package org.apache.bookkeeper.sasl;

import java.io.IOException;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.SaslException;
import org.apache.bookkeeper.auth.AuthCallbacks;
import org.apache.bookkeeper.auth.BookieAuthProvider;
import org.apache.bookkeeper.conf.AbstractConfiguration;
import org.apache.bookkeeper.conf.ServerConfiguration;
import org.apache.bookkeeper.proto.BookieConnectionPeer;
import org.apache.zookeeper.server.util.JvmPauseMonitor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/bundled-dependencies/bookkeeper-server-4.14.1.jar:org/apache/bookkeeper/sasl/SASLBookieAuthProviderFactory.class */
public class SASLBookieAuthProviderFactory implements BookieAuthProvider.Factory, JAASCredentialsContainer {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SASLBookieAuthProviderFactory.class);
    private Pattern allowedIdsPattern;
    private ServerConfiguration serverConfiguration;
    private Subject subject;
    private boolean isKrbTicket;
    private boolean isUsingTicketCache;
    private String principal;
    private String loginContextName;
    private LoginContext login;
    private TGTRefreshThread ticketRefreshThread;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:META-INF/bundled-dependencies/bookkeeper-server-4.14.1.jar:org/apache/bookkeeper/sasl/SASLBookieAuthProviderFactory$ClientCallbackHandler.class */
    public static class ClientCallbackHandler implements CallbackHandler {
        private String password;

        public ClientCallbackHandler(String str) {
            this.password = null;
            this.password = str;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    NameCallback nameCallback = (NameCallback) callback;
                    nameCallback.setName(nameCallback.getDefaultName());
                } else if (callback instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callback;
                    if (this.password != null) {
                        passwordCallback.setPassword(this.password.toCharArray());
                    }
                } else if (callback instanceof RealmCallback) {
                    RealmCallback realmCallback = (RealmCallback) callback;
                    realmCallback.setText(realmCallback.getDefaultText());
                } else {
                    if (!(callback instanceof AuthorizeCallback)) {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
                    }
                    AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
                    String authenticationID = authorizeCallback.getAuthenticationID();
                    String authorizationID = authorizeCallback.getAuthorizationID();
                    if (authenticationID.equals(authorizationID)) {
                        authorizeCallback.setAuthorized(true);
                    } else {
                        authorizeCallback.setAuthorized(false);
                    }
                    if (authorizeCallback.isAuthorized()) {
                        authorizeCallback.setAuthorizedID(authorizationID);
                    }
                }
            }
        }
    }

    @Override // org.apache.bookkeeper.auth.BookieAuthProvider.Factory
    public void init(ServerConfiguration serverConfiguration) throws IOException {
        this.serverConfiguration = serverConfiguration;
        String string = serverConfiguration.getString("saslJaasClientAllowedIds", SaslConstants.JAAS_CLIENT_ALLOWED_IDS_DEFAULT);
        try {
            this.allowedIdsPattern = Pattern.compile(string);
            try {
                this.loginContextName = this.serverConfiguration.getString(SaslConstants.JAAS_BOOKIE_SECTION_NAME, SaslConstants.JAAS_DEFAULT_BOOKIE_SECTION_NAME);
                this.login = loginServer();
                this.subject = this.login.getSubject();
                this.isKrbTicket = !this.subject.getPrivateCredentials(KerberosTicket.class).isEmpty();
                if (this.isKrbTicket) {
                    this.isUsingTicketCache = SaslConstants.isUsingTicketCache(this.loginContextName);
                    this.principal = SaslConstants.getPrincipal(this.loginContextName);
                    this.ticketRefreshThread = new TGTRefreshThread(this);
                    this.ticketRefreshThread.start();
                }
            } catch (SaslException | LoginException e) {
                throw new IOException((Throwable) e);
            }
        } catch (PatternSyntaxException e2) {
            LOG.error("Invalid regular expression " + string, (Throwable) e2);
            throw new IOException(e2);
        }
    }

    @Override // org.apache.bookkeeper.auth.BookieAuthProvider.Factory
    public BookieAuthProvider newProvider(BookieConnectionPeer bookieConnectionPeer, AuthCallbacks.GenericCallback<Void> genericCallback) {
        return new SASLBookieAuthProvider(bookieConnectionPeer, genericCallback, this.serverConfiguration, this.subject, this.allowedIdsPattern);
    }

    @Override // org.apache.bookkeeper.auth.BookieAuthProvider.Factory
    public String getPluginName() {
        return "sasl";
    }

    @Override // org.apache.bookkeeper.auth.BookieAuthProvider.Factory
    public void close() {
        if (this.ticketRefreshThread != null) {
            this.ticketRefreshThread.interrupt();
            try {
                this.ticketRefreshThread.join(JvmPauseMonitor.WARN_THRESHOLD_DEFAULT);
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("interrupted while waiting for TGT reresh thread to stop", (Throwable) e);
                }
            }
        }
    }

    @Override // org.apache.bookkeeper.sasl.JAASCredentialsContainer
    public Subject getSubject() {
        return this.subject;
    }

    @Override // org.apache.bookkeeper.sasl.JAASCredentialsContainer
    public LoginContext getLogin() {
        return this.login;
    }

    @Override // org.apache.bookkeeper.sasl.JAASCredentialsContainer
    public void setLogin(LoginContext loginContext) {
        this.login = loginContext;
    }

    @Override // org.apache.bookkeeper.sasl.JAASCredentialsContainer
    public boolean isUsingTicketCache() {
        return this.isUsingTicketCache;
    }

    @Override // org.apache.bookkeeper.sasl.JAASCredentialsContainer
    public String getPrincipal() {
        return this.principal;
    }

    @Override // org.apache.bookkeeper.sasl.JAASCredentialsContainer
    public AbstractConfiguration getConfiguration() {
        return this.serverConfiguration;
    }

    @Override // org.apache.bookkeeper.sasl.JAASCredentialsContainer
    public String getLoginContextName() {
        return this.loginContextName;
    }

    private LoginContext loginServer() throws SaslException, LoginException {
        if (Configuration.getConfiguration().getAppConfigurationEntry(this.loginContextName) == null) {
            LOG.info("JAAS not configured or no " + this.loginContextName + " present in JAAS Configuration file");
            return null;
        }
        LoginContext loginContext = new LoginContext(this.loginContextName, new ClientCallbackHandler(null));
        loginContext.login();
        return loginContext;
    }
}
