package com.datastax.bdp.transport.server;

import com.datastax.bdp.cassandra.auth.CassandraDelegationTokenIdentifier;
import com.datastax.bdp.util.rpc.RpcUtil;
import com.datastax.driver.core.Session;
import com.datastax.dse.byos.shade.com.google.common.collect.Sets;
import com.datastax.dse.byos.shade.com.google.common.io.ByteStreams;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.SeekableByteChannel;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions;
import java.util.Arrays;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.apache.cassandra.auth.PasswordAuthenticator;
import org.apache.cassandra.utils.ByteBufferUtil;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/datastax/bdp/transport/server/DigestAuthUtils.class */
public class DigestAuthUtils {
    private static final Logger logger = LoggerFactory.getLogger(DigestAuthUtils.class);
    public static final String DSE_RENEWER = "";

    public static CassandraDelegationTokenIdentifier getCassandraDTIdentifier(byte[] bArr) throws IOException {
        CassandraDelegationTokenIdentifier cassandraDelegationTokenIdentifier = new CassandraDelegationTokenIdentifier();
        cassandraDelegationTokenIdentifier.readFields(ByteStreams.newDataInput(bArr));
        return cassandraDelegationTokenIdentifier;
    }

    public static String getUserNameFromDelegationToken(String str) throws IOException {
        CassandraDelegationTokenIdentifier cassandraDTIdentifier = getCassandraDTIdentifier(Base64.decodeBase64(str.getBytes()));
        if (cassandraDTIdentifier.getUser() != null) {
            return cassandraDTIdentifier.getUser().getRealUser() != null ? cassandraDTIdentifier.getUser().getRealUser().getUserName() : cassandraDTIdentifier.getUser().getUserName();
        }
        throw new IOException("The delegation token is invalid");
    }

    public static boolean moveIfStartsWith(ByteBuffer byteBuffer, byte[] bArr) {
        if (byteBuffer.remaining() < bArr.length) {
            return false;
        }
        ByteBuffer duplicate = byteBuffer.duplicate();
        byte[] bArr2 = new byte[bArr.length];
        duplicate.get(bArr2);
        if (!Arrays.equals(bArr2, bArr)) {
            return false;
        }
        byteBuffer.position(byteBuffer.position() + bArr.length);
        return true;
    }

    public static void saveTokenToFile(Token<TokenIdentifier> token, File file, String str) throws IOException {
        Credentials credentials = new Credentials();
        credentials.addToken(new Text(str), token);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        credentials.writeTokenStorageToStream(new DataOutputStream(byteArrayOutputStream));
        saveFile(ByteBuffer.wrap(byteArrayOutputStream.toByteArray()), file.toPath(), Sets.newHashSet(StandardOpenOption.CREATE_NEW, StandardOpenOption.APPEND), Sets.newHashSet(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE), true);
    }

    public static void saveFile(ByteBuffer byteBuffer, Path path, Set<? extends OpenOption> set, Set<PosixFilePermission> set2, boolean z) throws IOException {
        if (!Files.isDirectory(path.getParent(), new LinkOption[0])) {
            throw new IOException("Directory does not exists: " + path.getParent().toString());
        }
        if (z) {
            Files.deleteIfExists(path);
        }
        try {
            SeekableByteChannel newByteChannel = Files.newByteChannel(path, set, PosixFilePermissions.asFileAttribute(set2));
            Throwable th = null;
            try {
                try {
                    newByteChannel.write(byteBuffer);
                    if (newByteChannel != null) {
                        if (0 != 0) {
                            try {
                                newByteChannel.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newByteChannel.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IOException(String.format("Cannot write file %s.", path.toAbsolutePath()), e);
        }
    }

    public static String getEncodedToken(Session session, String str) throws IOException {
        Map map = (Map) RpcUtil.call(session, "DseClientTool", "generateDelegationToken", UserGroupInformation.getCurrentUser().getShortUserName(), str);
        return new Token(ByteBufferUtil.getArray((ByteBuffer) map.get("id")), ByteBufferUtil.getArray((ByteBuffer) map.get(PasswordAuthenticator.PASSWORD_KEY)), CassandraDelegationTokenIdentifier.CASSANDRA_DELEGATION_KIND, new Text()).encodeToUrlString();
    }

    public static void cancelToken(Session session, String str) throws IOException {
        Token token = new Token();
        token.decodeFromUrlString(str);
        RpcUtil.call(session, "DseClientTool", "cancelDelegationToken", ByteBuffer.wrap(token.getIdentifier()));
    }

    public static Long renewToken(Session session, String str) throws IOException {
        Token token = new Token();
        token.decodeFromUrlString(str);
        return (Long) RpcUtil.call(session, "DseClientTool", "renewDelegationToken", ByteBuffer.wrap(token.getIdentifier()));
    }

    public static Token<TokenIdentifier> getTokenFromTokenString(String str) throws IOException {
        Token<TokenIdentifier> token = new Token<>();
        token.decodeFromUrlString(str);
        return token;
    }

    public static Optional<Token<? extends TokenIdentifier>> getCassandraTokenFromUGI() {
        try {
            UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
            for (Token token : currentUser.getTokens()) {
                if (token.getKind().equals(CassandraDelegationTokenIdentifier.CASSANDRA_DELEGATION_KIND)) {
                    return Optional.of(token);
                }
            }
            logger.debug("No delegate token found for " + currentUser.getUserName());
            return Optional.empty();
        } catch (IOException e) {
            return Optional.empty();
        } catch (NoClassDefFoundError e2) {
            return Optional.empty();
        }
    }
}
