package org.apache.bookkeeper.sasl;

import herddb.security.sasl.SaslUtils;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.apache.bookkeeper.net.NodeBase;
import org.apache.zookeeper.server.auth.KerberosName;
import org.blobit.core.api.Configuration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/bookkeeper/sasl/SaslClientState.class */
public class SaslClientState {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SaslClientState.class);
    private final SaslClient saslClient;
    private final Subject clientSubject;
    private String username;
    private String password;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/bookkeeper/sasl/SaslClientState$ClientCallbackHandler.class */
    public static class ClientCallbackHandler implements CallbackHandler {
        private String password;

        public ClientCallbackHandler(String str) {
            this.password = null;
            this.password = str;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    NameCallback nameCallback = (NameCallback) callback;
                    nameCallback.setName(nameCallback.getDefaultName());
                } else if (callback instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callback;
                    if (this.password != null) {
                        passwordCallback.setPassword(this.password.toCharArray());
                    }
                } else if (callback instanceof RealmCallback) {
                    RealmCallback realmCallback = (RealmCallback) callback;
                    realmCallback.setText(realmCallback.getDefaultText());
                } else {
                    if (!(callback instanceof AuthorizeCallback)) {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
                    }
                    AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
                    String authenticationID = authorizeCallback.getAuthenticationID();
                    String authorizationID = authorizeCallback.getAuthorizationID();
                    if (authenticationID.equals(authorizationID)) {
                        authorizeCallback.setAuthorized(true);
                    } else {
                        authorizeCallback.setAuthorized(false);
                    }
                    if (authorizeCallback.isAuthorized()) {
                        authorizeCallback.setAuthorizedID(authorizationID);
                    }
                }
            }
        }
    }

    public SaslClientState(String str, Subject subject) throws SaslException {
        String str2 = System.getProperty("bookkeeper.sasl.servicename", Configuration.TYPE_BOOKKEEPER) + NodeBase.PATH_SEPARATOR_STR + str;
        this.clientSubject = subject;
        if (this.clientSubject == null) {
            throw new SaslException("Cannot create JAAS Sujbect for SASL");
        }
        if (this.clientSubject.getPrincipals().isEmpty()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Using JAAS/SASL/DIGEST-MD5 auth to connect to {}", str2);
            }
            String[] strArr = {SaslUtils.AUTH_DIGEST_MD5};
            this.username = (String) this.clientSubject.getPublicCredentials().toArray()[0];
            this.password = (String) this.clientSubject.getPrivateCredentials().toArray()[0];
            this.saslClient = Sasl.createSaslClient(strArr, this.username, Configuration.TYPE_BOOKKEEPER, Configuration.TYPE_BOOKKEEPER, (Map) null, new ClientCallbackHandler(this.password));
        } else {
            KerberosName kerberosName = new KerberosName(((Principal) this.clientSubject.getPrincipals().toArray()[0]).getName());
            KerberosName kerberosName2 = new KerberosName(str2 + "@" + kerberosName.getRealm());
            final String serviceName = kerberosName2.getServiceName();
            final String hostName = kerberosName2.getHostName();
            final String kerberosName3 = kerberosName.toString();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Using JAAS/SASL/GSSAPI auth to connect to server Principal {}", str2);
            }
            try {
                this.saslClient = (SaslClient) Subject.doAs(this.clientSubject, new PrivilegedExceptionAction<SaslClient>() { // from class: org.apache.bookkeeper.sasl.SaslClientState.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public SaslClient run() throws SaslException {
                        return Sasl.createSaslClient(new String[]{"GSSAPI"}, kerberosName3, serviceName, hostName, (Map) null, new ClientCallbackHandler(null));
                    }
                });
            } catch (PrivilegedActionException e) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("GSSAPI client error", e.getCause());
                }
                throw new SaslException("error while booting GSSAPI client", e.getCause());
            }
        }
        if (this.saslClient == null) {
            throw new SaslException("Cannot create JVM SASL Client");
        }
    }

    public byte[] evaluateChallenge(final byte[] bArr) throws SaslException {
        if (bArr == null) {
            throw new SaslException("saslToken is null");
        }
        if (this.clientSubject == null) {
            return this.saslClient.evaluateChallenge(bArr);
        }
        try {
            return (byte[]) Subject.doAs(this.clientSubject, new PrivilegedExceptionAction<byte[]>() { // from class: org.apache.bookkeeper.sasl.SaslClientState.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public byte[] run() throws SaslException {
                    return SaslClientState.this.saslClient.evaluateChallenge(bArr);
                }
            });
        } catch (PrivilegedActionException e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("SASL error", e.getCause());
            }
            throw new SaslException("SASL/JAAS error", e.getCause());
        }
    }

    public boolean hasInitialResponse() {
        return this.saslClient.hasInitialResponse();
    }

    public boolean isComplete() {
        return this.saslClient.isComplete();
    }

    public byte[] saslResponse(byte[] bArr) {
        try {
            return this.saslClient.evaluateChallenge(bArr);
        } catch (SaslException e) {
            if (!LOG.isDebugEnabled()) {
                return null;
            }
            LOG.debug("saslResponse: Failed to respond to SASL server's token:", e);
            return null;
        }
    }
}
