package org.apache.cassandra.auth;

import com.google.common.util.concurrent.UncheckedExecutionException;
import com.google.common.util.concurrent.Uninterruptibles;
import com.instaclustr.cassandra.ldap.AbstractLDAPAuthenticator;
import com.instaclustr.cassandra.ldap.User;
import com.instaclustr.cassandra.ldap.auth.DefaultLDAPUserRetriever;
import com.instaclustr.cassandra.ldap.auth.LegacyCassandraUserRetriever;
import com.instaclustr.cassandra.ldap.auth.SystemAuthRoles;
import com.instaclustr.cassandra.ldap.cache.CredentialsLoadingFunction;
import com.instaclustr.cassandra.ldap.conf.LdapAuthenticatorConfiguration;
import com.instaclustr.cassandra.ldap.exception.LDAPAuthFailedException;
import com.instaclustr.cassandra.ldap.utils.ServiceUtils;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.exceptions.AuthenticationException;
import org.apache.cassandra.exceptions.ConfigurationException;
import org.apache.cassandra.service.ClientState;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/cassandra/auth/LegacyCassandraLDAPAuthenticator.class */
public abstract class LegacyCassandraLDAPAuthenticator extends AbstractLDAPAuthenticator {
    private static final Logger logger = LoggerFactory.getLogger(LegacyCassandraLDAPAuthenticator.class);
    private CredentialsLoadingFunction credentialsLoadingFunction;

    public void setup() {
        if (!CassandraAuthorizer.class.isAssignableFrom(DatabaseDescriptor.getAuthorizer().getClass())) {
            throw new ConfigurationException(String.format("%s only works with %s", LegacyCassandraLDAPAuthenticator.class.getCanonicalName(), CassandraAuthorizer.class.getCanonicalName()));
        }
        this.clientState = ClientState.forInternalCalls();
        this.systemAuthRoles = (SystemAuthRoles) ServiceUtils.getService(SystemAuthRoles.class, null);
        this.systemAuthRoles.setClientState(this.clientState);
        LegacyCassandraUserRetriever legacyCassandraUserRetriever = new LegacyCassandraUserRetriever();
        legacyCassandraUserRetriever.init(this.clientState);
        String property = System.getProperty(LdapAuthenticatorConfiguration.CASSANDRA_LDAP_ADMIN_USER, "cassandra");
        while (!this.systemAuthRoles.hasAdminRole(property)) {
            try {
                throw new IllegalStateException("Waiting for " + property + " role!");
            } catch (Exception e) {
                logger.debug("Waiting for cassandra role, sleeping for 5 seconds and trying again ...");
                Uninterruptibles.sleepUninterruptibly(5L, TimeUnit.SECONDS);
            }
        }
        this.clientState.login(new AuthenticatedUser(property));
        DefaultLDAPUserRetriever defaultLDAPUserRetriever = new DefaultLDAPUserRetriever(hasher, this.properties);
        legacyCassandraUserRetriever.getClass();
        Function function = legacyCassandraUserRetriever::retrieve;
        defaultLDAPUserRetriever.getClass();
        this.credentialsLoadingFunction = new CredentialsLoadingFunction(function, defaultLDAPUserRetriever::retrieve);
        logger.info("{} was initialised", LegacyCassandraLDAPAuthenticator.class.getName());
    }

    @Override // com.instaclustr.cassandra.ldap.AbstractLDAPAuthenticator
    public AuthenticatedUser authenticate(String str, String str2) {
        try {
            User user = new User(str, str2);
            User apply = this.credentialsLoadingFunction.apply(user);
            if (apply == null || apply.getPassword() == null) {
                return null;
            }
            if (!hasher.checkPasswords(str2, apply.getPassword()) && user.getLdapDN() == null) {
                throw new AuthenticationException("invalid username/password");
            }
            if (apply.getLdapDN() != null && this.systemAuthRoles.roleMissing(apply.getLdapDN())) {
                this.systemAuthRoles.createRole(apply.getLdapDN(), false);
            }
            String username = apply.getLdapDN() == null ? apply.getUsername() : apply.getLdapDN();
            logger.debug("Going to log in with {}", username);
            return new AuthenticatedUser(username);
        } catch (UncheckedExecutionException e) {
            if (!(e.getCause() instanceof LDAPAuthFailedException)) {
                throw e;
            }
            LDAPAuthFailedException lDAPAuthFailedException = (LDAPAuthFailedException) e.getCause();
            logger.warn("Failed login for {}, reason was {}", str, e.getMessage());
            throw new AuthenticationException(String.format("Failed to authenticate with directory server, user may not exist: %s", lDAPAuthFailedException.getMessage()));
        } catch (Exception e2) {
            logger.error("ERROR", e2);
            throw new AuthenticationException(String.format("Could not authenticate: %s", e2.getMessage()));
        } catch (AuthenticationException e3) {
            throw e3;
        }
    }
}
