package org.apache.spark.network.sasl;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.Channel;
import java.io.IOException;
import javax.security.sasl.SaslException;
import org.apache.spark.network.client.TransportClient;
import org.apache.spark.network.client.TransportClientBootstrap;
import org.apache.spark.network.util.JavaUtils;
import org.apache.spark.network.util.TransportConf;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/spark/network/sasl/SaslClientBootstrap.class */
public class SaslClientBootstrap implements TransportClientBootstrap {
    private static final Logger logger = LoggerFactory.getLogger(SaslClientBootstrap.class);
    private final boolean encrypt;
    private final TransportConf conf;
    private final String appId;
    private final SecretKeyHolder secretKeyHolder;

    public SaslClientBootstrap(TransportConf transportConf, String str, SecretKeyHolder secretKeyHolder) {
        this(transportConf, str, secretKeyHolder, false);
    }

    public SaslClientBootstrap(TransportConf transportConf, String str, SecretKeyHolder secretKeyHolder, boolean z) {
        this.conf = transportConf;
        this.appId = str;
        this.secretKeyHolder = secretKeyHolder;
        this.encrypt = z;
    }

    @Override // org.apache.spark.network.client.TransportClientBootstrap
    public void doBootstrap(TransportClient transportClient, Channel channel) {
        SparkSaslClient sparkSaslClient = new SparkSaslClient(this.appId, this.secretKeyHolder, this.encrypt);
        try {
            try {
                byte[] firstToken = sparkSaslClient.firstToken();
                while (!sparkSaslClient.isComplete()) {
                    SaslMessage saslMessage = new SaslMessage(this.appId, firstToken);
                    ByteBuf buffer = Unpooled.buffer(saslMessage.encodedLength() + ((int) saslMessage.body().size()));
                    saslMessage.encode(buffer);
                    buffer.writeBytes(saslMessage.body().nioByteBuffer());
                    firstToken = sparkSaslClient.response(JavaUtils.bufferToArray(transportClient.sendRpcSync(buffer.nioBuffer(), this.conf.saslRTTimeoutMs())));
                }
                transportClient.setClientId(this.appId);
                if (this.encrypt) {
                    if (!"auth-conf".equals(sparkSaslClient.getNegotiatedProperty("javax.security.sasl.qop"))) {
                        throw new RuntimeException((Throwable) new SaslException("Encryption requests by negotiated non-encrypted connection."));
                    }
                    SaslEncryption.addToChannel(channel, sparkSaslClient, this.conf.maxSaslEncryptedBlockSize());
                    sparkSaslClient = null;
                    logger.debug("Channel {} configured for SASL encryption.", transportClient);
                }
                if (sparkSaslClient != null) {
                    try {
                        sparkSaslClient.dispose();
                    } catch (RuntimeException e) {
                        logger.error("Error while disposing SASL client", e);
                    }
                }
            } catch (IOException e2) {
                throw new RuntimeException(e2);
            }
        } catch (Throwable th) {
            if (sparkSaslClient != null) {
                try {
                    sparkSaslClient.dispose();
                } catch (RuntimeException e3) {
                    logger.error("Error while disposing SASL client", e3);
                }
            }
            throw th;
        }
    }
}
