package com.github.cassandra.jdbc.internal.cassandra.auth;

import com.github.cassandra.jdbc.internal.cassandra.auth.IAuthenticator;
import com.github.cassandra.jdbc.internal.cassandra.config.Schema;
import com.github.cassandra.jdbc.internal.cassandra.cql3.QueryOptions;
import com.github.cassandra.jdbc.internal.cassandra.cql3.QueryProcessor;
import com.github.cassandra.jdbc.internal.cassandra.cql3.UntypedResultSet;
import com.github.cassandra.jdbc.internal.cassandra.cql3.statements.SelectStatement;
import com.github.cassandra.jdbc.internal.cassandra.exceptions.AuthenticationException;
import com.github.cassandra.jdbc.internal.cassandra.exceptions.ConfigurationException;
import com.github.cassandra.jdbc.internal.cassandra.exceptions.RequestExecutionException;
import com.github.cassandra.jdbc.internal.cassandra.service.ClientState;
import com.github.cassandra.jdbc.internal.cassandra.service.QueryState;
import com.github.cassandra.jdbc.internal.cassandra.transport.messages.ResultMessage;
import com.github.cassandra.jdbc.internal.cassandra.utils.ByteBufferUtil;
import com.github.cassandra.jdbc.internal.google.common.collect.ImmutableSet;
import com.github.cassandra.jdbc.internal.google.common.collect.Lists;
import com.github.cassandra.jdbc.internal.google.common.util.concurrent.UncheckedExecutionException;
import com.github.cassandra.jdbc.internal.slf4j.Logger;
import com.github.cassandra.jdbc.internal.slf4j.LoggerFactory;
import java.net.InetAddress;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import org.mindrot.jbcrypt.BCrypt;

/* loaded from: input_file:com/github/cassandra/jdbc/internal/cassandra/auth/PasswordAuthenticator.class */
public class PasswordAuthenticator implements IAuthenticator {
    private static final Logger logger = LoggerFactory.getLogger(PasswordAuthenticator.class);
    private static final String SALTED_HASH = "salted_hash";
    public static final String USERNAME_KEY = "username";
    public static final String PASSWORD_KEY = "password";
    private static final byte NUL = 0;
    private SelectStatement authenticateStatement;
    public static final String LEGACY_CREDENTIALS_TABLE = "credentials";
    private SelectStatement legacyAuthenticateStatement;
    private CredentialsCache cache;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/github/cassandra/jdbc/internal/cassandra/auth/PasswordAuthenticator$CredentialsCache.class */
    public static class CredentialsCache extends AuthCache<String, String> implements CredentialsCacheMBean {
        /* JADX WARN: Illegal instructions before constructor call */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        private CredentialsCache(com.github.cassandra.jdbc.internal.cassandra.auth.PasswordAuthenticator r12) {
            /*
                r11 = this;
                r0 = r11
                java.lang.String r1 = "CredentialsCache"
                void r2 = (v0) -> { // java.util.function.Consumer.accept(java.lang.Object):void
                    com.github.cassandra.jdbc.internal.cassandra.config.DatabaseDescriptor.setCredentialsValidity(v0);
                }
                void r3 = com.github.cassandra.jdbc.internal.cassandra.config.DatabaseDescriptor::getCredentialsValidity
                void r4 = (v0) -> { // java.util.function.Consumer.accept(java.lang.Object):void
                    com.github.cassandra.jdbc.internal.cassandra.config.DatabaseDescriptor.setCredentialsUpdateInterval(v0);
                }
                void r5 = com.github.cassandra.jdbc.internal.cassandra.config.DatabaseDescriptor::getCredentialsUpdateInterval
                void r6 = (v0) -> { // java.util.function.Consumer.accept(java.lang.Object):void
                    com.github.cassandra.jdbc.internal.cassandra.config.DatabaseDescriptor.setCredentialsCacheMaxEntries(v0);
                }
                void r7 = com.github.cassandra.jdbc.internal.cassandra.config.DatabaseDescriptor::getCredentialsCacheMaxEntries
                r8 = r12
                r9 = r8
                java.lang.Class r9 = r9.getClass()
                void r8 = (v1) -> { // java.util.function.Function.apply(java.lang.Object):java.lang.Object
                    return lambda$new$168(r8, v1);
                }
                void r9 = () -> { // java.util.function.Supplier.get():java.lang.Object
                    return lambda$new$169();
                }
                r0.<init>(r1, r2, r3, r4, r5, r6, r7, r8, r9)
                return
            */
            throw new UnsupportedOperationException("Method not decompiled: com.github.cassandra.jdbc.internal.cassandra.auth.PasswordAuthenticator.CredentialsCache.<init>(com.github.cassandra.jdbc.internal.cassandra.auth.PasswordAuthenticator):void");
        }

