                if (str.equals("-help")) {
                    printCredShellUsage();
                    return 0;
                }
            } else if (strArr[i].equals("delete")) {
                if (i == strArr.length - 1) {
                    printCredShellUsage();
                    return 1;
                }
                i++;
                String str2 = strArr[i];
                this.command = new DeleteCommand(str2);
                if (str2.equals("-help")) {
                    printCredShellUsage();
                    return 0;
                }
            } else if (strArr[i].equals("list")) {
                this.command = new ListCommand();
            } else if (strArr[i].equals("-provider")) {
                if (i == strArr.length - 1) {
                    printCredShellUsage();
                    return 1;
                }
                this.userSuppliedProvider = true;
                i++;
                getConf().set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, strArr[i]);
            } else if (strArr[i].equals("-f") || strArr[i].equals("-force")) {
                this.interactive = false;
            } else {
                if (!strArr[i].equals("-v") && !strArr[i].equals("-value")) {
                    if (strArr[i].equals("-help")) {
                        printCredShellUsage();
                        return 0;
                    }
                    printCredShellUsage();
                    ToolRunner.printGenericCommandUsage(System.err);
                    return 1;
                }
                i++;
                this.value = strArr[i];
            }
            i++;
        }
        return 0;
    }

    private void printCredShellUsage() {
        this.out.println("Usage: hadoop credential [generic options]\n   [--help]\n   [create <alias> [-provider provider-path]]\n   [delete <alias> [-f] [-provider provider-path]]\n   [list [-provider provider-path]]\n");
        if (this.command != null) {
            this.out.println(this.command.getUsage());
            return;
        }
        this.out.println("===============================================================");
        this.out.println("create <alias> [-provider provider-path]:\n\nThe create subcommand creates a new credential for the name specified\nas the <alias> argument within the provider indicated through\nthe -provider argument.");
        this.out.println("===============================================================");
        this.out.println("delete <alias> [-f] [-provider provider-path]:\n\nThe delete subcommand deletes the credential\nspecified as the <alias> argument from within the provider\nindicated through the -provider argument. The command asks for\nconfirmation unless the -f option is specified.");
        this.out.println("===============================================================");
        this.out.println("list [-provider provider-path]:\n\nThe list subcommand displays the aliases contained within \na particular provider - as configured in core-site.xml or indicated\nthrough the -provider argument.");
    }

    protected char[] promptForCredential() throws IOException {
        boolean z;
        PasswordReader passwordReader = getPasswordReader();
        if (passwordReader == null) {
            throw new IOException("No console available for prompting user.");
        }
        char[] cArr = null;
        do {
            char[] readPassword = passwordReader.readPassword("Enter password: ");
            char[] readPassword2 = passwordReader.readPassword("Enter password again: ");
            z = !Arrays.equals(readPassword, readPassword2);
            if (z) {
                if (readPassword != null) {
                    Arrays.fill(readPassword, ' ');
                }
                passwordReader.format("Passwords don't match. Try again.%n");
            } else {
                cArr = readPassword;
            }
            if (readPassword2 != null) {
                Arrays.fill(readPassword2, ' ');
            }
        } while (z);
        return cArr;
    }

    public PasswordReader getPasswordReader() {
        if (this.passwordReader == null) {
            this.passwordReader = new PasswordReader();
        }
        return this.passwordReader;
    }

    public void setPasswordReader(PasswordReader passwordReader) {
        this.passwordReader = passwordReader;
    }

    public static void main(String[] strArr) throws Exception {
        System.exit(ToolRunner.run(new Configuration(), new CredentialShell(), strArr));
    }
}
