package com.datastax.oss.dsbulk.workflow.commons.auth;

import com.datastax.dse.driver.api.core.auth.DseGssApiAuthProviderBase;
import com.datastax.oss.driver.api.core.auth.AuthProvider;
import com.datastax.oss.driver.api.core.auth.ProgrammaticPlainTextAuthProvider;
import com.datastax.oss.driver.shaded.guava.common.annotations.VisibleForTesting;
import com.datastax.oss.driver.shaded.guava.common.collect.ImmutableMap;
import com.datastax.oss.dsbulk.config.ConfigUtils;
import com.datastax.oss.dsbulk.io.IOUtils;
import com.typesafe.config.Config;
import edu.umd.cs.findbugs.annotations.Nullable;
import java.lang.reflect.Method;
import java.nio.file.Path;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/datastax/oss/dsbulk/workflow/commons/auth/AuthProviderFactory.class */
public class AuthProviderFactory {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) AuthProviderFactory.class);

    @VisibleForTesting
    /* loaded from: input_file:com/datastax/oss/dsbulk/workflow/commons/auth/AuthProviderFactory$KeyTabConfiguration.class */
    public static class KeyTabConfiguration extends Configuration {
        private final String principal;
        private final String keyTab;

        KeyTabConfiguration(String str, String str2) {
            this.principal = str;
            this.keyTab = str2;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            return new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, ImmutableMap.builder().put("principal", this.principal).put("useKeyTab", "true").put("refreshKrb5Config", "true").put("keyTab", this.keyTab).build())};
        }
    }

    @VisibleForTesting
    /* loaded from: input_file:com/datastax/oss/dsbulk/workflow/commons/auth/AuthProviderFactory$TicketCacheConfiguration.class */
    public static class TicketCacheConfiguration extends Configuration {
        private final String principal;

        TicketCacheConfiguration(String str) {
            this.principal = str;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            ImmutableMap.Builder put = ImmutableMap.builder().put("useTicketCache", "true").put("refreshKrb5Config", "true").put("renewTGT", "true");
            if (this.principal != null) {
                put.put("principal", this.principal);
            }
            return new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, put.build())};
        }
    }

    @Nullable
    public static AuthProvider createAuthProvider(Config config) {
        String string = config.getString("provider");
        if (string.equals("None") && config.hasPath("username") && config.hasPath("password")) {
            LOGGER.info("Username and password provided but auth provider not specified, inferring PlainTextAuthProvider");
            string = "PlainTextAuthProvider";
        }
        if (string.equals("None")) {
            return null;
        }
        String string2 = config.hasPath("authorizationId") ? config.getString("authorizationId") : "";
        String lowerCase = string.toLowerCase();
        boolean z = -1;
        switch (lowerCase.hashCode()) {
            case -1891175654:
                if (lowerCase.equals("dseplaintextauthprovider")) {
                    z = true;
                    break;
                }
                break;
            case -1214207216:
                if (lowerCase.equals("plaintextauthprovider")) {
                    z = false;
                    break;
                }
                break;
            case 522846978:
                if (lowerCase.equals("dsegssapiauthprovider")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return createPlainTextAuthProvider(config, string, string2);
            case true:
                LOGGER.warn("The DsePlainTextAuthProvider is deprecated. Please use PlainTextAuthProvider instead.");
                return createPlainTextAuthProvider(config, string, string2);
            case true:
                return createGssApiAuthProvider(config, string, string2);
            default:
                throw new IllegalArgumentException(String.format("Invalid value for dsbulk.driver.auth.provider, expecting one of PlainTextAuthProvider, DsePlainTextAuthProvider, or DseGSSAPIAuthProvider, got: '%s'", string));
        }
    }

    private static AuthProvider createPlainTextAuthProvider(Config config, String str, String str2) {
        checkHasCredentials(config, str);
        return new ProgrammaticPlainTextAuthProvider(config.getString("username"), config.getString("password"), str2);
    }

    private static AuthProvider createGssApiAuthProvider(Config config, String str, String str2) {
        if (!config.hasPath("saslService")) {
            throw new IllegalArgumentException(String.format("dsbulk.driver.auth.saslService must be provided with %s. dsbulk.driver.auth.principal, dsbulk.driver.auth.keyTab, and dsbulk.driver.auth.authorizationId are optional.", str));
        }
        String string = config.getString("saslService");
        String str3 = null;
        if (config.hasPath("principal")) {
            str3 = config.getString("principal");
        }
        Path path = null;
        if (config.hasPath("keyTab")) {
            path = ConfigUtils.getPath(config, "keyTab");
            IOUtils.assertAccessibleFile(path, "Keytab file");
            if (str3 == null) {
                try {
                    Class<?> cls = Class.forName("sun.security.krb5.internal.ktab.KeyTab");
                    Class<?> cls2 = Class.forName("sun.security.krb5.internal.ktab.KeyTabEntry");
                    Class<?> cls3 = Class.forName("sun.security.krb5.PrincipalName");
                    Method method = cls.getMethod("getInstance", String.class);
                    Method method2 = cls.getMethod("getEntries", new Class[0]);
                    Method method3 = cls2.getMethod("getService", new Class[0]);
                    Method method4 = cls3.getMethod("getName", new Class[0]);
                    Object[] objArr = (Object[]) method2.invoke(method.invoke(null, path.toString()), new Object[0]);
                    if (objArr.length <= 0) {
                        throw new IllegalArgumentException(String.format("Could not find any principals in %s", path));
                    }
                    str3 = (String) method4.invoke(method3.invoke(objArr[0], new Object[0]), new Object[0]);
                    LOGGER.debug("Found Kerberos principal {} in {}", str3, path);
                } catch (Exception e) {
                    throw new IllegalArgumentException(String.format("Could not find any principals in %s", path), e);
                }
            }
        }
        return new BulkGssApiAuthProvider(DseGssApiAuthProviderBase.GssApiOptions.builder().withLoginConfiguration(path != null ? new KeyTabConfiguration(str3, path.toString()) : new TicketCacheConfiguration(str3)).withAuthorizationId(str2).withSaslProtocol(string).build());
    }

    private static void checkHasCredentials(Config config, String str) {
        if (!config.hasPath("username") || !config.hasPath("password")) {
            throw new IllegalArgumentException("Both dsbulk.driver.auth.username and dsbulk.driver.auth.password must be provided with " + str);
        }
    }
}
