package oadd.org.apache.drill.exec.rpc.security;

import java.io.IOException;
import java.lang.reflect.UndeclaredThrowableException;
import java.security.PrivilegedExceptionAction;
import java.util.EnumMap;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import oadd.com.google.common.base.Preconditions;
import oadd.com.google.common.collect.ImmutableMap;
import oadd.com.google.common.collect.Maps;
import oadd.com.google.protobuf.ByteString;
import oadd.com.google.protobuf.Internal;
import oadd.com.google.protobuf.Internal.EnumLite;
import oadd.com.google.protobuf.MessageLite;
import oadd.io.netty.buffer.ByteBuf;
import oadd.org.apache.drill.exec.proto.UserBitShared;
import oadd.org.apache.drill.exec.rpc.BasicClient;
import oadd.org.apache.drill.exec.rpc.ClientConnection;
import oadd.org.apache.drill.exec.rpc.RpcException;
import oadd.org.apache.drill.exec.rpc.RpcOutcomeListener;
import oadd.org.apache.drill.exec.rpc.security.SaslProperties;
import oadd.org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:oadd/org/apache/drill/exec/rpc/security/AuthenticationOutcomeListener.class */
public class AuthenticationOutcomeListener<T extends Internal.EnumLite, C extends ClientConnection, HS extends MessageLite, HR extends MessageLite> implements RpcOutcomeListener<UserBitShared.SaslMessage> {
    private static final Logger logger = LoggerFactory.getLogger(AuthenticationOutcomeListener.class);
    private static final ImmutableMap<UserBitShared.SaslStatus, SaslChallengeProcessor> CHALLENGE_PROCESSORS;
    private final BasicClient<T, C, HS, HR> client;
    private final C connection;
    private final T saslRpcType;
    private final UserGroupInformation ugi;
    private final RpcOutcomeListener<?> completionListener;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:oadd/org/apache/drill/exec/rpc/security/AuthenticationOutcomeListener$SaslChallengeContext.class */
    public static class SaslChallengeContext<C extends ClientConnection> {
        final UserBitShared.SaslMessage challenge;
        final UserGroupInformation ugi;
        final C connection;

        SaslChallengeContext(UserBitShared.SaslMessage saslMessage, UserGroupInformation userGroupInformation, C c) {
            this.challenge = (UserBitShared.SaslMessage) Preconditions.checkNotNull(saslMessage);
            this.ugi = (UserGroupInformation) Preconditions.checkNotNull(userGroupInformation);
            this.connection = (C) Preconditions.checkNotNull(c);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:oadd/org/apache/drill/exec/rpc/security/AuthenticationOutcomeListener$SaslChallengeProcessor.class */
    public interface SaslChallengeProcessor {
        <CC extends ClientConnection> UserBitShared.SaslMessage process(SaslChallengeContext<CC> saslChallengeContext) throws Exception;
    }

    /* loaded from: input_file:oadd/org/apache/drill/exec/rpc/security/AuthenticationOutcomeListener$SaslFailedProcessor.class */
    private static class SaslFailedProcessor implements SaslChallengeProcessor {
        private SaslFailedProcessor() {
        }

        @Override // oadd.org.apache.drill.exec.rpc.security.AuthenticationOutcomeListener.SaslChallengeProcessor
        public <CC extends ClientConnection> UserBitShared.SaslMessage process(SaslChallengeContext<CC> saslChallengeContext) throws Exception {
            throw new SaslException(String.format("Authentication failed. Incorrect credentials? [Details: %s]", saslChallengeContext.connection.getEncryptionCtxtString()));
        }
    }

    /* loaded from: input_file:oadd/org/apache/drill/exec/rpc/security/AuthenticationOutcomeListener$SaslInProgressProcessor.class */
    private static class SaslInProgressProcessor implements SaslChallengeProcessor {
        private SaslInProgressProcessor() {
        }

