package com.datastax.dse.driver.internal.core.auth;

import com.datastax.dse.driver.api.core.config.DseDriverOption;
import com.datastax.oss.driver.api.core.auth.AuthProvider;
import com.datastax.oss.driver.api.core.auth.AuthenticationException;
import com.datastax.oss.driver.api.core.auth.Authenticator;
import com.datastax.oss.driver.api.core.config.DriverExecutionProfile;
import com.datastax.oss.driver.api.core.context.DriverContext;
import com.datastax.oss.driver.api.core.metadata.EndPoint;
import com.datastax.oss.driver.shaded.guava.common.base.Charsets;
import com.datastax.oss.driver.shaded.guava.common.collect.ImmutableMap;
import com.datastax.oss.protocol.internal.util.Bytes;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import java.net.InetSocketAddress;
import java.nio.ByteBuffer;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import net.jcip.annotations.ThreadSafe;

@ThreadSafe
/* loaded from: input_file:com/datastax/dse/driver/internal/core/auth/DseGssApiAuthProvider.class */
public class DseGssApiAuthProvider implements AuthProvider {
    public static final String DEFAULT_SASL_SERVICE_NAME = "dse";
    public static final String SASL_SERVICE_NAME_PROPERTY = "dse.sasl.service";
    private final DriverExecutionProfile config;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/datastax/dse/driver/internal/core/auth/DseGssApiAuthProvider$GssApiAuthenticator.class */
    public static class GssApiAuthenticator extends BaseDseAuthenticator {
        private static final String JAAS_CONFIG_ENTRY = "DseClient";
        private static final String[] SUPPORTED_MECHANISMS = {"GSSAPI"};
        private static final Map<String, String> DEFAULT_PROPERTIES = ImmutableMap.builder().put("javax.security.sasl.server.authentication", "true").put("javax.security.sasl.qop", "auth").build();
        private static final ByteBuffer EMPTY_BYTE_ARRAY = ByteBuffer.wrap(new byte[0]).asReadOnlyBuffer();
        private static final ByteBuffer MECHANISM = ByteBuffer.wrap("GSSAPI".getBytes(Charsets.UTF_8)).asReadOnlyBuffer();
        private static final ByteBuffer SERVER_INITIAL_CHALLENGE = ByteBuffer.wrap("GSSAPI-START".getBytes(Charsets.UTF_8)).asReadOnlyBuffer();
        private Subject subject;
        private SaslClient saslClient;
        private EndPoint endPoint;

        private GssApiAuthenticator(String str, String str2, EndPoint endPoint, Configuration configuration, String str3, Map<String, String> map) {
            super(str);
            ImmutableMap.Builder builder = ImmutableMap.builder();
            builder.putAll(map);
            DEFAULT_PROPERTIES.forEach((str4, str5) -> {
                if (map.containsKey(str4)) {
                    return;
                }
                builder.put(str4, str5);
            });
            ImmutableMap build = builder.build();
            try {
                this.endPoint = endPoint;
                String str6 = str3;
                str6 = str6 == null ? System.getProperty(DseGssApiAuthProvider.SASL_SERVICE_NAME_PROPERTY, DseGssApiAuthProvider.DEFAULT_SASL_SERVICE_NAME) : str6;
                LoginContext loginContext = new LoginContext(JAAS_CONFIG_ENTRY, (Subject) null, (CallbackHandler) null, configuration);
                loginContext.login();
                this.subject = loginContext.getSubject();
                this.saslClient = Sasl.createSaslClient(SUPPORTED_MECHANISMS, str2, str6, ((InetSocketAddress) endPoint.resolve()).getAddress().getCanonicalHostName(), build, (CallbackHandler) null);
            } catch (LoginException | SaslException e) {
                throw new AuthenticationException(endPoint, e.getMessage());
            }
        }

        @Override // com.datastax.dse.driver.internal.core.auth.BaseDseAuthenticator
        @NonNull
        public ByteBuffer getMechanism() {
            return MECHANISM;
        }

        @Override // com.datastax.dse.driver.internal.core.auth.BaseDseAuthenticator
        @NonNull
        public ByteBuffer getInitialServerChallenge() {
            return SERVER_INITIAL_CHALLENGE;
        }

        @Nullable
        public ByteBuffer evaluateChallengeSync(@Nullable ByteBuffer byteBuffer) {
            byte[] array;
            if (SERVER_INITIAL_CHALLENGE.equals(byteBuffer)) {
                if (!this.saslClient.hasInitialResponse()) {
                    return EMPTY_BYTE_ARRAY;
                }
                array = new byte[0];
            } else {
                if (byteBuffer == null) {
                    throw new AuthenticationException(this.endPoint, "Unexpected null challenge from server");
                }
                array = Bytes.getArray(byteBuffer);
            }
            try {
                final byte[] bArr = array;
                return ByteBuffer.wrap((byte[]) Subject.doAs(this.subject, new PrivilegedExceptionAction<byte[]>() { // from class: com.datastax.dse.driver.internal.core.auth.DseGssApiAuthProvider.GssApiAuthenticator.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public byte[] run() throws SaslException {
                        return GssApiAuthenticator.this.saslClient.evaluateChallenge(bArr);
                    }
                }));
            } catch (PrivilegedActionException e) {
                throw new AuthenticationException(this.endPoint, e.getMessage(), e.getException());
            }
        }
    }

    public DseGssApiAuthProvider(DriverContext driverContext) {
        this.config = driverContext.getConfig().getDefaultProfile();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v22, types: [java.util.Map] */
    @NonNull
    public Authenticator newAuthenticator(@NonNull EndPoint endPoint, @NonNull String str) throws AuthenticationException {
        String str2 = null;
        String str3 = null;
        HashMap hashMap = new HashMap();
        AuthUtils.validateConfigPresent(this.config, DseGssApiAuthProvider.class.getName(), endPoint, DseDriverOption.AUTH_PROVIDER_LOGIN_CONFIGURATION);
        if (this.config.isDefined(DseDriverOption.AUTH_PROVIDER_AUTHORIZATION_ID)) {
            str2 = this.config.getString(DseDriverOption.AUTH_PROVIDER_AUTHORIZATION_ID);
        }
        if (this.config.isDefined(DseDriverOption.AUTH_PROVIDER_SERVICE)) {
            str3 = this.config.getString(DseDriverOption.AUTH_PROVIDER_SERVICE);
        }
        if (this.config.isDefined(DseDriverOption.AUTH_PROVIDER_SASL_PROPERTIES)) {
            hashMap = this.config.getStringMap(DseDriverOption.AUTH_PROVIDER_SASL_PROPERTIES);
        }
        return new GssApiAuthenticator(str, str2, endPoint, fetchLoginConfiguration(this.config.getStringMap(DseDriverOption.AUTH_PROVIDER_LOGIN_CONFIGURATION)), str3, hashMap);
    }

    public void onMissingChallenge(@NonNull EndPoint endPoint) {
    }

    public void close() throws Exception {
    }

    public static Configuration fetchLoginConfiguration(final Map<String, String> map) {
        return new Configuration() { // from class: com.datastax.dse.driver.internal.core.auth.DseGssApiAuthProvider.1
            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                return new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, map)};
            }
        };
    }
}
