package com.instaclustr.cassandra.ldap.cassandra;

import com.google.common.collect.Lists;
import com.google.common.util.concurrent.Uninterruptibles;
import com.instaclustr.cassandra.ldap.configuration.LdapAuthenticatorConfiguration;
import java.nio.ByteBuffer;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.cql3.QueryOptions;
import org.apache.cassandra.cql3.QueryProcessor;
import org.apache.cassandra.db.ConsistencyLevel;
import org.apache.cassandra.exceptions.ConfigurationException;
import org.apache.cassandra.service.ClientState;
import org.apache.cassandra.service.QueryState;
import org.apache.cassandra.utils.ByteBufferUtil;

/* loaded from: input_file:com/instaclustr/cassandra/ldap/cassandra/SystemAuthRolesHelper.class */
public class SystemAuthRolesHelper {
    private final String SELECT_ROLE_STATEMENT = "SELECT role FROM %s.%s where role = ?";
    private final String CREATE_ROLE_STATEMENT_WITH_LOGIN = "CREATE ROLE \"%s\" WITH LOGIN = true";
    private final ClientState clientState;
    private final Properties properties;

    public SystemAuthRolesHelper(ClientState clientState, Properties properties) {
        this.clientState = clientState;
        this.properties = properties;
    }

    public void createServiceDNIfNotExist() {
        createRoleIfNotExists(this.properties.getProperty(LdapAuthenticatorConfiguration.LDAP_DN));
    }

    public void createRoleIfNotExists(String str) {
        if (roleExists(str)) {
            return;
        }
        QueryProcessor.process(String.format("INSERT INTO %s.%s (role, is_superuser, can_login) VALUES ('%s', true, true)", "system_auth", "roles", str), ConsistencyLevel.ONE);
    }

    public boolean roleExists(String str) {
        return !QueryProcessor.getStatement(String.format("SELECT role FROM %s.%s where role = ?", "system_auth", "roles"), this.clientState).statement.execute(new QueryState(this.clientState), QueryOptions.forInternalCalls(ConsistencyLevel.ONE, Lists.newArrayList(new ByteBuffer[]{ByteBufferUtil.bytes(str)})), System.nanoTime()).result.isEmpty();
    }

    public void createRole(String str) {
        QueryProcessor.getStatement(String.format("CREATE ROLE \"%s\" WITH LOGIN = true", str), this.clientState).statement.execute(new QueryState(this.clientState), QueryOptions.forInternalCalls(ConsistencyLevel.ONE, Lists.newArrayList(new ByteBuffer[]{ByteBufferUtil.bytes(str)})), System.nanoTime());
    }

    public void waitUntilRoleIsInitialised(String str) {
        if (DatabaseDescriptor.getAuthorizer().requireAuthorization()) {
            boolean z = false;
            int i = 0;
            Exception exc = null;
            while (!z && i < LdapAuthenticatorConfiguration.INITIAL_CASSANDRA_LOGIN_ATTEMPTS) {
                Uninterruptibles.sleepUninterruptibly(LdapAuthenticatorConfiguration.INITIAL_CASSANDRA_LOGIN_ATTEMPT_PERIOD, TimeUnit.SECONDS);
                i++;
                try {
                    z = !QueryProcessor.process(String.format("SELECT * FROM %s.%s WHERE role = '%s'", "system_auth", "roles", str), ConsistencyLevel.ONE).isEmpty();
                } catch (Exception e) {
                    exc = e;
                }
            }
            if (z) {
                return;
            }
            if (exc == null) {
                throw new ConfigurationException(String.format("There was not %s user created in %s seconds.", str, Integer.valueOf(LdapAuthenticatorConfiguration.INITIAL_CASSANDRA_LOGIN_ATTEMPTS * LdapAuthenticatorConfiguration.INITIAL_CASSANDRA_LOGIN_ATTEMPT_PERIOD)));
            }
            throw new ConfigurationException("Unable to perform initial login: " + exc.getMessage(), exc);
        }
    }
}
