package com.datastax.dse.driver.api.core.auth;

import com.datastax.dse.driver.api.core.config.DseDriverOption;
import com.datastax.dse.driver.internal.core.auth.DseGssApiAuthProvider;
import com.datastax.oss.driver.api.core.CqlSession;
import com.datastax.oss.driver.api.core.Version;
import com.datastax.oss.driver.api.core.config.DefaultDriverOption;
import com.datastax.oss.driver.api.testinfra.DseRequirement;
import com.datastax.oss.driver.api.testinfra.ccm.CcmBridge;
import com.datastax.oss.driver.api.testinfra.ccm.CustomCcmRule;
import com.datastax.oss.driver.api.testinfra.session.SessionUtils;
import com.datastax.oss.driver.shaded.guava.common.collect.ImmutableMap;
import java.io.File;
import java.util.HashMap;
import java.util.Map;
import org.junit.AssumptionViolatedException;
import org.junit.rules.ExternalResource;
import org.junit.runner.Description;
import org.junit.runners.model.Statement;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/datastax/dse/driver/api/core/auth/EmbeddedAdsRule.class */
public class EmbeddedAdsRule extends ExternalResource {
    public CustomCcmRule ccm;
    private final String realm = "DATASTAX.COM";
    private final String address = "127.0.0.1";
    private final EmbeddedAds adsServer;
    private final String servicePrincipal;
    private final String alternateServicePrincipal;
    private final String userPrincipal = "cassandra@DATASTAX.COM";
    private final String unknownPrincipal = "unknown@DATASTAX.COM";
    private static File userKeytab;
    private static File unknownKeytab;
    private static File dseKeytab;
    private static File alternateKeytab;
    private boolean alternate;
    private static final Logger LOG = LoggerFactory.getLogger(EmbeddedAdsRule.class);
    private static Map<String, File> customKeytabs = new HashMap();

    public EmbeddedAdsRule(boolean z) {
        this.realm = "DATASTAX.COM";
        this.address = "127.0.0.1";
        this.adsServer = EmbeddedAds.builder().withKerberos().withRealm("DATASTAX.COM").withAddress("127.0.0.1").build();
        this.servicePrincipal = "dse/" + this.adsServer.getHostname() + "@DATASTAX.COM";
        this.alternateServicePrincipal = "alternate/" + this.adsServer.getHostname() + "@DATASTAX.COM";
        this.userPrincipal = "cassandra@DATASTAX.COM";
        this.unknownPrincipal = "unknown@DATASTAX.COM";
        this.alternate = false;
        this.alternate = z;
    }

    public EmbeddedAdsRule() {
        this(false);
    }

    protected void before() {
        try {
            if (this.adsServer.isStarted()) {
                return;
            }
            this.adsServer.start();
            dseKeytab = this.adsServer.addUserAndCreateKeytab("dse", "fakePasswordForTests", this.servicePrincipal);
            alternateKeytab = this.adsServer.addUserAndCreateKeytab("alternate", "fakePasswordForTests", this.alternateServicePrincipal);
            userKeytab = this.adsServer.addUserAndCreateKeytab("cassandra", "fakePasswordForTests", "cassandra@DATASTAX.COM");
            unknownKeytab = this.adsServer.createKeytab("unknown", "fakePasswordForTests", "unknown@DATASTAX.COM");
            if (this.alternate) {
                this.ccm = CustomCcmRule.builder().withCassandraConfiguration("authorizer", "com.datastax.bdp.cassandra.auth.DseAuthorizer").withCassandraConfiguration("authenticator", "com.datastax.bdp.cassandra.auth.DseAuthenticator").withDseConfiguration("authorization_options.enabled", true).withDseConfiguration("authentication_options:\n  enabled: true\n  default_scheme: kerberos\n  other_schemes:\n    - internal").withDseConfiguration("kerberos_options.qop", "auth-conf").withDseConfiguration("kerberos_options.keytab", getAlternateKeytab().getAbsolutePath()).withDseConfiguration("kerberos_options.service_principal", "alternate/_HOST@" + getRealm()).withJvmArgs(new String[]{"-Dcassandra.superuser_setup_delay_ms=0", "-Djava.security.krb5.conf=" + getAdsServer().getKrb5Conf().getAbsolutePath()}).build();
            } else {
                this.ccm = CustomCcmRule.builder().withCassandraConfiguration("authorizer", "com.datastax.bdp.cassandra.auth.DseAuthorizer").withCassandraConfiguration("authenticator", "com.datastax.bdp.cassandra.auth.DseAuthenticator").withDseConfiguration("authorization_options.enabled", true).withDseConfiguration("authentication_options:\n  enabled: true\n  default_scheme: kerberos\n  other_schemes:\n    - internal").withDseConfiguration("kerberos_options.qop", "auth").withDseConfiguration("kerberos_options.keytab", getDseKeytab().getAbsolutePath()).withDseConfiguration("kerberos_options.service_principal", "dse/_HOST@" + getRealm()).withJvmArgs(new String[]{"-Dcassandra.superuser_setup_delay_ms=0", "-Djava.security.krb5.conf=" + getAdsServer().getKrb5Conf().getAbsolutePath()}).build();
            }
            this.ccm.getCcmBridge().create();
            this.ccm.getCcmBridge().start();
        } catch (Exception e) {
            LOG.error("Unable to start ads server ", e);
        }
    }

