package io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.remote;

import io.hops.hadoop.shaded.org.apache.kerby.KOptions;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.KrbException;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.local.AdminHelper;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.remote.impl.DefaultAdminHandler;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.remote.impl.InternalAdminClient;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request.AddPrincipalRequest;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request.ChangePasswordRequest;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request.DeletePrincipalRequest;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request.ExportKeytabRequest;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request.GetPrincipalRequest;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request.GetprincsRequest;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.remote.request.RenamePrincipalRequest;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.message.KadminCode;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.common.KrbUtil;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.keytab.Keytab;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.request.KrbIdentity;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.transport.KrbNetwork;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.transport.KrbTransport;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.transport.TransportPair;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
import io.hops.hadoop.shaded.org.xnio.sasl.SaslUtils;
import io.hops.hadoop.shaded.org.xnio.sasl.SaslWrapper;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hadoop-client-runtime-3.2.0.15-EE-RC0.jar:io/hops/hadoop/shaded/org/apache/kerby/kerberos/kerb/admin/kadmin/remote/RemoteKadminImpl.class */
public class RemoteKadminImpl implements Kadmin {
    private static final String MECHANISM = "GSSAPI";
    private InternalAdminClient innerClient;
    private KrbTransport transport;
    private SaslClient saslClient = null;
    private SaslWrapper saslClientWrapper = null;
    private final Subject subject;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) RemoteKadminImpl.class);
    private static final byte[] EMPTY_BYTES = new byte[0];

    public RemoteKadminImpl(InternalAdminClient internalAdminClient, Subject subject) throws KrbException {
        this.innerClient = internalAdminClient;
        this.subject = subject;
        TransportPair transportPair = null;
        try {
            transportPair = AdminUtil.getTransportPair(internalAdminClient.getSetting());
        } catch (KrbException e) {
            LOG.error("Fail to get transport pair. " + e);
        }
        KrbNetwork krbNetwork = new KrbNetwork();
        krbNetwork.setSocketTimeout(internalAdminClient.getSetting().getTimeout());
        try {
            this.transport = krbNetwork.connect(transportPair);
            try {
                doSaslHandshake();
            } catch (Exception e2) {
                throw new KrbException("Failed to do SASL handshake. " + e2);
            }
        } catch (IOException e3) {
            throw new KrbException("Failed to create transport", e3);
        }
    }

    public InternalAdminClient getInnerClient() {
        return this.innerClient;
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public String getKadminPrincipal() {
        return KrbUtil.makeKadminPrincipal(this.innerClient.getSetting().getKdcRealm()).getName();
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public void addPrincipal(String str) throws KrbException {
        AddPrincipalRequest addPrincipalRequest = new AddPrincipalRequest(str);
        addPrincipalRequest.setTransport(this.transport);
        new DefaultAdminHandler().handleRequest(addPrincipalRequest, this.saslClientWrapper);
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public void addPrincipal(String str, KOptions kOptions) throws KrbException {
        AddPrincipalRequest addPrincipalRequest = new AddPrincipalRequest(str, kOptions);
        addPrincipalRequest.setTransport(this.transport);
        new DefaultAdminHandler().handleRequest(addPrincipalRequest, this.saslClientWrapper);
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public void addPrincipal(String str, String str2) throws KrbException {
        AddPrincipalRequest addPrincipalRequest = new AddPrincipalRequest(str, str2);
        addPrincipalRequest.setTransport(this.transport);
        new DefaultAdminHandler().handleRequest(addPrincipalRequest, this.saslClientWrapper);
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public void addPrincipal(String str, String str2, KOptions kOptions) throws KrbException {
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public void exportKeytab(File file, String str) throws KrbException {
        exportKeytab(file, Collections.singletonList(str));
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public void exportKeytab(File file, List<String> list) throws KrbException {
        ExportKeytabRequest exportKeytabRequest = new ExportKeytabRequest(listToString(list));
        exportKeytabRequest.setTransport(this.transport);
        Keytab loadKeytab = AdminHelper.loadKeytab(new ByteArrayInputStream(new DefaultAdminHandler().handleRequestForBytes(exportKeytabRequest, this.saslClientWrapper)));
        Keytab createOrLoadKeytab = AdminHelper.createOrLoadKeytab(file);
        Iterator<PrincipalName> it = loadKeytab.getPrincipals().iterator();
        while (it.hasNext()) {
            createOrLoadKeytab.addKeytabEntries(loadKeytab.getKeytabEntries(it.next()));
        }
        AdminHelper.storeKeytab(createOrLoadKeytab, file);
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public void exportKeytab(File file) throws KrbException {
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public void removeKeytabEntriesOf(File file, String str) throws KrbException {
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public void removeKeytabEntriesOf(File file, String str, int i) throws KrbException {
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public void removeOldKeytabEntriesOf(File file, String str) throws KrbException {
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public void deletePrincipal(String str) throws KrbException {
        DeletePrincipalRequest deletePrincipalRequest = new DeletePrincipalRequest(str);
        deletePrincipalRequest.setTransport(this.transport);
        new DefaultAdminHandler().handleRequest(deletePrincipalRequest, this.saslClientWrapper);
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public void modifyPrincipal(String str, KOptions kOptions) throws KrbException {
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public void renamePrincipal(String str, String str2) throws KrbException {
        RenamePrincipalRequest renamePrincipalRequest = new RenamePrincipalRequest(str, str2);
        renamePrincipalRequest.setTransport(this.transport);
        new DefaultAdminHandler().handleRequest(renamePrincipalRequest, this.saslClientWrapper);
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public List<String> getPrincipals() throws KrbException {
        GetprincsRequest getprincsRequest = new GetprincsRequest();
        getprincsRequest.setTransport(this.transport);
        return new DefaultAdminHandler().handleRequestForList(getprincsRequest, this.saslClientWrapper);
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public List<String> getPrincipals(String str) throws KrbException {
        GetprincsRequest getprincsRequest = new GetprincsRequest(str);
        getprincsRequest.setTransport(this.transport);
        return new DefaultAdminHandler().handleRequestForList(getprincsRequest, this.saslClientWrapper);
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public void changePassword(String str, String str2) throws KrbException {
        ChangePasswordRequest changePasswordRequest = new ChangePasswordRequest(str, str2);
        changePasswordRequest.setTransport(this.transport);
        new DefaultAdminHandler().handleRequest(changePasswordRequest, this.saslClientWrapper);
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public void updateKeys(String str) throws KrbException {
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.admin.kadmin.Kadmin
    public void release() throws KrbException {
    }

