package com.datastax.bdp.cassandra.auth;

import com.datastax.bdp.cassandra.auth.LdapConnectionProvider;
import com.datastax.bdp.config.LdapConfig;
import com.datastax.bdp.util.DseUtil;
import com.datastax.dse.byos.shade.com.google.common.base.Preconditions;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.NoSuchElementException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import org.apache.commons.lang3.concurrent.CircuitBreaker;
import org.apache.commons.lang3.concurrent.EventCountCircuitBreaker;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapOperationException;
import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapConnectionPool;
import org.apache.directory.ldap.client.api.LdapConnectionWrapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/datastax/bdp/cassandra/auth/LdapConnectionProviderImpl.class */
public class LdapConnectionProviderImpl implements LdapConnectionProvider.Poolable {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) LdapConnectionProviderImpl.class);
    private final PoolWithCircuitBreaker[] poolsWithCircuitBreakers;
    private final int retryCount;
    private final AtomicInteger curConnection = new AtomicInteger(0);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/datastax/bdp/cassandra/auth/LdapConnectionProviderImpl$LdapConnectionFromPool.class */
    public static class LdapConnectionFromPool extends LdapConnectionWrapper implements InvocationHandler {
        private final LdapConnectionPool pool;
        private volatile boolean invalidateAfterRelease;

        protected LdapConnectionFromPool(LdapConnection ldapConnection, LdapConnectionPool ldapConnectionPool) {
            super(ldapConnection);
            this.pool = ldapConnectionPool;
            LdapConnectionProviderImpl.logger.trace("Borrowed connection {} from pool {}", Integer.valueOf(System.identityHashCode(ldapConnection)), ldapConnectionPool);
        }

        public void close() throws IOException {
            try {
                if (this.invalidateAfterRelease) {
                    this.pool.invalidateObject(wrapped());
                    LdapConnectionProviderImpl.logger.trace("Invalidated connection {} in pool {}", Integer.valueOf(System.identityHashCode(this.connection)), this.pool);
                } else {
                    this.pool.releaseConnection(wrapped());
                    LdapConnectionProviderImpl.logger.trace("Returned connection {} to pool {}", Integer.valueOf(System.identityHashCode(this.connection)), this.pool);
                }
            } catch (Exception e) {
                throw new IOException("Failed to return LDAP connection to pool", e);
            }
        }

        @Override // java.lang.reflect.InvocationHandler
        public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
            try {
                return method.invoke(this, objArr);
            } catch (InvocationTargetException e) {
                if (!DseUtil.isCausedBy(e, LdapOperationException.class)) {
                    this.invalidateAfterRelease = true;
                }
                throw e.getTargetException();
            }
        }
    }

    /* loaded from: input_file:com/datastax/bdp/cassandra/auth/LdapConnectionProviderImpl$PoolWithCircuitBreaker.class */
    public static final class PoolWithCircuitBreaker {
        public final LdapConnectionPool pool;
        public final CircuitBreaker<Integer> circuitBreaker;

        public PoolWithCircuitBreaker(LdapConnectionPool ldapConnectionPool, CircuitBreaker<Integer> circuitBreaker) {
            this.pool = ldapConnectionPool;
            this.circuitBreaker = circuitBreaker;
        }
    }

    public LdapConnectionProviderImpl(PoolWithCircuitBreaker[] poolWithCircuitBreakerArr, int i) {
        Preconditions.checkArgument(poolWithCircuitBreakerArr.length > 0);
        Preconditions.checkArgument(i >= 0);
        this.poolsWithCircuitBreakers = (PoolWithCircuitBreaker[]) Arrays.copyOf(poolWithCircuitBreakerArr, poolWithCircuitBreakerArr.length);
        this.retryCount = i;
    }

    public static LdapConnectionProviderImpl fromConnectionConfig(LdapConfig.ConnectionConfig connectionConfig) {
        logger.trace("Initializing LDAP connection pool with the following configuration: {}", connectionConfig);
        int size = connectionConfig.servers.size();
        ArrayList arrayList = new ArrayList(size);
        for (int i = 0; i < size; i++) {
            arrayList.add(createLdapConnectionConfig(connectionConfig, i));
        }
        ArrayList arrayList2 = new ArrayList(size);
        Supplier supplier = () -> {
            return new EventCountCircuitBreaker(connectionConfig.failoverOptions.quarantineOpeningThreshold, connectionConfig.failoverOptions.quarantineOpeningInterval.toNanos(), TimeUnit.NANOSECONDS, connectionConfig.failoverOptions.quarantineCloseThreshold, connectionConfig.failoverOptions.quarantineCloseInterval.toNanos(), TimeUnit.NANOSECONDS);
        };
        try {
            arrayList.forEach(ldapConnectionConfig -> {
                arrayList2.add(createLdapConnectionPool(connectionConfig.connectionPoolOptions, ldapConnectionConfig));
            });
            return new LdapConnectionProviderImpl((PoolWithCircuitBreaker[]) arrayList2.stream().map(ldapConnectionPool -> {
                return new PoolWithCircuitBreaker(ldapConnectionPool, (CircuitBreaker) supplier.get());
            }).toArray(i2 -> {
                return new PoolWithCircuitBreaker[i2];
            }), connectionConfig.failoverOptions.retryCount);
        } catch (RuntimeException e) {
            closePoolsSafely(arrayList2);
            throw e;
        }
    }

