package com.instaclustr.cassandra.ldap;

import com.google.common.collect.Lists;
import com.google.common.util.concurrent.UncheckedExecutionException;
import com.google.common.util.concurrent.Uninterruptibles;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import org.apache.cassandra.auth.AuthCache;
import org.apache.cassandra.auth.AuthCacheMBean;
import org.apache.cassandra.auth.AuthenticatedUser;
import org.apache.cassandra.auth.CassandraAuthorizer;
import org.apache.cassandra.auth.IAuthenticator;
import org.apache.cassandra.auth.IResource;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.cql3.QueryOptions;
import org.apache.cassandra.cql3.QueryProcessor;
import org.apache.cassandra.db.ConsistencyLevel;
import org.apache.cassandra.exceptions.AuthenticationException;
import org.apache.cassandra.exceptions.ConfigurationException;
import org.apache.cassandra.exceptions.ExceptionCode;
import org.apache.cassandra.exceptions.RequestExecutionException;
import org.apache.cassandra.service.ClientState;
import org.apache.cassandra.service.QueryState;
import org.apache.cassandra.utils.ByteBufferUtil;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import org.mindrot.jbcrypt.BCrypt;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/instaclustr/cassandra/ldap/LDAPAuthenticator.class */
public class LDAPAuthenticator implements IAuthenticator {
    private static final Logger logger = LoggerFactory.getLogger(LDAPAuthenticator.class);
    private static ClientState state;
    private Properties properties;
    private DirContext serviceContext;
    private CredentialsCache cache;
    private final Set<String> existingUsers = new HashSet();
    private Map<String, String> usernameToDN = new HashMap();

