package org.hbase.async;

import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.hbase.async.auth.ClientAuthProvider;
import org.hbase.async.auth.KerberosClientAuthProvider;
import org.hbase.async.auth.SimpleClientAuthProvider;
import org.jboss.netty.buffer.ChannelBuffer;
import org.jboss.netty.buffer.ChannelBuffers;
import org.jboss.netty.channel.Channel;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/hbase/async/SecureRpcHelper.class */
public abstract class SecureRpcHelper {
    public static final String SECURITY_AUTHENTICATION_KEY = "hbase.security.authentication";
    public static final String RPC_QOP_KEY = "hbase.rpc.protection";
    private static final Logger LOG = LoggerFactory.getLogger(SecureRpcHelper.class);
    protected final Config config;
    protected final RegionClient region_client;
    protected final String host_ip;
    protected ClientAuthProvider client_auth_provider;
    protected SaslClient sasl_client;
    protected boolean use_wrap;

    public SecureRpcHelper(HBaseClient hBaseClient, RegionClient regionClient, SocketAddress socketAddress) {
        this.config = hBaseClient.getConfig();
        this.host_ip = ((InetSocketAddress) socketAddress).getAddress().getHostAddress();
        this.region_client = regionClient;
        initSecureClientProvider(hBaseClient);
    }

    private void initSecureClientProvider(HBaseClient hBaseClient) {
        String string = this.config.hasProperty(SECURITY_AUTHENTICATION_KEY) ? this.config.getString(SECURITY_AUTHENTICATION_KEY) : "simple";
        if ("simple".equalsIgnoreCase(string)) {
            this.client_auth_provider = new SimpleClientAuthProvider(hBaseClient);
            this.use_wrap = false;
            return;
        }
        if ("kerberos".equalsIgnoreCase(string)) {
            this.client_auth_provider = new KerberosClientAuthProvider(hBaseClient);
        } else {
            try {
                Class<?> cls = Class.forName(string);
                this.client_auth_provider = (ClientAuthProvider) cls.getConstructor(HBaseClient.class).newInstance(hBaseClient);
                LOG.info("Successfully instantiated a security provider of type: " + cls.getCanonicalName());
            } catch (Exception e) {
                throw new IllegalStateException("Failed to load specified SecureClientProvider: " + string, e);
            }
        }
        String parseQOP = parseQOP();
        this.use_wrap = (parseQOP == null || "auth".equalsIgnoreCase(parseQOP)) ? false : true;
        HashMap hashMap = new HashMap(2);
        hashMap.put("javax.security.sasl.qop", parseQOP());
        hashMap.put("javax.security.sasl.server.authentication", "true");
        this.sasl_client = this.client_auth_provider.newSaslClient(this.host_ip, hashMap);
    }

    private String parseQOP() {
        String string = this.config.hasProperty(RPC_QOP_KEY) ? this.config.getString(RPC_QOP_KEY) : "authentication";
        if ("integrity".equalsIgnoreCase(string)) {
            return "auth-int";
        }
        if ("privacy".equalsIgnoreCase(string)) {
            return "auth-conf";
        }
        if ("authentication".equalsIgnoreCase(string)) {
            return "auth";
        }
        throw new IllegalArgumentException("Unrecognized rpc protection level: " + string);
    }

    public ChannelBuffer unwrap(ChannelBuffer channelBuffer) {
        if (!this.use_wrap) {
            return channelBuffer;
        }
        int readInt = channelBuffer.readInt();
        try {
            return ChannelBuffers.wrappedBuffer(this.sasl_client.unwrap(channelBuffer.readBytes(readInt).array(), 0, readInt));
        } catch (SaslException e) {
            throw new IllegalStateException("Failed to unwrap payload", e);
        }
    }

    public ChannelBuffer wrap(ChannelBuffer channelBuffer) {
        if (!this.use_wrap) {
            return channelBuffer;
        }
        try {
            byte[] bArr = new byte[channelBuffer.writerIndex()];
            channelBuffer.readBytes(bArr);
            byte[] wrap = this.sasl_client.wrap(bArr, 0, bArr.length);
            ChannelBuffer wrappedBuffer = ChannelBuffers.wrappedBuffer(new byte[4 + wrap.length]);
            wrappedBuffer.clear();
            wrappedBuffer.writeInt(wrap.length);
            wrappedBuffer.writeBytes(wrap);
            return wrappedBuffer;
        } catch (SaslException e) {
            throw new IllegalStateException("Failed to wrap payload", e);
        }
    }

    public abstract void sendHello(Channel channel);

    public abstract ChannelBuffer handleResponse(ChannelBuffer channelBuffer, Channel channel);

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] processChallenge(final byte[] bArr) {
        try {
            return (byte[]) Subject.doAs(this.client_auth_provider.getClientSubject(), new PrivilegedExceptionAction<byte[]>() { // from class: org.hbase.async.SecureRpcHelper.1PrivilegedAction
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public byte[] run() {
                    try {
                        return SecureRpcHelper.this.sasl_client.evaluateChallenge(bArr);
                    } catch (SaslException e) {
                        SecureRpcHelper.LOG.error("Failed Sasl challenge", e);
                        return null;
                    }
                }

                public String toString() {
                    return "evaluate sasl challenge";
                }
            });
        } catch (PrivilegedActionException e) {
            throw new IllegalStateException("Failed to process challenge", e);
        }
    }
}
