package org.apache.hadoop.hbase.security.provider.example;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.atomic.AtomicReference;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FSDataInputStream;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
import org.apache.hadoop.hbase.security.provider.AttemptingUserProvidingSaslServer;
import org.apache.hadoop.hbase.security.provider.SaslServerAuthenticationProvider;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.util.StringUtils;
import org.apache.yetus.audience.InterfaceAudience;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hadoop/hbase/security/provider/example/ShadeSaslServerAuthenticationProvider.class */
public class ShadeSaslServerAuthenticationProvider extends ShadeSaslAuthenticationProvider implements SaslServerAuthenticationProvider {
    private static final Logger LOG = LoggerFactory.getLogger(ShadeSaslServerAuthenticationProvider.class);
    public static final String PASSWORD_FILE_KEY = "hbase.security.shade.password.file";
    static final char SEPARATOR = '=';
    private AtomicReference<UserGroupInformation> attemptingUser = new AtomicReference<>(null);
    private Map<String, char[]> passwordDatabase;

    /* loaded from: input_file:org/apache/hadoop/hbase/security/provider/example/ShadeSaslServerAuthenticationProvider$ShadeSaslServerCallbackHandler.class */
    static class ShadeSaslServerCallbackHandler implements CallbackHandler {
        private final AtomicReference<UserGroupInformation> attemptingUser;
        private final Map<String, char[]> passwordDatabase;

        public ShadeSaslServerCallbackHandler(AtomicReference<UserGroupInformation> atomicReference, Map<String, char[]> map) {
            this.attemptingUser = atomicReference;
            this.passwordDatabase = map;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws SecretManager.InvalidToken, UnsupportedCallbackException {
            NameCallback nameCallback = null;
            PasswordCallback passwordCallback = null;
            AuthorizeCallback authorizeCallback = null;
            for (Callback callback : callbackArr) {
                if (callback instanceof AuthorizeCallback) {
                    authorizeCallback = (AuthorizeCallback) callback;
                } else if (callback instanceof NameCallback) {
                    nameCallback = (NameCallback) callback;
                } else if (callback instanceof PasswordCallback) {
                    passwordCallback = (PasswordCallback) callback;
                } else if (!(callback instanceof RealmCallback)) {
                    throw new UnsupportedCallbackException(callback, "Unrecognized SASL PLAIN Callback");
                }
            }
            if (nameCallback != null && passwordCallback != null) {
                String name = nameCallback.getName();
                this.attemptingUser.set(createUgiForRemoteUser(name));
                if (!Arrays.equals(passwordCallback.getPassword(), this.passwordDatabase.get(name))) {
                    throw new SecretManager.InvalidToken("Authentication failed for " + name);
                }
            }
            if (authorizeCallback != null) {
                String authenticationID = authorizeCallback.getAuthenticationID();
                String authorizationID = authorizeCallback.getAuthorizationID();
                if (!authenticationID.equals(authorizationID)) {
                    authorizeCallback.setAuthorized(false);
                } else {
                    authorizeCallback.setAuthorized(true);
                    authorizeCallback.setAuthorizedID(authorizationID);
                }
            }
        }

        UserGroupInformation createUgiForRemoteUser(String str) {
            UserGroupInformation createRemoteUser = UserGroupInformation.createRemoteUser(str);
            createRemoteUser.setAuthenticationMethod(ShadeSaslAuthenticationProvider.METHOD.getAuthMethod());
            return createRemoteUser;
        }
    }

    public void init(Configuration configuration) throws IOException {
        this.passwordDatabase = readPasswordDB(configuration);
    }

    public AttemptingUserProvidingSaslServer createServer(SecretManager<TokenIdentifier> secretManager, Map<String, String> map) throws IOException {
        return new AttemptingUserProvidingSaslServer(new SaslPlainServer(new ShadeSaslServerCallbackHandler(this.attemptingUser, this.passwordDatabase)), () -> {
            return this.attemptingUser.get();
        });
    }

    Map<String, char[]> readPasswordDB(Configuration configuration) throws IOException {
        String str = configuration.get(PASSWORD_FILE_KEY);
        if (str == null) {
            throw new RuntimeException("hbase.security.shade.password.file is not defined in configuration, cannot use this implementation");
        }
        Path path = new Path(str);
        FileSystem fileSystem = path.getFileSystem(configuration);
        if (!fileSystem.exists(path)) {
            throw new RuntimeException("Configured password file does not exist: " + path);
        }
        HashMap hashMap = new HashMap();
        FSDataInputStream open = fileSystem.open(path);
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader((InputStream) open, StandardCharsets.UTF_8));
            int i = 0;
            while (true) {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    String[] split = StringUtils.split(readLine.trim(), '=');
                    if (split.length < 2) {
                        LOG.warn("Password file contains invalid record on line {}, skipping", Integer.valueOf(i + 1));
                    } else {
                        String str2 = split[0];
                        StringBuilder sb = new StringBuilder();
                        for (int i2 = 1; i2 < split.length; i2++) {
                            if (sb.length() > 0) {
                                sb.append('=');
                            }
                            sb.append(split[i2]);
                        }
                        hashMap.put(str2, sb.toString().toCharArray());
                        i++;
                    }
                } finally {
                }
            }
            bufferedReader.close();
            if (open != null) {
                open.close();
            }
            return hashMap;
        } catch (Throwable th) {
            if (open != null) {
                try {
                    open.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    public boolean supportsProtocolAuthentication() {
        return false;
    }

    public UserGroupInformation getAuthorizedUgi(String str, SecretManager<TokenIdentifier> secretManager) throws IOException {
        return UserGroupInformation.createRemoteUser(str);
    }
}
