package org.apache.hadoop.security.rpcauth;

import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.200-eep-911.jar:org/apache/hadoop/security/rpcauth/TokenAuthMethod.class */
public class TokenAuthMethod extends RpcAuthMethod {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) TokenAuthMethod.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public TokenAuthMethod(byte b, String str, String str2, UserGroupInformation.AuthenticationMethod authenticationMethod) {
        super(b, str, str2, authenticationMethod);
    }

    @Override // org.apache.hadoop.security.rpcauth.RpcAuthMethod
    public boolean isProxyAllowed() {
        return false;
    }

    @Override // org.apache.hadoop.security.rpcauth.RpcAuthMethod
    public UserGroupInformation getAuthorizedUgi(String str, SecretManager secretManager) throws IOException {
        TokenIdentifier identifier = getIdentifier(str, secretManager);
        UserGroupInformation user = identifier.getUser();
        if (user == null) {
            throw new AccessControlException("Can't retrieve username from tokenIdentifier.");
        }
        user.addTokenIdentifier(identifier);
        return user;
    }

    @Override // org.apache.hadoop.security.rpcauth.RpcAuthMethod
    public boolean isSasl() {
        return true;
    }

    @Override // org.apache.hadoop.security.rpcauth.RpcAuthMethod
    public String getProtocol() throws IOException {
        return "default";
    }

    @Override // org.apache.hadoop.security.rpcauth.RpcAuthMethod
    public String getServerId() throws IOException {
        return "";
    }

    public static char[] encodePassword(byte[] bArr) {
        return new String(Base64.encodeBase64(bArr)).toCharArray();
    }

    public static <T extends TokenIdentifier> T getIdentifier(String str, SecretManager<T> secretManager) throws SecretManager.InvalidToken {
        byte[] decodeIdentifier = decodeIdentifier(str);
        T createIdentifier = secretManager.createIdentifier();
        try {
            createIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(decodeIdentifier)));
            return createIdentifier;
        } catch (IOException e) {
            throw ((SecretManager.InvalidToken) new SecretManager.InvalidToken("Can't de-serialize tokenIdentifier").initCause(e));
        }
    }

    public static String encodeIdentifier(byte[] bArr) {
        return new String(Base64.encodeBase64(bArr));
    }

    public static byte[] decodeIdentifier(String str) {
        return Base64.decodeBase64(str.getBytes());
    }
}
