package com.datastax.bdp.cassandra.auth;

import com.datastax.dse.byos.shade.com.google.inject.Inject;
import com.datastax.dse.byos.shade.com.google.inject.Singleton;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.security.token.SecretManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  
 */
@Singleton
/* loaded from: input_file:com/datastax/bdp/cassandra/auth/SaslServerDigestCallbackHandler.class */
public class SaslServerDigestCallbackHandler implements CallbackHandler {
    private static final Logger logger;
    private final CassandraDelegationTokenSecretManager tokenSecretManager;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Inject
    SaslServerDigestCallbackHandler(CassandraDelegationTokenSecretManager cassandraDelegationTokenSecretManager) {
        this.tokenSecretManager = cassandraDelegationTokenSecretManager;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws SecretManager.InvalidToken, UnsupportedCallbackException {
        NameCallback nameCallback = null;
        PasswordCallback passwordCallback = null;
        AuthorizeCallback authorizeCallback = null;
        for (Callback callback : callbackArr) {
            if (callback instanceof AuthorizeCallback) {
                authorizeCallback = (AuthorizeCallback) callback;
            } else if (callback instanceof NameCallback) {
                nameCallback = (NameCallback) callback;
            } else if (callback instanceof PasswordCallback) {
                passwordCallback = (PasswordCallback) callback;
            } else if (!(callback instanceof RealmCallback)) {
                throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback");
            }
        }
        if (passwordCallback != null) {
            if (!$assertionsDisabled && nameCallback == null) {
                throw new AssertionError();
            }
            byte[] decodeBase64 = Base64.decodeBase64(nameCallback.getDefaultName().getBytes());
            CassandraDelegationTokenIdentifier cassandraDelegationTokenIdentifier = new CassandraDelegationTokenIdentifier();
            try {
                cassandraDelegationTokenIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(decodeBase64)));
                try {
                    byte[] retrievePassword = this.tokenSecretManager.retrievePassword(cassandraDelegationTokenIdentifier);
                    if (logger.isDebugEnabled()) {
                        logger.debug("SASL server DIGEST-MD5 callback: setting password for client: " + cassandraDelegationTokenIdentifier.getUser());
                    }
                    passwordCallback.setPassword(new String(Base64.encodeBase64(retrievePassword)).toCharArray());
                } catch (IOException e) {
                    throw new SecretManager.InvalidToken("Invalid password").initCause(e.getCause());
                }
            } catch (IOException e2) {
                throw new SecretManager.InvalidToken("Can't de-serialize tokenIdentifier").initCause(e2.getCause());
            }
        }
        if (authorizeCallback != null) {
            String authenticationID = authorizeCallback.getAuthenticationID();
            String authorizationID = authorizeCallback.getAuthorizationID();
            if (authenticationID.equals(authorizationID)) {
                authorizeCallback.setAuthorized(true);
            } else {
                authorizeCallback.setAuthorized(false);
            }
            if (authorizeCallback.isAuthorized()) {
                if (logger.isDebugEnabled()) {
                    logger.debug("SASL server DIGEST-MD5 callback: setting canonicalized client ID: " + authorizationID);
                }
                authorizeCallback.setAuthorizedID(authorizationID);
            }
        }
    }

    static {
        $assertionsDisabled = !SaslServerDigestCallbackHandler.class.desiredAssertionStatus();
        logger = LoggerFactory.getLogger(SaslServerDigestCallbackHandler.class);
    }
}
