package org.apache.giraph.comm.netty;

import java.io.IOException;
import java.nio.charset.Charset;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.commons.net.util.Base64;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.ipc.StandbyException;
import org.apache.hadoop.mapreduce.security.token.JobTokenIdentifier;
import org.apache.hadoop.mapreduce.security.token.JobTokenSecretManager;
import org.apache.hadoop.security.SaslPropertiesResolver;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/apache/giraph/comm/netty/SaslNettyServer.class */
public class SaslNettyServer extends SaslRpcServer {
    public static final Logger LOG = Logger.getLogger(SaslNettyServer.class);
    private SaslServer saslServer;

    @InterfaceStability.Evolving
    /* loaded from: input_file:org/apache/giraph/comm/netty/SaslNettyServer$SaslDigestCallbackHandler.class */
    public static class SaslDigestCallbackHandler implements CallbackHandler {
        private JobTokenSecretManager secretManager;

        public SaslDigestCallbackHandler(JobTokenSecretManager jobTokenSecretManager) {
            if (SaslNettyServer.LOG.isDebugEnabled()) {
                SaslNettyServer.LOG.debug("SaslDigestCallback: Creating SaslDigestCallback handler with secret manager: " + jobTokenSecretManager);
            }
            this.secretManager = jobTokenSecretManager;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            NameCallback nameCallback = null;
            PasswordCallback passwordCallback = null;
            AuthorizeCallback authorizeCallback = null;
            for (Callback callback : callbackArr) {
                if (callback instanceof AuthorizeCallback) {
                    authorizeCallback = (AuthorizeCallback) callback;
                } else if (callback instanceof NameCallback) {
                    nameCallback = (NameCallback) callback;
                } else if (callback instanceof PasswordCallback) {
                    passwordCallback = (PasswordCallback) callback;
                } else if (!(callback instanceof RealmCallback)) {
                    throw new UnsupportedCallbackException(callback, "handle: Unrecognized SASL DIGEST-MD5 Callback");
                }
            }
            if (passwordCallback != null) {
                JobTokenIdentifier identifier = SaslRpcServer.getIdentifier(nameCallback.getDefaultName(), this.secretManager);
                char[] encodePassword = SaslNettyServer.encodePassword(this.secretManager.retrievePassword(identifier));
                if (SaslNettyServer.LOG.isDebugEnabled()) {
                    SaslNettyServer.LOG.debug("handle: SASL server DIGEST-MD5 callback: setting password for client: " + identifier.getUser());
                }
                passwordCallback.setPassword(encodePassword);
            }
            if (authorizeCallback != null) {
                String authenticationID = authorizeCallback.getAuthenticationID();
                String authorizationID = authorizeCallback.getAuthorizationID();
                if (authenticationID.equals(authorizationID)) {
                    authorizeCallback.setAuthorized(true);
                } else {
                    authorizeCallback.setAuthorized(false);
                }
                if (authorizeCallback.isAuthorized()) {
                    if (SaslNettyServer.LOG.isDebugEnabled()) {
                        String userName = SaslRpcServer.getIdentifier(authorizationID, this.secretManager).getUser().getUserName();
                        if (SaslNettyServer.LOG.isDebugEnabled()) {
                            SaslNettyServer.LOG.debug("handle: SASL server DIGEST-MD5 callback: setting canonicalized client ID: " + userName);
                        }
                    }
                    authorizeCallback.setAuthorizedID(authorizationID);
                }
            }
        }
    }

    public SaslNettyServer(JobTokenSecretManager jobTokenSecretManager) throws IOException {
        this(jobTokenSecretManager, SaslRpcServer.AuthMethod.SIMPLE);
    }

    public SaslNettyServer(JobTokenSecretManager jobTokenSecretManager, SaslRpcServer.AuthMethod authMethod) throws IOException {
        super(authMethod);
        if (LOG.isDebugEnabled()) {
            LOG.debug("SaslNettyServer: Secret manager is: " + jobTokenSecretManager + " with authmethod " + authMethod);
        }
        try {
            jobTokenSecretManager.checkAvailableForRead();
        } catch (StandbyException e) {
            LOG.error("SaslNettyServer: Could not read secret manager: " + e);
        }
        try {
            this.saslServer = Sasl.createSaslServer(SaslRpcServer.AuthMethod.DIGEST.getMechanismName(), (String) null, "default", SaslPropertiesResolver.getInstance(new Configuration()).getDefaultProperties(), new SaslDigestCallbackHandler(jobTokenSecretManager));
        } catch (SaslException e2) {
            LOG.error("SaslNettyServer: Could not create SaslServer: " + e2);
        }
    }

    public boolean isComplete() {
        return this.saslServer.isComplete();
    }

    public String getUserName() {
        return this.saslServer.getAuthorizationID();
    }

    public byte[] response(byte[] bArr) {
        try {
            if (LOG.isDebugEnabled()) {
                LOG.debug("response: Responding to input token of length: " + bArr.length);
            }
            byte[] evaluateResponse = this.saslServer.evaluateResponse(bArr);
            if (LOG.isDebugEnabled()) {
                LOG.debug("response: Response token length: " + evaluateResponse.length);
            }
            return evaluateResponse;
        } catch (SaslException e) {
            LOG.error("response: Failed to evaluate client token of length: " + bArr.length + " : " + e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String encodeIdentifier(byte[] bArr) {
        return new String(Base64.encodeBase64(bArr), Charset.defaultCharset());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static char[] encodePassword(byte[] bArr) {
        return new String(Base64.encodeBase64(bArr), Charset.defaultCharset()).toCharArray();
    }
}
