package com.datastax.bdp.plugin;

import com.datastax.bdp.cassandra.auth.CassandraDelegationTokenIdentifier;
import com.datastax.bdp.cassandra.auth.CassandraDelegationTokenSecretManager;
import com.datastax.bdp.cassandra.auth.Credentials;
import com.datastax.bdp.cassandra.auth.negotiators.ProxyAuthenticatedUser;
import com.datastax.bdp.config.DseConfig;
import com.datastax.bdp.plugin.PerformanceObjectsController;
import com.datastax.bdp.snitch.EndpointStateTracker;
import com.datastax.bdp.snitch.Workload;
import com.datastax.bdp.util.Addresses;
import com.datastax.bdp.util.MapBuilder;
import com.datastax.bdp.util.rpc.Rpc;
import com.datastax.bdp.util.rpc.RpcClientState;
import com.datastax.bdp.util.rpc.RpcParam;
import com.datastax.bdp.util.rpc.RpcRegistry;
import com.datastax.dse.byos.shade.com.google.common.collect.Lists;
import com.datastax.dse.byos.shade.com.google.common.collect.Sets;
import com.datastax.dse.byos.shade.com.google.inject.ConfigurationException;
import com.datastax.dse.byos.shade.com.google.inject.Inject;
import com.datastax.dse.byos.shade.com.google.inject.Injector;
import com.datastax.dse.byos.shade.com.google.inject.Provider;
import com.datastax.dse.byos.shade.com.google.inject.Singleton;
import java.io.DataInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.nio.ByteBuffer;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.cassandra.auth.RoleResource;
import org.apache.cassandra.auth.permission.CorePermission;
import org.apache.cassandra.auth.user.UserRolesAndPermissions;
import org.apache.cassandra.concurrent.TPCUtils;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.exceptions.AuthenticationException;
import org.apache.cassandra.exceptions.UnauthorizedException;
import org.apache.cassandra.gms.Gossiper;
import org.apache.cassandra.utils.ByteBufferUtil;
import org.apache.hadoop.io.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@DsePlugin(dependsOn = {})
@Singleton
/* loaded from: input_file:com/datastax/bdp/plugin/DseClientToolPlugin.class */
public class DseClientToolPlugin extends AbstractPlugin {
    private static final Logger LOGGER;
    public static final String RPC_NAME = "DseClientTool";
    public static final String RPC_GET_SPARK_DATACENTERS = "getSparkDataCenters";
    public static final String RPC_GET_SPARK_MASTER_ADDRESS = "getSparkMasterAddress";
    public static final String RPC_GET_SPARK_METRICS_CONFIG = "getSparkMetricsConfig";
    public static final String RPC_GENERATE_DELEGATION_TOKEN = "generateDelegationToken";
    public static final String RPC_RENEW_DELEGATION_TOKEN = "renewDelegationToken";
    public static final String RPC_CANCEL_DELEGATION_TOKEN = "cancelDelegationToken";
    public static final String RPC_TRY_CONNECT = "tryConnect";
    public static final String RPC_GET_SHUFFLE_SERVICE_PORT = "getShuffleServicePort";
    public static final String RPC_CAN_LOGIN = "canLogin";
    public static final String RPC_CHECK_CREDENTIALS = "checkCredentials";
    public static final String RPC_RECONFIG_ALWAYS_ON_SQL = "reconfigAlwaysOnSql";
    public static final String RPC_GET_ALWAYS_ON_SQL_ADDRESS = "getAlwaysOnSqlAddress";
    public static final String RPC_IS_ALWAYS_ON_SQL_ACTIVE = "isAlwaysOnSqlActive";

    @Inject
    private Injector injector;

    @Inject
    private Provider<CassandraDelegationTokenSecretManager> tokenSecretManager;

    @Inject(optional = true)
    private GraphOLAPPluginMXBean gremlinServerPlugin;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // com.datastax.bdp.plugin.AbstractPlugin, com.datastax.bdp.plugin.IPlugin
    public void onActivate() {
        super.onActivate();
        RpcRegistry.register(RPC_NAME, this);
    }

    @Override // com.datastax.bdp.plugin.AbstractPlugin, com.datastax.bdp.plugin.IPlugin
    public void onPreDeactivate() {
        RpcRegistry.unregister(RPC_NAME);
        super.onPreDeactivate();
    }

    @Override // com.datastax.bdp.plugin.AbstractPlugin, com.datastax.bdp.plugin.IPlugin
    public boolean isEnabled() {
        return true;
    }

    @Rpc(name = RPC_GET_SPARK_DATACENTERS, permission = CorePermission.EXECUTE, multiRow = true)
    public List<String> getSparkDataCenters() throws IOException {
        Stream filter = Sets.union(Gossiper.instance.getLiveMembers(), Gossiper.instance.getUnreachableMembers()).stream().filter(inetAddress -> {
            return EndpointStateTracker.instance.getWorkloads(inetAddress).contains(Workload.Analytics);
        });
        EndpointStateTracker endpointStateTracker = EndpointStateTracker.instance;
        endpointStateTracker.getClass();
        return Lists.newArrayList((Iterable) filter.map(endpointStateTracker::getDatacenter).collect(Collectors.toSet()));
    }

