package org.apache.kudu.client;

import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.RealmChoiceCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.apache.kudu.annotations.InterfaceAudience;
import org.apache.kudu.client.shaded.com.google.common.base.Preconditions;
import org.apache.kudu.client.shaded.com.google.common.collect.ImmutableSet;
import org.apache.kudu.client.shaded.com.google.protobuf.ZeroCopyLiteralByteString;
import org.apache.kudu.client.shaded.org.jboss.netty.buffer.ChannelBuffer;
import org.apache.kudu.client.shaded.org.jboss.netty.buffer.ChannelBuffers;
import org.apache.kudu.client.shaded.org.jboss.netty.channel.Channel;
import org.apache.kudu.client.shaded.org.jboss.netty.channel.Channels;
import org.apache.kudu.rpc.RpcHeader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/kudu/client/SecureRpcHelper.class */
public class SecureRpcHelper {
    private final TabletClient client;
    private SaslClient saslClient;
    public static final String SASL_DEFAULT_REALM = "default";
    private static final int SASL_CALL_ID = -33;
    private volatile boolean negoUnderway = true;
    private boolean useWrap = false;
    private Set<RpcHeader.RpcFeatureFlag> serverFeatures;
    public static final String USER_AND_PASSWORD = "java_client";
    public static final Logger LOG = LoggerFactory.getLogger(TabletClient.class);
    public static final Map<String, String> SASL_PROPS = new TreeMap();
    private static final Set<RpcHeader.RpcFeatureFlag> SUPPORTED_RPC_FEATURES = ImmutableSet.of(RpcHeader.RpcFeatureFlag.APPLICATION_FEATURE_FLAGS);

    /* loaded from: input_file:org/apache/kudu/client/SecureRpcHelper$SaslClientCallbackHandler.class */
    private static class SaslClientCallbackHandler implements CallbackHandler {
        private final String userName;
        private final char[] userPassword;

        public SaslClientCallbackHandler(String str, String str2) {
            this.userName = str;
            this.userPassword = str2.toCharArray();
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
            NameCallback nameCallback = null;
            PasswordCallback passwordCallback = null;
            RealmCallback realmCallback = null;
            for (Callback callback : callbackArr) {
                if (!(callback instanceof RealmChoiceCallback)) {
                    if (callback instanceof NameCallback) {
                        nameCallback = (NameCallback) callback;
                    } else if (callback instanceof PasswordCallback) {
                        passwordCallback = (PasswordCallback) callback;
                    } else {
                        if (!(callback instanceof RealmCallback)) {
                            throw new UnsupportedCallbackException(callback, "Unrecognized SASL client callback");
                        }
                        realmCallback = (RealmCallback) callback;
                    }
                }
            }
            if (nameCallback != null) {
                nameCallback.setName(this.userName);
            }
            if (passwordCallback != null) {
                passwordCallback.setPassword(this.userPassword);
            }
            if (realmCallback != null) {
                realmCallback.setText(realmCallback.getDefaultText());
            }
        }
    }

    public SecureRpcHelper(TabletClient tabletClient) {
        this.client = tabletClient;
        try {
            this.saslClient = Sasl.createSaslClient(new String[]{"PLAIN"}, (String) null, (String) null, SASL_DEFAULT_REALM, SASL_PROPS, new SaslClientCallbackHandler(USER_AND_PASSWORD, USER_AND_PASSWORD));
        } catch (SaslException e) {
            throw new RuntimeException("Could not create the SASL client", e);
        }
    }

    public Set<RpcHeader.RpcFeatureFlag> getServerFeatures() {
        Preconditions.checkState(!this.negoUnderway);
        Preconditions.checkNotNull(this.serverFeatures);
        return this.serverFeatures;
    }

    public void sendHello(Channel channel) {
        sendNegotiateMessage(channel);
    }

    private void sendNegotiateMessage(Channel channel) {
        RpcHeader.SaslMessagePB.Builder newBuilder = RpcHeader.SaslMessagePB.newBuilder();
        Iterator<RpcHeader.RpcFeatureFlag> it = SUPPORTED_RPC_FEATURES.iterator();
        while (it.hasNext()) {
            newBuilder.addSupportedFeatures(it.next());
        }
        newBuilder.setState(RpcHeader.SaslMessagePB.SaslState.NEGOTIATE);
        sendSaslMessage(channel, newBuilder.build());
    }

    private void sendSaslMessage(Channel channel, RpcHeader.SaslMessagePB saslMessagePB) {
        RpcHeader.RequestHeader.Builder newBuilder = RpcHeader.RequestHeader.newBuilder();
        newBuilder.setCallId(SASL_CALL_ID);
        Channels.write(channel, KuduRpc.toChannelBuffer(newBuilder.build(), saslMessagePB));
    }