    private Statement buildErrorStatement(final Version version, final Version version2, final String str, final boolean z) {
        return new Statement() { // from class: com.datastax.dse.driver.api.core.auth.EmbeddedAdsRule.1
            public void evaluate() {
                Object[] objArr = new Object[5];
                objArr[0] = z ? "less than" : "at least";
                objArr[1] = "DSE";
                objArr[2] = version;
                objArr[3] = version2;
                objArr[4] = str;
                throw new AssumptionViolatedException(String.format("Test requires %s %s %s but %s is configured.  Description: %s", objArr));
            }
        };
    }

    public Statement apply(Statement statement, Description description) {
        DseRequirement annotation = description.getAnnotation(DseRequirement.class);
        if (annotation != null) {
            if (!CcmBridge.DSE_ENABLEMENT.booleanValue()) {
                return new Statement() { // from class: com.datastax.dse.driver.api.core.auth.EmbeddedAdsRule.2
                    public void evaluate() {
                        throw new AssumptionViolatedException("Test Requires DSE but C* is configured.");
                    }
                };
            }
            Version version = CcmBridge.VERSION;
            if (!annotation.min().isEmpty() && Version.parse(annotation.min()).compareTo(version) > 0) {
                return buildErrorStatement(version, version, annotation.description(), false);
            }
            if (!annotation.max().isEmpty() && Version.parse(annotation.max()).compareTo(version) <= 0) {
                return buildErrorStatement(version, version, annotation.description(), true);
            }
        }
        return super.apply(statement, description);
    }

    protected void after() {
        this.adsServer.stop();
        this.ccm.getCcmBridge().stop();
    }

    public CqlSession newKeyTabSession(String str, String str2) {
        return SessionUtils.newSession(getCcm(), SessionUtils.configLoaderBuilder().withClass(DefaultDriverOption.AUTH_PROVIDER_CLASS, DseGssApiAuthProvider.class).withStringMap(DseDriverOption.AUTH_PROVIDER_LOGIN_CONFIGURATION, ImmutableMap.of("principal", str, "useKeyTab", "true", "refreshKrb5Config", "true", "keyTab", str2)).build());
    }

    public CqlSession newKeyTabSession(String str, String str2, String str3) {
        return SessionUtils.newSession(getCcm(), SessionUtils.configLoaderBuilder().withClass(DefaultDriverOption.AUTH_PROVIDER_CLASS, DseGssApiAuthProvider.class).withStringMap(DseDriverOption.AUTH_PROVIDER_LOGIN_CONFIGURATION, ImmutableMap.of("principal", str, "useKeyTab", "true", "refreshKrb5Config", "true", "keyTab", str2)).withString(DseDriverOption.AUTH_PROVIDER_AUTHORIZATION_ID, str3).build());
    }

    public CqlSession newKeyTabSession() {
        return newKeyTabSession(getUserPrincipal(), getUserKeytab().getAbsolutePath());
    }

    public CqlSession newTicketSession() {
        return SessionUtils.newSession(getCcm(), SessionUtils.configLoaderBuilder().withClass(DefaultDriverOption.AUTH_PROVIDER_CLASS, DseGssApiAuthProvider.class).withStringMap(DseDriverOption.AUTH_PROVIDER_LOGIN_CONFIGURATION, ImmutableMap.of("principal", "cassandra@DATASTAX.COM", "useTicketCache", "true", "refreshKrb5Config", "true", "renewTGT", "true")).build());
    }

    public CustomCcmRule getCcm() {
        return this.ccm;
    }

    public String getRealm() {
        return "DATASTAX.COM";
    }

    public String getAddress() {
        return "127.0.0.1";
    }

    public EmbeddedAds getAdsServer() {
        return this.adsServer;
    }

    public String getServicePrincipal() {
        return this.servicePrincipal;
    }

    public String getAlternateServicePrincipal() {
        return this.alternateServicePrincipal;
    }

    public String getUserPrincipal() {
        return "cassandra@DATASTAX.COM";
    }

    public String getUnknownPrincipal() {
        return "unknown@DATASTAX.COM";
    }

    public File getUserKeytab() {
        return userKeytab;
    }

    public File getUnknownKeytab() {
        return unknownKeytab;
    }

    public File getDseKeytab() {
        return dseKeytab;
    }

    public File getAlternateKeytab() {
        return alternateKeytab;
    }

    public String addUserAndCreateKeyTab(String str, String str2) {
        String str3 = str + "@DATASTAX.COM";
        try {
            customKeytabs.put(str3, this.adsServer.addUserAndCreateKeytab(str, str2, str3));
        } catch (Exception e) {
            LOG.error("Unable to add user and create keytab for " + str + " ", e);
        }
        return str3;
    }

    public File getKeytabForPrincipal(String str) {
        return customKeytabs.get(str);
    }
}
