package org.apache.kyuubi.shaded.hive.metastore.security;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.PrivilegedExceptionAction;
import java.util.Base64;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.RealmChoiceCallback;
import javax.security.sasl.SaslException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.kyuubi.shaded.thrift.transport.TSaslClientTransport;
import org.apache.kyuubi.shaded.thrift.transport.TTransport;
import org.apache.kyuubi.shaded.thrift.transport.TTransportException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/kyuubi/shaded/hive/metastore/security/HadoopThriftAuthBridge.class */
public abstract class HadoopThriftAuthBridge {
    private static final Logger LOG = LoggerFactory.getLogger(HadoopThriftAuthBridge.class);
    private static volatile HadoopThriftAuthBridge self = null;

    /* renamed from: org.apache.kyuubi.shaded.hive.metastore.security.HadoopThriftAuthBridge$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/kyuubi/shaded/hive/metastore/security/HadoopThriftAuthBridge$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$security$SaslRpcServer$AuthMethod = new int[SaslRpcServer.AuthMethod.values().length];

        static {
            try {
                $SwitchMap$org$apache$hadoop$security$SaslRpcServer$AuthMethod[SaslRpcServer.AuthMethod.DIGEST.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$hadoop$security$SaslRpcServer$AuthMethod[SaslRpcServer.AuthMethod.KERBEROS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* loaded from: input_file:org/apache/kyuubi/shaded/hive/metastore/security/HadoopThriftAuthBridge$Client.class */
    public static class Client {

        /* loaded from: input_file:org/apache/kyuubi/shaded/hive/metastore/security/HadoopThriftAuthBridge$Client$SaslClientCallbackHandler.class */
        private static class SaslClientCallbackHandler implements CallbackHandler {
            private final String userName;
            private final char[] userPassword;

            public SaslClientCallbackHandler(Token<? extends TokenIdentifier> token) {
                this.userName = encodeIdentifier(token.getIdentifier());
                this.userPassword = encodePassword(token.getPassword());
            }

            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
                NameCallback nameCallback = null;
                PasswordCallback passwordCallback = null;
                RealmCallback realmCallback = null;
                for (Callback callback : callbackArr) {
                    if (!(callback instanceof RealmChoiceCallback)) {
                        if (callback instanceof NameCallback) {
                            nameCallback = (NameCallback) callback;
                        } else if (callback instanceof PasswordCallback) {
                            passwordCallback = (PasswordCallback) callback;
                        } else {
                            if (!(callback instanceof RealmCallback)) {
                                throw new UnsupportedCallbackException(callback, "Unrecognized SASL client callback");
                            }
                            realmCallback = (RealmCallback) callback;
                        }
                    }
                }
                if (nameCallback != null) {
                    HadoopThriftAuthBridge.LOG.debug("SASL client callback: setting username: {}", this.userName);
                    nameCallback.setName(this.userName);
                }
                if (passwordCallback != null) {
                    HadoopThriftAuthBridge.LOG.debug("SASL client callback: setting userPassword");
                    passwordCallback.setPassword(this.userPassword);
                }
                if (realmCallback != null) {
                    HadoopThriftAuthBridge.LOG.debug("SASL client callback: setting realm: {}", realmCallback.getDefaultText());
                    realmCallback.setText(realmCallback.getDefaultText());
                }
            }

            static String encodeIdentifier(byte[] bArr) {
                return new String(Base64.getEncoder().encode(bArr), StandardCharsets.UTF_8);
            }

            static char[] encodePassword(byte[] bArr) {
                return Base64.getEncoder().encodeToString(bArr).toCharArray();
            }
        }

        public TTransport createClientTransport(String str, String str2, String str3, String str4, final TTransport tTransport, final Map<String, String> map) throws IOException {
            final SaslRpcServer.AuthMethod valueOf = SaslRpcServer.AuthMethod.valueOf(SaslRpcServer.AuthMethod.class, str3);
            TSaslClientTransport tSaslClientTransport = null;
            switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$security$SaslRpcServer$AuthMethod[valueOf.ordinal()]) {
                case 1:
                    Token token = new Token();
                    token.decodeFromUrlString(str4);
                    try {
                        tSaslClientTransport = new TSaslClientTransport(valueOf.getMechanismName(), (String) null, (String) null, "default", map, new SaslClientCallbackHandler(token), tTransport);
                    } catch (TTransportException e) {
                        e.printStackTrace();
                    }
                    return new TUGIAssumingTransport(tSaslClientTransport, UserGroupInformation.getCurrentUser());
                case 2:
                    String serverPrincipal = SecurityUtil.getServerPrincipal(str, str2);
                    final String[] splitKerberosName = SaslRpcServer.splitKerberosName(serverPrincipal);
                    if (splitKerberosName.length != 3) {
                        throw new IOException("Kerberos principal name does NOT have the expected hostname part: " + serverPrincipal);
                    }
                    try {
                        return (TTransport) UserGroupInformation.getCurrentUser().doAs(new PrivilegedExceptionAction<TUGIAssumingTransport>() { // from class: org.apache.kyuubi.shaded.hive.metastore.security.HadoopThriftAuthBridge.Client.1
                            /* JADX WARN: Can't rename method to resolve collision */
                            @Override // java.security.PrivilegedExceptionAction
                            public TUGIAssumingTransport run() throws IOException, TTransportException {
                                return new TUGIAssumingTransport(new TSaslClientTransport(valueOf.getMechanismName(), (String) null, splitKerberosName[0], splitKerberosName[1], map, (CallbackHandler) null, tTransport), UserGroupInformation.getCurrentUser());
                            }
                        });
                    } catch (InterruptedException | SaslException e2) {
                        throw new IOException("Could not instantiate SASL transport", e2);
                    }
                default:
                    throw new IOException("Unsupported authentication method: " + valueOf);
            }
        }
    }

    public static HadoopThriftAuthBridge getBridge() {
        if (self == null) {
            synchronized (HadoopThriftAuthBridge.class) {
                if (self == null) {
                    self = new HadoopThriftAuthBridge23();
                }
            }
        }
        return self;
    }

    public Client createClient() {
        return new Client();
    }

    public abstract Map<String, String> getHadoopSaslProperties(Configuration configuration);
}
