package org.apache.hadoop.security.scram;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslServer;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.ipc.Server;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.SaslRpcServer;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.rpcauth.TokenAuthMethod;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;
import org.slf4j.MarkerFactory;

/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.5-eep-900.jar:org/apache/hadoop/security/scram/ScramAuthMethod.class */
public final class ScramAuthMethod extends TokenAuthMethod {
    private String defaultMechanismName;
    private final String scramPasswordConf = "scram.password";
    private String password;
    private String scramConfig;
    CredentialCache credentialCache;
    Configuration conf;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ScramAuthMethod.class);
    private static final Marker FATAL = MarkerFactory.getMarker("FATAL");
    public static final TokenAuthMethod INSTANCE = new ScramAuthMethod();

    private ScramAuthMethod() {
        super((byte) 84, "tokenScram", UserGroupInformation.SCRAM_AUTH_MECHANISM, UserGroupInformation.AuthenticationMethod.TOKEN);
        this.defaultMechanismName = UserGroupInformation.SCRAM_AUTH_MECHANISM;
        this.scramPasswordConf = "scram.password";
        this.scramConfig = "scram/scram-site.xml";
        this.credentialCache = null;
    }

    private void createCache() {
        this.conf = new Configuration();
        this.conf.addResource(this.scramConfig);
        this.credentialCache = new CredentialCache();
        try {
            this.credentialCache.createCache(this.defaultMechanismName, ScramCredential.class);
            ScramFormatter scramFormatter = new ScramFormatter(ScramMechanism.SCRAM_SHA_256);
            this.password = new String(this.conf.getPassword("scram.password"));
            this.credentialCache.cache(this.defaultMechanismName, ScramCredential.class).put(UserGroupInformation.getLoginUser().getUserName(), scramFormatter.generateCredential(this.password, 4096));
        } catch (IOException e) {
            LOG.error(FATAL, "Exception while getting login user", (Throwable) e);
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            LOG.error(FATAL, "Can't find " + this.defaultMechanismName + " algorithm.");
        }
    }

    @Override // org.apache.hadoop.security.rpcauth.RpcAuthMethod
    public SaslClient createSaslClient(Map<String, Object> map) throws IOException {
        Token token = (Token) map.get(SaslRpcServer.SASL_AUTH_TOKEN);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Creating SASL " + this.mechanismName + " client to authenticate to service at " + token.getService());
        }
        if (this.credentialCache == null) {
            createCache();
        }
        return Sasl.createSaslClient(new String[]{this.mechanismName}, (String) null, (String) null, "default", map, new ScramClientCallbackHandler(this.password, token));
    }

    @Override // org.apache.hadoop.security.rpcauth.RpcAuthMethod
    public SaslServer createSaslServer(Server.Connection connection, Map<String, Object> map) throws IOException {
        SecretManager secretManager = (SecretManager) map.get(SaslRpcServer.SASL_AUTH_SECRET_MANAGER);
        if (secretManager == null) {
            throw new AccessControlException("Server is not configured to do SCRAM authentication.");
        }
        if (this.credentialCache == null) {
            createCache();
        }
        return Sasl.createSaslServer(this.mechanismName, (String) null, "default", map, new ScramServerCallbackHandler(this.credentialCache.cache(this.defaultMechanismName, ScramCredential.class), secretManager, connection));
    }
}
