package org.apache.hadoop.security;

import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
import java.security.Security;
import java.util.Map;
import javax.security.sasl.SaslServer;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.ipc.Server;
import org.apache.hadoop.security.SaslPlainServer;
import org.apache.hadoop.security.rpcauth.DigestAuthMethod;
import org.apache.hadoop.security.rpcauth.KerberosAuthMethod;
import org.apache.hadoop.security.rpcauth.RpcAuthMethod;
import org.apache.hadoop.security.rpcauth.RpcAuthRegistry;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
@InterfaceStability.Evolving
/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.5.3-eep-912.jar:org/apache/hadoop/security/SaslRpcServer.class */
public class SaslRpcServer {
    public static final Logger LOG = LoggerFactory.getLogger((Class<?>) SaslRpcServer.class);
    public static final String SASL_DEFAULT_REALM = "default";
    public static final String SASL_AUTH_SECRET_MANAGER = "org.apache.hadoop.auth.secret.manager";
    public static final String SASL_KERBEROS_PRINCIPAL = "org.apache.hadoop.auth.kerberos.principal";
    public static final String SASL_AUTH_TOKEN = "org.apache.hadoop.auth.token";
    public RpcAuthMethod authMethod;
    public String mechanism;
    public String protocol;
    public String serverId;

    @InterfaceStability.Evolving
    /* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.5.3-eep-912.jar:org/apache/hadoop/security/SaslRpcServer$AuthMethod.class */
    public enum AuthMethod {
        SIMPLE((byte) 80, ""),
        KERBEROS((byte) 81, "GSSAPI"),
        DIGEST((byte) 82, UserGroupInformation.DIGEST_AUTH_MECHANISM),
        TOKEN((byte) 82, UserGroupInformation.DIGEST_AUTH_MECHANISM),
        PLAIN((byte) 83, "PLAIN");

        public final byte code;
        public final String mechanismName;
        private static final int FIRST_CODE = values()[0].code;

        AuthMethod(byte b, String str) {
            this.code = b;
            this.mechanismName = str;
        }

        private static AuthMethod valueOf(byte b) {
            int i = (b & 255) - FIRST_CODE;
            if (i < 0 || i >= values().length) {
                return null;
            }
            return values()[i];
        }

        public String getMechanismName() {
            return this.mechanismName;
        }

        public static AuthMethod read(DataInput dataInput) throws IOException {
            return valueOf(dataInput.readByte());
        }

        public void write(DataOutput dataOutput) throws IOException {
            dataOutput.write(this.code);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.5.3-eep-912.jar:org/apache/hadoop/security/SaslRpcServer$QualityOfProtection.class */
    public enum QualityOfProtection {
        AUTHENTICATION("auth"),
        INTEGRITY("auth-int"),
        PRIVACY("auth-conf");

        public final String saslQop;

        QualityOfProtection(String str) {
            this.saslQop = str;
        }

        public String getSaslQop() {
            return this.saslQop;
        }
    }

    @InterfaceStability.Evolving
    /* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.5.3-eep-912.jar:org/apache/hadoop/security/SaslRpcServer$SaslDigestCallbackHandler.class */
    public static class SaslDigestCallbackHandler extends DigestAuthMethod.SaslDigestCallbackHandler {
        public SaslDigestCallbackHandler(SecretManager<TokenIdentifier> secretManager, Server.Connection connection) {
            super(secretManager, connection);
        }
    }

    @InterfaceStability.Evolving
    /* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.5.3-eep-912.jar:org/apache/hadoop/security/SaslRpcServer$SaslGssCallbackHandler.class */
    public static class SaslGssCallbackHandler extends KerberosAuthMethod.SaslGssCallbackHandler {
    }

    @InterfaceAudience.Private
    @InterfaceStability.Unstable
    public SaslRpcServer(RpcAuthMethod rpcAuthMethod) throws IOException {
        this.authMethod = rpcAuthMethod;
        this.mechanism = rpcAuthMethod.getMechanismName();
        if (rpcAuthMethod.equals(RpcAuthRegistry.SIMPLE)) {
            return;
        }
        this.protocol = rpcAuthMethod.getProtocol();
        this.serverId = rpcAuthMethod.getServerId();
    }

    @InterfaceAudience.Private
    @InterfaceStability.Unstable
    public SaslServer create(Server.Connection connection, Map<String, Object> map, SecretManager<TokenIdentifier> secretManager) throws IOException, InterruptedException {
        if (secretManager != null) {
            map.put(SASL_AUTH_SECRET_MANAGER, secretManager);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("creating SaslServer for authMethod: " + this.authMethod);
        }
        return this.authMethod.createSaslServer(connection, map);
    }

    public static void init(Configuration configuration) {
        Security.addProvider(new SaslPlainServer.SecurityProvider());
    }

    static String encodeIdentifier(byte[] bArr) {
        return DigestAuthMethod.encodeIdentifier(bArr);
    }

    static byte[] decodeIdentifier(String str) {
        return DigestAuthMethod.decodeIdentifier(str);
    }

    public static <T extends TokenIdentifier> T getIdentifier(String str, SecretManager<T> secretManager) throws SecretManager.InvalidToken {
        return (T) DigestAuthMethod.getIdentifier(str, secretManager);
    }

    static char[] encodePassword(byte[] bArr) {
        return DigestAuthMethod.encodePassword(bArr);
    }

    public static String[] splitKerberosName(String str) {
        return KerberosAuthMethod.splitKerberosName(str);
    }
}
