package com.mapr.security.maprsasl;

import com.google.protobuf.ByteString;
import com.google.protobuf.InvalidProtocolBufferException;
import com.mapr.baseutils.cldbutils.CLDBRpcCommonUtils;
import com.mapr.fs.proto.Security;
import com.mapr.login.client.MapRLoginHttpsClient;
import com.mapr.security.JNISecurity;
import com.mapr.security.MutableInt;
import com.mapr.security.maprsasl.MaprSaslServer;
import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslClientFactory;
import javax.security.sasl.SaslException;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-hdfs-httpfs-2.4.1-mapr-4.0.1-SNAPSHOT/share/hadoop/httpfs/tomcat/webapps/webhdfs/WEB-INF/lib/maprfs-4.0.1-mapr-20140820.002432-2.jar:com/mapr/security/maprsasl/MaprSaslClient.class
  input_file:webhdfs.war:WEB-INF/lib/maprfs-4.0.1-mapr-20140820.002432-2.jar:com/mapr/security/maprsasl/MaprSaslClient.class
 */
/* loaded from: input_file:webhdfs/WEB-INF/lib/maprfs-4.0.1-mapr-20140820.002432-2.jar:com/mapr/security/maprsasl/MaprSaslClient.class */
public class MaprSaslClient implements SaslClient {
    private static final Logger LOG = Logger.getLogger(MaprSaslClient.class);
    private static final Integer MAX_BUF_SIZE_FOR_WRAP = new Integer(65536);
    private boolean completed;
    private boolean firstPassDone;
    private CallbackHandler cbh;
    private long randomSecret;
    private String authorizationId;
    private String authenticationId;
    private Security.Key sessionKey;
    private Security.Key userKey;
    private String negotiatedQOPProperty;
    private String localqopProperty;

    /* JADX WARN: Classes with same name are omitted:
      input_file:hadoop-hdfs-httpfs-2.4.1-mapr-4.0.1-SNAPSHOT/share/hadoop/httpfs/tomcat/webapps/webhdfs/WEB-INF/lib/maprfs-4.0.1-mapr-20140820.002432-2.jar:com/mapr/security/maprsasl/MaprSaslClient$SaslMaprClientFactory.class
      input_file:webhdfs.war:WEB-INF/lib/maprfs-4.0.1-mapr-20140820.002432-2.jar:com/mapr/security/maprsasl/MaprSaslClient$SaslMaprClientFactory.class
     */
    /* loaded from: input_file:webhdfs/WEB-INF/lib/maprfs-4.0.1-mapr-20140820.002432-2.jar:com/mapr/security/maprsasl/MaprSaslClient$SaslMaprClientFactory.class */
    public static class SaslMaprClientFactory implements SaslClientFactory {
        public String[] getMechanismNames(Map<String, ?> map) {
            return new String[]{MaprSaslServer.MAPR_SECURITY_MECH_NAME};
        }

        public SaslClient createSaslClient(String[] strArr, String str, String str2, String str3, Map<String, ?> map, CallbackHandler callbackHandler) throws SaslException {
            if (strArr == null) {
                return null;
            }
            for (String str4 : strArr) {
                if (MaprSaslServer.MAPR_SECURITY_MECH_NAME.equals(str4)) {
                    return new MaprSaslClient(map, callbackHandler);
                }
            }
            return null;
        }
    }

    public MaprSaslClient(Map<String, ?> map, CallbackHandler callbackHandler) throws SaslException {
        this.cbh = callbackHandler;
        if (map == null || map.isEmpty()) {
            this.localqopProperty = MaprSaslServer.QOP.AUTHENTICATION.getQopString();
            return;
        }
        for (Map.Entry<String, ?> entry : map.entrySet()) {
            if (entry.getKey().equals("javax.security.sasl.qop") && (entry.getValue() instanceof String)) {
                this.localqopProperty = (String) entry.getValue();
            }
        }
    }

    public void dispose() throws SaslException {
        this.sessionKey = null;
        this.randomSecret = -1L;
        this.authorizationId = null;
        this.authenticationId = null;
    }