    /* loaded from: input_file:com/instaclustr/cassandra/ldap/LDAPAuthenticator$CredentialsCache.class */
    public class CredentialsCache extends AuthCache<User, String> implements CredentialsCacheMBean {
        private CredentialsCache() {
            super("CredentialsCache", (v0) -> {
                DatabaseDescriptor.setCredentialsValidity(v0);
            }, DatabaseDescriptor::getCredentialsValidity, (v0) -> {
                DatabaseDescriptor.setCredentialsUpdateInterval(v0);
            }, DatabaseDescriptor::getCredentialsUpdateInterval, (v0) -> {
                DatabaseDescriptor.setCredentialsCacheMaxEntries(v0);
            }, DatabaseDescriptor::getCredentialsCacheMaxEntries, user
            /*  JADX ERROR: Method code generation error
                jadx.core.utils.exceptions.CodegenException: Error generate insn: 0x0031: CONSTRUCTOR 
                  ("CredentialsCache")
                  (wrap:java.util.function.Consumer:0x0008: INVOKE_CUSTOM  A[MD:():java.util.function.Consumer (s), WRAPPED]
                 handle type: INVOKE_STATIC
                 lambda: java.util.function.Consumer.accept(java.lang.Object):void
                 call insn: INVOKE (v0 int) STATIC call: org.apache.cassandra.config.DatabaseDescriptor.setCredentialsValidity(int):void)
                  (wrap:java.util.function.Supplier:0x000d: INVOKE_CUSTOM  A[MD:():java.util.function.Supplier (s), WRAPPED]
                 handle type: INVOKE_STATIC
                 lambda: java.util.function.Supplier.get():java.lang.Object
                 call insn: INVOKE  STATIC call: org.apache.cassandra.config.DatabaseDescriptor.getCredentialsValidity():int)
                  (wrap:java.util.function.Consumer:0x0012: INVOKE_CUSTOM  A[MD:():java.util.function.Consumer (s), WRAPPED]
                 handle type: INVOKE_STATIC
                 lambda: java.util.function.Consumer.accept(java.lang.Object):void
                 call insn: INVOKE (v0 int) STATIC call: org.apache.cassandra.config.DatabaseDescriptor.setCredentialsUpdateInterval(int):void)
                  (wrap:java.util.function.Supplier:0x0017: INVOKE_CUSTOM  A[MD:():java.util.function.Supplier (s), WRAPPED]
                 handle type: INVOKE_STATIC
                 lambda: java.util.function.Supplier.get():java.lang.Object
                 call insn: INVOKE  STATIC call: org.apache.cassandra.config.DatabaseDescriptor.getCredentialsUpdateInterval():int)
                  (wrap:java.util.function.Consumer:0x001c: INVOKE_CUSTOM  A[MD:():java.util.function.Consumer (s), WRAPPED]
                 handle type: INVOKE_STATIC
                 lambda: java.util.function.Consumer.accept(java.lang.Object):void
                 call insn: INVOKE (v0 int) STATIC call: org.apache.cassandra.config.DatabaseDescriptor.setCredentialsCacheMaxEntries(int):int)
                  (wrap:java.util.function.Supplier:0x0021: INVOKE_CUSTOM  A[MD:():java.util.function.Supplier (s), WRAPPED]
                 handle type: INVOKE_STATIC
                 lambda: java.util.function.Supplier.get():java.lang.Object
                 call insn: INVOKE  STATIC call: org.apache.cassandra.config.DatabaseDescriptor.getCredentialsCacheMaxEntries():int)
                  (wrap:java.util.function.Function:0x0027: INVOKE_CUSTOM 
                  (wrap:com.instaclustr.cassandra.ldap.LDAPAuthenticator:IGET (r11v0 'this' com.instaclustr.cassandra.ldap.LDAPAuthenticator$CredentialsCache A[IMMUTABLE_TYPE, THIS]) A[WRAPPED] com.instaclustr.cassandra.ldap.LDAPAuthenticator.CredentialsCache.this$0 com.instaclustr.cassandra.ldap.LDAPAuthenticator)
                 A[MD:(com.instaclustr.cassandra.ldap.LDAPAuthenticator):java.util.function.Function (s), WRAPPED]
                 handle type: INVOKE_STATIC
                 lambda: java.util.function.Function.apply(java.lang.Object):java.lang.Object
                 call insn: INVOKE (r8 I:com.instaclustr.cassandra.ldap.LDAPAuthenticator), (v1 com.instaclustr.cassandra.ldap.LDAPAuthenticator$User) STATIC call: com.instaclustr.cassandra.ldap.LDAPAuthenticator.CredentialsCache.lambda$new$0(com.instaclustr.cassandra.ldap.LDAPAuthenticator, com.instaclustr.cassandra.ldap.LDAPAuthenticator$User):java.lang.String A[MD:(com.instaclustr.cassandra.ldap.LDAPAuthenticator, com.instaclustr.cassandra.ldap.LDAPAuthenticator$User):java.lang.String (m)])
                  (wrap:java.util.function.Supplier:0x002c: INVOKE_CUSTOM  A[MD:():java.util.function.Supplier (s), WRAPPED]
                 handle type: INVOKE_STATIC
                 lambda: java.util.function.Supplier.get():java.lang.Object
                 call insn: INVOKE  STATIC call: com.instaclustr.cassandra.ldap.LDAPAuthenticator.CredentialsCache.lambda$new$1():java.lang.Boolean A[MD:():java.lang.Boolean (m)])