    @Rpc(name = RPC_GET_SPARK_MASTER_ADDRESS, permission = CorePermission.EXECUTE)
    public String getSparkMasterAddress() throws IOException {
        try {
            SparkPluginMXBean sparkPluginMXBean = (SparkPluginMXBean) this.injector.getInstance(SparkPluginMXBean.class);
            return sparkPluginMXBean.isActive() ? sparkPluginMXBean.getMasterAddress() : "";
        } catch (ConfigurationException e) {
            LOGGER.info("getSparkMasterAddress was requested but SparkPlugin is not registered ({})", e.getMessage());
            return "";
        }
    }

    @Rpc(name = "getAnalyticsGraphServer", permission = CorePermission.EXECUTE)
    public Map<String, String> getAnalyticsGraphServer() throws IOException {
        HashMap hashMap = new HashMap(2);
        try {
            if (this.gremlinServerPlugin != null && this.gremlinServerPlugin.isActive()) {
                Optional.ofNullable(this.gremlinServerPlugin.getAnalyticsGraphServerIP()).ifPresent(str -> {
                    hashMap.put("ip", str);
                    hashMap.put("location", String.format("%s:%d", Addresses.Client.getBroadcastAddressOf(str).getHostAddress(), Integer.valueOf(this.gremlinServerPlugin.getPort())));
                });
            }
        } catch (Exception e) {
            LOGGER.info("getAnalyticsGraphServer failed with exception: {}", e.getMessage());
        }
        return hashMap;
    }

    @Rpc(name = RPC_GET_SPARK_METRICS_CONFIG, permission = CorePermission.EXECUTE)
    public Map<String, String> getSparkMetricsConfig() {
        try {
            return ((PerformanceObjectsController.SparkApplicationInfoBean) this.injector.getInstance(PerformanceObjectsController.SparkApplicationInfoBean.class)).asSparkProperties();
        } catch (ConfigurationException e) {
            LOGGER.info("getSparkMetricsConfig was requested but SparkApplicationInfoBean is not registered ({})", e.getMessage());
            return new HashMap(0);
        }
    }

    @Rpc(name = RPC_GENERATE_DELEGATION_TOKEN, permission = CorePermission.EXECUTE)
    public Map<String, ByteBuffer> generateDelegationToken(RpcClientState rpcClientState, @RpcParam(name = "owner") String str, @RpcParam(name = "renewer") String str2) {
        if (!DseConfig.isKerberosEnabled()) {
            throw new SecurityException("Kerberos is not enabled in DSE");
        }
        String name = rpcClientState.user.getName();
        if (str != null && !Objects.equals(name, str) && !((UserRolesAndPermissions) TPCUtils.blockingGet(DatabaseDescriptor.getAuthManager().getUserRolesAndPermissions(rpcClientState.user))).isSuper()) {
            throw new UnauthorizedException("Invalid token owner");
        }
        String name2 = rpcClientState.user.getName();
        if (rpcClientState.user instanceof ProxyAuthenticatedUser) {
            name2 = ((ProxyAuthenticatedUser) rpcClientState.user).authenticatedUser.getName();
        }
        CassandraDelegationTokenIdentifier cassandraDelegationTokenIdentifier = new CassandraDelegationTokenIdentifier(new Text(name), str2 != null ? new Text(str2) : new Text(""), new Text(name2));
        byte[] createPassword = this.tokenSecretManager.get().createPassword(cassandraDelegationTokenIdentifier);
        if ($assertionsDisabled || (createPassword != null && createPassword.length > 0)) {
            return MapBuilder.immutable().withKeys((Object[]) new String[]{"id", "password"}).withValues((Object[]) new ByteBuffer[]{ByteBuffer.wrap(cassandraDelegationTokenIdentifier.getBytes()), ByteBuffer.wrap(createPassword)}).build();
        }
        throw new AssertionError();
    }

    @Rpc(name = RPC_RENEW_DELEGATION_TOKEN, permission = CorePermission.EXECUTE)
    public long renewDelegationToken(RpcClientState rpcClientState, @RpcParam(name = "tokenIdentifier") ByteBuffer byteBuffer) throws IOException {
        CassandraDelegationTokenIdentifier tokenIdentifier = getTokenIdentifier(byteBuffer);
        return ((UserRolesAndPermissions) TPCUtils.blockingGet(DatabaseDescriptor.getAuthManager().getUserRolesAndPermissions(rpcClientState.user))).isSuper() ? this.tokenSecretManager.get().renewToken(tokenIdentifier) : this.tokenSecretManager.get().renewToken(tokenIdentifier, rpcClientState.user.getName());
    }