    public KrbIdentity getPrincipal(String str) throws KrbException {
        GetPrincipalRequest getPrincipalRequest = new GetPrincipalRequest(str);
        getPrincipalRequest.setTransport(this.transport);
        return new DefaultAdminHandler().handleRequestForIdentity(getPrincipalRequest, this.saslClientWrapper);
    }

    private String listToString(List<String> list) {
        if (list.isEmpty()) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            sb.append(it.next()).append(" ");
        }
        return sb.toString();
    }

    private void doSaslHandshake() throws Exception {
        Subject.doAs(this.subject, () -> {
            try {
                HashMap hashMap = new HashMap();
                hashMap.put("javax.security.sasl.qop", "auth-conf");
                hashMap.put("javax.security.sasl.server.authentication", "true");
                try {
                    this.saslClient = Sasl.createSaslClient(new String[]{MECHANISM}, (String) null, this.innerClient.getSetting().getAdminConfig().getProtocol(), this.innerClient.getSetting().getAdminConfig().getServerName(), hashMap, (CallbackHandler) null);
                    this.saslClientWrapper = SaslWrapper.create(this.saslClient);
                    if (this.saslClient == null) {
                        throw new KrbException("Unable to find client implementation for: GSSAPI");
                    }
                    try {
                        sendSaslMessage(this.saslClient.hasInitialResponse() ? this.saslClient.evaluateChallenge(EMPTY_BYTES) : EMPTY_BYTES);
                        ByteBuffer receiveMessage = this.transport.receiveMessage();
                        while (!this.saslClient.isComplete()) {
                            if (receiveMessage.getInt() == NegotiationStatus.SUCCESS.getValue()) {
                                LOG.info("Sasl Server completed");
                            }
                            sendSaslMessage(SaslUtils.evaluateChallenge(this.saslClient, receiveMessage));
                            if (!this.saslClient.isComplete()) {
                                receiveMessage = this.transport.receiveMessage();
                            }
                        }
                        if (1 != 0) {
                            return null;
                        }
                        this.transport.release();
                        return null;
                    } catch (SaslException e) {
                        throw new KrbException("Sasl client evaluate challenge failed." + e);
                    }
                } catch (SaslException e2) {
                    throw new KrbException("Fail to create SASL client. " + e2);
                }
            } catch (Throwable th) {
                if (0 == 0) {
                    this.transport.release();
                }
                throw th;
            }
        });
    }

    private void sendSaslMessage(byte[] bArr) {
        try {
            this.transport.sendMessage(KadminCode.encodeSaslMessage(bArr, this.saslClient.isComplete() ? NegotiationStatus.SUCCESS : NegotiationStatus.CONTINUE));
        } catch (IOException e) {
            LOG.error("Failed to send message to server. ", (Throwable) e);
        }
    }
}