                 call: org.apache.cassandra.auth.AuthCache.<init>(java.lang.String, java.util.function.Consumer, java.util.function.Supplier, java.util.function.Consumer, java.util.function.Supplier, java.util.function.Consumer, java.util.function.Supplier, java.util.function.Function, java.util.function.Supplier):void type: SUPER in method: com.instaclustr.cassandra.ldap.LDAPAuthenticator.CredentialsCache.<init>(com.instaclustr.cassandra.ldap.LDAPAuthenticator):void, file: input_file:com/instaclustr/cassandra/ldap/LDAPAuthenticator$CredentialsCache.class
                	at jadx.core.codegen.InsnGen.makeInsn(InsnGen.java:310)
                	at jadx.core.codegen.InsnGen.makeInsn(InsnGen.java:273)
                	at jadx.core.codegen.RegionGen.makeSimpleBlock(RegionGen.java:94)
                	at jadx.core.dex.nodes.IBlock.generate(IBlock.java:15)
                	at jadx.core.codegen.RegionGen.makeRegion(RegionGen.java:66)
                	at jadx.core.dex.regions.Region.generate(Region.java:35)
                	at jadx.core.codegen.RegionGen.makeRegion(RegionGen.java:66)
                	at jadx.core.codegen.MethodGen.addRegionInsns(MethodGen.java:297)
                	at jadx.core.codegen.MethodGen.addInstructions(MethodGen.java:276)
                	at jadx.core.codegen.ClassGen.addMethodCode(ClassGen.java:406)
                	at jadx.core.codegen.ClassGen.addMethod(ClassGen.java:335)
                	at jadx.core.codegen.ClassGen.lambda$addInnerClsAndMethods$3(ClassGen.java:301)
                	at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184)
                	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
                	at java.base/java.util.stream.SortedOps$RefSortingSink.end(SortedOps.java:395)
                	at java.base/java.util.stream.Sink$ChainedReference.end(Sink.java:261)
                Caused by: jadx.core.utils.exceptions.JadxRuntimeException: Unexpected argument type in lambda call: InsnWrapArg
                	at jadx.core.codegen.InsnGen.makeInlinedLambdaMethod(InsnGen.java:1043)
                	at jadx.core.codegen.InsnGen.makeInvokeLambda(InsnGen.java:936)
                	at jadx.core.codegen.InsnGen.makeInvoke(InsnGen.java:827)
                	at jadx.core.codegen.InsnGen.makeInsnBody(InsnGen.java:422)
                	at jadx.core.codegen.InsnGen.addWrappedArg(InsnGen.java:145)
                	at jadx.core.codegen.InsnGen.addArg(InsnGen.java:121)
                	at jadx.core.codegen.InsnGen.addArg(InsnGen.java:108)
                	at jadx.core.codegen.InsnGen.generateMethodArguments(InsnGen.java:1117)
                	at jadx.core.codegen.InsnGen.makeConstructor(InsnGen.java:777)
                	at jadx.core.codegen.InsnGen.makeInsnBody(InsnGen.java:418)
                	at jadx.core.codegen.InsnGen.makeInsn(InsnGen.java:303)
                	... 15 more
                */
            /*
                this = this;
                r0 = r11
                r1 = r12
                com.instaclustr.cassandra.ldap.LDAPAuthenticator.this = r1
                r0 = r11
                java.lang.String r1 = "CredentialsCache"
                void r2 = (v0) -> { // java.util.function.Consumer.accept(java.lang.Object):void
                    org.apache.cassandra.config.DatabaseDescriptor.setCredentialsValidity(v0);
                }
                void r3 = org.apache.cassandra.config.DatabaseDescriptor::getCredentialsValidity
                void r4 = (v0) -> { // java.util.function.Consumer.accept(java.lang.Object):void
                    org.apache.cassandra.config.DatabaseDescriptor.setCredentialsUpdateInterval(v0);
                }
                void r5 = org.apache.cassandra.config.DatabaseDescriptor::getCredentialsUpdateInterval
                void r6 = (v0) -> { // java.util.function.Consumer.accept(java.lang.Object):void
                    org.apache.cassandra.config.DatabaseDescriptor.setCredentialsCacheMaxEntries(v0);
                }
                void r7 = org.apache.cassandra.config.DatabaseDescriptor::getCredentialsCacheMaxEntries
                r8 = r12
                void r8 = (v1) -> { // java.util.function.Function.apply(java.lang.Object):java.lang.Object
                    return lambda$new$0(r8, v1);
                }
                void r9 = () -> { // java.util.function.Supplier.get():java.lang.Object
                    return lambda$new$1();
                }
                r0.<init>(r1, r2, r3, r4, r5, r6, r7, r8, r9)
                return
            */
            throw new UnsupportedOperationException("Method not decompiled: com.instaclustr.cassandra.ldap.LDAPAuthenticator.CredentialsCache.<init>(com.instaclustr.cassandra.ldap.LDAPAuthenticator):void");
        }

