package com.mapr.security.maprauth;

import com.google.protobuf.ByteString;
import com.mapr.baseutils.JVMProperties;
import com.mapr.fs.ShimLoader;
import com.mapr.fs.proto.Security;
import com.mapr.login.client.MapRLoginHttpsClient;
import com.mapr.security.JNISecurity;
import com.mapr.security.MutableInt;
import com.mapr.security.SecurityHelper;
import com.mapr.security.client.ClientSecurity;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.List;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.security.authentication.client.AbstractMaprAuthenticator;
import org.apache.hadoop.security.authentication.client.AuthenticatedURL;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.client.Authenticator;
import org.apache.hadoop.security.authentication.client.ConnectionConfigurator;
import org.apache.hadoop.security.authentication.client.PseudoAuthenticator;

/* loaded from: input_file:com/mapr/security/maprauth/MaprAuthenticator.class */
public class MaprAuthenticator extends AbstractMaprAuthenticator {
    public static final String WWW_ERR_AUTHENTICATE = "WWW-MAPR-Err-Authenticate";
    public static final String NEGOTIATE = "MAPR-Negotiate";
    private HttpURLConnection conn;
    private URL url;
    private Security.Key userkey;
    private ConnectionConfigurator connConfigurator;

    public void authenticate(URL url, AuthenticatedURL.Token token) throws IOException, AuthenticationException {
        JVMProperties.init();
        this.url = url;
        this.conn = (HttpURLConnection) url.openConnection();
        if (this.connConfigurator != null) {
            this.conn = this.connConfigurator.configure(this.conn);
        }
        this.conn.setRequestMethod("OPTIONS");
        this.conn.connect();
        if (!isNegotiate()) {
            getFallbackAuthenticator().authenticate(url, token);
        } else {
            ShimLoader.load();
            doMaprHandshake(token);
        }
    }

    public void setConnectionConfigurator(ConnectionConfigurator connectionConfigurator) {
        this.connConfigurator = connectionConfigurator;
    }

    private void doMaprHandshake(AuthenticatedURL.Token token) throws IOException, AuthenticationException {
        List list = null;
        for (int i = 0; i < 2; i++) {
            try {
                MapRLoginHttpsClient mapRLoginHttpsClient = new MapRLoginHttpsClient();
                Security.TicketAndKey authenticateIfNeeded = list == null ? mapRLoginHttpsClient.authenticateIfNeeded() : mapRLoginHttpsClient.authenticateIfNeeded(SecurityHelper.getClusterFromHost(list));
                if (authenticateIfNeeded == null) {
                    throw new AuthenticationException("ServerTicketKey was not set and cannot get remote ticket");
                }
                if (authenticateIfNeeded.getExpiryTime() * 1000 < System.currentTimeMillis()) {
                    throw new AuthenticationException("MaprSaslClient My ticket Expired. Cannot auto renew nontemp ticket");
                }
                MutableInt mutableInt = new MutableInt();
                this.userkey = authenticateIfNeeded.getUserKey();
                long abs = Math.abs(JNISecurity.GenerateRandomNumber());
                byte[] bArr = {(byte) (abs >>> 56), (byte) (abs >>> 48), (byte) (abs >>> 40), (byte) (abs >>> 32), (byte) (abs >>> 24), (byte) (abs >>> 16), (byte) (abs >>> 8), (byte) (abs >>> 0)};
                Security.AuthenticationReqFull.Builder newBuilder = Security.AuthenticationReqFull.newBuilder();
                byte[] Encrypt = com.mapr.security.Security.Encrypt(this.userkey, bArr, mutableInt);
                if (mutableInt.GetValue() != 0) {
                    throw new AuthenticationException("Error while encrypting data: " + mutableInt.GetValue());
                }
                newBuilder.setEncryptedRandomSecret(ByteString.copyFrom(Encrypt));
                newBuilder.setEncryptedTicket(authenticateIfNeeded.getEncryptedTicket());
                SecurityHelper.addCLDBsToAuthReqFull(newBuilder, null);
                sendBytes(newBuilder.m86478build().toByteArray());
                Security.AuthenticationResp readResponse = readResponse();
                if (readResponse.getStatus() == 0) {
                    if (!readResponse.hasChallengeResponse()) {
                        throw new AuthenticationException("No response secret");
                    }
                    if (readResponse.getChallengeResponse() != abs + 1) {
                        throw new AuthenticationException("Incorrect challenge response");
                    }
                    AuthenticatedURL.extractToken(this.conn, token);
                    return;
                }
                list = readResponse.mo86494getReceivingCldbList();
                if (list.isEmpty()) {
                    throw new AuthenticationException("Error in response: No CLDBs recieved from the server");
                }
            } catch (Throwable th) {
                th.printStackTrace();
                if (!(th instanceof AuthenticationException)) {
                    throw new AuthenticationException("Exception while getting ticket and key", th);
                }
                throw th;
            }
        }
        throw new AuthenticationException("Error in response: Max Attempts reached");
    }

    private void sendToken(String str) throws IOException, AuthenticationException {
        this.conn = (HttpURLConnection) this.url.openConnection();
        this.conn.setRequestMethod("OPTIONS");
        this.conn.setRequestProperty(ClientSecurity.AUTHORIZATION, "MAPR-Negotiate " + str);
        this.conn.connect();
    }

    private void sendBytes(byte[] bArr) throws IOException, AuthenticationException {
        sendToken(new Base64(0).encodeToString(bArr));
    }

    private Security.AuthenticationResp readResponse() throws IOException, AuthenticationException {
        byte[] bArr;
        int responseCode = this.conn.getResponseCode();
        String headerField = this.conn.getHeaderField("WWW-MAPR-Err-Authenticate");
        if (headerField != null) {
            throw new AuthenticationException("Exception in server: " + headerField.trim());
        }
        if (responseCode != 200 && responseCode != 401) {
            throw new AuthenticationException("Incorrect status" + responseCode);
        }
        String str = null;
        List<String> list = this.conn.getHeaderFields().get(ClientSecurity.AUTHORIZATION);
        if (list == null) {
            throw new AuthenticationException("No header : Authorization is present");
        }
        for (String str2 : list) {
            if (str2 != null && str2.trim().startsWith("MAPR-Negotiate")) {
                str = str2;
            }
        }
        if (str == null) {
            throw new AuthenticationException("Invalid sequence, incorrect header" + list);
        }
        byte[] decode = new Base64(0).decode(str.trim().substring("MAPR-Negotiate ".length()).trim());
        if (responseCode == 200) {
            MutableInt mutableInt = new MutableInt();
            bArr = com.mapr.security.Security.Decrypt(this.userkey, decode, mutableInt);
            if (mutableInt.GetValue() != 0) {
                throw new AuthenticationException("Error while decrypting response " + mutableInt.GetValue());
            }
        } else {
            bArr = decode;
        }
        Security.AuthenticationResp parseFrom = Security.AuthenticationResp.parseFrom(bArr);
        if (parseFrom == null) {
            throw new AuthenticationException("Response is null");
        }
        return parseFrom;
    }

    private Authenticator getFallbackAuthenticator() {
        return new PseudoAuthenticator();
    }

    private boolean isNegotiate() throws IOException {
        List<String> list;
        if (this.conn.getResponseCode() == 401 && (list = this.conn.getHeaderFields().get(ClientSecurity.WWW_AUTHENTICATE)) != null) {
            for (String str : list) {
                if (str != null && str.trim().startsWith("MAPR-Negotiate")) {
                    return true;
                }
            }
        }
        return false;
    }
}
