package com.datastax.bdp.cassandra.auth;

import com.datastax.bdp.config.ClientConfiguration;
import com.datastax.bdp.config.ClientConfigurationFactory;
import com.datastax.bdp.transport.client.SaslClientDigestCallbackHandler;
import com.datastax.bdp.transport.common.SaslProperties;
import com.datastax.driver.core.Authenticator;
import com.datastax.driver.core.exceptions.AuthenticationException;
import com.datastax.driver.dse.auth.DseGSSAPIAuthProvider;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/datastax/bdp/cassandra/auth/DseJavaDriverAuthProvider.class */
public class DseJavaDriverAuthProvider extends DseGSSAPIAuthProvider {
    private static final Logger logger = LoggerFactory.getLogger(DseJavaDriverAuthProvider.class);
    private final ClientConfiguration clientConf;
    private final Token token;
    private final boolean useDigest;

    /* loaded from: input_file:com/datastax/bdp/cassandra/auth/DseJavaDriverAuthProvider$DigestAuthenticator.class */
    private static class DigestAuthenticator extends BaseDseAuthenticator {
        private static final String[] SUPPORTED_MECHANISMS = {SaslProperties.SASL_DIGEST_MECHANISM};
        private static final byte[] MECHANISM = SaslProperties.SASL_DIGEST_MECHANISM.getBytes(StandardCharsets.UTF_8);
        private static final byte[] SERVER_INITIAL_CHALLENGE = "DIGEST-MD5-START".getBytes(StandardCharsets.UTF_8);
        private static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
        private SaslClient saslClient;

        public DigestAuthenticator(InetSocketAddress inetSocketAddress, ClientConfiguration clientConfiguration, Token<?> token) {
            try {
                this.saslClient = Sasl.createSaslClient(SUPPORTED_MECHANISMS, (String) null, (String) null, "default", SaslProperties.defaultProperties(clientConfiguration), new SaslClientDigestCallbackHandler(token));
            } catch (SaslException e) {
                throw new RuntimeException((Throwable) e);
            }
        }

        @Override // com.datastax.bdp.cassandra.auth.BaseDseAuthenticator
        byte[] getMechanism() {
            return (byte[]) MECHANISM.clone();
        }

        @Override // com.datastax.driver.core.Authenticator
        public byte[] evaluateChallenge(byte[] bArr) {
            if (Arrays.equals(SERVER_INITIAL_CHALLENGE, bArr)) {
                if (!this.saslClient.hasInitialResponse()) {
                    return EMPTY_BYTE_ARRAY;
                }
                bArr = EMPTY_BYTE_ARRAY;
            }
            if (this.saslClient.isComplete()) {
                return null;
            }
            try {
                return this.saslClient.evaluateChallenge(bArr);
            } catch (SaslException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
    }

    public DseJavaDriverAuthProvider() {
        this(ClientConfigurationFactory.getClientConfiguration());
    }

    public DseJavaDriverAuthProvider(ClientConfiguration clientConfiguration) {
        this(clientConfiguration, getDelegateToken());
    }

    public DseJavaDriverAuthProvider(ClientConfiguration clientConfiguration, Token token) {
        super(clientConfiguration.getSaslProtocolName());
        this.clientConf = clientConfiguration;
        this.token = token;
        this.useDigest = token != null;
    }

    @Override // com.datastax.driver.dse.auth.DseGSSAPIAuthProvider, com.datastax.driver.core.AuthProvider
    public Authenticator newAuthenticator(InetSocketAddress inetSocketAddress, String str) throws AuthenticationException {
        return this.useDigest ? new DigestAuthenticator(inetSocketAddress, this.clientConf, this.token) : super.newAuthenticator(inetSocketAddress, str);
    }

    public static Token<? extends TokenIdentifier> getDelegateToken() {
        try {
            for (Token<? extends TokenIdentifier> token : UserGroupInformation.getCurrentUser().getTokens()) {
                if (token.getKind().equals(CassandraDelegationTokenIdentifier.CASSANDRA_DELEGATION_KIND)) {
                    return token;
                }
            }
            return null;
        } catch (Exception e) {
            logger.info("Failed to obtain delegation token", e);
            return null;
        }
    }
}