        @Override // com.instaclustr.cassandra.ldap.LDAPAuthenticator.CredentialsCacheMBean
        public void invalidateCredentials(String str) {
            invalidate(new User(str));
        }
    }

    /* loaded from: input_file:com/instaclustr/cassandra/ldap/LDAPAuthenticator$CredentialsCacheMBean.class */
    public interface CredentialsCacheMBean extends AuthCacheMBean {
        void invalidateCredentials(String str);
    }

    /* loaded from: input_file:com/instaclustr/cassandra/ldap/LDAPAuthenticator$LDAPAuthFailedException.class */
    public static class LDAPAuthFailedException extends RequestExecutionException {
        public LDAPAuthFailedException(ExceptionCode exceptionCode, String str, Throwable th) {
            super(exceptionCode, str, th);
        }
    }

    /* loaded from: input_file:com/instaclustr/cassandra/ldap/LDAPAuthenticator$LdapAuthenticatorConfiguration.class */
    public static final class LdapAuthenticatorConfiguration {
        public static final String LDAP_PROPERTIES_FILE_PROP = "cassandra.ldap.properties.file";
        public static final String LDAP_PROPERTIES_FILENAME = "ldap.properties";
        public static final String LDAP_URI_PROP = "ldap_uri";
        public static final String CONTEXT_FACTORY_PROP = "context_factory";
        public static final String ANONYMOUS_ACCESS_PROP = "anonymous_access";
        public static final String LDAP_DN = "service_dn";
        public static final String PASSWORD_KEY = "service_password";
        public static final String NAMING_ATTRIBUTE_PROP = "ldap_naming_attribute";
        public static final String INITIAL_CASSANDRA_LOGIN_ATTEMPTS_PROP = "cassandra.ldap_cassandra_initial_login_attempts";
        public static final String INITIAL_CASSANDRA_LOGIN_ATTEMPT_PERIOD_PROP = "cassandra.ldap_cassandra_initial_login_attemp_period";
        public static final int INITIAL_CASSANDRA_LOGIN_ATTEMPTS_DEFAULT = 10;
        public static final int INITIAL_CASSANDRA_LOGIN_ATTEMPT_PERIOD_IN_SECONDS_DEFAULT = 5;
        public static final String GENSALT_LOG2_ROUNDS_PROP = "cassandra.auth_bcrypt_gensalt_log2_rounds";
        public static final int GENSALT_LOG2_ROUNDS_DEFAULT = 10;
        public static final String DEFAULT_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
        public static final String DEFAULT_SERVICE_ROLE = "_LDAPAUTH_";
        public static final String DEFAULT_SUPERUSER_NAME = "cassandra";
        public static final int INITIAL_CASSANDRA_LOGIN_ATTEMPTS = getLdapCassandraInitialLoginAttempts();
        public static final int INITIAL_CASSANDRA_LOGIN_ATTEMPT_PERIOD = getLdapCassandraInitialLoggingAttemptPeriod();
        public static int GENSALT_ROUNDS = getGensaltLog2Rounds();

        private static int getGensaltLog2Rounds() {
            int intValue = Integer.getInteger(GENSALT_LOG2_ROUNDS_PROP, 10).intValue();
            if (intValue < 4 || intValue > 31) {
                throw new ConfigurationException(String.format("Bad value for system property -D%s. Please use a value between 4 and 31 inclusively", GENSALT_LOG2_ROUNDS_PROP));
            }
            return intValue;
        }

