package blazingcache.security.sasl;

import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.RealmChoiceCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.apache.zookeeper.server.auth.KerberosName;

/* loaded from: input_file:blazingcache/security/sasl/SaslNettyClient.class */
public class SaslNettyClient {
    private static final Logger LOG = Logger.getLogger(SaslNettyClient.class.getName());
    private SaslClient saslClient;
    private Subject clientSubject = loginClient();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:blazingcache/security/sasl/SaslNettyClient$ClientCallbackHandler.class */
    public static class ClientCallbackHandler implements CallbackHandler {
        private String password;

        public ClientCallbackHandler(String str) {
            this.password = null;
            this.password = str;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    NameCallback nameCallback = (NameCallback) callback;
                    nameCallback.setName(nameCallback.getDefaultName());
                } else if (callback instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callback;
                    if (this.password != null) {
                        passwordCallback.setPassword(this.password.toCharArray());
                    }
                } else if (callback instanceof RealmCallback) {
                    RealmCallback realmCallback = (RealmCallback) callback;
                    realmCallback.setText(realmCallback.getDefaultText());
                } else {
                    if (!(callback instanceof AuthorizeCallback)) {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
                    }
                    AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
                    String authenticationID = authorizeCallback.getAuthenticationID();
                    String authorizationID = authorizeCallback.getAuthorizationID();
                    if (authenticationID.equals(authorizationID)) {
                        authorizeCallback.setAuthorized(true);
                    } else {
                        authorizeCallback.setAuthorized(false);
                    }
                    if (authorizeCallback.isAuthorized()) {
                        authorizeCallback.setAuthorizedID(authorizationID);
                    }
                }
            }
        }
    }

    /* loaded from: input_file:blazingcache/security/sasl/SaslNettyClient$SaslClientCallbackHandler.class */
    private static class SaslClientCallbackHandler implements CallbackHandler {
        private final String userName;
        private final char[] userPassword;

        public SaslClientCallbackHandler(String str, char[] cArr) {
            this.userName = str;
            this.userPassword = cArr;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
            NameCallback nameCallback = null;
            PasswordCallback passwordCallback = null;
            RealmCallback realmCallback = null;
            for (Callback callback : callbackArr) {
                if (!(callback instanceof RealmChoiceCallback)) {
                    if (callback instanceof NameCallback) {
                        nameCallback = (NameCallback) callback;
                    } else if (callback instanceof PasswordCallback) {
                        passwordCallback = (PasswordCallback) callback;
                    } else {
                        if (!(callback instanceof RealmCallback)) {
                            throw new UnsupportedCallbackException(callback, "handle: Unrecognized SASL client callback");
                        }
                        realmCallback = (RealmCallback) callback;
                    }
                }
            }
            if (nameCallback != null) {
                nameCallback.setName(this.userName);
            }
            if (passwordCallback != null) {
                passwordCallback.setPassword(this.userPassword);
            }
            if (realmCallback != null) {
                realmCallback.setText(realmCallback.getDefaultText());
            }
        }
    }

    public SaslNettyClient(String str, String str2, String str3) throws Exception {
        String str4 = "blazingcache/" + str3;
        if (this.clientSubject == null) {
            LOG.log(Level.SEVERE, "Using plain SASL/DIGEST-MD5 auth to connect to " + str3);
            this.saslClient = Sasl.createSaslClient(new String[]{SaslUtils.AUTH_DIGEST_MD5}, (String) null, (String) null, SaslUtils.DEFAULT_REALM, SaslUtils.getSaslProps(), new SaslClientCallbackHandler(str, str2.toCharArray()));
        } else if (this.clientSubject.getPrincipals().isEmpty()) {
            LOG.log(Level.SEVERE, "Using JAAS/SASL/DIGEST-MD5 auth to connect to " + str4);
            this.saslClient = Sasl.createSaslClient(new String[]{SaslUtils.AUTH_DIGEST_MD5}, (String) this.clientSubject.getPublicCredentials().toArray()[0], "blazingcache", "blazingcache", (Map) null, new ClientCallbackHandler((String) this.clientSubject.getPrivateCredentials().toArray()[0]));
        } else {
            KerberosName kerberosName = new KerberosName(((Principal) this.clientSubject.getPrincipals().toArray()[0]).getName());
            KerberosName kerberosName2 = new KerberosName(str4 + "@" + kerberosName.getRealm());
            final String serviceName = kerberosName2.getServiceName();
            final String hostName = kerberosName2.getHostName();
            final String kerberosName3 = kerberosName.toString();
            LOG.log(Level.SEVERE, "Using JAAS/SASL/GSSAPI auth to connect to server Principal " + str4);
            this.saslClient = (SaslClient) Subject.doAs(this.clientSubject, new PrivilegedExceptionAction<SaslClient>() { // from class: blazingcache.security.sasl.SaslNettyClient.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public SaslClient run() throws SaslException {
                    return Sasl.createSaslClient(new String[]{"GSSAPI"}, kerberosName3, serviceName, hostName, (Map) null, new ClientCallbackHandler(null));
                }
            });
        }
        if (this.saslClient == null) {
            throw new IOException("Cannot create JVM SASL Client");
        }
    }

    public byte[] evaluateChallenge(final byte[] bArr) throws SaslException {
        if (bArr == null) {
            throw new SaslException("saslToken is null.");
        }
        if (this.clientSubject == null) {
            return this.saslClient.evaluateChallenge(bArr);
        }
        try {
            return (byte[]) Subject.doAs(this.clientSubject, new PrivilegedExceptionAction<byte[]>() { // from class: blazingcache.security.sasl.SaslNettyClient.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public byte[] run() throws SaslException {
                    return SaslNettyClient.this.saslClient.evaluateChallenge(bArr);
                }
            });
        } catch (PrivilegedActionException e) {
            e.printStackTrace();
            throw new SaslException("SASL/JAAS error", e);
        }
    }

    private Subject loginClient() throws SaslException, PrivilegedActionException, LoginException {
        if (Configuration.getConfiguration().getAppConfigurationEntry("BlazingCacheClient") == null) {
            LOG.log(Level.SEVERE, "No JAAS Configuration found with section BlazingCacheClient");
            return null;
        }
        try {
            LoginContext loginContext = new LoginContext("BlazingCacheClient", new ClientCallbackHandler(null));
            loginContext.login();
            LOG.log(Level.SEVERE, "Using JAAS Configuration subject: " + loginContext.getSubject());
            return loginContext.getSubject();
        } catch (LoginException e) {
            LOG.log(Level.SEVERE, "Error JAAS Configuration subject: " + e, (Throwable) e);
            return null;
        }
    }

    public boolean hasInitialResponse() {
        return this.saslClient.hasInitialResponse();
    }

    public boolean isComplete() {
        return this.saslClient.isComplete();
    }

    public byte[] saslResponse(byte[] bArr) {
        try {
            return this.saslClient.evaluateChallenge(bArr);
        } catch (SaslException e) {
            LOG.log(Level.SEVERE, "saslResponse: Failed to respond to SASL server's token:", e);
            return null;
        }
    }
}
