package org.apache.hadoop.security.scram;

import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.ipc.Server;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.scram.CredentialCache;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.TokenIdentifier;

/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.5.3-eep-912.jar:org/apache/hadoop/security/scram/ScramServerCallbackHandler.class */
public class ScramServerCallbackHandler implements CallbackHandler {
    private final CredentialCache.Cache<ScramCredential> credentialCache;
    private SecretManager<TokenIdentifier> secretManager;
    private Server.Connection connection;

    public ScramServerCallbackHandler(CredentialCache.Cache<ScramCredential> cache, SecretManager<TokenIdentifier> secretManager, Server.Connection connection) {
        this.credentialCache = cache;
        this.secretManager = secretManager;
        this.connection = connection;
    }

    public static <T extends TokenIdentifier> T getIdentifier(String str, SecretManager<T> secretManager) throws SecretManager.InvalidToken {
        byte[] decodeIdentifier = decodeIdentifier(str);
        T createIdentifier = secretManager.createIdentifier();
        try {
            createIdentifier.readFields(new DataInputStream(new ByteArrayInputStream(decodeIdentifier)));
            return createIdentifier;
        } catch (IOException e) {
            throw ((SecretManager.InvalidToken) new SecretManager.InvalidToken("Can't de-serialize tokenIdentifier").initCause(e));
        }
    }

    public static byte[] decodeIdentifier(String str) {
        return Base64.decodeBase64(str.getBytes());
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        String str = null;
        for (Callback callback : callbackArr) {
            if (callback instanceof NameCallback) {
                str = ((NameCallback) callback).getDefaultName();
            } else {
                if (!(callback instanceof ScramCredentialCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                this.connection.attemptingUser = getIdentifier(str, this.secretManager).getUser();
                ((ScramCredentialCallback) callback).scramCredential(this.credentialCache.get(UserGroupInformation.getLoginUser().getUserName()));
            }
        }
    }
}
