package com.datastax.driver.dse.graph;

import com.datastax.driver.core.AuthProvider;
import com.datastax.driver.core.CCMBridge;
import com.datastax.driver.core.TestUtils;
import com.datastax.driver.core.utils.DseVersion;
import com.datastax.driver.dse.DseCluster;
import com.datastax.driver.dse.DseSession;
import com.datastax.driver.dse.auth.DseGSSAPIAuthProvider;
import com.datastax.driver.dse.auth.DsePlainTextAuthProvider;
import com.datastax.driver.dse.auth.EmbeddedADS;
import com.datastax.driver.dse.auth.KerberosUtils;
import java.io.File;
import java.lang.reflect.Method;
import org.assertj.core.api.Assertions;
import org.testng.annotations.AfterClass;
import org.testng.annotations.Test;

@DseVersion("5.1.0")
/* loaded from: input_file:com/datastax/driver/dse/graph/GraphProxyAuthenticationTest.class */
public class GraphProxyAuthenticationTest extends CCMGraphTestsSupport {
    private static final String realm = "DATASTAX.COM";
    private static final String address = TestUtils.IP_PREFIX + "1";
    private final EmbeddedADS adsServer = EmbeddedADS.builder().withKerberos().withRealm(realm).withAddress(address).build();
    private final String dsePrincipal = "dse/" + this.adsServer.getHostname() + "@" + realm;
    private final String bobPrincipal = "bob@DATASTAX.COM";
    private final String charliePrincipal = "charlie@DATASTAX.COM";
    private File dseKeytab;
    private File bobKeytab;
    private File charlieKeytab;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.datastax.driver.core.CCMTestsSupport
    public void initTestContext(Object obj, Method method) throws Exception {
        setupKDC();
        super.initTestContext(obj, method);
    }

    void setupKDC() throws Exception {
        if (this.adsServer.isStarted()) {
            return;
        }
        this.adsServer.start();
        this.dseKeytab = this.adsServer.addUserAndCreateKeytab("dse", "dse", this.dsePrincipal);
        this.bobKeytab = this.adsServer.addUserAndCreateKeytab("bob", "bob", "bob@DATASTAX.COM");
        this.charlieKeytab = this.adsServer.addUserAndCreateKeytab("charlie", "charlie", "charlie@DATASTAX.COM");
    }

    @AfterClass(groups = {"long"}, alwaysRun = true)
    public void teardownKDC() throws Exception {
        this.adsServer.stop();
    }

    @Override // com.datastax.driver.dse.graph.CCMGraphTestsSupport, com.datastax.driver.core.CCMTestsSupport
    public void onTestContextInitialized() {
        super.onTestContextInitialized();
        executeGraph(GraphFixtures.modern);
        execute("CREATE ROLE IF NOT EXISTS guser WITH PASSWORD = 'guser' AND LOGIN = FALSE", "CREATE ROLE IF NOT EXISTS ben WITH PASSWORD = 'ben' AND LOGIN = TRUE", "CREATE ROLE IF NOT EXISTS 'bob@DATASTAX.COM' WITH LOGIN = TRUE", "CREATE ROLE IF NOT EXISTS 'charlie@DATASTAX.COM' WITH PASSWORD = 'charlie' AND LOGIN = TRUE", "CREATE ROLE IF NOT EXISTS steve WITH PASSWORD = 'steve' AND LOGIN = TRUE", String.format("GRANT ALL ON KEYSPACE %s TO guser", graphName()), String.format("GRANT ALL ON KEYSPACE %s_pvt TO guser", graphName()), String.format("GRANT ALL ON KEYSPACE %s_system TO guser", graphName()), "GRANT EXECUTE ON ALL AUTHENTICATION SCHEMES TO 'ben'", "GRANT EXECUTE ON ALL AUTHENTICATION SCHEMES TO 'bob@DATASTAX.COM'", "GRANT EXECUTE ON ALL AUTHENTICATION SCHEMES TO 'steve'", "GRANT EXECUTE ON ALL AUTHENTICATION SCHEMES TO 'charlie@DATASTAX.COM'", "GRANT PROXY.LOGIN ON ROLE 'guser' TO 'ben'", "GRANT PROXY.LOGIN ON ROLE 'guser' TO 'bob@DATASTAX.COM'", "GRANT PROXY.EXECUTE ON ROLE 'guser' TO 'steve'", "GRANT PROXY.EXECUTE ON ROLE 'guser' TO 'charlie@DATASTAX.COM'");
    }

