package org.apache.hadoop.hbase.security;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import javax.security.sasl.SaslException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.hbase.classification.InterfaceAudience;
import org.apache.hadoop.io.WritableUtils;
import org.apache.hadoop.ipc.RemoteException;
import org.apache.hadoop.security.SaslInputStream;
import org.apache.hadoop.security.SaslOutputStream;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;

/* JADX WARN: Classes with same name are omitted:
  input_file:lib/hbase-shaded-client-1.4.13.jar:org/apache/hadoop/hbase/security/HBaseSaslRpcClient.class
 */
@InterfaceAudience.Private
/* loaded from: input_file:lib/hbase-shaded-server-1.4.13.jar:org/apache/hadoop/hbase/security/HBaseSaslRpcClient.class */
public class HBaseSaslRpcClient extends AbstractHBaseSaslRpcClient {
    private static final Log LOG = LogFactory.getLog(HBaseSaslRpcClient.class);

    public HBaseSaslRpcClient(AuthMethod authMethod, Token<? extends TokenIdentifier> token, String str, boolean z) throws IOException {
        super(authMethod, token, str, z);
    }

    public HBaseSaslRpcClient(AuthMethod authMethod, Token<? extends TokenIdentifier> token, String str, boolean z, String str2) throws IOException {
        super(authMethod, token, str, z, str2);
    }

    private static void readStatus(DataInputStream dataInputStream) throws IOException {
        if (dataInputStream.readInt() != SaslStatus.SUCCESS.state) {
            throw new RemoteException(WritableUtils.readString(dataInputStream), WritableUtils.readString(dataInputStream));
        }
    }

    public boolean saslConnect(InputStream inputStream, OutputStream outputStream) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(new BufferedInputStream(inputStream));
        DataOutputStream dataOutputStream = new DataOutputStream(new BufferedOutputStream(outputStream));
        try {
            byte[] initialResponse = getInitialResponse();
            if (initialResponse != null) {
                dataOutputStream.writeInt(initialResponse.length);
                dataOutputStream.write(initialResponse, 0, initialResponse.length);
                dataOutputStream.flush();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Have sent token of size " + initialResponse.length + " from initSASLContext.");
                }
            }
            if (!isComplete()) {
                readStatus(dataInputStream);
                int readInt = dataInputStream.readInt();
                if (readInt == -88) {
                    if (!this.fallbackAllowed) {
                        throw new IOException("Server asks us to fall back to SIMPLE auth, but this client is configured to only allow secure connections.");
                    }
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Server asks us to fall back to simple auth.");
                    }
                    dispose();
                    return false;
                }
                initialResponse = new byte[readInt];
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Will read input token of size " + initialResponse.length + " for processing by initSASLContext");
                }
                dataInputStream.readFully(initialResponse);
            }
            while (!isComplete()) {
                initialResponse = evaluateChallenge(initialResponse);
                if (initialResponse != null) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Will send token of size " + initialResponse.length + " from initSASLContext.");
                    }
                    dataOutputStream.writeInt(initialResponse.length);
                    dataOutputStream.write(initialResponse, 0, initialResponse.length);
                    dataOutputStream.flush();
                }
                if (!isComplete()) {
                    readStatus(dataInputStream);
                    initialResponse = new byte[dataInputStream.readInt()];
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Will read input token of size " + initialResponse.length + " for processing by initSASLContext");
                    }
                    dataInputStream.readFully(initialResponse);
                }
            }
            if (!LOG.isDebugEnabled()) {
                return true;
            }
            LOG.debug("SASL client context established. Negotiated QoP: " + this.saslClient.getNegotiatedProperty("javax.security.sasl.qop"));
            return true;
        } catch (IOException e) {
            try {
                this.saslClient.dispose();
            } catch (SaslException e2) {
            }
            throw e;
        }
    }

    public InputStream getInputStream(InputStream inputStream) throws IOException {
        if (this.saslClient.isComplete()) {
            return new SaslInputStream(inputStream, this.saslClient);
        }
        throw new IOException("Sasl authentication exchange hasn't completed yet");
    }

    public OutputStream getOutputStream(OutputStream outputStream) throws IOException {
        if (this.saslClient.isComplete()) {
            return new SaslOutputStream(outputStream, this.saslClient);
        }
        throw new IOException("Sasl authentication exchange hasn't completed yet");
    }
}
