package com.datastax.bdp.transport.server;

import com.datastax.bdp.cassandra.auth.AuthenticationScheme;
import com.datastax.bdp.config.ClientConfiguration;
import com.datastax.bdp.transport.common.ServicePrincipal;
import com.datastax.bdp.transport.common.ServicePrincipalFormatException;
import com.datastax.bdp.util.Addresses;
import java.net.InetAddress;
import java.net.UnknownHostException;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.cassandra.auth.AuthenticatedUser;
import org.apache.cassandra.exceptions.ConfigurationException;
import org.gridkit.jvmtool.cmd.AntPathMatcher;
import org.hyperic.sigar.NetFlags;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/datastax/bdp/transport/server/KerberosServerUtils.class */
public class KerberosServerUtils {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) KerberosServerUtils.class);
    private static final String DEFAULT_SUPERUSER_NAME = "cassandra";

    public static Subject loginServer(String str) throws LoginException {
        Subject subject = new Subject();
        new LoginContext(str, subject, (CallbackHandler) null, new KrbConfiguration()).login();
        return subject;
    }

    public static void validateServicePrincipal(String str) throws ConfigurationException {
        try {
            String localHostName = new ServicePrincipal(str).getLocalHostName();
            String hostName = Addresses.Internode.getBroadcastAddress().getHostName();
            if (logger.isTraceEnabled()) {
                logger.trace("[validate-service-principal] using service-principal = {}, principal-host-name = {}, host-name = {}", str, localHostName, hostName);
            }
            if (!localHostName.equals(hostName)) {
                logger.warn("Service principal host does not match the name of the host running DSE (" + localHostName + " != " + hostName + "). This may pose problems for some clients.");
            }
        } catch (ServicePrincipalFormatException e) {
            throw new ConfigurationException(e.getMessage());
        }
    }

    public static String getUserNameFromAuthzId(String str) {
        if (!"cassandra".equals(str.split("[/@]")[0])) {
            if (logger.isTraceEnabled()) {
                logger.trace("[user-from-auth-id] using auth-id = {}", str);
            }
            return str;
        }
        if (!logger.isTraceEnabled()) {
            return "cassandra";
        }
        logger.trace("[user-from-auth-id] using auth-id = {}", "cassandra");
        return "cassandra";
    }

    public static AuthenticatedUser getUserFromAuthzId(String str, AuthenticationScheme authenticationScheme) {
        String userNameFromAuthzId = getUserNameFromAuthzId(str);
        if (logger.isTraceEnabled()) {
            logger.trace("[user-from-auth-id] using auth-id = {}", userNameFromAuthzId);
        }
        return new AuthenticatedUser(userNameFromAuthzId, userNameFromAuthzId, authenticationScheme);
    }

    public static String getOrExtractServiceName(String str) {
        if (logger.isTraceEnabled()) {
            logger.trace("[extract-service-name] using name = {}", str);
        }
        if (str == null) {
            throw new NullPointerException("Name cannot be null");
        }
        try {
            Object newInstance = Class.forName("org.apache.hadoop.security.HadoopKerberosName").getConstructor(String.class).newInstance(str);
            String str2 = (String) newInstance.getClass().getMethod("getShortName", new Class[0]).invoke(newInstance, new Object[0]);
            if (logger.isTraceEnabled()) {
                logger.trace("[extract-service-name] using service-name = {}", str2);
            }
            return str2;
        } catch (ClassNotFoundException | InstantiationException | NoSuchMethodException e) {
            throw new AssertionError("Failed to obtain KerberosName or HadoopKerberosName - this should not happen", e);
        } catch (Exception e2) {
            throw new IllegalArgumentException("Invalid Kerberos name provided: " + str, e2);
        }
    }

    public static String getLocalHostName(ClientConfiguration clientConfiguration) throws UnknownHostException {
        try {
            return clientConfiguration.getCassandraHost().getHostName();
        } catch (Throwable th) {
            logger.warn("Failed to get hostname from service principal in dse.yaml: " + th.getMessage());
            return InetAddress.getLocalHost().getCanonicalHostName();
        }
    }

    public static String getCanonicalHostName(String str, ClientConfiguration clientConfiguration) throws UnknownHostException {
        return (str.equals(NetFlags.LOOPBACK_ADDRESS) || str.equals("localhost")) ? getLocalHostName(clientConfiguration) : InetAddress.getByName(str).getCanonicalHostName();
    }

    public static String getServerPrincipal(String str, ClientConfiguration clientConfiguration) throws UnknownHostException {
        return getServiceName(clientConfiguration) + AntPathMatcher.DEFAULT_PATH_SEPARATOR + getCanonicalHostName(str, clientConfiguration);
    }

    public static String getServiceName(ClientConfiguration clientConfiguration) {
        if (!clientConfiguration.isKerberosEnabled()) {
            return "dse";
        }
        try {
            return clientConfiguration.getDseServicePrincipal().service;
        } catch (Throwable th) {
            if (!clientConfiguration.isKerberosDefaultScheme()) {
                return "dse";
            }
            logger.warn("Failed to get service name from service principal in dse.yaml: " + th.getMessage());
            return "dse";
        }
    }
}
