package org.apache.spark.network.crypto;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.Channel;
import java.nio.ByteBuffer;
import org.apache.spark.network.client.RpcResponseCallback;
import org.apache.spark.network.client.StreamCallbackWithID;
import org.apache.spark.network.client.TransportClient;
import org.apache.spark.network.sasl.SaslRpcHandler;
import org.apache.spark.network.sasl.SecretKeyHolder;
import org.apache.spark.network.server.RpcHandler;
import org.apache.spark.network.server.StreamManager;
import org.apache.spark.network.util.TransportConf;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.spark_project.guava.annotations.VisibleForTesting;
import org.spark_project.guava.base.Preconditions;
import org.spark_project.guava.base.Throwables;

/* loaded from: input_file:org/apache/spark/network/crypto/AuthRpcHandler.class */
class AuthRpcHandler extends RpcHandler {
    private static final Logger LOG = LoggerFactory.getLogger(AuthRpcHandler.class);
    private final TransportConf conf;
    private final Channel channel;

    @VisibleForTesting
    RpcHandler delegate;
    private final SecretKeyHolder secretKeyHolder;

    @VisibleForTesting
    boolean doDelegate;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthRpcHandler(TransportConf transportConf, Channel channel, RpcHandler rpcHandler, SecretKeyHolder secretKeyHolder) {
        this.conf = transportConf;
        this.channel = channel;
        this.delegate = rpcHandler;
        this.secretKeyHolder = secretKeyHolder;
    }

    @Override // org.apache.spark.network.server.RpcHandler
    public void receive(TransportClient transportClient, ByteBuffer byteBuffer, RpcResponseCallback rpcResponseCallback) {
        if (this.doDelegate) {
            this.delegate.receive(transportClient, byteBuffer, rpcResponseCallback);
            return;
        }
        int position = byteBuffer.position();
        int limit = byteBuffer.limit();
        try {
            ClientChallenge decodeMessage = ClientChallenge.decodeMessage(byteBuffer);
            LOG.debug("Received new auth challenge for client {}.", this.channel.remoteAddress());
            AuthEngine authEngine = null;
            try {
                try {
                    String secretKey = this.secretKeyHolder.getSecretKey(decodeMessage.appId);
                    Preconditions.checkState(secretKey != null, "Trying to authenticate non-registered app %s.", decodeMessage.appId);
                    LOG.debug("Authenticating challenge for app {}.", decodeMessage.appId);
                    authEngine = new AuthEngine(decodeMessage.appId, secretKey, this.conf);
                    ServerResponse respond = authEngine.respond(decodeMessage);
                    ByteBuf buffer = Unpooled.buffer(respond.encodedLength());
                    respond.encode(buffer);
                    rpcResponseCallback.onSuccess(buffer.nioBuffer());
                    authEngine.sessionCipher().addToChannel(this.channel);
                    transportClient.setClientId(decodeMessage.appId);
                    if (authEngine != null) {
                        try {
                            authEngine.close();
                        } catch (Exception e) {
                            throw Throwables.propagate(e);
                        }
                    }
                    LOG.debug("Authorization successful for client {}.", this.channel.remoteAddress());
                    this.doDelegate = true;
                } catch (Throwable th) {
                    if (authEngine != null) {
                        try {
                            authEngine.close();
                        } catch (Exception e2) {
                            throw Throwables.propagate(e2);
                        }
                    }
                    throw th;
                }
            } catch (Exception e3) {
                LOG.debug("Authentication failed for client {}, closing channel.", this.channel.remoteAddress());
                rpcResponseCallback.onFailure(new IllegalArgumentException("Authentication failed."));
                this.channel.close();
                if (authEngine != null) {
                    try {
                        authEngine.close();
                    } catch (Exception e4) {
                        throw Throwables.propagate(e4);
                    }
                }
            }
        } catch (RuntimeException e5) {
            if (!this.conf.saslFallback()) {
                LOG.debug("Unexpected challenge message from client {}, closing channel.", this.channel.remoteAddress());
                rpcResponseCallback.onFailure(new IllegalArgumentException("Unknown challenge message."));
                this.channel.close();
            } else {
                LOG.warn("Failed to parse new auth challenge, reverting to SASL for client {}.", this.channel.remoteAddress());
                this.delegate = new SaslRpcHandler(this.conf, this.channel, this.delegate, this.secretKeyHolder);
                byteBuffer.position(position);
                byteBuffer.limit(limit);
                this.delegate.receive(transportClient, byteBuffer, rpcResponseCallback);
                this.doDelegate = true;
            }
        }
    }

    @Override // org.apache.spark.network.server.RpcHandler
    public void receive(TransportClient transportClient, ByteBuffer byteBuffer) {
        this.delegate.receive(transportClient, byteBuffer);
    }

    @Override // org.apache.spark.network.server.RpcHandler
    public StreamCallbackWithID receiveStream(TransportClient transportClient, ByteBuffer byteBuffer, RpcResponseCallback rpcResponseCallback) {
        return this.delegate.receiveStream(transportClient, byteBuffer, rpcResponseCallback);
    }

    @Override // org.apache.spark.network.server.RpcHandler
    public StreamManager getStreamManager() {
        return this.delegate.getStreamManager();
    }

    @Override // org.apache.spark.network.server.RpcHandler
    public void channelActive(TransportClient transportClient) {
        this.delegate.channelActive(transportClient);
    }

    @Override // org.apache.spark.network.server.RpcHandler
    public void channelInactive(TransportClient transportClient) {
        this.delegate.channelInactive(transportClient);
    }

    @Override // org.apache.spark.network.server.RpcHandler
    public void exceptionCaught(Throwable th, TransportClient transportClient) {
        this.delegate.exceptionCaught(th, transportClient);
    }
}
