package com.datastax.driver.dse.auth;

import com.datastax.driver.core.AuthProvider;
import com.datastax.driver.core.Authenticator;
import com.datastax.driver.core.exceptions.AuthenticationException;
import com.google.common.base.Charsets;
import com.google.common.collect.ImmutableMap;
import java.net.InetSocketAddress;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;

/* loaded from: input_file:com/datastax/driver/dse/auth/DseGSSAPIAuthProvider.class */
public class DseGSSAPIAuthProvider implements AuthProvider {
    public static final String DEFAULT_SASL_PROTOCOL_NAME = "dse";
    public static final String SASL_PROTOCOL_NAME_PROPERTY = "dse.sasl.protocol";
    private final Configuration loginConfiguration;
    private final String saslProtocol;
    private final String authorizationId;
    private final Subject subject;

    /* loaded from: input_file:com/datastax/driver/dse/auth/DseGSSAPIAuthProvider$Builder.class */
    public static class Builder {
        private Configuration loginConfiguration;
        private String saslProtocol;
        private String authorizationId;
        private Subject subject;

        private Builder() {
        }

        public Builder withLoginConfiguration(Configuration configuration) {
            this.loginConfiguration = configuration;
            return this;
        }

        public Builder withSaslProtocol(String str) {
            this.saslProtocol = str;
            return this;
        }

        public Builder withAuthorizationId(String str) {
            this.authorizationId = str;
            return this;
        }

        public Builder withSubject(Subject subject) {
            this.subject = subject;
            return this;
        }

        public DseGSSAPIAuthProvider build() {
            return new DseGSSAPIAuthProvider(this.loginConfiguration, this.subject, this.saslProtocol, this.authorizationId);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/datastax/driver/dse/auth/DseGSSAPIAuthProvider$GSSAPIAuthenticator.class */
    public static class GSSAPIAuthenticator extends BaseDseAuthenticator {
        private static final String JAAS_CONFIG_ENTRY = "DseClient";
        private static final String[] SUPPORTED_MECHANISMS = {"GSSAPI"};
        private static final Map<String, String> DEFAULT_PROPERTIES = ImmutableMap.builder().put("javax.security.sasl.server.authentication", "true").put("javax.security.sasl.qop", "auth").build();
        private static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
        private static final byte[] MECHANISM = "GSSAPI".getBytes(Charsets.UTF_8);
        private static final byte[] SERVER_INITIAL_CHALLENGE = "GSSAPI-START".getBytes(Charsets.UTF_8);
        private final Subject subject;
        private final SaslClient saslClient;

        private GSSAPIAuthenticator(String str, String str2, InetSocketAddress inetSocketAddress, Configuration configuration, String str3) {
            super(str);
            String str4 = str3;
            if (str4 == null) {
                try {
                    str4 = System.getProperty(DseGSSAPIAuthProvider.SASL_PROTOCOL_NAME_PROPERTY, DseGSSAPIAuthProvider.DEFAULT_SASL_PROTOCOL_NAME);
                } catch (SaslException e) {
                    throw new RuntimeException((Throwable) e);
                } catch (LoginException e2) {
                    throw new RuntimeException(e2);
                }
            }
            LoginContext loginContext = new LoginContext(JAAS_CONFIG_ENTRY, (Subject) null, (CallbackHandler) null, configuration);
            loginContext.login();
            this.subject = loginContext.getSubject();
            this.saslClient = Sasl.createSaslClient(SUPPORTED_MECHANISMS, str2, str4, inetSocketAddress.getAddress().getCanonicalHostName(), DEFAULT_PROPERTIES, (CallbackHandler) null);
        }

        private GSSAPIAuthenticator(String str, String str2, InetSocketAddress inetSocketAddress, Subject subject, String str3) {
            super(str);
            String str4 = str3;
            if (str4 == null) {
                try {
                    str4 = System.getProperty(DseGSSAPIAuthProvider.SASL_PROTOCOL_NAME_PROPERTY, DseGSSAPIAuthProvider.DEFAULT_SASL_PROTOCOL_NAME);
                } catch (SaslException e) {
                    throw new RuntimeException((Throwable) e);
                }
            }
            this.subject = subject;
            this.saslClient = Sasl.createSaslClient(SUPPORTED_MECHANISMS, str2, str4, inetSocketAddress.getAddress().getCanonicalHostName(), DEFAULT_PROPERTIES, (CallbackHandler) null);
        }

        @Override // com.datastax.driver.dse.auth.BaseDseAuthenticator
        public byte[] getMechanism() {
            return (byte[]) MECHANISM.clone();
        }

        @Override // com.datastax.driver.dse.auth.BaseDseAuthenticator
        public byte[] getInitialServerChallenge() {
            return (byte[]) SERVER_INITIAL_CHALLENGE.clone();
        }

        @Override // com.datastax.driver.core.Authenticator
        public byte[] evaluateChallenge(byte[] bArr) {
            if (Arrays.equals(SERVER_INITIAL_CHALLENGE, bArr)) {
                if (!this.saslClient.hasInitialResponse()) {
                    return EMPTY_BYTE_ARRAY;
                }
                bArr = EMPTY_BYTE_ARRAY;
            }
            final byte[] bArr2 = bArr;
            try {
                return (byte[]) Subject.doAs(this.subject, new PrivilegedExceptionAction<byte[]>() { // from class: com.datastax.driver.dse.auth.DseGSSAPIAuthProvider.GSSAPIAuthenticator.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public byte[] run() throws SaslException {
                        return GSSAPIAuthenticator.this.saslClient.evaluateChallenge(bArr2);
                    }
                });
            } catch (PrivilegedActionException e) {
                throw new RuntimeException(e.getException());
            }
        }
    }

    public static Builder builder() {
        return new Builder();
    }

    @Deprecated
    public DseGSSAPIAuthProvider() {
        this(null, null, null, null);
    }

    @Deprecated
    public DseGSSAPIAuthProvider(Configuration configuration) {
        this(configuration, null, null, null);
    }

    @Deprecated
    public DseGSSAPIAuthProvider(String str) {
        this(null, null, str, null);
    }

    @Deprecated
    public DseGSSAPIAuthProvider(Configuration configuration, String str) {
        this(configuration, null, str, null);
    }

    private DseGSSAPIAuthProvider(Configuration configuration, Subject subject, String str, String str2) {
        this.loginConfiguration = configuration;
        this.subject = subject;
        this.saslProtocol = str;
        this.authorizationId = str2;
    }

    @Override // com.datastax.driver.core.AuthProvider
    public Authenticator newAuthenticator(InetSocketAddress inetSocketAddress, String str) throws AuthenticationException {
        return this.subject != null ? new GSSAPIAuthenticator(str, this.authorizationId, inetSocketAddress, this.subject, this.saslProtocol) : new GSSAPIAuthenticator(str, this.authorizationId, inetSocketAddress, this.loginConfiguration, this.saslProtocol);
    }
}
