package org.apache.storm.security.auth.digest;

import java.io.IOException;
import java.util.Map;
import javax.security.auth.login.AppConfigurationEntry;
import org.apache.storm.generated.WorkerToken;
import org.apache.storm.security.auth.ClientAuthUtils;
import org.apache.storm.security.auth.sasl.SaslTransportPlugin;
import org.apache.storm.security.auth.sasl.SimpleSaslClientCallbackHandler;
import org.apache.storm.security.auth.sasl.SimpleSaslServerCallbackHandler;
import org.apache.storm.security.auth.workertoken.WorkerTokenAuthorizer;
import org.apache.storm.security.auth.workertoken.WorkerTokenClientCallbackHandler;
import org.apache.storm.thrift.transport.TSaslClientTransport;
import org.apache.storm.thrift.transport.TSaslServerTransport;
import org.apache.storm.thrift.transport.TTransport;
import org.apache.storm.thrift.transport.TTransportException;
import org.apache.storm.thrift.transport.TTransportFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/storm/security/auth/digest/DigestSaslTransportPlugin.class */
public class DigestSaslTransportPlugin extends SaslTransportPlugin {
    public static final String DIGEST = "DIGEST-MD5";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) DigestSaslTransportPlugin.class);
    private WorkerTokenAuthorizer workerTokenAuthorizer;

    @Override // org.apache.storm.security.auth.sasl.SaslTransportPlugin
    protected TTransportFactory getServerTransportFactory(boolean z) throws IOException {
        if (this.workerTokenAuthorizer == null) {
            this.workerTokenAuthorizer = new WorkerTokenAuthorizer(this.conf, this.type);
        }
        SimpleSaslServerCallbackHandler simpleSaslServerCallbackHandler = new SimpleSaslServerCallbackHandler(z, this.workerTokenAuthorizer, new JassPasswordProvider(this.loginConf));
        TSaslServerTransport.Factory factory = new TSaslServerTransport.Factory();
        factory.addServerDefinition("DIGEST-MD5", ClientAuthUtils.SERVICE, "localhost", null, simpleSaslServerCallbackHandler);
        LOG.info("SASL DIGEST-MD5 transport factory will be used");
        return factory;
    }

    @Override // org.apache.storm.security.auth.ITransportPlugin
    public TTransport connect(TTransport tTransport, String str, String str2) throws TTransportException, IOException {
        SimpleSaslClientCallbackHandler simpleSaslClientCallbackHandler;
        WorkerToken findWorkerTokenInSubject = WorkerTokenClientCallbackHandler.findWorkerTokenInSubject(this.type);
        if (findWorkerTokenInSubject != null) {
            simpleSaslClientCallbackHandler = new WorkerTokenClientCallbackHandler(findWorkerTokenInSubject);
        } else {
            if (this.loginConf == null) {
                throw new IOException("Could not find any way to authenticate with the server.");
            }
            AppConfigurationEntry[] appConfigurationEntry = this.loginConf.getAppConfigurationEntry(ClientAuthUtils.LOGIN_CONTEXT_CLIENT);
            if (appConfigurationEntry == null) {
                throw new IOException("Could not find a 'StormClient' entry in this configuration: Client cannot start.");
            }
            String str3 = "";
            String str4 = "";
            for (AppConfigurationEntry appConfigurationEntry2 : appConfigurationEntry) {
                Map options = appConfigurationEntry2.getOptions();
                str3 = (String) options.getOrDefault("username", str3);
                str4 = (String) options.getOrDefault("password", str4);
            }
            simpleSaslClientCallbackHandler = new SimpleSaslClientCallbackHandler(str3, str4);
        }
        TSaslClientTransport tSaslClientTransport = new TSaslClientTransport("DIGEST-MD5", null, ClientAuthUtils.SERVICE, str, null, simpleSaslClientCallbackHandler, tTransport);
        tSaslClientTransport.open();
        LOG.debug("SASL DIGEST-MD5 client transport has been established");
        return tSaslClientTransport;
    }

    @Override // org.apache.storm.security.auth.ITransportPlugin
    public boolean areWorkerTokensSupported() {
        return true;
    }

    @Override // org.apache.storm.security.auth.sasl.SaslTransportPlugin, java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        this.workerTokenAuthorizer.close();
    }
}
