package com.datastax.bdp.cassandra.auth;

import com.datastax.bdp.cassandra.auth.InClusterAuthenticator;
import com.datastax.bdp.config.ClientConfiguration;
import com.datastax.bdp.transport.common.SaslProperties;
import com.datastax.bdp.util.DseUtil;
import com.datastax.driver.core.AuthProvider;
import com.datastax.driver.core.Authenticator;
import com.datastax.driver.core.exceptions.AuthenticationException;
import java.net.InetSocketAddress;
import java.util.Arrays;
import java.util.Optional;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/datastax/bdp/cassandra/auth/InClusterAuthProvider.class */
public class InClusterAuthProvider implements AuthProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) InClusterAuthProvider.class);
    private final InClusterAuthenticator.Credentials credentials;
    private final ClientConfiguration clientConfiguration;

    /* loaded from: input_file:com/datastax/bdp/cassandra/auth/InClusterAuthProvider$DigestAuthenticator.class */
    private static class DigestAuthenticator extends BaseDseAuthenticator {
        private SaslClient saslClient;

        public DigestAuthenticator(ClientConfiguration clientConfiguration, InClusterAuthenticator.Credentials credentials) {
            try {
                this.saslClient = Sasl.createSaslClient(new String[]{SaslProperties.SASL_DIGEST_MECHANISM}, (String) null, (String) null, "default", SaslProperties.defaultProperties(clientConfiguration), new SaslClientCallbackHandler(credentials));
            } catch (SaslException e) {
                throw new RuntimeException((Throwable) e);
            }
        }

        @Override // com.datastax.bdp.cassandra.auth.BaseDseAuthenticator
        byte[] getMechanism() {
            return SaslMechanism.INCLUSTER.mechanism_bytes;
        }

        @Override // com.datastax.driver.core.Authenticator
        public byte[] evaluateChallenge(byte[] bArr) {
            if (Arrays.equals(SaslMechanism.INCLUSTER.response, bArr)) {
                if (!this.saslClient.hasInitialResponse()) {
                    return this.EMPTY_BYTE_ARRAY;
                }
                bArr = this.EMPTY_BYTE_ARRAY;
            }
            if (this.saslClient.isComplete()) {
                return null;
            }
            try {
                return this.saslClient.evaluateChallenge(bArr);
            } catch (SaslException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
    }

    /* loaded from: input_file:com/datastax/bdp/cassandra/auth/InClusterAuthProvider$SaslClientCallbackHandler.class */
    static class SaslClientCallbackHandler implements CallbackHandler {
        private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SaslClientCallbackHandler.class);
        private final InClusterAuthenticator.Credentials credentials;

        public SaslClientCallbackHandler(InClusterAuthenticator.Credentials credentials) {
            this.credentials = credentials;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
            Optional firstInstanceOf = DseUtil.firstInstanceOf(callbackArr, NameCallback.class);
            Optional firstInstanceOf2 = DseUtil.firstInstanceOf(callbackArr, PasswordCallback.class);
            Optional firstInstanceOf3 = DseUtil.firstInstanceOf(callbackArr, RealmCallback.class);
            firstInstanceOf.ifPresent(nameCallback -> {
                LOGGER.debug("Setting encoded username {}: {}", this.credentials.id.username, this.credentials.getIdString());
                nameCallback.setName(this.credentials.getIdString());
            });
            firstInstanceOf2.ifPresent(passwordCallback -> {
                LOGGER.debug("Setting encoded password");
                passwordCallback.setPassword(this.credentials.getPasswordChars());
            });
            firstInstanceOf3.ifPresent(realmCallback -> {
                LOGGER.debug("Setting realm: {}", realmCallback.getDefaultText());
                realmCallback.setText(realmCallback.getDefaultText());
            });
        }
    }

    public InClusterAuthProvider(InClusterAuthenticator.Credentials credentials, ClientConfiguration clientConfiguration) {
        this.credentials = credentials;
        this.clientConfiguration = clientConfiguration;
    }

    @Override // com.datastax.driver.core.AuthProvider
    public Authenticator newAuthenticator(InetSocketAddress inetSocketAddress, String str) throws AuthenticationException {
        LOGGER.info("Creating new authenticator for host: {}, and authenticator: {}", inetSocketAddress, str);
        return new DigestAuthenticator(this.clientConfiguration, this.credentials);
    }
}
