package com.datastax.bdp.transport.server;

import com.datastax.bdp.cassandra.auth.CassandraDelegationTokenIdentifier;
import com.datastax.bdp.constants.DseClientToolConstants;
import com.datastax.bdp.util.ByteBufferUtil;
import com.datastax.bdp.util.DriverUtil;
import com.datastax.driver.core.Session;
import com.google.common.collect.Sets;
import com.google.common.io.BaseEncoding;
import com.google.common.io.ByteStreams;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.SeekableByteChannel;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions;
import java.util.Arrays;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/datastax/bdp/transport/server/DigestAuthUtils.class */
public class DigestAuthUtils {
    private static final Logger logger = LoggerFactory.getLogger(DigestAuthUtils.class);
    public static final String DSE_RENEWER = "";

    public static CassandraDelegationTokenIdentifier getCassandraDTIdentifier(byte[] bArr) throws IOException {
        CassandraDelegationTokenIdentifier cassandraDelegationTokenIdentifier = new CassandraDelegationTokenIdentifier();
        cassandraDelegationTokenIdentifier.readFields(ByteStreams.newDataInput(bArr));
        return cassandraDelegationTokenIdentifier;
    }

    public static String getUserNameFromDelegationToken(String str) throws IOException {
        CassandraDelegationTokenIdentifier cassandraDTIdentifier = getCassandraDTIdentifier(Base64.decodeBase64(str.getBytes()));
        if (cassandraDTIdentifier.getUser() != null) {
            return cassandraDTIdentifier.getUser().getRealUser() != null ? cassandraDTIdentifier.getUser().getRealUser().getUserName() : cassandraDTIdentifier.getUser().getUserName();
        }
        throw new IOException("The delegation token is invalid");
    }

    public static boolean moveIfStartsWith(ByteBuffer byteBuffer, byte[] bArr) {
        if (byteBuffer.remaining() < bArr.length) {
            return false;
        }
        ByteBuffer duplicate = byteBuffer.duplicate();
        byte[] bArr2 = new byte[bArr.length];
        duplicate.get(bArr2);
        if (!Arrays.equals(bArr2, bArr)) {
            return false;
        }
        byteBuffer.position(byteBuffer.position() + bArr.length);
        return true;
    }

    public static void saveTokenToFile(Token<TokenIdentifier> token, Path path, String str) throws IOException {
        Credentials credentials = new Credentials();
        credentials.addToken(new Text(str), token);
        saveCredentialToFile(credentials, path);
    }

    public static void saveCredentialToFile(Credentials credentials, Path path) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        credentials.writeTokenStorageToStream(new DataOutputStream(byteArrayOutputStream));
        saveFile(ByteBuffer.wrap(byteArrayOutputStream.toByteArray()), path, Sets.newHashSet(new StandardOpenOption[]{StandardOpenOption.CREATE_NEW, StandardOpenOption.APPEND}), Sets.newHashSet(new PosixFilePermission[]{PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE}), true);
    }

    public static void saveFile(ByteBuffer byteBuffer, Path path, Set<? extends OpenOption> set, Set<PosixFilePermission> set2, boolean z) throws IOException {
        if (!Files.isDirectory(path.getParent(), new LinkOption[0])) {
            throw new IOException("Directory does not exists: " + path.getParent().toString());
        }
        if (z) {
            Files.deleteIfExists(path);
        }
        try {
            SeekableByteChannel newByteChannel = Files.newByteChannel(path, set, PosixFilePermissions.asFileAttribute(set2));
            Throwable th = null;
            try {
                try {
                    newByteChannel.write(byteBuffer);
                    if (newByteChannel != null) {
                        if (0 != 0) {
                            try {
                                newByteChannel.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newByteChannel.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IOException(String.format("Cannot write file %s.", path.toAbsolutePath()), e);
        }
    }

    public static String getEncodedToken(Session session, String str) throws IOException {
        Map map = (Map) DriverUtil.call(session, DseClientToolConstants.RPC_NAME, DseClientToolConstants.RPC_GENERATE_DELEGATION_TOKEN, null, str);
        return new Token(ByteBufferUtil.toArray((ByteBuffer) map.get("id")), ByteBufferUtil.toArray((ByteBuffer) map.get("password")), CassandraDelegationTokenIdentifier.CASSANDRA_DELEGATION_KIND, new Text()).encodeToUrlString();
    }

    public static void cancelToken(Session session, String str) throws IOException {
        DriverUtil.callIdempotent(session, DseClientToolConstants.RPC_NAME, DseClientToolConstants.RPC_CANCEL_DELEGATION_TOKEN, ByteBuffer.wrap(getTokenId(str)));
    }

    public static Long renewToken(Session session, String str) throws IOException {
        return (Long) DriverUtil.call(session, DseClientToolConstants.RPC_NAME, DseClientToolConstants.RPC_RENEW_DELEGATION_TOKEN, ByteBuffer.wrap(getTokenId(str)));
    }

    public static Token<? extends TokenIdentifier> getTokenFromTokenString(String str) throws IOException {
        Token<? extends TokenIdentifier> token = new Token<>();
        token.decodeFromUrlString(str);
        return token;
    }

    public static Credentials getCredentialsFromString(String str) throws IOException {
        Credentials credentials = new Credentials();
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(BaseEncoding.base64().decode(str)));
        Throwable th = null;
        try {
            credentials.readTokenStorageStream(dataInputStream);
            if (dataInputStream != null) {
                if (0 != 0) {
                    try {
                        dataInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    dataInputStream.close();
                }
            }
            return credentials;
        } catch (Throwable th3) {
            if (dataInputStream != null) {
                if (0 != 0) {
                    try {
                        dataInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    dataInputStream.close();
                }
            }
            throw th3;
        }
    }

    public static Optional<Token<? extends TokenIdentifier>> getCassandraTokenFromUGI() {
        try {
            UserGroupInformation currentUser = UserGroupInformation.getCurrentUser();
            for (Token token : currentUser.getTokens()) {
                if (token.getKind().equals(CassandraDelegationTokenIdentifier.CASSANDRA_DELEGATION_KIND)) {
                    return Optional.of(token);
                }
            }
            logger.debug("No delegate token found for " + currentUser.getUserName());
            return Optional.empty();
        } catch (IOException | NoClassDefFoundError e) {
            return Optional.empty();
        }
    }

    public static Optional<String> getEncodedTokenId(Token<? extends TokenIdentifier> token) {
        try {
            return Optional.ofNullable(Base64.encodeBase64URLSafeString(token.getIdentifier()));
        } catch (Exception e) {
            return Optional.empty();
        }
    }

    public static Optional<String> getEncodedTokenId(String str) {
        try {
            return getEncodedTokenId(getTokenFromTokenString(str));
        } catch (IOException e) {
            return Optional.empty();
        }
    }

    public static byte[] getTokenId(String str) {
        byte[] bArr = null;
        try {
            Token token = new Token();
            token.decodeFromUrlString(str);
            bArr = token.getIdentifier();
        } catch (Exception e) {
        }
        if (bArr == null || bArr.length == 0) {
            bArr = Base64.decodeBase64(str);
        }
        return bArr;
    }
}
