package org.apache.accumulo.core.rpc;

import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import javax.security.auth.callback.CallbackHandler;
import org.apache.accumulo.core.client.impl.ClientConfConverter;
import org.apache.accumulo.core.client.impl.DelegationTokenImpl;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.client.security.tokens.KerberosToken;
import org.apache.accumulo.core.conf.AccumuloConfiguration;
import org.apache.accumulo.core.conf.ClientProperty;
import org.apache.accumulo.core.conf.Property;
import org.apache.commons.lang.builder.HashCodeBuilder;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/accumulo/core/rpc/SaslConnectionParams.class */
public class SaslConnectionParams {
    private static final Logger log = LoggerFactory.getLogger(SaslConnectionParams.class);
    private static String defaultRealm;
    protected String principal;
    protected QualityOfProtection qop;
    protected String kerberosServerPrimary;
    protected SaslMechanism mechanism;
    protected CallbackHandler callbackHandler;
    protected final Map<String, String> saslProperties;

    /* loaded from: input_file:org/apache/accumulo/core/rpc/SaslConnectionParams$QualityOfProtection.class */
    public enum QualityOfProtection {
        AUTH("auth"),
        AUTH_INT("auth-int"),
        AUTH_CONF("auth-conf");

        private final String quality;

        QualityOfProtection(String str) {
            this.quality = str;
        }

        public String getQuality() {
            return this.quality;
        }

        public static QualityOfProtection get(String str) {
            if (AUTH.quality.equals(str)) {
                return AUTH;
            }
            if (AUTH_INT.quality.equals(str)) {
                return AUTH_INT;
            }
            if (AUTH_CONF.quality.equals(str)) {
                return AUTH_CONF;
            }
            throw new IllegalArgumentException("No value for " + str);
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.quality;
        }
    }

    /* loaded from: input_file:org/apache/accumulo/core/rpc/SaslConnectionParams$SaslMechanism.class */
    public enum SaslMechanism {
        GSSAPI(ThriftUtil.GSSAPI),
        DIGEST_MD5(ThriftUtil.DIGEST_MD5);

        private final String mechanismName;

        SaslMechanism(String str) {
            this.mechanismName = str;
        }

        public String getMechanismName() {
            return this.mechanismName;
        }

        public static SaslMechanism get(String str) {
            if (GSSAPI.mechanismName.equals(str)) {
                return GSSAPI;
            }
            if (DIGEST_MD5.mechanismName.equals(str)) {
                return DIGEST_MD5;
            }
            throw new IllegalArgumentException("No value for " + str);
        }
    }

    public SaslConnectionParams(AccumuloConfiguration accumuloConfiguration, AuthenticationToken authenticationToken) {
        this(ClientConfConverter.toProperties(accumuloConfiguration), authenticationToken);
    }

    public SaslConnectionParams(Properties properties, AuthenticationToken authenticationToken) {
        Objects.requireNonNull(properties, "Properties was null");
        Objects.requireNonNull(authenticationToken, "AuthenticationToken was null");
        this.saslProperties = new HashMap();
        updatePrincipalFromUgi();
        updateFromConfiguration(properties);
        updateFromToken(authenticationToken);
    }

    public static SaslConnectionParams from(AccumuloConfiguration accumuloConfiguration, AuthenticationToken authenticationToken) {
        if (accumuloConfiguration.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) {
            return new SaslConnectionParams(accumuloConfiguration, authenticationToken);
        }
        return null;
    }

    protected void updateFromToken(AuthenticationToken authenticationToken) {
        if (authenticationToken instanceof KerberosToken) {
            this.mechanism = SaslMechanism.GSSAPI;
            this.callbackHandler = null;
        } else {
            if (!(authenticationToken instanceof DelegationTokenImpl)) {
                throw new IllegalArgumentException("Cannot determine SASL mechanism for token class: " + authenticationToken.getClass());
            }
            this.mechanism = SaslMechanism.DIGEST_MD5;
            this.callbackHandler = new SaslClientDigestCallbackHandler((DelegationTokenImpl) authenticationToken);
        }
    }

    protected void updatePrincipalFromUgi() {
        if (!UserGroupInformation.isSecurityEnabled()) {
            throw new RuntimeException("Cannot use SASL if Hadoop security is not enabled");
        }
        try {
            UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
            this.principal = currentUser.getUserName();
            if (null == this.principal) {
                throw new RuntimeException("Got null username from " + currentUser);
            }
        } catch (IOException e) {
            throw new RuntimeException("Failed to get current user", e);
        }
    }

    protected void updateFromConfiguration(Properties properties) {
        this.qop = QualityOfProtection.get(ClientProperty.SASL_QOP.getValue(properties));
        this.saslProperties.put("javax.security.sasl.qop", this.qop.getQuality());
        this.kerberosServerPrimary = ClientProperty.SASL_KERBEROS_SERVER_PRIMARY.getValue(properties);
    }

    public Map<String, String> getSaslProperties() {
        return Collections.unmodifiableMap(this.saslProperties);
    }

    public QualityOfProtection getQualityOfProtection() {
        return this.qop;
    }

    public String getKerberosServerPrimary() {
        return this.kerberosServerPrimary;
    }

    public String getPrincipal() {
        return this.principal;
    }

    public SaslMechanism getMechanism() {
        return this.mechanism;
    }

    public CallbackHandler getCallbackHandler() {
        return this.callbackHandler;
    }

    public int hashCode() {
        HashCodeBuilder hashCodeBuilder = new HashCodeBuilder(23, 29);
        hashCodeBuilder.append(this.kerberosServerPrimary).append(this.saslProperties).append(this.qop.hashCode()).append(this.principal).append(this.mechanism).append(this.callbackHandler);
        return hashCodeBuilder.toHashCode();
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof SaslConnectionParams)) {
            return false;
        }
        SaslConnectionParams saslConnectionParams = (SaslConnectionParams) obj;
        if (!this.kerberosServerPrimary.equals(saslConnectionParams.kerberosServerPrimary) || this.qop != saslConnectionParams.qop || !this.principal.equals(saslConnectionParams.principal) || !this.mechanism.equals(saslConnectionParams.mechanism)) {
            return false;
        }
        if (null == this.callbackHandler) {
            if (null != saslConnectionParams.callbackHandler) {
                return false;
            }
        } else if (!this.callbackHandler.equals(saslConnectionParams.callbackHandler)) {
            return false;
        }
        return this.saslProperties.equals(saslConnectionParams.saslProperties);
    }

    public String toString() {
        StringBuilder sb = new StringBuilder(64);
        sb.append("SaslConnectionParams[").append("kerberosServerPrimary=").append(this.kerberosServerPrimary).append(", qualityOfProtection=").append(this.qop);
        sb.append(", principal=").append(this.principal).append(", mechanism=").append(this.mechanism).append(", callbackHandler=").append(this.callbackHandler).append("]");
        return sb.toString();
    }

    public static String getDefaultRealm() {
        return defaultRealm;
    }

    static {
        try {
            defaultRealm = KerberosUtil.getDefaultRealm();
        } catch (Exception e) {
            log.debug("Kerberos krb5 configuration not found, setting default realm to empty");
            defaultRealm = "UNKNOWN";
        }
    }
}