        private static int getLdapCassandraInitialLoginAttempts() {
            int intValue = Integer.getInteger(INITIAL_CASSANDRA_LOGIN_ATTEMPTS_PROP, 10).intValue();
            if (intValue < 2) {
                throw new ConfigurationException(String.format("Bad value for system property -D%s. Please use value bigger then 1.", INITIAL_CASSANDRA_LOGIN_ATTEMPTS_PROP));
            }
            return intValue;
        }

        private static int getLdapCassandraInitialLoggingAttemptPeriod() {
            int intValue = Integer.getInteger(INITIAL_CASSANDRA_LOGIN_ATTEMPT_PERIOD_PROP, 5).intValue();
            if (intValue < 5) {
                throw new ConfigurationException(String.format("Bad value for system property -D%s in seconds. Please use value bigger then 5.", INITIAL_CASSANDRA_LOGIN_ATTEMPT_PERIOD_PROP));
            }
            return intValue;
        }
    }

    /* loaded from: input_file:com/instaclustr/cassandra/ldap/LDAPAuthenticator$PlainTextSaslAuthenticator.class */
    public class PlainTextSaslAuthenticator implements IAuthenticator.SaslNegotiator {
        private boolean complete = false;
        private String username;
        private String password;

        public PlainTextSaslAuthenticator() {
        }

        public byte[] evaluateResponse(byte[] bArr) throws AuthenticationException {
            decodeCredentials(bArr);
            this.complete = true;
            return null;
        }

        public boolean isComplete() {
            return this.complete;
        }

        public AuthenticatedUser getAuthenticatedUser() throws AuthenticationException {
            if (this.complete) {
                return LDAPAuthenticator.this.authenticate(this.username, this.password);
            }
            throw new AuthenticationException("SASL negotiation not complete");
        }

        private void decodeCredentials(byte[] bArr) throws AuthenticationException {
            LDAPAuthenticator.logger.trace("Decoding credentials from client token");
            byte[] bArr2 = null;
            byte[] bArr3 = null;
            int length = bArr.length;
            for (int length2 = bArr.length - 1; length2 >= 0; length2--) {
                if (bArr[length2] == 0) {
                    if (bArr3 == null) {
                        bArr3 = Arrays.copyOfRange(bArr, length2 + 1, length);
                    } else if (bArr2 == null) {
                        bArr2 = Arrays.copyOfRange(bArr, length2 + 1, length);
                    }
                    length = length2;
                }
            }
            if (bArr3 == null) {
                throw new AuthenticationException("Password must not be null");
            }
            if (bArr2 == null) {
                throw new AuthenticationException("Authentication ID must not be null");
            }
            this.username = new String(bArr2, StandardCharsets.UTF_8);
            this.password = new String(bArr3, StandardCharsets.UTF_8);
        }
    }

    /* loaded from: input_file:com/instaclustr/cassandra/ldap/LDAPAuthenticator$User.class */
    public static class User {
        final String username;
        final String password;

        User(String str) {
            this(str, null);
        }

        User(String str, String str2) {
            if (str == null) {
                throw new RuntimeException("Username provided to User instance can not be a null object.");
            }
            this.username = str;
            this.password = str2;
        }

        public boolean equals(Object obj) {
            if (obj == null || !(obj instanceof User)) {
                return false;
            }
            if (this == obj) {
                return true;
            }
            return this.username.equals(((User) obj).username);
        }

        public int hashCode() {
            return new HashCodeBuilder(19, 29).append(this.username).toHashCode();
        }
    }

    private static String hashpw(String str) {
        return BCrypt.hashpw(str, BCrypt.gensalt(LdapAuthenticatorConfiguration.GENSALT_ROUNDS));
    }

    private static boolean checkpw(String str, String str2) {
        try {
            return BCrypt.checkpw(str, str2);
        } catch (Exception e) {
            logger.warn("Error: invalid password hash encountered, rejecting user.", e);
            return false;
        }
    }

    public boolean requireAuthentication() {
        return true;
    }

    public Set<? extends IResource> protectedResources() {
        return Collections.emptySet();
    }

