package oadd.org.apache.drill.exec.rpc.user.security;

import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import com.bettercloud.vault.response.LookupResponse;
import java.io.IOException;
import java.util.Objects;
import oadd.org.apache.drill.common.config.DrillConfig;
import oadd.org.apache.drill.exec.exception.DrillbitStartupException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@UserAuthenticatorTemplate(type = "vault")
/* loaded from: input_file:oadd/org/apache/drill/exec/rpc/user/security/VaultUserAuthenticator.class */
public class VaultUserAuthenticator implements UserAuthenticator {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) VaultUserAuthenticator.class);
    public static final String VAULT_ADDRESS = "drill.exec.security.user.auth.vault.address";
    public static final String VAULT_AUTH_METHOD = "drill.exec.security.user.auth.vault.method";
    private VaultConfig vaultConfig;
    private Vault vault;
    private VaultAuthMethod authMethod;

    /* loaded from: input_file:oadd/org/apache/drill/exec/rpc/user/security/VaultUserAuthenticator$VaultAuthMethod.class */
    public enum VaultAuthMethod {
        APP_ROLE,
        LDAP,
        USER_PASS,
        VAULT_TOKEN
    }

    @Override // oadd.org.apache.drill.exec.rpc.user.security.UserAuthenticator
    public void setup(DrillConfig drillConfig) throws DrillbitStartupException {
        String str = (String) Objects.requireNonNull(drillConfig.getString(VAULT_ADDRESS), String.format("Vault address BOOT option is not specified. Please set [%s] config option.", VAULT_ADDRESS));
        this.authMethod = VaultAuthMethod.valueOf((String) Objects.requireNonNull(drillConfig.getString(VAULT_AUTH_METHOD), String.format("Vault auth method is not specified. Please set [%s] config option.", VAULT_AUTH_METHOD)));
        VaultConfig address = new VaultConfig().address(str);
        try {
            logger.debug("Tries to init a Vault client with Vault addr = {}, auth method = {}", str, this.authMethod);
            this.vaultConfig = address.build();
            this.vault = new Vault(this.vaultConfig);
        } catch (VaultException e) {
            logger.error(String.join(System.lineSeparator(), "Error initialising the Vault client library using configuration: ", "\tvaultAddress: {}", "\tauthMethod: {}"), str, this.authMethod, e);
            throw new DrillbitStartupException("Error initialising the Vault client library: " + e.getMessage(), e);
        }
    }

    @Override // oadd.org.apache.drill.exec.rpc.user.security.UserAuthenticator
    public void authenticate(String str, String str2) throws UserAuthenticationException {
        try {
            logger.debug("Tries to authenticate user {} using {}", str, this.authMethod);
            switch (this.authMethod) {
                case APP_ROLE:
                    this.vault.auth().loginByAppRole(str, str2);
                    break;
                case LDAP:
                    this.vault.auth().loginByLDAP(str, str2);
                    break;
                case USER_PASS:
                    this.vault.auth().loginByUserPass(str, str2);
                    break;
                case VAULT_TOKEN:
                    LookupResponse lookupSelf = new Vault(new VaultConfig().address(this.vaultConfig.getAddress()).token(str2).build()).auth().lookupSelf();
                    if (!lookupSelf.getPath().endsWith("/" + str)) {
                        throw new UserAuthenticationException(String.format("Attempted to authenticate user %s with a Vault token that is  valid but has path %s!", str, lookupSelf.getPath()));
                    }
                    break;
                default:
                    throw new UserAuthenticationException(String.format("The Vault authentication method '%s' is not supported", this.authMethod));
            }
            logger.info("User {} authenticated against Vault successfully.", str);
        } catch (VaultException e) {
            logger.warn("Failed to authenticate user {} using {}: {}.", str, this.authMethod, e);
            throw new UserAuthenticationException(String.format("Failed to authenticate user %s using %s: %s", str, this.authMethod, e.getMessage()));
        }
    }

    @Override // oadd.org.apache.drill.exec.rpc.user.security.UserAuthenticator, java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        this.vault = null;
        logger.debug("Has been closed.");
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        VaultUserAuthenticator vaultUserAuthenticator = (VaultUserAuthenticator) obj;
        return Objects.equals(this.vaultConfig, vaultUserAuthenticator.vaultConfig) && Objects.equals(this.vault, vaultUserAuthenticator.vault) && this.authMethod == vaultUserAuthenticator.authMethod;
    }

    public int hashCode() {
        return Objects.hash(this.vaultConfig, this.vault, this.authMethod);
    }
}