    @Override // com.datastax.bdp.cassandra.auth.LdapConnectionProvider
    public LdapConnection getConnection() throws LdapException {
        return getConnection(this.retryCount);
    }

    private PoolWithCircuitBreaker chooseBestPool() {
        if (this.poolsWithCircuitBreakers.length == 1) {
            return this.poolsWithCircuitBreakers[0];
        }
        int andUpdate = this.curConnection.getAndUpdate(i -> {
            return (i + 1) % this.poolsWithCircuitBreakers.length;
        });
        logger.trace("Starting from {}", this.poolsWithCircuitBreakers[andUpdate].pool);
        for (int i2 = 0; i2 < this.poolsWithCircuitBreakers.length; i2++) {
            PoolWithCircuitBreaker poolWithCircuitBreaker = this.poolsWithCircuitBreakers[(i2 + andUpdate) % this.poolsWithCircuitBreakers.length];
            if ((poolWithCircuitBreaker.pool.getNumActive() == 0 || poolWithCircuitBreaker.pool.getNumIdle() > 0) && poolWithCircuitBreaker.circuitBreaker.checkState()) {
                return poolWithCircuitBreaker;
            }
            logger.trace("Skipping {} since its circuit breaker state is {} and number of idle connections is {}", poolWithCircuitBreaker.pool, Boolean.valueOf(poolWithCircuitBreaker.circuitBreaker.checkState()), Integer.valueOf(poolWithCircuitBreaker.pool.getNumIdle()));
        }
        for (int i3 = 0; i3 < this.poolsWithCircuitBreakers.length; i3++) {
            PoolWithCircuitBreaker poolWithCircuitBreaker2 = this.poolsWithCircuitBreakers[(i3 + andUpdate) % this.poolsWithCircuitBreakers.length];
            if (poolWithCircuitBreaker2.circuitBreaker.checkState()) {
                return poolWithCircuitBreaker2;
            }
            logger.trace("Skipping {} since its circuit breaker state is {}", poolWithCircuitBreaker2.pool, Boolean.valueOf(poolWithCircuitBreaker2.circuitBreaker.checkState()));
        }
        logger.trace("No suitable pool found, returning {}", this.poolsWithCircuitBreakers[andUpdate].pool);
        return this.poolsWithCircuitBreakers[andUpdate];
    }

    private LdapConnection getConnection(int i) throws LdapException {
        PoolWithCircuitBreaker chooseBestPool = chooseBestPool();
        try {
            logger.trace("Using {} for connection", chooseBestPool.pool);
            LdapConnectionFromPool ldapConnectionFromPool = new LdapConnectionFromPool(chooseBestPool.pool.getConnection(), chooseBestPool.pool);
            chooseBestPool.circuitBreaker.close();
            return (LdapConnection) Proxy.newProxyInstance(LdapConnectionProviderImpl.class.getClassLoader(), new Class[]{LdapConnection.class}, ldapConnectionFromPool);
        } catch (LdapException e) {
            chooseBestPool.circuitBreaker.incrementAndCheckState(1);
            if (i <= 0) {
                throw e;
            }
            logger.debug("Failed to obtain LDAP connection from {}, retrying with another one", chooseBestPool.pool);
            return getConnection(i - 1);
        } catch (NoSuchElementException e2) {
            if (i <= 0) {
                throw e2;
            }
            logger.debug("{} is exhausted, retrying with another one", chooseBestPool.pool);
            return getConnection(i - 1);
        }
    }

    private static LdapConnectionPool createLdapConnectionPool(LdapConfig.ConnectionConfig.ConnectionPoolOptions connectionPoolOptions, final LdapConnectionConfig ldapConnectionConfig) {
        LdapConnectionPool ldapConnectionPool = new LdapConnectionPool(connectionPoolOptions.connectionFactory.provider.apply(ldapConnectionConfig)) { // from class: com.datastax.bdp.cassandra.auth.LdapConnectionProviderImpl.1
            public String toString() {
                return String.format("LDAP connection pool for %s:%d", ldapConnectionConfig.getLdapHost(), Integer.valueOf(ldapConnectionConfig.getLdapPort()));
            }
        };
        ldapConnectionPool.setMaxActive(connectionPoolOptions.maxActive);
        ldapConnectionPool.setMaxIdle(connectionPoolOptions.maxIdle);
        ldapConnectionPool.setMinIdle(connectionPoolOptions.minIdle);
        ldapConnectionPool.setWhenExhaustedAction(connectionPoolOptions.whenExhaustedAction.actionCode);
        ldapConnectionPool.setMaxWait(connectionPoolOptions.maxWait.toMillis());
        ldapConnectionPool.setTestOnBorrow(connectionPoolOptions.testOnBorrow);
        ldapConnectionPool.setTestOnReturn(connectionPoolOptions.testOnReturn);
        ldapConnectionPool.setTestWhileIdle(connectionPoolOptions.testWhileIdle);
        ldapConnectionPool.setTimeBetweenEvictionRunsMillis(connectionPoolOptions.timeBetweenEvictionRuns.toMillis());
        ldapConnectionPool.setNumTestsPerEvictionRun(connectionPoolOptions.numTestsPerEvictionRun);
        ldapConnectionPool.setMinEvictableIdleTimeMillis(connectionPoolOptions.minEvictableIdleTime.toMillis());
        ldapConnectionPool.setSoftMinEvictableIdleTimeMillis(connectionPoolOptions.softMinEvictableIdleTime.toMillis());
        return ldapConnectionPool;
    }