    @Override // com.datastax.driver.dse.graph.CCMGraphTestsSupport
    public CCMBridge.Builder configureCCM() {
        return super.configureCCM().withCassandraConfiguration("authorizer", "com.datastax.bdp.cassandra.auth.DseAuthorizer").withCassandraConfiguration("authenticator", "com.datastax.bdp.cassandra.auth.DseAuthenticator").withDSEConfiguration("authentication_options:\n  enabled: true\n  default_scheme: kerberos\n  other_schemes:\n    - internal").withDSEConfiguration("authorization_options.enabled", true).withDSEConfiguration("kerberos_options.keytab", this.dseKeytab.getAbsolutePath()).withDSEConfiguration("kerberos_options.service_principal", "dse/_HOST@DATASTAX.COM").withDSEConfiguration("kerberos_options.qop", "auth").withJvmArgs("-Dcassandra.superuser_setup_delay_ms=0", "-Djava.security.krb5.conf=" + this.adsServer.getKrb5Conf().getAbsolutePath());
    }

    @Override // com.datastax.driver.dse.graph.CCMGraphTestsSupport, com.datastax.driver.dse.CCMDseTestsSupport, com.datastax.driver.core.CCMTestsSupport
    /* renamed from: createClusterBuilder */
    public DseCluster.Builder mo15createClusterBuilder() {
        return super.mo15createClusterBuilder().withAuthProvider(new DsePlainTextAuthProvider("cassandra", "cassandra"));
    }

    @Test(groups = {"long"})
    public void should_make_traversal_using_plain_text_with_proxy_authentication() {
        query(new DsePlainTextAuthProvider("ben", "ben", "guser"));
    }

    @Test(groups = {"long"})
    public void should_make_traversal_using_plain_text_with_proxy_execution() {
        queryWithExecuteAs(new DsePlainTextAuthProvider("steve", "steve"));
    }

    @Test(groups = {"long"})
    public void should_make_traversal_using_kerberos_with_proxy_authentication() {
        query(DseGSSAPIAuthProvider.builder().withLoginConfiguration(KerberosUtils.keytabClient(this.bobKeytab, "bob@DATASTAX.COM")).withAuthorizationId("guser").build());
    }

    @Test(groups = {"long"})
    public void should_make_traversal_using_kerberos_with_proxy_execution() {
        queryWithExecuteAs(DseGSSAPIAuthProvider.builder().withLoginConfiguration(KerberosUtils.keytabClient(this.charlieKeytab, "charlie@DATASTAX.COM")).build());
    }

    private void query(AuthProvider authProvider) {
        query(authProvider, false);
    }

    private void queryWithExecuteAs(AuthProvider authProvider) {
        query(authProvider, true);
    }

    private void query(AuthProvider authProvider, boolean z) {
        DseCluster build = super.mo15createClusterBuilder().addContactPointsWithPorts(getContactPointsWithPorts()).withGraphOptions(new GraphOptions().setGraphName(graphName())).withAuthProvider(authProvider).build();
        try {
            DseSession connect = build.connect();
            GraphStatement simpleGraphStatement = new SimpleGraphStatement("g.V().count()");
            if (z) {
                simpleGraphStatement = simpleGraphStatement.executingAs("guser");
            }
            Assertions.assertThat(connect.executeGraph(simpleGraphStatement).one().asInt()).isEqualTo(6);
            build.close();
        } catch (Throwable th) {
            build.close();
            throw th;
        }
    }
}