    public ChannelBuffer handleResponse(ChannelBuffer channelBuffer, Channel channel) throws SaslException {
        if (this.saslClient.isComplete() && !this.negoUnderway) {
            return unwrap(channelBuffer);
        }
        RpcHeader.SaslMessagePB parseSaslMsgResponse = parseSaslMsgResponse(channelBuffer);
        switch (parseSaslMsgResponse.getState()) {
            case NEGOTIATE:
                handleNegotiateResponse(channel, parseSaslMsgResponse);
                return null;
            case CHALLENGE:
                handleChallengeResponse(channel, parseSaslMsgResponse);
                return null;
            case SUCCESS:
                handleSuccessResponse(channel, parseSaslMsgResponse);
                return null;
            default:
                System.out.println("Wrong sasl state");
                return null;
        }
    }

    public ChannelBuffer unwrap(ChannelBuffer channelBuffer) {
        if (!this.useWrap) {
            return channelBuffer;
        }
        int readInt = channelBuffer.readInt();
        try {
            return ChannelBuffers.wrappedBuffer(this.saslClient.unwrap(channelBuffer.readBytes(readInt).array(), 0, readInt));
        } catch (SaslException e) {
            throw new IllegalStateException("Failed to unwrap payload", e);
        }
    }

    public ChannelBuffer wrap(ChannelBuffer channelBuffer) {
        if (!this.useWrap) {
            return channelBuffer;
        }
        try {
            byte[] bArr = new byte[channelBuffer.writerIndex()];
            channelBuffer.readBytes(bArr);
            byte[] wrap = this.saslClient.wrap(bArr, 0, bArr.length);
            ChannelBuffer wrappedBuffer = ChannelBuffers.wrappedBuffer(new byte[4 + wrap.length]);
            wrappedBuffer.clear();
            wrappedBuffer.writeInt(wrap.length);
            wrappedBuffer.writeBytes(wrap);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Wrapped payload: " + Bytes.pretty(wrappedBuffer));
            }
            return wrappedBuffer;
        } catch (SaslException e) {
            throw new IllegalStateException("Failed to wrap payload", e);
        }
    }

    private RpcHeader.SaslMessagePB parseSaslMsgResponse(ChannelBuffer channelBuffer) {
        CallResponse callResponse = new CallResponse(channelBuffer);
        if (callResponse.getHeader().getCallId() != SASL_CALL_ID) {
            throw new IllegalStateException("Received a call that wasn't for SASL");
        }
        RpcHeader.SaslMessagePB.Builder newBuilder = RpcHeader.SaslMessagePB.newBuilder();
        KuduRpc.readProtobuf(callResponse.getPBMessage(), newBuilder);
        return newBuilder.build();
    }

    private void handleNegotiateResponse(Channel channel, RpcHeader.SaslMessagePB saslMessagePB) throws SaslException {
        RpcHeader.SaslMessagePB.SaslAuth saslAuth = null;
        Iterator<RpcHeader.SaslMessagePB.SaslAuth> it = saslMessagePB.getAuthsList().iterator();
        while (it.hasNext()) {
            saslAuth = it.next();
        }
        ImmutableSet.Builder builder = ImmutableSet.builder();
        for (RpcHeader.RpcFeatureFlag rpcFeatureFlag : saslMessagePB.getSupportedFeaturesList()) {
            if (SUPPORTED_RPC_FEATURES.contains(rpcFeatureFlag)) {
                builder.add((ImmutableSet.Builder) rpcFeatureFlag);
            }
        }
        this.serverFeatures = builder.build();
        byte[] bArr = new byte[0];
        if (this.saslClient.hasInitialResponse()) {
            bArr = this.saslClient.evaluateChallenge(bArr);
        }
        RpcHeader.SaslMessagePB.Builder newBuilder = RpcHeader.SaslMessagePB.newBuilder();
        if (bArr != null) {
            newBuilder.setToken(ZeroCopyLiteralByteString.wrap(bArr));
        }
        newBuilder.setState(RpcHeader.SaslMessagePB.SaslState.INITIATE);
        newBuilder.addAuths(saslAuth);
        sendSaslMessage(channel, newBuilder.build());
    }

    private void handleChallengeResponse(Channel channel, RpcHeader.SaslMessagePB saslMessagePB) throws SaslException {
        byte[] evaluateChallenge = this.saslClient.evaluateChallenge(saslMessagePB.getToken().toByteArray());
        if (evaluateChallenge == null) {
            throw new IllegalStateException("Not expecting an empty token");
        }
        RpcHeader.SaslMessagePB.Builder newBuilder = RpcHeader.SaslMessagePB.newBuilder();
        newBuilder.setToken(ZeroCopyLiteralByteString.wrap(evaluateChallenge));
        newBuilder.setState(RpcHeader.SaslMessagePB.SaslState.RESPONSE);
        sendSaslMessage(channel, newBuilder.build());
    }

    private void handleSuccessResponse(Channel channel, RpcHeader.SaslMessagePB saslMessagePB) {
        LOG.debug("nego finished");
        this.negoUnderway = false;
        this.client.sendContext(channel);
    }
}
