package org.apache.spark.network.sasl;

import io.netty.buffer.Unpooled;
import io.netty.handler.codec.base64.Base64;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.p000sparkproject.guava.base.Charsets;
import org.p000sparkproject.guava.base.Preconditions;
import org.p000sparkproject.guava.base.Throwables;
import org.p000sparkproject.guava.collect.ImmutableMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/spark/network/sasl/SparkSaslServer.class */
public class SparkSaslServer implements SaslEncryptionBackend {
    private final Logger logger = LoggerFactory.getLogger(SparkSaslServer.class);
    static final String DEFAULT_REALM = "default";
    static final String DIGEST = "DIGEST-MD5";
    static final String QOP_AUTH_CONF = "auth-conf";
    static final String QOP_AUTH = "auth";
    private final String secretKeyId;
    private final SecretKeyHolder secretKeyHolder;
    private SaslServer saslServer;

    /* loaded from: input_file:org/apache/spark/network/sasl/SparkSaslServer$DigestCallbackHandler.class */
    private class DigestCallbackHandler implements CallbackHandler {
        private DigestCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    SparkSaslServer.this.logger.trace("SASL server callback: setting username");
                    ((NameCallback) callback).setName(SparkSaslServer.encodeIdentifier(SparkSaslServer.this.secretKeyHolder.getSaslUser(SparkSaslServer.this.secretKeyId)));
                } else if (callback instanceof PasswordCallback) {
                    SparkSaslServer.this.logger.trace("SASL server callback: setting password");
                    ((PasswordCallback) callback).setPassword(SparkSaslServer.encodePassword(SparkSaslServer.this.secretKeyHolder.getSecretKey(SparkSaslServer.this.secretKeyId)));
                } else if (callback instanceof RealmCallback) {
                    SparkSaslServer.this.logger.trace("SASL server callback: setting realm");
                    RealmCallback realmCallback = (RealmCallback) callback;
                    realmCallback.setText(realmCallback.getDefaultText());
                } else {
                    if (!(callback instanceof AuthorizeCallback)) {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback");
                    }
                    AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
                    String authenticationID = authorizeCallback.getAuthenticationID();
                    String authorizationID = authorizeCallback.getAuthorizationID();
                    authorizeCallback.setAuthorized(authenticationID.equals(authorizationID));
                    if (authorizeCallback.isAuthorized()) {
                        authorizeCallback.setAuthorizedID(authorizationID);
                    }
                    SparkSaslServer.this.logger.debug("SASL Authorization complete, authorized set to {}", Boolean.valueOf(authorizeCallback.isAuthorized()));
                }
            }
        }
    }

    public SparkSaslServer(String str, SecretKeyHolder secretKeyHolder, boolean z) {
        this.secretKeyId = str;
        this.secretKeyHolder = secretKeyHolder;
        try {
            this.saslServer = Sasl.createSaslServer(DIGEST, (String) null, DEFAULT_REALM, ImmutableMap.builder().put("javax.security.sasl.server.authentication", "true").put("javax.security.sasl.qop", z ? QOP_AUTH_CONF : String.format("%s,%s", QOP_AUTH_CONF, QOP_AUTH)).build(), new DigestCallbackHandler());
        } catch (SaslException e) {
            throw Throwables.propagate(e);
        }
    }

    public synchronized boolean isComplete() {
        return this.saslServer != null && this.saslServer.isComplete();
    }

    public Object getNegotiatedProperty(String str) {
        return this.saslServer.getNegotiatedProperty(str);
    }

    public synchronized byte[] response(byte[] bArr) {
        try {
            return this.saslServer != null ? this.saslServer.evaluateResponse(bArr) : new byte[0];
        } catch (SaslException e) {
            throw Throwables.propagate(e);
        }
    }

    @Override // org.apache.spark.network.sasl.SaslEncryptionBackend
    public synchronized void dispose() {
        if (this.saslServer != null) {
            try {
                this.saslServer.dispose();
                this.saslServer = null;
            } catch (SaslException e) {
                this.saslServer = null;
            } catch (Throwable th) {
                this.saslServer = null;
                throw th;
            }
        }
    }

    @Override // org.apache.spark.network.sasl.SaslEncryptionBackend
    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        return this.saslServer.wrap(bArr, i, i2);
    }

    @Override // org.apache.spark.network.sasl.SaslEncryptionBackend
    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        return this.saslServer.unwrap(bArr, i, i2);
    }

    public static String encodeIdentifier(String str) {
        Preconditions.checkNotNull(str, "User cannot be null if SASL is enabled");
        return Base64.encode(Unpooled.wrappedBuffer(str.getBytes(Charsets.UTF_8))).toString(Charsets.UTF_8);
    }

    public static char[] encodePassword(String str) {
        Preconditions.checkNotNull(str, "Password cannot be null if SASL is enabled");
        return Base64.encode(Unpooled.wrappedBuffer(str.getBytes(Charsets.UTF_8))).toString(Charsets.UTF_8).toCharArray();
    }
}