        @Override // oadd.org.apache.drill.exec.rpc.security.AuthenticationOutcomeListener.SaslChallengeProcessor
        public <CC extends ClientConnection> UserBitShared.SaslMessage process(SaslChallengeContext<CC> saslChallengeContext) throws Exception {
            UserBitShared.SaslMessage.Builder newBuilder = UserBitShared.SaslMessage.newBuilder();
            SaslClient saslClient = saslChallengeContext.connection.getSaslClient();
            byte[] evaluateChallenge = AuthenticationOutcomeListener.evaluateChallenge(saslChallengeContext.ugi, saslClient, saslChallengeContext.challenge.getData().toByteArray());
            boolean isComplete = saslClient.isComplete();
            AuthenticationOutcomeListener.logger.trace("Evaluated challenge. Completed? {}.", Boolean.valueOf(isComplete));
            newBuilder.setData(evaluateChallenge != null ? ByteString.copyFrom(evaluateChallenge) : ByteString.EMPTY);
            newBuilder.setStatus(isComplete ? UserBitShared.SaslStatus.SASL_SUCCESS : UserBitShared.SaslStatus.SASL_IN_PROGRESS);
            return newBuilder.build();
        }
    }

    /* loaded from: input_file:oadd/org/apache/drill/exec/rpc/security/AuthenticationOutcomeListener$SaslSuccessProcessor.class */
    private static class SaslSuccessProcessor implements SaslChallengeProcessor {
        private SaslSuccessProcessor() {
        }

        @Override // oadd.org.apache.drill.exec.rpc.security.AuthenticationOutcomeListener.SaslChallengeProcessor
        public <CC extends ClientConnection> UserBitShared.SaslMessage process(SaslChallengeContext<CC> saslChallengeContext) throws Exception {
            SaslClient saslClient = saslChallengeContext.connection.getSaslClient();
            if (saslClient.isComplete()) {
                AuthenticationOutcomeListener.handleSuccess(saslChallengeContext);
                return null;
            }
            AuthenticationOutcomeListener.evaluateChallenge(saslChallengeContext.ugi, saslClient, saslChallengeContext.challenge.getData().toByteArray());
            if (!saslClient.isComplete()) {
                throw new SaslException("Server allegedly succeeded authentication, but client did not. Suspicious?");
            }
            AuthenticationOutcomeListener.handleSuccess(saslChallengeContext);
            return null;
        }
    }

    public AuthenticationOutcomeListener(BasicClient<T, C, HS, HR> basicClient, C c, T t, UserGroupInformation userGroupInformation, RpcOutcomeListener<?> rpcOutcomeListener) {
        this.client = basicClient;
        this.connection = c;
        this.saslRpcType = t;
        this.ugi = userGroupInformation;
        this.completionListener = rpcOutcomeListener;
    }

    public void initiate(String str) {
        logger.trace("Initiating SASL exchange.");
        try {
            SaslClient saslClient = this.connection.getSaslClient();
            this.client.send(new AuthenticationOutcomeListener(this.client, this.connection, this.saslRpcType, this.ugi, this.completionListener), this.connection, this.saslRpcType, UserBitShared.SaslMessage.newBuilder().setMechanism(str).setStatus(UserBitShared.SaslStatus.SASL_START).setData(saslClient.hasInitialResponse() ? ByteString.copyFrom(evaluateChallenge(this.ugi, saslClient, new byte[0])) : ByteString.EMPTY).build(), UserBitShared.SaslMessage.class, true, new ByteBuf[0]);
            logger.trace("Initiated SASL exchange.");
        } catch (Exception e) {
            this.completionListener.failed(RpcException.mapException(e));
        }
    }

    @Override // oadd.org.apache.drill.exec.rpc.RpcOutcomeListener
    public void failed(RpcException rpcException) {
        this.completionListener.failed(RpcException.mapException(rpcException));
    }

