package org.apache.storm.messaging.netty;

import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import java.util.TreeMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginException;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.apache.storm.security.auth.AuthUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/storm/messaging/netty/KerberosSaslNettyClient.class */
public class KerberosSaslNettyClient {
    private static final Logger LOG = LoggerFactory.getLogger(KerberosSaslNettyClient.class);
    private SaslClient saslClient;
    private Subject subject;
    private String jaas_section;

    /* loaded from: input_file:org/apache/storm/messaging/netty/KerberosSaslNettyClient$SaslClientCallbackHandler.class */
    private static class SaslClientCallbackHandler implements CallbackHandler {
        private SaslClientCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                KerberosSaslNettyClient.LOG.info("Kerberos Client Callback Handler got callback: {}", callback.getClass());
            }
        }
    }

    public KerberosSaslNettyClient(Map map, String str, final String str2) {
        LOG.debug("KerberosSaslNettyClient: Creating SASL {} client to authenticate to server ", "GSSAPI");
        LOG.info("Creating Kerberos Client.");
        try {
            Configuration GetConfiguration = AuthUtils.GetConfiguration(map);
            LOG.debug("KerberosSaslNettyClient: authmethod {}", "GSSAPI");
            final SaslClientCallbackHandler saslClientCallbackHandler = new SaslClientCallbackHandler();
            this.subject = null;
            try {
                LOG.debug("Setting Configuration to login_config: {}", GetConfiguration);
                Configuration.setConfiguration(GetConfiguration);
                LOG.debug("Trying to login.");
                this.subject = new Login(str, saslClientCallbackHandler).getSubject();
                LOG.debug("Got Subject: {}", this.subject.toString());
                if (this.subject.getPrivateCredentials(KerberosTicket.class).isEmpty()) {
                    LOG.error("Failed to verify user principal.");
                    throw new RuntimeException("Fail to verify user principal with section \"" + str + "\" in login configuration file " + GetConfiguration);
                }
                try {
                    final String str3 = AuthUtils.get(GetConfiguration, str, "serviceName");
                    try {
                        final String name = ((Principal) this.subject.getPrincipals().toArray()[0]).getName();
                        LOG.debug("Kerberos Client with principal: {}, host: {}", name, str2);
                        this.saslClient = (SaslClient) Subject.doAs(this.subject, new PrivilegedExceptionAction<SaslClient>() { // from class: org.apache.storm.messaging.netty.KerberosSaslNettyClient.1
                            /* JADX WARN: Can't rename method to resolve collision */
                            @Override // java.security.PrivilegedExceptionAction
                            public SaslClient run() {
                                try {
                                    TreeMap treeMap = new TreeMap();
                                    treeMap.put("javax.security.sasl.qop", "auth");
                                    treeMap.put("javax.security.sasl.server.authentication", "false");
                                    return Sasl.createSaslClient(new String[]{"GSSAPI"}, name, str3, str2, treeMap, saslClientCallbackHandler);
                                } catch (Exception e) {
                                    KerberosSaslNettyClient.LOG.error("Subject failed to create sasl client.", e);
                                    return null;
                                }
                            }
                        });
                        LOG.info("Got Client: {}", this.saslClient);
                    } catch (PrivilegedActionException e) {
                        LOG.error("KerberosSaslNettyClient: Could not create Sasl Netty Client.");
                        throw new RuntimeException(e);
                    }
                } catch (IOException e2) {
                    LOG.error("Failed to get service name.", e2);
                    throw new RuntimeException(e2);
                }
            } catch (LoginException e3) {
                LOG.error("Client failed to login in principal:" + e3, e3);
                throw new RuntimeException(e3);
            }
        } catch (Throwable th) {
            LOG.error("Failed to get login_conf: ", th);
            throw th;
        }
    }

    public boolean isComplete() {
        return this.saslClient.isComplete();
    }

    public byte[] saslResponse(final SaslMessageToken saslMessageToken) {
        try {
            return (byte[]) Subject.doAs(this.subject, new PrivilegedExceptionAction<byte[]>() { // from class: org.apache.storm.messaging.netty.KerberosSaslNettyClient.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public byte[] run() {
                    try {
                        return KerberosSaslNettyClient.this.saslClient.evaluateChallenge(saslMessageToken.getSaslToken());
                    } catch (SaslException e) {
                        KerberosSaslNettyClient.LOG.error("saslResponse: Failed to respond to SASL server's token:", e);
                        throw new RuntimeException((Throwable) e);
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            LOG.error("Failed to generate response for token: ", e);
            throw new RuntimeException(e);
        }
    }
}
