package org.apache.cassandra.auth;

import com.google.common.collect.ImmutableSet;
import com.google.common.util.concurrent.Uninterruptibles;
import com.instaclustr.cassandra.ldap.AbstractLDAPAuthenticator;
import com.instaclustr.cassandra.ldap.auth.SystemAuthRoles;
import com.instaclustr.cassandra.ldap.conf.LdapAuthenticatorConfiguration;
import com.instaclustr.cassandra.ldap.utils.ServiceUtils;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.TimeUnit;
import org.apache.cassandra.auth.IRoleManager;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.exceptions.AuthenticationException;
import org.apache.cassandra.exceptions.ConfigurationException;
import org.apache.cassandra.service.ClientState;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/cassandra/auth/LDAPCassandraRoleManager.class */
public class LDAPCassandraRoleManager extends CassandraRoleManager {
    private static final Logger logger = LoggerFactory.getLogger(LDAPCassandraRoleManager.class);
    private Properties properties;
    private ClientState clientState;

    public void validateConfiguration() throws ConfigurationException {
        this.properties = new LdapAuthenticatorConfiguration().parseProperties();
    }

    public void setup() {
        super.setup();
        SystemAuthRoles systemAuthRoles = (SystemAuthRoles) ServiceUtils.getService(SystemAuthRoles.class, null);
        String property = System.getProperty(LdapAuthenticatorConfiguration.CASSANDRA_LDAP_ADMIN_USER, "cassandra");
        logger.info("DB admin role is {}", property);
        String property2 = this.properties.getProperty(LdapAuthenticatorConfiguration.LDAP_DN);
        logger.info("LDAP admin role is {}", property2);
        try {
            Callable callable = () -> {
                if (!systemAuthRoles.hasAdminRole(property)) {
                    throw new IllegalStateException("Waiting for " + property + " role!");
                }
                if (!canLogin(RoleResource.fromName("roles/" + property))) {
                    logger.info("Role '" + property + "' can not log in, prematurely existing setup, not going to create LDAP admin role {}", property2);
                    return null;
                }
                this.clientState = ClientState.forInternalCalls();
                this.clientState.login(new AuthenticatedUser(property));
                systemAuthRoles.setClientState(this.clientState);
                if (property2 == null || property2.isEmpty()) {
                    logger.info("Not trying to create LDAP admin role as it is not set in configuration via {} option.", LdapAuthenticatorConfiguration.LDAP_DN);
                    return null;
                }
                try {
                    if (systemAuthRoles.roleMissing(property2)) {
                        systemAuthRoles.createRole(property2, true);
                        logger.info("Created LDAP admin role '{}'", property2);
                    } else {
                        logger.info("Not creating LDAP admin role '{}' as it is already present.", property2);
                    }
                    return null;
                } catch (Exception e) {
                    logger.trace("Unable to create LDAP admin role.", e);
                    logger.error("Unable to create LDAP admin role {}", property2);
                    throw e;
                }
            };
            while (true) {
                try {
                    callable.call();
                    return;
                } catch (Exception e) {
                    logger.trace("Role manager setup was not successful, sleeping for 5 seconds and trying again ...", e);
                    Uninterruptibles.sleepUninterruptibly(5L, TimeUnit.SECONDS);
                }
            }
        } catch (Exception e2) {
            logger.trace("Unable to setup " + LDAPCassandraRoleManager.class.getName(), e2);
            throw new AuthenticationException("Unable to setup " + LDAPCassandraRoleManager.class.getName() + ": " + e2.getMessage());
        }
    }

    public Set<IRoleManager.Option> supportedOptions() {
        return AbstractLDAPAuthenticator.class.isAssignableFrom(DatabaseDescriptor.getAuthenticator().getClass()) ? ImmutableSet.of(IRoleManager.Option.LOGIN, IRoleManager.Option.SUPERUSER, IRoleManager.Option.PASSWORD) : ImmutableSet.of(IRoleManager.Option.LOGIN, IRoleManager.Option.SUPERUSER);
    }
}