    @Override // oadd.org.apache.drill.exec.rpc.RpcOutcomeListener
    public void success(UserBitShared.SaslMessage saslMessage, ByteBuf byteBuf) {
        logger.trace("Server responded with message of type: {}", saslMessage.getStatus());
        SaslChallengeProcessor saslChallengeProcessor = CHALLENGE_PROCESSORS.get(saslMessage.getStatus());
        if (saslChallengeProcessor == null) {
            this.completionListener.failed(RpcException.mapException(new SaslException("Server sent a corrupt message.")));
            return;
        }
        String mechanismName = this.connection.getSaslClient().getMechanismName();
        try {
            UserBitShared.SaslMessage process = saslChallengeProcessor.process(new SaslChallengeContext(saslMessage, this.ugi, this.connection));
            if (process != null) {
                this.client.send(new AuthenticationOutcomeListener(this.client, this.connection, this.saslRpcType, this.ugi, this.completionListener), this.connection, this.saslRpcType, process, UserBitShared.SaslMessage.class, true, new ByteBuf[0]);
            } else {
                this.completionListener.success(null, null);
                if (logger.isTraceEnabled()) {
                    logger.trace("Successfully authenticated to server using {} mechanism and encryption context: {}", mechanismName, this.connection.getEncryptionCtxtString());
                }
            }
        } catch (Exception e) {
            logger.error("Authentication with encryption context: {} using mechanism {} failed with {}", new Object[]{this.connection.getEncryptionCtxtString(), mechanismName, e.getMessage()});
            this.completionListener.failed(RpcException.mapException(e));
        }
    }

    @Override // oadd.org.apache.drill.exec.rpc.RpcOutcomeListener
    public void interrupted(InterruptedException interruptedException) {
        this.completionListener.interrupted(interruptedException);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] evaluateChallenge(UserGroupInformation userGroupInformation, final SaslClient saslClient, final byte[] bArr) throws SaslException {
        try {
            return (byte[]) userGroupInformation.doAs(new PrivilegedExceptionAction<byte[]>() { // from class: oadd.org.apache.drill.exec.rpc.security.AuthenticationOutcomeListener.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public byte[] run() throws Exception {
                    return saslClient.evaluateChallenge(bArr);
                }
            });
        } catch (IOException | InterruptedException e) {
            if (e instanceof SaslException) {
                throw e;
            }
            throw new SaslException(String.format("Unexpected failure (%s)", saslClient.getMechanismName()), e);
        } catch (UndeclaredThrowableException e2) {
            throw new SaslException(String.format("Unexpected failure (%s)", saslClient.getMechanismName()), e2.getCause());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static <CC extends ClientConnection> void handleSuccess(SaslChallengeContext<CC> saslChallengeContext) throws SaslException {
        CC cc = saslChallengeContext.connection;
        SaslClient saslClient = cc.getSaslClient();
        try {
            String obj = saslClient.getNegotiatedProperty("javax.security.sasl.qop").toString();
            String saslQop = cc.isEncryptionEnabled() ? SaslProperties.QualityOfProtection.PRIVACY.getSaslQop() : SaslProperties.QualityOfProtection.AUTHENTICATION.getSaslQop();
            if (!obj.equals(saslQop)) {
                throw new SaslException(String.format("Mismatch in negotiated QOP value: %s and Expected QOP value: %s", obj, saslQop));
            }
            if (cc.isEncryptionEnabled()) {
                int parseInt = Integer.parseInt(saslClient.getNegotiatedProperty("javax.security.sasl.rawsendsize").toString());
                if (parseInt <= 0) {
                    throw new SaslException(String.format("Negotiated rawSendSize: %d is invalid. Please check the configured value of encryption.sasl.max_wrapped_size. It might be configured to a very small value.", Integer.valueOf(parseInt)));
                }
                cc.setWrapSizeLimit(parseInt);
            }
            if (cc.isEncryptionEnabled()) {
                cc.addSecurityHandlers();
            } else {
                cc.disposeSaslClient();
            }
        } catch (Exception e) {
            throw new SaslException(String.format("Unexpected failure while retrieving negotiated property values (%s)", e.getMessage()), e);
        }
    }

    static {
        EnumMap enumMap = new EnumMap(UserBitShared.SaslStatus.class);
        enumMap.put((EnumMap) UserBitShared.SaslStatus.SASL_IN_PROGRESS, (UserBitShared.SaslStatus) new SaslInProgressProcessor());
        enumMap.put((EnumMap) UserBitShared.SaslStatus.SASL_SUCCESS, (UserBitShared.SaslStatus) new SaslSuccessProcessor());
        enumMap.put((EnumMap) UserBitShared.SaslStatus.SASL_FAILED, (UserBitShared.SaslStatus) new SaslFailedProcessor());
        CHALLENGE_PROCESSORS = Maps.immutableEnumMap(enumMap);
    }
}
