package org.apache.accumulo.server.security;

import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.clientImpl.Credentials;
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.core.conf.SiteConfiguration;
import org.apache.accumulo.core.data.InstanceId;
import org.apache.accumulo.core.securityImpl.thrift.TCredentials;
import org.apache.commons.codec.digest.Crypt;

/* loaded from: input_file:org/apache/accumulo/server/security/SystemCredentials.class */
public final class SystemCredentials extends Credentials {
    private static final String SYSTEM_PRINCIPAL = "!SYSTEM";
    private final TCredentials AS_THRIFT;

    /* loaded from: input_file:org/apache/accumulo/server/security/SystemCredentials$SystemToken.class */
    public static final class SystemToken extends PasswordToken {
        static final int INTERNAL_WIRE_VERSION = 5;
        static final String SALT_PREFIX = "$6$";
        private static final String SALT_SUFFIX = "$";

        public SystemToken() {
        }

        private SystemToken(byte[] bArr) {
            super(bArr);
        }

        private static String hashInstanceConfigs(InstanceId instanceId, SiteConfiguration siteConfiguration) {
            String num = Integer.toString(5);
            StringBuilder append = new StringBuilder(num).append("\t").append(instanceId).append("\t");
            siteConfiguration.forEach(entry -> {
                String str = (String) entry.getKey();
                String str2 = (String) entry.getValue();
                if (str.startsWith(Property.INSTANCE_PREFIX.toString())) {
                    append.append(str).append("=").append(str2).append("\t");
                }
            });
            return Crypt.crypt(append.toString(), "$6$" + num + "$");
        }

        private static SystemToken generate(InstanceId instanceId, SiteConfiguration siteConfiguration) {
            byte[] bytes = instanceId.canonical().getBytes(StandardCharsets.UTF_8);
            byte[] bytes2 = hashInstanceConfigs(instanceId, siteConfiguration).getBytes(StandardCharsets.UTF_8);
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(12 + bytes.length + bytes2.length);
                try {
                    DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
                    try {
                        dataOutputStream.write(5 * (-1));
                        dataOutputStream.write(bytes.length);
                        dataOutputStream.write(bytes);
                        dataOutputStream.write(bytes2.length);
                        dataOutputStream.write(bytes2);
                        SystemToken systemToken = new SystemToken(Base64.getEncoder().encode(byteArrayOutputStream.toByteArray()));
                        dataOutputStream.close();
                        byteArrayOutputStream.close();
                        return systemToken;
                    } catch (Throwable th) {
                        try {
                            dataOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } finally {
                }
            } catch (IOException e) {
                throw new AssertionError("byte array output stream somehow did the impossible", e);
            }
        }
    }

    public SystemCredentials(InstanceId instanceId, String str, AuthenticationToken authenticationToken) {
        super(str, authenticationToken);
        this.AS_THRIFT = super.toThrift(instanceId);
    }

    public static SystemCredentials get(InstanceId instanceId, SiteConfiguration siteConfiguration) {
        String str = SYSTEM_PRINCIPAL;
        if (siteConfiguration.getBoolean(Property.INSTANCE_RPC_SASL_ENABLED)) {
            str = SecurityUtil.getServerPrincipal(siteConfiguration.get(Property.GENERAL_KERBEROS_PRINCIPAL));
        }
        return new SystemCredentials(instanceId, str, SystemToken.generate(instanceId, siteConfiguration));
    }

    public TCredentials toThrift(InstanceId instanceId) {
        if (this.AS_THRIFT.getInstanceId().equals(instanceId.canonical())) {
            return this.AS_THRIFT;
        }
        throw new IllegalArgumentException("Unexpected instance used for " + SystemCredentials.class.getSimpleName() + ": " + instanceId);
    }
}