        @Override // com.github.cassandra.jdbc.internal.cassandra.auth.PasswordAuthenticator.CredentialsCacheMBean
        public void invalidateCredentials(String str) {
            invalidate(str);
        }
    }

    /* loaded from: input_file:com/github/cassandra/jdbc/internal/cassandra/auth/PasswordAuthenticator$CredentialsCacheMBean.class */
    public interface CredentialsCacheMBean extends AuthCacheMBean {
        void invalidateCredentials(String str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/github/cassandra/jdbc/internal/cassandra/auth/PasswordAuthenticator$NoSuchCredentialsException.class */
    public static final class NoSuchCredentialsException extends RuntimeException {
        private NoSuchCredentialsException() {
        }
    }

    /* loaded from: input_file:com/github/cassandra/jdbc/internal/cassandra/auth/PasswordAuthenticator$PlainTextSaslAuthenticator.class */
    private class PlainTextSaslAuthenticator implements IAuthenticator.SaslNegotiator {
        private boolean complete;
        private String username;
        private String password;

        private PlainTextSaslAuthenticator() {
            this.complete = false;
        }

        @Override // com.github.cassandra.jdbc.internal.cassandra.auth.IAuthenticator.SaslNegotiator
        public byte[] evaluateResponse(byte[] bArr) throws AuthenticationException {
            decodeCredentials(bArr);
            this.complete = true;
            return null;
        }

        @Override // com.github.cassandra.jdbc.internal.cassandra.auth.IAuthenticator.SaslNegotiator
        public boolean isComplete() {
            return this.complete;
        }

        @Override // com.github.cassandra.jdbc.internal.cassandra.auth.IAuthenticator.SaslNegotiator
        public AuthenticatedUser getAuthenticatedUser() throws AuthenticationException {
            if (this.complete) {
                return PasswordAuthenticator.this.authenticate(this.username, this.password);
            }
            throw new AuthenticationException("SASL negotiation not complete");
        }

        private void decodeCredentials(byte[] bArr) throws AuthenticationException {
            PasswordAuthenticator.logger.trace("Decoding credentials from client token");
            byte[] bArr2 = null;
            byte[] bArr3 = null;
            int length = bArr.length;
            for (int length2 = bArr.length - 1; length2 >= 0; length2--) {
                if (bArr[length2] == 0) {
                    if (bArr3 == null) {
                        bArr3 = Arrays.copyOfRange(bArr, length2 + 1, length);
                    } else if (bArr2 == null) {
                        bArr2 = Arrays.copyOfRange(bArr, length2 + 1, length);
                    }
                    length = length2;
                }
            }
            if (bArr3 == null) {
                throw new AuthenticationException("Password must not be null");
            }
            if (bArr2 == null) {
                throw new AuthenticationException("Authentication ID must not be null");
            }
            this.username = new String(bArr2, StandardCharsets.UTF_8);
            this.password = new String(bArr3, StandardCharsets.UTF_8);
        }
    }

