package com.datastax.bdp.cassandra.auth;

import com.datastax.bdp.config.ClientConfiguration;
import com.datastax.bdp.config.ClientConfigurationFactory;
import com.datastax.bdp.transport.client.TDseClientTransportFactory;
import com.datastax.bdp.transport.client.TKerberosClientTransportFactory;
import com.datastax.bdp.transport.common.SaslProperties;
import com.datastax.driver.core.Authenticator;
import com.datastax.driver.core.exceptions.AuthenticationException;
import com.datastax.driver.dse.auth.DseAuthProvider;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;

/* loaded from: input_file:com/datastax/bdp/cassandra/auth/LegacyDseJavaDriverAuthProvider.class */
public class LegacyDseJavaDriverAuthProvider extends DseAuthProvider {
    private final ClientConfiguration clientConf;
    private final TKerberosClientTransportFactory kerberosCTF;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/datastax/bdp/cassandra/auth/LegacyDseJavaDriverAuthProvider$GSSAPIAuthenticator.class */
    public static class GSSAPIAuthenticator extends BaseDseAuthenticator {
        private static final String JAAS_CONFIG_ENTRY = "DseClient";
        private static final String SASL_PROTOCOL_NAME = "dse";
        private static final String SASL_PROTOCOL_NAME_PROPERTY = "dse.sasl.protocol";
        private final Subject subject;
        private final SaslClient saslClient;
        private static final String[] SUPPORTED_MECHANISMS = {SaslProperties.SASL_GSSAPI_MECHANISM};
        private static final Map<String, String> DEFAULT_PROPERTIES = new HashMap<String, String>() { // from class: com.datastax.bdp.cassandra.auth.LegacyDseJavaDriverAuthProvider.GSSAPIAuthenticator.1
            {
                put("javax.security.sasl.server.authentication", "true");
                put("javax.security.sasl.qop", "auth");
            }
        };
        private static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
        private static final byte[] MECHANISM = SaslProperties.SASL_GSSAPI_MECHANISM.getBytes(StandardCharsets.UTF_8);
        private static final byte[] SERVER_INITIAL_CHALLENGE = "GSSAPI-START".getBytes(StandardCharsets.UTF_8);

        public GSSAPIAuthenticator(InetSocketAddress inetSocketAddress, ClientConfiguration clientConfiguration, TKerberosClientTransportFactory tKerberosClientTransportFactory) {
            try {
                this.subject = tKerberosClientTransportFactory.authenticate();
                this.saslClient = Sasl.createSaslClient(SUPPORTED_MECHANISMS, (String) null, TKerberosClientTransportFactory.getServiceName(clientConfiguration), inetSocketAddress.getAddress().getCanonicalHostName(), DEFAULT_PROPERTIES, (CallbackHandler) null);
            } catch (LoginException e) {
                throw new RuntimeException(e);
            } catch (SaslException e2) {
                throw new RuntimeException((Throwable) e2);
            }
        }

        @Override // com.datastax.bdp.cassandra.auth.BaseDseAuthenticator
        byte[] getMechanism() {
            return MECHANISM;
        }

        @Override // com.datastax.driver.core.Authenticator
        public byte[] evaluateChallenge(byte[] bArr) {
            if (Arrays.equals(SERVER_INITIAL_CHALLENGE, bArr)) {
                if (!this.saslClient.hasInitialResponse()) {
                    return EMPTY_BYTE_ARRAY;
                }
                bArr = EMPTY_BYTE_ARRAY;
            }
            final byte[] bArr2 = bArr;
            try {
                return (byte[]) Subject.doAs(this.subject, new PrivilegedExceptionAction<byte[]>() { // from class: com.datastax.bdp.cassandra.auth.LegacyDseJavaDriverAuthProvider.GSSAPIAuthenticator.2
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public byte[] run() throws SaslException {
                        return GSSAPIAuthenticator.this.saslClient.evaluateChallenge(bArr2);
                    }
                });
            } catch (PrivilegedActionException e) {
                throw new RuntimeException(e.getException());
            }
        }
    }

    public LegacyDseJavaDriverAuthProvider() {
        this(ClientConfigurationFactory.getClientConfiguration());
    }

    public LegacyDseJavaDriverAuthProvider(ClientConfiguration clientConfiguration) {
        this.clientConf = clientConfiguration;
        this.kerberosCTF = new TKerberosClientTransportFactory(this.clientConf);
        this.kerberosCTF.setOptions(new TDseClientTransportFactory(this.clientConf).defaultOptions());
    }

    @Override // com.datastax.driver.dse.auth.DseGSSAPIAuthProvider, com.datastax.driver.core.AuthProvider
    public Authenticator newAuthenticator(InetSocketAddress inetSocketAddress, String str) throws AuthenticationException {
        return new GSSAPIAuthenticator(inetSocketAddress, this.clientConf, this.kerberosCTF);
    }
}
