package org.opensearch.hadoop.rest.commonshttp.auth.spnego;

import java.io.Closeable;
import java.io.IOException;
import org.apache.commons.codec.binary.Base64;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.opensearch.hadoop.OpenSearchHadoopIllegalStateException;
import org.opensearch.hadoop.rest.OpenSearchHadoopTransportException;
import org.opensearch.hadoop.util.Assert;
import org.opensearch.hadoop.util.StringUtils;

/* loaded from: input_file:org/opensearch/hadoop/rest/commonshttp/auth/spnego/SpnegoNegotiator.class */
public class SpnegoNegotiator implements Closeable {
    private static final String SPNEGO_OID = "1.3.6.1.5.5.2";
    private final GSSName servicePrincipalName;
    private final GSSCredential userCredential;
    private GSSContext gssContext = null;
    private byte[] token = null;
    private final GSSManager gssManager = GSSManager.getInstance();
    private final Oid spnegoOID = new Oid(SPNEGO_OID);

    public SpnegoNegotiator(String str, String str2) throws GSSException {
        GSSName createName = this.gssManager.createName(str, GSSName.NT_USER_NAME, this.spnegoOID);
        this.servicePrincipalName = this.gssManager.createName(str2, GSSName.NT_USER_NAME);
        this.userCredential = this.gssManager.createCredential(createName, 0, this.spnegoOID, 1);
    }

    public void setTokenData(String str) {
        if (this.gssContext == null) {
            throw new OpenSearchHadoopIllegalStateException("GSS Context not yet initialized. Client must be the initiator.");
        }
        this.token = Base64.decodeBase64(str);
    }

    public String send(String str) throws GSSException {
        setTokenData(str);
        return send();
    }

    public String send() throws GSSException {
        byte[] initSecContext;
        if (this.gssContext == null) {
            Assert.isTrue(Boolean.valueOf(this.token == null), "GSS Context not yet initialized. Client must be the initiator.");
            this.gssContext = this.gssManager.createContext(this.servicePrincipalName, this.spnegoOID, this.userCredential, 0);
            initSecContext = this.gssContext.initSecContext(new byte[0], 0, 0);
        } else {
            if (this.token == null) {
                throw new OpenSearchHadoopTransportException("Missing required negotiation token");
            }
            initSecContext = this.gssContext.initSecContext(this.token, 0, this.token.length);
            this.token = null;
        }
        if (initSecContext == null) {
            return null;
        }
        return new String(Base64.encodeBase64(initSecContext), StringUtils.UTF_8);
    }

    public boolean established() {
        return this.gssContext != null && this.gssContext.isEstablished();
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.gssContext != null) {
            try {
                this.gssContext.dispose();
            } catch (GSSException e) {
                throw new IOException("Could not dispose of GSSContext", e);
            }
        }
    }
}