    private static LdapConnectionConfig createLdapConnectionConfig(LdapConfig.ConnectionConfig connectionConfig, int i) {
        TrustManager[] trustManagers;
        LdapConnectionConfig ldapConnectionConfig = new LdapConnectionConfig();
        ldapConnectionConfig.setLdapHost(connectionConfig.servers.get(i).getHostText());
        ldapConnectionConfig.setLdapPort(connectionConfig.servers.get(i).getPort());
        ldapConnectionConfig.setUseSsl(connectionConfig.useSsl);
        ldapConnectionConfig.setUseTls(connectionConfig.useTls);
        if ((connectionConfig.useSsl || connectionConfig.useTls) && connectionConfig.truststorePath != null) {
            try {
                InputStream newInputStream = Files.newInputStream(connectionConfig.truststorePath, new OpenOption[0]);
                Throwable th = null;
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance(connectionConfig.truststoreType);
                        keyStore.load(newInputStream, connectionConfig.truststorePassword != null ? connectionConfig.truststorePassword.toCharArray() : null);
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        trustManagerFactory.init(keyStore);
                        if (connectionConfig.hostnameVerification) {
                            X509ExtendedTrustManager x509ExtendedTrustManager = null;
                            TrustManager[] trustManagers2 = trustManagerFactory.getTrustManagers();
                            int length = trustManagers2.length;
                            int i2 = 0;
                            while (true) {
                                if (i2 >= length) {
                                    break;
                                }
                                TrustManager trustManager = trustManagers2[i2];
                                if (trustManager instanceof X509ExtendedTrustManager) {
                                    x509ExtendedTrustManager = (X509ExtendedTrustManager) trustManager;
                                    break;
                                }
                                i2++;
                            }
                            trustManagers = new TrustManager[]{new DseHostnameVerificationTrustManager(x509ExtendedTrustManager, connectionConfig.servers.get(i).getHostText())};
                        } else {
                            trustManagers = trustManagerFactory.getTrustManagers();
                        }
                        ldapConnectionConfig.setTrustManagers(trustManagers);
                        if (newInputStream != null) {
                            if (0 != 0) {
                                try {
                                    newInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                newInputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (Exception e) {
                throw new AssertionError("Failed to initialize trust manager in LdapConnectionConfig", e);
            }
        }
        ldapConnectionConfig.setTimeout(connectionConfig.timeout.toMillis());
        if (connectionConfig.searchDN != null) {
            ldapConnectionConfig.setName(connectionConfig.searchDN);
            ldapConnectionConfig.setCredentials(connectionConfig.searchPassword);
        }
        return ldapConnectionConfig;
    }

    @Override // com.datastax.bdp.cassandra.auth.LdapConnectionProvider.Poolable
    public long getConnectionPoolActive() {
        return Arrays.stream(this.poolsWithCircuitBreakers).mapToInt(poolWithCircuitBreaker -> {
            return poolWithCircuitBreaker.pool.getNumActive();
        }).sum();
    }

    @Override // com.datastax.bdp.cassandra.auth.LdapConnectionProvider.Poolable
    public long getConnectionPoolIdle() {
        return Arrays.stream(this.poolsWithCircuitBreakers).mapToInt(poolWithCircuitBreaker -> {
            return poolWithCircuitBreaker.pool.getNumIdle();
        }).sum();
    }

    private static void closePoolsSafely(Collection<LdapConnectionPool> collection) {
        boolean z = false;
        RuntimeException runtimeException = null;
        Iterator<LdapConnectionPool> it2 = collection.iterator();
        while (it2.hasNext()) {
            try {
                it2.next().close();
            } catch (InterruptedException e) {
                z = true;
            } catch (Exception e2) {
                if (runtimeException == null) {
                    runtimeException = new RuntimeException(e2);
                } else {
                    runtimeException.addSuppressed(e2);
                }
            }
        }
        if (z) {
            Thread.currentThread().interrupt();
        }
        if (runtimeException != null) {
            throw runtimeException;
        }
    }

    @Override // java.lang.AutoCloseable
    public void close() throws Exception {
        closePoolsSafely((Collection) Arrays.stream(this.poolsWithCircuitBreakers).map(poolWithCircuitBreaker -> {
            return poolWithCircuitBreaker.pool;
        }).collect(Collectors.toList()));
    }
}
