package org.apache.cassandra.auth;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import java.nio.ByteBuffer;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.apache.cassandra.concurrent.ScheduledExecutors;
import org.apache.cassandra.config.CFMetaData;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.config.KSMetaData;
import org.apache.cassandra.config.Schema;
import org.apache.cassandra.cql3.QueryOptions;
import org.apache.cassandra.cql3.QueryProcessor;
import org.apache.cassandra.cql3.UntypedResultSet;
import org.apache.cassandra.cql3.statements.CFStatement;
import org.apache.cassandra.cql3.statements.CreateTableStatement;
import org.apache.cassandra.cql3.statements.SelectStatement;
import org.apache.cassandra.db.ConsistencyLevel;
import org.apache.cassandra.exceptions.RequestExecutionException;
import org.apache.cassandra.exceptions.RequestValidationException;
import org.apache.cassandra.locator.SimpleStrategy;
import org.apache.cassandra.service.MigrationListener;
import org.apache.cassandra.service.MigrationManager;
import org.apache.cassandra.service.QueryState;
import org.apache.cassandra.utils.ByteBufferUtil;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/cassandra/auth/Auth.class */
public class Auth {
    private static final Logger logger;
    public static final String DEFAULT_SUPERUSER_NAME = "cassandra";
    public static final long SUPERUSER_SETUP_DELAY;
    public static final String AUTH_KS = "system_auth";
    public static final String USERS_CF = "users";
    private static final PermissionsCache permissionsCache;
    private static final String USERS_CF_SCHEMA;
    private static SelectStatement selectUserStatement;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:org/apache/cassandra/auth/Auth$AuthMigrationListener.class */
    public static class AuthMigrationListener extends MigrationListener {
        @Override // org.apache.cassandra.service.MigrationListener
        public void onDropKeyspace(String str) {
            DatabaseDescriptor.getAuthorizer().revokeAll(DataResource.keyspace(str));
        }

        @Override // org.apache.cassandra.service.MigrationListener
        public void onDropColumnFamily(String str, String str2) {
            DatabaseDescriptor.getAuthorizer().revokeAll(DataResource.columnFamily(str, str2));
        }
    }

    public static Set<Permission> getPermissions(AuthenticatedUser authenticatedUser, IResource iResource) {
        return permissionsCache.getPermissions(authenticatedUser, iResource);
    }

    public static boolean isExistingUser(String str) {
        return !selectUser(str).isEmpty();
    }

    public static boolean isSuperuser(String str) {
        UntypedResultSet selectUser = selectUser(str);
        return !selectUser.isEmpty() && selectUser.one().getBoolean("super");
    }

    public static void insertUser(String str, boolean z) throws RequestExecutionException {
        QueryProcessor.process(String.format("INSERT INTO %s.%s (name, super) VALUES ('%s', %s)", AUTH_KS, USERS_CF, escape(str), Boolean.valueOf(z)), consistencyForUser(str));
    }

    public static void deleteUser(String str) throws RequestExecutionException {
        QueryProcessor.process(String.format("DELETE FROM %s.%s WHERE name = '%s'", AUTH_KS, USERS_CF, escape(str)), consistencyForUser(str));
    }

    public static void setup() {
        if (DatabaseDescriptor.getAuthenticator() instanceof AllowAllAuthenticator) {
            return;
        }
        setupAuthKeyspace();
        setupTable(USERS_CF, USERS_CF_SCHEMA);
        DatabaseDescriptor.getAuthenticator().setup();
        DatabaseDescriptor.getAuthorizer().setup();
        MigrationManager.instance.register(new AuthMigrationListener());
        ScheduledExecutors.nonPeriodicTasks.schedule(new Runnable() { // from class: org.apache.cassandra.auth.Auth.1
            @Override // java.lang.Runnable
            public void run() {
                Auth.setupDefaultSuperuser();
            }
        }, SUPERUSER_SETUP_DELAY, TimeUnit.MILLISECONDS);
        try {
            selectUserStatement = (SelectStatement) QueryProcessor.parseStatement(String.format("SELECT * FROM %s.%s WHERE name = ?", AUTH_KS, USERS_CF)).prepare().statement;
        } catch (RequestValidationException e) {
            throw new AssertionError(e);
        }
    }