    public byte[] evaluateChallenge(byte[] bArr) throws SaslException {
        if (this.completed) {
            throw new IllegalStateException("MaprSasl authentication already completed");
        }
        if (!this.firstPassDone) {
            try {
                MutableInt mutableInt = new MutableInt();
                Security.TicketAndKey GetTicketAndKeyForCluster = MaprSecurityLoginModule.isUseMaprServerTicket() ? com.mapr.security.Security.GetTicketAndKeyForCluster(Security.ServerKeyType.CldbKey, CLDBRpcCommonUtils.getInstance().getCurrentClusterName(), mutableInt) : new MapRLoginHttpsClient().authenticateIfNeeded();
                if (GetTicketAndKeyForCluster == null) {
                    throw new SaslException("ServerTicketKey was not set");
                }
                if (GetTicketAndKeyForCluster.getExpiryTime() * 1000 < System.currentTimeMillis()) {
                    throw new SaslException("MaprSaslClient My ticket Expired");
                }
                this.userKey = GetTicketAndKeyForCluster.getUserKey();
                this.randomSecret = JNISecurity.GenerateRandomNumber();
                Security.AuthenticationReqFull.Builder newBuilder = Security.AuthenticationReqFull.newBuilder();
                byte[] Encrypt = com.mapr.security.Security.Encrypt(this.userKey, new byte[]{(byte) (this.randomSecret >>> 56), (byte) (this.randomSecret >>> 48), (byte) (this.randomSecret >>> 40), (byte) (this.randomSecret >>> 32), (byte) (this.randomSecret >>> 24), (byte) (this.randomSecret >>> 16), (byte) (this.randomSecret >>> 8), (byte) (this.randomSecret >>> 0)}, mutableInt);
                if (mutableInt.GetValue() != 0) {
                    throw new SaslException("Error while encrypting data: " + mutableInt.GetValue());
                }
                newBuilder.setEncryptedRandomSecret(ByteString.copyFrom(Encrypt));
                newBuilder.setEncryptedTicket(GetTicketAndKeyForCluster.getEncryptedTicket());
                byte[] encodeBase64 = Base64.encodeBase64(newBuilder.build().toByteArray());
                this.firstPassDone = true;
                return encodeBase64;
            } catch (Throwable th) {
                if (th instanceof SaslException) {
                    throw th;
                }
                LOG.error("Exception while processing ticket data", th);
                throw new SaslException("Exception while processing ticket data", th);
            }
        }
        if (bArr == null || bArr.length < 1) {
            throw new SaslException("Received challenge is empty when secret expected");
        }
        if (this.userKey == null) {
            throw new SaslException("Bad userKey");
        }
        try {
            MutableInt mutableInt2 = new MutableInt();
            byte[] Decrypt = com.mapr.security.Security.Decrypt(this.userKey, Base64.decodeBase64(bArr), mutableInt2);
            if (mutableInt2.GetValue() != 0) {
                throw new SaslException("Error while decrypting data: " + mutableInt2.GetValue());
            }
            try {
                Security.AuthenticationResp parseFrom = Security.AuthenticationResp.parseFrom(Decrypt);
                if (parseFrom == null || parseFrom.getStatus() != 0) {
                    throw new SaslException("Bad response");
                }
                if (!parseFrom.hasChallengeResponse()) {
                    throw new SaslException("No returned secret");
                }
                if (this.randomSecret != parseFrom.getChallengeResponse()) {
                    throw new SaslException("Bad returned secret");
                }
                if (!parseFrom.hasEncodingType()) {
                    throw new SaslException("No server QOP in response");
                }
                String stringFromQOPInt = MaprSaslServer.QOP.getStringFromQOPInt(parseFrom.getEncodingType());
                if (stringFromQOPInt != null) {
                    if (!stringFromQOPInt.equals(this.localqopProperty)) {
                        LOG.warn("SASL Server qopProperty: " + stringFromQOPInt + "is different from Client: " + this.localqopProperty + ".Using Server one");
                    }
                    this.negotiatedQOPProperty = stringFromQOPInt;
                }
                if (!MaprSaslServer.QOP.AUTHENTICATION.getQopString().equals(this.negotiatedQOPProperty)) {
                    this.sessionKey = parseFrom.getSessionKey();
                    if (this.sessionKey == null) {
                        throw new SaslException("Bad returned sessionKey");
                    }
                }
                this.completed = true;
                return new byte[0];
            } catch (InvalidProtocolBufferException e) {
                throw new SaslException("Can not parse out the data from server response", e);
            }
        } catch (Throwable th2) {
            if (th2 instanceof SaslException) {
                throw th2;
            }
            LOG.error("Exception while processing ticket data", th2);
            throw new SaslException("Exception while processing ticket data", th2);
        }
    }

    public String getMechanismName() {
        return MaprSaslServer.MAPR_SECURITY_MECH_NAME;
    }

    public Object getNegotiatedProperty(String str) {
        if (!this.completed) {
            throw new IllegalStateException("MAPR-SECURITY authentication not completed");
        }
        if ("javax.security.sasl.qop".equals(str)) {
            return this.negotiatedQOPProperty;
        }
        if ("javax.security.sasl.rawsendsize".equals(str)) {
            return MAX_BUF_SIZE_FOR_WRAP.toString();
        }
        throw new IllegalStateException("MAPR-SECURITY does not support any property except javax.security.sasl.qop and javax.security.sasl.rawsendsize");
    }

    public boolean hasInitialResponse() {
        return true;
    }

    public boolean isComplete() {
        return this.completed;
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        byte[] bArr2 = new byte[i2];
        System.arraycopy(bArr, i, bArr2, 0, i2);
        return com.mapr.security.Security.Decrypt(this.sessionKey, bArr2, new MutableInt());
    }

    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        byte[] bArr2 = new byte[i2];
        System.arraycopy(bArr, i, bArr2, 0, i2);
        return com.mapr.security.Security.Encrypt(this.sessionKey, bArr2, new MutableInt());
    }
}
