package com.datastax.bdp.cassandra.auth;

import com.datastax.bdp.config.ClientConfiguration;
import com.datastax.bdp.config.DetachedClientConfigurationFactory;
import com.datastax.bdp.transport.client.SaslClientDigestCallbackHandler;
import com.datastax.bdp.transport.common.SaslProperties;
import com.datastax.driver.core.AuthProvider;
import com.datastax.driver.core.Authenticator;
import com.datastax.driver.core.exceptions.AuthenticationException;
import com.datastax.driver.dse.auth.DseGSSAPIAuthProvider;
import com.google.common.collect.Maps;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/datastax/bdp/cassandra/auth/DseJavaDriverAuthProvider.class */
public class DseJavaDriverAuthProvider implements AuthProvider {
    private static final Logger logger = LoggerFactory.getLogger(DseJavaDriverAuthProvider.class);
    private final Optional<Token> token;
    private final Map<String, String> saslProperties;
    private final DseGSSAPIAuthProvider nonDigestProvider;

    /* loaded from: input_file:com/datastax/bdp/cassandra/auth/DseJavaDriverAuthProvider$DigestAuthenticator.class */
    public static class DigestAuthenticator extends BaseDseAuthenticator {
        private static final String[] SUPPORTED_MECHANISMS = {SaslProperties.SASL_DIGEST_MECHANISM};
        private static final byte[] MECHANISM = SaslProperties.SASL_DIGEST_MECHANISM.getBytes(StandardCharsets.UTF_8);
        private static final byte[] SERVER_INITIAL_CHALLENGE = "DIGEST-MD5-START".getBytes(StandardCharsets.UTF_8);
        private static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
        private SaslClient saslClient;

        public DigestAuthenticator(InetSocketAddress inetSocketAddress, ClientConfiguration clientConfiguration, Token<?> token) {
            this(inetSocketAddress, SaslProperties.defaultProperties(clientConfiguration), token);
        }

        public DigestAuthenticator(InetSocketAddress inetSocketAddress, Map<String, String> map, Token<?> token) {
            try {
                this.saslClient = Sasl.createSaslClient(SUPPORTED_MECHANISMS, (String) null, (String) null, SaslProperties.SASL_DEFAULT_REALM, map, new SaslClientDigestCallbackHandler(token));
            } catch (SaslException e) {
                throw new RuntimeException((Throwable) e);
            }
        }

        @Override // com.datastax.bdp.cassandra.auth.BaseDseAuthenticator
        byte[] getMechanism() {
            return (byte[]) MECHANISM.clone();
        }

        public byte[] evaluateChallenge(byte[] bArr) {
            if (Arrays.equals(SERVER_INITIAL_CHALLENGE, bArr)) {
                if (!this.saslClient.hasInitialResponse()) {
                    return EMPTY_BYTE_ARRAY;
                }
                bArr = EMPTY_BYTE_ARRAY;
            }
            if (this.saslClient.isComplete()) {
                return null;
            }
            try {
                return this.saslClient.evaluateChallenge(bArr);
            } catch (SaslException e) {
                throw new RuntimeException((Throwable) e);
            }
        }

        @Override // com.datastax.bdp.cassandra.auth.BaseDseAuthenticator
        public /* bridge */ /* synthetic */ void onAuthenticationSuccess(byte[] bArr) {
            super.onAuthenticationSuccess(bArr);
        }

        @Override // com.datastax.bdp.cassandra.auth.BaseDseAuthenticator
        public /* bridge */ /* synthetic */ byte[] initialResponse() {
            return super.initialResponse();
        }
    }

    public Optional<Token> getToken() {
        return this.token;
    }

    public Map<String, String> getSaslProperties() {
        return Maps.newHashMap(this.saslProperties);
    }

    public DseJavaDriverAuthProvider() {
        this(DetachedClientConfigurationFactory.getClientConfiguration());
    }

    public DseJavaDriverAuthProvider(ClientConfiguration clientConfiguration) {
        this(clientConfiguration, getDelegateToken());
    }

    public DseJavaDriverAuthProvider(ClientConfiguration clientConfiguration, Token token) {
        this(clientConfiguration, token, Optional.empty());
    }

    public DseJavaDriverAuthProvider(ClientConfiguration clientConfiguration, Token token, Optional<String> optional) {
        this(clientConfiguration.getSaslProtocolName(), SaslProperties.defaultProperties(clientConfiguration), Optional.ofNullable(token), optional);
    }

    public DseJavaDriverAuthProvider(String str, Map<String, String> map, Optional<Token> optional, Optional<String> optional2) {
        this.saslProperties = new HashMap(map);
        this.token = optional;
        if (optional.isPresent()) {
            this.nonDigestProvider = null;
            return;
        }
        DseGSSAPIAuthProvider.Builder withSaslProtocol = DseGSSAPIAuthProvider.builder().withSaslProtocol(str);
        Objects.requireNonNull(withSaslProtocol);
        optional2.ifPresent(withSaslProtocol::withAuthorizationId);
        Objects.requireNonNull(withSaslProtocol);
        map.forEach(withSaslProtocol::addSaslProperty);
        this.nonDigestProvider = withSaslProtocol.build();
    }

    public Authenticator newAuthenticator(InetSocketAddress inetSocketAddress, String str) throws AuthenticationException {
        return (Authenticator) this.token.map(token -> {
            return new DigestAuthenticator(inetSocketAddress, this.saslProperties, (Token<?>) token);
        }).orElseGet(() -> {
            return this.nonDigestProvider.newAuthenticator(inetSocketAddress, str);
        });
    }

    public static Token<? extends TokenIdentifier> getDelegateToken() {
        try {
            for (Token<? extends TokenIdentifier> token : UserGroupInformation.getCurrentUser().getTokens()) {
                if (token.getKind().equals(CassandraDelegationTokenIdentifier.CASSANDRA_DELEGATION_KIND)) {
                    return token;
                }
            }
            return null;
        } catch (Exception e) {
            logger.info("Failed to obtain delegation token", e);
            return null;
        }
    }
}