    @Rpc(name = RPC_CANCEL_DELEGATION_TOKEN, permission = CorePermission.EXECUTE)
    public void cancelDelegationToken(RpcClientState rpcClientState, @RpcParam(name = "tokenIdentifier") ByteBuffer byteBuffer) throws IOException {
        CassandraDelegationTokenIdentifier tokenIdentifier = getTokenIdentifier(byteBuffer);
        if (((UserRolesAndPermissions) TPCUtils.blockingGet(DatabaseDescriptor.getAuthManager().getUserRolesAndPermissions(rpcClientState.user))).isSuper()) {
            this.tokenSecretManager.get().cancelToken(tokenIdentifier);
        } else {
            this.tokenSecretManager.get().cancelToken(tokenIdentifier, rpcClientState.user.getName());
        }
    }

    @Rpc(name = RPC_TRY_CONNECT, permission = CorePermission.EXECUTE)
    public boolean tryConnectFromRpcAddress(RpcClientState rpcClientState, @RpcParam(name = "host") InetAddress inetAddress, @RpcParam(name = "port") int i) throws Exception {
        Socket socket;
        try {
            if (inetAddress.isAnyLocalAddress()) {
                LOGGER.info("Trying to connect to {}:{}", rpcClientState.remoteAddress.getHostName(), Integer.valueOf(i));
                socket = new Socket(rpcClientState.remoteAddress.getHostName(), i);
            } else {
                LOGGER.info("Trying to connect to {}:{}", inetAddress, Integer.valueOf(i));
                socket = new Socket(inetAddress, i);
            }
            socket.close();
            return true;
        } catch (Exception e) {
            LOGGER.debug("Failed to test connection to client at {}:{}", inetAddress, Integer.valueOf(i));
            return false;
        }
    }

    @Rpc(name = RPC_GET_SHUFFLE_SERVICE_PORT, permission = CorePermission.EXECUTE)
    public int getShuffleServicePort(@RpcParam(name = "encrypted") boolean z) throws Exception {
        return ((SparkPluginBean) this.injector.getInstance(SparkPluginBean.class)).getShuffleServicePort(z);
    }

    @Rpc(name = RPC_CAN_LOGIN, permission = CorePermission.EXECUTE)
    public boolean canLogin(@RpcParam(name = "username") String str) throws Exception {
        return DatabaseDescriptor.getRoleManager().canLogin(RoleResource.role(str));
    }

    @Rpc(name = RPC_CHECK_CREDENTIALS, permission = CorePermission.EXECUTE)
    public boolean checkCredentials(@RpcParam(name = "username") String str, @RpcParam(name = "password") String str2) throws Exception {
        if (!DatabaseDescriptor.getAuthenticator().requireAuthentication()) {
            return true;
        }
        try {
            DatabaseDescriptor.getAuthenticator().legacyAuthenticate(new Credentials(str, str2).toMap());
            return true;
        } catch (AuthenticationException e) {
            return false;
        }
    }

    @Rpc(name = RPC_RECONFIG_ALWAYS_ON_SQL, permission = CorePermission.EXECUTE)
    public boolean reconfigAlwaysOnSql(@RpcParam(name = "nodeAddress") String str) throws Exception {
        ((AlwaysOnSqlPluginMXBean) this.injector.getInstance(AlwaysOnSqlPluginMXBean.class)).reconfigureAlwaysOnSql(str);
        return true;
    }

    private CassandraDelegationTokenIdentifier getTokenIdentifier(ByteBuffer byteBuffer) throws IOException {
        CassandraDelegationTokenIdentifier cassandraDelegationTokenIdentifier = new CassandraDelegationTokenIdentifier();
        cassandraDelegationTokenIdentifier.readFields(new DataInputStream(ByteBufferUtil.inputStream(byteBuffer)));
        return cassandraDelegationTokenIdentifier;
    }

    @Rpc(name = RPC_GET_ALWAYS_ON_SQL_ADDRESS, permission = CorePermission.EXECUTE)
    public String getAlwaysOnSqlAddress() throws IOException {
        try {
            AlwaysOnSqlPluginMXBean alwaysOnSqlPluginMXBean = (AlwaysOnSqlPluginMXBean) this.injector.getInstance(AlwaysOnSqlPluginMXBean.class);
            return alwaysOnSqlPluginMXBean.isActive() ? alwaysOnSqlPluginMXBean.getServiceAddress() : "";
        } catch (ConfigurationException e) {
            LOGGER.info("getAlwaysOnSqlAddress was requested but AlwaysOnSqlPlugin is not registered ({})", e.getMessage());
            return "";
        }
    }

    @Rpc(name = RPC_IS_ALWAYS_ON_SQL_ACTIVE, permission = CorePermission.EXECUTE)
    public boolean isAlwaysOnSqlActive() throws IOException {
        try {
            return ((AlwaysOnSqlPluginMXBean) this.injector.getInstance(AlwaysOnSqlPluginMXBean.class)).isActive();
        } catch (ConfigurationException e) {
            return false;
        }
    }

    static {
        $assertionsDisabled = !DseClientToolPlugin.class.desiredAssertionStatus();
        LOGGER = LoggerFactory.getLogger(DseClientToolPlugin.class);
    }
}