    @Override // com.github.cassandra.jdbc.internal.cassandra.auth.IAuthenticator
    public boolean requireAuthentication() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AuthenticatedUser authenticate(String str, String str2) throws AuthenticationException {
        try {
            if (BCrypt.checkpw(str2, this.cache.get(str))) {
                return new AuthenticatedUser(str);
            }
            throw new AuthenticationException("Username and/or password are incorrect");
        } catch (UncheckedExecutionException | ExecutionException e) {
            if (e.getCause() instanceof NoSuchCredentialsException) {
                throw new AuthenticationException("Username and/or password are incorrect");
            }
            if (!(e.getCause() instanceof RequestExecutionException)) {
                throw new RuntimeException(e);
            }
            logger.trace("Error performing internal authentication", (Throwable) e);
            throw new AuthenticationException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String queryHashedPassword(String str) throws NoSuchCredentialsException {
        try {
            ResultMessage.Rows mo203execute = (Schema.instance.getCFMetaData(AuthKeyspace.NAME, LEGACY_CREDENTIALS_TABLE) == null ? this.authenticateStatement : this.legacyAuthenticateStatement).mo203execute(QueryState.forInternalCalls(), QueryOptions.forInternalCalls(CassandraRoleManager.consistencyForRole(str), Lists.newArrayList(ByteBufferUtil.bytes(str))));
            if (mo203execute.result.isEmpty()) {
                throw new NoSuchCredentialsException();
            }
            UntypedResultSet create = UntypedResultSet.create(mo203execute.result);
            if (create.one().has(SALTED_HASH)) {
                return create.one().getString(SALTED_HASH);
            }
            throw new NoSuchCredentialsException();
        } catch (RequestExecutionException e) {
            logger.trace("Error performing internal authentication", (Throwable) e);
            throw e;
        }
    }

    @Override // com.github.cassandra.jdbc.internal.cassandra.auth.IAuthenticator
    public Set<DataResource> protectedResources() {
        return ImmutableSet.of(DataResource.table(AuthKeyspace.NAME, AuthKeyspace.ROLES));
    }

    @Override // com.github.cassandra.jdbc.internal.cassandra.auth.IAuthenticator
    public void validateConfiguration() throws ConfigurationException {
    }

    @Override // com.github.cassandra.jdbc.internal.cassandra.auth.IAuthenticator
    public void setup() {
        this.authenticateStatement = prepare(String.format("SELECT %s FROM %s.%s WHERE role = ?", SALTED_HASH, AuthKeyspace.NAME, AuthKeyspace.ROLES));
        if (Schema.instance.getCFMetaData(AuthKeyspace.NAME, LEGACY_CREDENTIALS_TABLE) != null) {
            this.legacyAuthenticateStatement = prepare(String.format("SELECT %s from %s.%s WHERE username = ?", SALTED_HASH, AuthKeyspace.NAME, LEGACY_CREDENTIALS_TABLE));
        }
        this.cache = new CredentialsCache();
    }

    @Override // com.github.cassandra.jdbc.internal.cassandra.auth.IAuthenticator
    public AuthenticatedUser legacyAuthenticate(Map<String, String> map) throws AuthenticationException {
        String str = map.get("username");
        if (str == null) {
            throw new AuthenticationException(String.format("Required key '%s' is missing", "username"));
        }
        String str2 = map.get(PASSWORD_KEY);
        if (str2 == null) {
            throw new AuthenticationException(String.format("Required key '%s' is missing", PASSWORD_KEY));
        }
        return authenticate(str, str2);
    }

    @Override // com.github.cassandra.jdbc.internal.cassandra.auth.IAuthenticator
    public IAuthenticator.SaslNegotiator newSaslNegotiator(InetAddress inetAddress) {
        return new PlainTextSaslAuthenticator();
    }

    private static SelectStatement prepare(String str) {
        return (SelectStatement) QueryProcessor.getStatement(str, ClientState.forInternalCalls()).statement;
    }
}
