package org.apache.zookeeper.server;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.proto.ReplyHeader;
import org.apache.zookeeper.server.auth.ProviderRegistry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/zookeeper/server/AuthenticationHelper.class */
public class AuthenticationHelper {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AuthenticationHelper.class);
    public static final String ENFORCE_AUTH_ENABLED = "zookeeper.enforce.auth.enabled";
    public static final String ENFORCE_AUTH_SCHEMES = "zookeeper.enforce.auth.schemes";
    public static final String SESSION_REQUIRE_CLIENT_SASL_AUTH = "zookeeper.sessionRequireClientSASLAuth";
    public static final String SASL_AUTH_SCHEME = "sasl";
    private boolean enforceAuthEnabled;
    private List<String> enforceAuthSchemes = new ArrayList();
    private boolean saslAuthRequired;

    public AuthenticationHelper() {
        initConfigurations();
    }

    private void initConfigurations() {
        if (Boolean.parseBoolean(System.getProperty(SESSION_REQUIRE_CLIENT_SASL_AUTH, "false"))) {
            this.enforceAuthEnabled = true;
            this.enforceAuthSchemes.add(SASL_AUTH_SCHEME);
        } else {
            this.enforceAuthEnabled = Boolean.parseBoolean(System.getProperty(ENFORCE_AUTH_ENABLED, "false"));
            String property = System.getProperty(ENFORCE_AUTH_SCHEMES);
            if (property != null) {
                Arrays.stream(property.split(",")).forEach(str -> {
                    this.enforceAuthSchemes.add(str.trim());
                });
            }
        }
        LOG.info("{} = {}", ENFORCE_AUTH_ENABLED, Boolean.valueOf(this.enforceAuthEnabled));
        LOG.info("{} = {}", ENFORCE_AUTH_SCHEMES, this.enforceAuthSchemes);
        validateConfiguredProperties();
        this.saslAuthRequired = this.enforceAuthEnabled && this.enforceAuthSchemes.contains(SASL_AUTH_SCHEME);
    }

    private void validateConfiguredProperties() {
        if (this.enforceAuthEnabled) {
            if (this.enforceAuthSchemes.isEmpty()) {
                LOG.error("zookeeper.enforce.auth.enabled is true zookeeper.enforce.auth.schemes must be  configured.");
                throw new IllegalArgumentException("zookeeper.enforce.auth.enabled is true zookeeper.enforce.auth.schemes must be  configured.");
            }
            this.enforceAuthSchemes.forEach(str -> {
                if (ProviderRegistry.getProvider(str) == null) {
                    String str = "Authentication scheme " + str + " is not available.";
                    LOG.error(str);
                    throw new IllegalArgumentException(str);
                }
            });
        }
    }

    private boolean isCnxnAuthenticated(ServerCnxn serverCnxn) {
        Iterator<Id> it = serverCnxn.getAuthInfo().iterator();
        while (it.hasNext()) {
            if (this.enforceAuthSchemes.contains(it.next().getScheme())) {
                return true;
            }
        }
        return false;
    }

    public boolean isEnforceAuthEnabled() {
        return this.enforceAuthEnabled;
    }

    public boolean enforceAuthentication(ServerCnxn serverCnxn, int i) throws IOException {
        if (!isEnforceAuthEnabled() || isCnxnAuthenticated(serverCnxn)) {
            return true;
        }
        LOG.error("Client authentication scheme(s) {} does not match with any of the expected authentication scheme {}, closing session.", getAuthSchemes(serverCnxn), this.enforceAuthSchemes);
        serverCnxn.sendResponse(new ReplyHeader(i, 0L, KeeperException.Code.SESSIONCLOSEDREQUIRESASLAUTH.intValue()), null, "response");
        serverCnxn.sendCloseSession();
        serverCnxn.disableRecv();
        return false;
    }

    private List<String> getAuthSchemes(ServerCnxn serverCnxn) {
        return (List) serverCnxn.getAuthInfo().stream().map((v0) -> {
            return v0.getScheme();
        }).collect(Collectors.toList());
    }

    public boolean isSaslAuthRequired() {
        return this.saslAuthRequired;
    }
}
