package org.apache.spark.network.sasl;

import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.RealmChoiceCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/spark/network/sasl/SparkSaslClient.class */
public class SparkSaslClient implements SaslEncryptionBackend {
    private static final Logger logger = LoggerFactory.getLogger(SparkSaslClient.class);
    private final String secretKeyId;
    private final SecretKeyHolder secretKeyHolder;
    private final String expectedQop;
    private SaslClient saslClient;

    /* loaded from: input_file:org/apache/spark/network/sasl/SparkSaslClient$ClientCallbackHandler.class */
    private class ClientCallbackHandler implements CallbackHandler {
        private ClientCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    SparkSaslClient.logger.trace("SASL client callback: setting username");
                    ((NameCallback) callback).setName(SparkSaslServer.encodeIdentifier(SparkSaslClient.this.secretKeyHolder.getSaslUser(SparkSaslClient.this.secretKeyId)));
                } else if (callback instanceof PasswordCallback) {
                    SparkSaslClient.logger.trace("SASL client callback: setting password");
                    ((PasswordCallback) callback).setPassword(SparkSaslServer.encodePassword(SparkSaslClient.this.secretKeyHolder.getSecretKey(SparkSaslClient.this.secretKeyId)));
                } else if (callback instanceof RealmCallback) {
                    SparkSaslClient.logger.trace("SASL client callback: setting realm");
                    RealmCallback realmCallback = (RealmCallback) callback;
                    realmCallback.setText(realmCallback.getDefaultText());
                } else if (!(callback instanceof RealmChoiceCallback)) {
                    throw new UnsupportedCallbackException(callback, "Unrecognized SASL DIGEST-MD5 Callback");
                }
            }
        }
    }

    public SparkSaslClient(String str, SecretKeyHolder secretKeyHolder, boolean z) {
        this.secretKeyId = str;
        this.secretKeyHolder = secretKeyHolder;
        this.expectedQop = z ? "auth-conf" : "auth";
        try {
            this.saslClient = Sasl.createSaslClient(new String[]{"DIGEST-MD5"}, (String) null, (String) null, "default", ImmutableMap.builder().put("javax.security.sasl.qop", this.expectedQop).build(), new ClientCallbackHandler());
        } catch (SaslException e) {
            throw Throwables.propagate(e);
        }
    }

    public synchronized byte[] firstToken() {
        if (this.saslClient == null || !this.saslClient.hasInitialResponse()) {
            return new byte[0];
        }
        try {
            return this.saslClient.evaluateChallenge(new byte[0]);
        } catch (SaslException e) {
            throw Throwables.propagate(e);
        }
    }

    public synchronized boolean isComplete() {
        return this.saslClient != null && this.saslClient.isComplete();
    }

    public Object getNegotiatedProperty(String str) {
        return this.saslClient.getNegotiatedProperty(str);
    }

    public synchronized byte[] response(byte[] bArr) {
        try {
            return this.saslClient != null ? this.saslClient.evaluateChallenge(bArr) : new byte[0];
        } catch (SaslException e) {
            throw Throwables.propagate(e);
        }
    }

    @Override // org.apache.spark.network.sasl.SaslEncryptionBackend
    public synchronized void dispose() {
        if (this.saslClient != null) {
            try {
                this.saslClient.dispose();
            } catch (SaslException e) {
            } finally {
                this.saslClient = null;
            }
        }
    }

    @Override // org.apache.spark.network.sasl.SaslEncryptionBackend
    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        return this.saslClient.wrap(bArr, i, i2);
    }

    @Override // org.apache.spark.network.sasl.SaslEncryptionBackend
    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        return this.saslClient.unwrap(bArr, i, i2);
    }
}