    public void validateConfiguration() throws ConfigurationException {
        this.properties = new Properties();
        this.properties.put("java.naming.security.authentication", "simple");
        this.properties.put("com.sun.jndi.ldap.read.timeout", "1000");
        this.properties.put("com.sun.jndi.ldap.connect.timeout", "2000");
        this.properties.put("com.sun.jndi.ldap.connect.pool", "true");
        String str = System.getenv().get("CASSANDRA_CONF");
        File file = null;
        if (str != null) {
            file = new File(str, LdapAuthenticatorConfiguration.LDAP_PROPERTIES_FILENAME);
        }
        File file2 = new File(System.getProperty(LdapAuthenticatorConfiguration.LDAP_PROPERTIES_FILE_PROP, LdapAuthenticatorConfiguration.LDAP_PROPERTIES_FILENAME));
        File file3 = null;
        if (file2.exists() && file2.canRead()) {
            file3 = file2;
        } else if (file != null && file.exists() && file.canRead()) {
            file3 = file;
        }
        if (file3 == null) {
            throw new ConfigurationException(String.format("Unable to locate readable LDAP configuration file from system property %s nor from $CASSANDRA_CONF/ldap.properties.", LdapAuthenticatorConfiguration.LDAP_PROPERTIES_FILE_PROP));
        }
        logger.info("LDAP configuration file: {}", file3.getAbsoluteFile());
        try {
            FileInputStream fileInputStream = new FileInputStream(file3);
            Throwable th = null;
            try {
                try {
                    this.properties.load(fileInputStream);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    if (!this.properties.containsKey(LdapAuthenticatorConfiguration.LDAP_URI_PROP)) {
                        throw new ConfigurationException(String.format("%s MUST be set in the configuration file %s", LdapAuthenticatorConfiguration.LDAP_URI_PROP, file3.getAbsolutePath()));
                    }
                    String property = this.properties.getProperty(LdapAuthenticatorConfiguration.LDAP_DN);
                    String property2 = this.properties.getProperty(LdapAuthenticatorConfiguration.PASSWORD_KEY);
                    if (!Boolean.parseBoolean(this.properties.getProperty(LdapAuthenticatorConfiguration.ANONYMOUS_ACCESS_PROP, "false")) && (property == null || property2 == null)) {
                        throw new ConfigurationException(String.format("You must specify both %s and %s if %s is false.", LdapAuthenticatorConfiguration.LDAP_DN, LdapAuthenticatorConfiguration.PASSWORD_KEY, LdapAuthenticatorConfiguration.ANONYMOUS_ACCESS_PROP));
                    }
                    this.properties.put("java.naming.factory.initial", this.properties.getProperty(LdapAuthenticatorConfiguration.CONTEXT_FACTORY_PROP, LdapAuthenticatorConfiguration.DEFAULT_CONTEXT_FACTORY));
                    this.properties.put("java.naming.provider.url", this.properties.getProperty(LdapAuthenticatorConfiguration.LDAP_URI_PROP));
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new ConfigurationException(String.format("Could not open ldap configuration file %s", file3), e);
        }
    }