    private static ConsistencyLevel consistencyForUser(String str) {
        return str.equals("cassandra") ? ConsistencyLevel.QUORUM : ConsistencyLevel.LOCAL_ONE;
    }

    private static void setupAuthKeyspace() {
        if (Schema.instance.getKSMetaData(AUTH_KS) == null) {
            try {
                MigrationManager.announceNewKeyspace(KSMetaData.newKeyspace(AUTH_KS, SimpleStrategy.class.getName(), ImmutableMap.of("replication_factor", "1"), true), 0L, false);
            } catch (Exception e) {
                throw new AssertionError(e);
            }
        }
    }

    public static void setupTable(String str, String str2) {
        if (Schema.instance.getCFMetaData(AUTH_KS, str) == null) {
            try {
                CFStatement cFStatement = (CFStatement) QueryProcessor.parseStatement(str2);
                cFStatement.prepareKeyspace(AUTH_KS);
                CFMetaData copy = ((CreateTableStatement) cFStatement.prepare().statement).getCFMetaData().copy(CFMetaData.generateLegacyCfId(AUTH_KS, str));
                if (!$assertionsDisabled && !copy.cfName.equals(str)) {
                    throw new AssertionError();
                }
                MigrationManager.announceNewColumnFamily(copy);
            } catch (Exception e) {
                throw new AssertionError(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void setupDefaultSuperuser() {
        try {
            if (!hasExistingUsers()) {
                QueryProcessor.process(String.format("INSERT INTO %s.%s (name, super) VALUES ('%s', %s) USING TIMESTAMP 0", AUTH_KS, USERS_CF, "cassandra", true), ConsistencyLevel.ONE);
                logger.info("Created default superuser '{}'", "cassandra");
            }
        } catch (RequestExecutionException e) {
            logger.warn("Skipped default superuser setup: some nodes were not ready");
        }
    }

    private static boolean hasExistingUsers() throws RequestExecutionException {
        String format = String.format("SELECT * FROM %s.%s WHERE name = '%s'", AUTH_KS, USERS_CF, "cassandra");
        return (QueryProcessor.process(format, ConsistencyLevel.ONE).isEmpty() && QueryProcessor.process(format, ConsistencyLevel.QUORUM).isEmpty() && QueryProcessor.process(String.format("SELECT * FROM %s.%s LIMIT 1", AUTH_KS, USERS_CF), ConsistencyLevel.QUORUM).isEmpty()) ? false : true;
    }

    private static String escape(String str) {
        return StringUtils.replace(str, "'", "''");
    }

    private static UntypedResultSet selectUser(String str) {
        try {
            return UntypedResultSet.create(selectUserStatement.execute(QueryState.forInternalCalls(), QueryOptions.forInternalCalls(consistencyForUser(str), Lists.newArrayList(new ByteBuffer[]{ByteBufferUtil.bytes(str)}))).result);
        } catch (RequestExecutionException e) {
            throw new RuntimeException(e);
        } catch (RequestValidationException e2) {
            throw new AssertionError(e2);
        }
    }

    static {
        $assertionsDisabled = !Auth.class.desiredAssertionStatus();
        logger = LoggerFactory.getLogger(Auth.class);
        SUPERUSER_SETUP_DELAY = Long.getLong("cassandra.superuser_setup_delay_ms", 10000L).longValue();
        permissionsCache = new PermissionsCache(DatabaseDescriptor.getPermissionsValidity(), DatabaseDescriptor.getPermissionsUpdateInterval(), DatabaseDescriptor.getPermissionsCacheMaxEntries(), DatabaseDescriptor.getAuthorizer());
        USERS_CF_SCHEMA = String.format("CREATE TABLE %s.%s (name text,super boolean,PRIMARY KEY(name)) WITH gc_grace_seconds=%d", AUTH_KS, USERS_CF, 7776000);
    }
}
