package org.apache.giraph.comm.netty;

import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.RealmChoiceCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.apache.giraph.comm.requests.SaslTokenMessageRequest;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.mapred.JobConf;
import org.apache.hadoop.mapreduce.security.TokenCache;
import org.apache.hadoop.mapreduce.security.token.JobTokenIdentifier;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/apache/giraph/comm/netty/SaslNettyClient.class */
public class SaslNettyClient {
    public static final Logger LOG = Logger.getLogger(SaslNettyClient.class);
    private Object authenticated = new Object();
    private SaslClient saslClient;

    /* loaded from: input_file:org/apache/giraph/comm/netty/SaslNettyClient$SaslClientCallbackHandler.class */
    private static class SaslClientCallbackHandler implements CallbackHandler {
        private final String userName;
        private final char[] userPassword;

        public SaslClientCallbackHandler(Token<? extends TokenIdentifier> token) {
            this.userName = SaslNettyServer.encodeIdentifier(token.getIdentifier());
            this.userPassword = SaslNettyServer.encodePassword(token.getPassword());
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
            NameCallback nameCallback = null;
            PasswordCallback passwordCallback = null;
            RealmCallback realmCallback = null;
            for (Callback callback : callbackArr) {
                if (!(callback instanceof RealmChoiceCallback)) {
                    if (callback instanceof NameCallback) {
                        nameCallback = (NameCallback) callback;
                    } else if (callback instanceof PasswordCallback) {
                        passwordCallback = (PasswordCallback) callback;
                    } else {
                        if (!(callback instanceof RealmCallback)) {
                            throw new UnsupportedCallbackException(callback, "handle: Unrecognized SASL client callback");
                        }
                        realmCallback = (RealmCallback) callback;
                    }
                }
            }
            if (nameCallback != null) {
                if (SaslNettyClient.LOG.isDebugEnabled()) {
                    SaslNettyClient.LOG.debug("handle: SASL client callback: setting username: " + this.userName);
                }
                nameCallback.setName(this.userName);
            }
            if (passwordCallback != null) {
                if (SaslNettyClient.LOG.isDebugEnabled()) {
                    SaslNettyClient.LOG.debug("handle: SASL client callback: setting userPassword");
                }
                passwordCallback.setPassword(this.userPassword);
            }
            if (realmCallback != null) {
                if (SaslNettyClient.LOG.isDebugEnabled()) {
                    SaslNettyClient.LOG.debug("handle: SASL client callback: setting realm: " + realmCallback.getDefaultText());
                }
                realmCallback.setText(realmCallback.getDefaultText());
            }
        }
    }

    public SaslNettyClient() {
        try {
            Token<JobTokenIdentifier> createJobToken = createJobToken(new Configuration());
            if (LOG.isDebugEnabled()) {
                LOG.debug("SaslNettyClient: Creating SASL " + SaslRpcServer.AuthMethod.DIGEST.getMechanismName() + " client to authenticate to service at " + createJobToken.getService());
            }
            this.saslClient = Sasl.createSaslClient(new String[]{SaslRpcServer.AuthMethod.DIGEST.getMechanismName()}, (String) null, (String) null, "default", SaslRpcServer.SASL_PROPS, new SaslClientCallbackHandler(createJobToken));
        } catch (IOException e) {
            LOG.error("SaslNettyClient: Could not obtain job token for Netty Client to use to authenticate with a Netty Server.");
            this.saslClient = null;
        }
    }

    public Object getAuthenticated() {
        return this.authenticated;
    }

    private Token<JobTokenIdentifier> createJobToken(Configuration configuration) throws IOException {
        String str = System.getenv().get("HADOOP_TOKEN_FILE_LOCATION");
        if (str != null) {
            return TokenCache.getJobToken(TokenCache.loadTokens(str, new JobConf(configuration)));
        }
        throw new IOException("createJobToken: Cannot obtain authentication credentials for job: file: 'HADOOP_TOKEN_FILE_LOCATION' not found");
    }

    public SaslTokenMessageRequest firstToken() throws IOException {
        byte[] bArr = new byte[0];
        if (this.saslClient.hasInitialResponse()) {
            bArr = this.saslClient.evaluateChallenge(bArr);
        }
        SaslTokenMessageRequest saslTokenMessageRequest = new SaslTokenMessageRequest();
        saslTokenMessageRequest.setSaslToken(bArr);
        return saslTokenMessageRequest;
    }

    public boolean isComplete() {
        return this.saslClient.isComplete();
    }

    public byte[] saslResponse(SaslTokenMessageRequest saslTokenMessageRequest) {
        try {
            return this.saslClient.evaluateChallenge(saslTokenMessageRequest.getSaslToken());
        } catch (SaslException e) {
            LOG.error("saslResponse: Failed to respond to SASL server's token:", e);
            return null;
        }
    }
}
