package com.instaclustr.cassandra.auth;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import com.instaclustr.cassandra.auth.BaseKerberosAuthenticator;
import java.net.InetAddress;
import java.nio.ByteBuffer;
import org.apache.cassandra.auth.AuthCache;
import org.apache.cassandra.auth.AuthCacheMBean;
import org.apache.cassandra.auth.IAuthenticator;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.cql3.QueryOptions;
import org.apache.cassandra.cql3.QueryProcessor;
import org.apache.cassandra.cql3.statements.SelectStatement;
import org.apache.cassandra.db.ConsistencyLevel;
import org.apache.cassandra.service.ClientState;
import org.apache.cassandra.service.QueryState;
import org.apache.cassandra.transport.messages.ResultMessage;
import org.apache.cassandra.utils.ByteBufferUtil;
import org.apache.cassandra.utils.FBUtilities;

/* loaded from: input_file:com/instaclustr/cassandra/auth/KerberosAuthenticator.class */
public class KerberosAuthenticator extends BaseKerberosAuthenticator {
    private UserCache cache;

    /* loaded from: input_file:com/instaclustr/cassandra/auth/KerberosAuthenticator$CredentialsCacheMBean.class */
    public interface CredentialsCacheMBean extends AuthCacheMBean {
        void invalidateCredentials(String str);
    }

    /* loaded from: input_file:com/instaclustr/cassandra/auth/KerberosAuthenticator$UserCache.class */
    public static class UserCache extends AuthCache<String, String> implements CredentialsCacheMBean {
        public UserCache(BaseKerberosAuthenticator.QueryUserFunction queryUserFunction) {
            super("CredentialsCache", (v0) -> {
                DatabaseDescriptor.setCredentialsValidity(v0);
            }, DatabaseDescriptor::getCredentialsValidity, (v0) -> {
                DatabaseDescriptor.setCredentialsUpdateInterval(v0);
            }, DatabaseDescriptor::getCredentialsUpdateInterval, (v0) -> {
                DatabaseDescriptor.setCredentialsCacheMaxEntries(v0);
            }, DatabaseDescriptor::getCredentialsCacheMaxEntries, queryUserFunction, () -> {
                return true;
            });
        }

        @Override // com.instaclustr.cassandra.auth.KerberosAuthenticator.CredentialsCacheMBean
        public void invalidateCredentials(String str) {
            invalidate(str);
        }
    }

    @Override // com.instaclustr.cassandra.auth.BaseKerberosAuthenticator
    public void afterSetup() {
        this.cache = new UserCache(new BaseKerberosAuthenticator.QueryUserFunction() { // from class: com.instaclustr.cassandra.auth.KerberosAuthenticator.1
            @Override // com.instaclustr.cassandra.auth.BaseKerberosAuthenticator.QueryUserFunction
            public SelectStatement prepare(String str) {
                return QueryProcessor.getStatement(str, ClientState.forInternalCalls()).statement;
            }

            @Override // com.instaclustr.cassandra.auth.BaseKerberosAuthenticator.QueryUserFunction
            public ResultMessage.Rows execute(String str) {
                return this.getRoleStatement.execute(QueryState.forInternalCalls(), QueryOptions.forInternalCalls(ConsistencyLevel.LOCAL_ONE, Lists.newArrayList(new ByteBuffer[]{ByteBufferUtil.bytes(str)})), System.nanoTime());
            }
        });
    }

    public IAuthenticator.SaslNegotiator newSaslNegotiator(InetAddress inetAddress) {
        BaseKerberosAuthenticator.Configuration configuration = getConfiguration();
        return new BaseKerberosAuthenticator.KerberosSaslAuthenticator(configuration.getKerberosPrincipalServiceNameComponent(), ImmutableMap.builder().put("javax.security.sasl.qop", configuration.qop()).build()) { // from class: com.instaclustr.cassandra.auth.KerberosAuthenticator.2
            @Override // com.instaclustr.cassandra.auth.BaseKerberosAuthenticator.KerberosSaslAuthenticator
            public void fetchUser(String str) {
                KerberosAuthenticator.this.cache.get(str);
            }

            @Override // com.instaclustr.cassandra.auth.BaseKerberosAuthenticator.KerberosSaslAuthenticator
            public String serverName() {
                return FBUtilities.getBroadcastAddress().getCanonicalHostName();
            }
        };
    }
}