    public void setup() {
        if (!CassandraAuthorizer.class.isAssignableFrom(DatabaseDescriptor.getAuthorizer().getClass())) {
            throw new ConfigurationException(String.format("%s only works with %s", LDAPAuthenticator.class.getCanonicalName(), CassandraAuthorizer.class.getCanonicalName()));
        }
        if (DatabaseDescriptor.getAuthorizer().requireAuthorization()) {
            boolean z = false;
            int i = 0;
            Exception exc = null;
            while (!z && i < LdapAuthenticatorConfiguration.INITIAL_CASSANDRA_LOGIN_ATTEMPTS) {
                Uninterruptibles.sleepUninterruptibly(LdapAuthenticatorConfiguration.INITIAL_CASSANDRA_LOGIN_ATTEMPT_PERIOD, TimeUnit.SECONDS);
                i++;
                try {
                    z = !QueryProcessor.process(String.format("SELECT * FROM %s.%s WHERE role = '%s'", "system_auth", "roles", LdapAuthenticatorConfiguration.DEFAULT_SUPERUSER_NAME), ConsistencyLevel.ONE).isEmpty();
                } catch (Exception e) {
                    exc = e;
                }
            }
            if (!z) {
                if (exc == null) {
                    throw new ConfigurationException(String.format("There was not %s user created in %s seconds.", LdapAuthenticatorConfiguration.DEFAULT_SUPERUSER_NAME, Integer.valueOf(LdapAuthenticatorConfiguration.INITIAL_CASSANDRA_LOGIN_ATTEMPTS * LdapAuthenticatorConfiguration.INITIAL_CASSANDRA_LOGIN_ATTEMPT_PERIOD)));
                }
                throw new ConfigurationException("Unable to perform initial login: " + exc.getMessage(), exc);
            }
        }
        state = ClientState.forInternalCalls();
        try {
            if (Boolean.parseBoolean(this.properties.getProperty(LdapAuthenticatorConfiguration.ANONYMOUS_ACCESS_PROP))) {
                this.serviceContext = new InitialDirContext(this.properties);
                state.login(new AuthenticatedUser(LdapAuthenticatorConfiguration.DEFAULT_SERVICE_ROLE));
            } else {
                String property = this.properties.getProperty(LdapAuthenticatorConfiguration.LDAP_DN);
                String property2 = this.properties.getProperty(LdapAuthenticatorConfiguration.PASSWORD_KEY);
                this.properties.put("java.naming.security.principal", property);
                this.properties.put("java.naming.security.credentials", property2);
                this.serviceContext = new InitialDirContext(this.properties);
                if (!userExists(property)) {
                    QueryProcessor.process(String.format("INSERT INTO %s.%s (role, is_superuser, can_login) VALUES ('%s', true, true)", "system_auth", "roles", property), ConsistencyLevel.ONE);
                }
            }
            this.cache = new CredentialsCache();
        } catch (NamingException e2) {
            Object[] objArr = new Object[2];
            objArr[0] = e2.getMessage();
            objArr[1] = e2.getExplanation() == null ? "uknown" : e2.getExplanation();
            throw new ConfigurationException(String.format("Failed to connect to LDAP server: %s, explanation: %s", objArr), e2);
        }
    }

    private Hashtable<String, String> getUserEnv() {
        Hashtable<String, String> hashtable = new Hashtable<>(11);
        hashtable.put("java.naming.factory.initial", this.properties.getProperty("java.naming.factory.initial"));
        hashtable.put("java.naming.provider.url", this.properties.getProperty(LdapAuthenticatorConfiguration.LDAP_URI_PROP));
        hashtable.put("java.naming.security.authentication", "simple");
        return hashtable;
    }

    private String getUid(String str) throws NamingException {
        if (this.usernameToDN.containsKey(str)) {
            return this.usernameToDN.get(str);
        }
        if (this.serviceContext == null) {
            throw new ConfigurationException("LDAP server connection was not initialised.");
        }
        logger.debug("Connected to LDAP server {}", this.properties.get(LdapAuthenticatorConfiguration.LDAP_URI_PROP));
        String format = String.format("(%s=%s)", this.properties.getOrDefault(LdapAuthenticatorConfiguration.NAMING_ATTRIBUTE_PROP, "cn"), str);
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search = this.serviceContext.search("", format, searchControls);
        String str2 = null;
        if (search.hasMore()) {
            str2 = ((SearchResult) search.next()).getNameInNamespace();
        }
        search.close();
        this.usernameToDN.put(str, str2);
        return str2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String authDN(User user) throws LDAPAuthFailedException {
        Hashtable<String, String> userEnv = getUserEnv();
        userEnv.put("java.naming.security.principal", user.username);
        userEnv.put("java.naming.security.credentials", user.password);
        DirContext dirContext = null;
        try {
            try {
                dirContext = new InitialDirContext(userEnv);
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (NamingException e) {
                        logger.debug("Exception occured while trying to close DirContext.", e);
                    }
                }
                return hashpw(user.password);
            } catch (NamingException e2) {
                throw new LDAPAuthFailedException(ExceptionCode.BAD_CREDENTIALS, e2.getMessage(), e2);
            }
        } catch (Throwable th) {
            if (dirContext != null) {
                try {
                    dirContext.close();
                } catch (NamingException e3) {
                    logger.debug("Exception occured while trying to close DirContext.", e3);
                }
            }
            throw th;
        }
    }

    public AuthenticatedUser authenticate(String str, String str2) throws AuthenticationException {
        try {
            String uid = getUid(str);
            if (uid == null) {
                throw new AuthenticationException("Could not authenticate to directory server using provided credentials.");
            }
            logger.trace("DN for user {}: {}", str, uid);
            User user = new User(uid, str2);
            String str3 = (String) this.cache.get(user);
            if (str3 == null) {
                return null;
            }
            if (!checkpw(str2, str3)) {
                this.cache.invalidate(user);
                this.cache.get(user);
            }
            if (!userExists(uid)) {
                logger.debug("DN {} doesn't exist in {}.{}, creating new user", new Object[]{uid, "system_auth", "roles"});
                createRole(uid);
            }
            return new AuthenticatedUser(uid);
        } catch (NamingException | ExecutionException e) {
            throw new SecurityException(String.format("Could not authenticate to the LDAP directory: %s", e.getMessage()), e);
        } catch (UncheckedExecutionException e2) {
            if (!(e2.getCause() instanceof LDAPAuthFailedException)) {
                throw e2;
            }
            LDAPAuthFailedException lDAPAuthFailedException = (LDAPAuthFailedException) e2.getCause();
            logger.warn("Failed login from {}, reason was {}", str, e2.getMessage());
            throw new AuthenticationException(String.format("Failed to authenticate with directory server, user may not exist: %s", lDAPAuthFailedException.getMessage()));
        }
    }

    private static void createRole(String str) {
        QueryProcessor.getStatement(String.format("CREATE ROLE \"%s\" WITH LOGIN = true", str), state).statement.execute(new QueryState(state), QueryOptions.forInternalCalls(ConsistencyLevel.ONE, Lists.newArrayList(new ByteBuffer[]{ByteBufferUtil.bytes(str)})), System.nanoTime());
    }

    private boolean userExists(String str) {
        if (this.existingUsers.contains(str)) {
            return true;
        }
        if (QueryProcessor.getStatement(String.format("SELECT role FROM %s.%s where role = ?", "system_auth", "roles"), state).statement.execute(new QueryState(state), QueryOptions.forInternalCalls(ConsistencyLevel.ONE, Lists.newArrayList(new ByteBuffer[]{ByteBufferUtil.bytes(str)})), System.nanoTime()).result.isEmpty()) {
            return false;
        }
        this.existingUsers.add(str);
        return true;
    }

    public IAuthenticator.SaslNegotiator newSaslNegotiator(InetAddress inetAddress) {
        return new PlainTextSaslAuthenticator();
    }

    public AuthenticatedUser legacyAuthenticate(Map<String, String> map) throws AuthenticationException {
        String str = map.get(LdapAuthenticatorConfiguration.LDAP_DN);
        if (str == null) {
            throw new AuthenticationException(String.format("Required key '%s' is missing", LdapAuthenticatorConfiguration.LDAP_DN));
        }
        String str2 = map.get(LdapAuthenticatorConfiguration.PASSWORD_KEY);
        if (str2 == null) {
            throw new AuthenticationException(String.format("Required key '%s' is missing for provided username %s", LdapAuthenticatorConfiguration.PASSWORD_KEY, str));
        }
        return authenticate(str, str2);
    }
}
