package majordodo.security.sasl;

import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.zookeeper.server.auth.KerberosName;

/* loaded from: input_file:majordodo/security/sasl/SaslNettyServer.class */
public class SaslNettyServer {
    private static final Logger LOG = Logger.getLogger(SaslNettyServer.class.getName());
    private SaslServer saslServer;
    private final String sharedSecret;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:majordodo/security/sasl/SaslNettyServer$ClientCallbackHandler.class */
    public static class ClientCallbackHandler implements CallbackHandler {
        private String password;

        public ClientCallbackHandler(String str) {
            this.password = null;
            this.password = str;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    NameCallback nameCallback = (NameCallback) callback;
                    nameCallback.setName(nameCallback.getDefaultName());
                } else if (callback instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callback;
                    if (this.password != null) {
                        passwordCallback.setPassword(this.password.toCharArray());
                    }
                } else if (callback instanceof RealmCallback) {
                    RealmCallback realmCallback = (RealmCallback) callback;
                    realmCallback.setText(realmCallback.getDefaultText());
                } else {
                    if (!(callback instanceof AuthorizeCallback)) {
                        throw new UnsupportedCallbackException(callback, "Unrecognized SASL ClientCallback");
                    }
                    AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
                    String authenticationID = authorizeCallback.getAuthenticationID();
                    String authorizationID = authorizeCallback.getAuthorizationID();
                    if (authenticationID.equals(authorizationID)) {
                        authorizeCallback.setAuthorized(true);
                    } else {
                        authorizeCallback.setAuthorized(false);
                    }
                    if (authorizeCallback.isAuthorized()) {
                        authorizeCallback.setAuthorizedID(authorizationID);
                    }
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:majordodo/security/sasl/SaslNettyServer$SaslDigestCallbackHandler.class */
    public class SaslDigestCallbackHandler implements CallbackHandler {
        public SaslDigestCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            String str;
            NameCallback nameCallback = null;
            PasswordCallback passwordCallback = null;
            AuthorizeCallback authorizeCallback = null;
            for (Callback callback : callbackArr) {
                if (callback instanceof AuthorizeCallback) {
                    authorizeCallback = (AuthorizeCallback) callback;
                } else if (callback instanceof NameCallback) {
                    nameCallback = (NameCallback) callback;
                } else if (callback instanceof PasswordCallback) {
                    passwordCallback = (PasswordCallback) callback;
                } else if (!(callback instanceof RealmCallback)) {
                    throw new UnsupportedCallbackException(callback, "handle: Unrecognized SASL DIGEST-MD5 Callback");
                }
            }
            if (nameCallback != null) {
                SaslNettyServer.LOG.finest("SASL server auth user " + nameCallback.getDefaultName());
                nameCallback.setName(nameCallback.getDefaultName());
            }
            if (passwordCallback != null && (str = SaslNettyServer.this.sharedSecret) != null) {
                passwordCallback.setPassword(str.toCharArray());
            }
            if (authorizeCallback != null) {
                String authenticationID = authorizeCallback.getAuthenticationID();
                String authorizationID = authorizeCallback.getAuthorizationID();
                if (authenticationID.equals(authorizationID)) {
                    authorizeCallback.setAuthorized(true);
                } else {
                    authorizeCallback.setAuthorized(false);
                }
                if (authorizeCallback.isAuthorized()) {
                    authorizeCallback.setAuthorizedID(authorizationID);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:majordodo/security/sasl/SaslNettyServer$SaslServerCallbackHandler.class */
    public static class SaslServerCallbackHandler implements CallbackHandler {
        private static final String USER_PREFIX = "user_";
        private static final String serverSection = "MajordodoServer";
        private String userName;
        private final Map<String, String> credentials = new HashMap();

        public SaslServerCallbackHandler(Configuration configuration) throws IOException {
            AppConfigurationEntry[] appConfigurationEntry = configuration.getAppConfigurationEntry(serverSection);
            if (appConfigurationEntry == null) {
                throw new IOException("Could not find a 'MajordodoServer' entry in this configuration: Server cannot start.");
            }
            this.credentials.clear();
            for (AppConfigurationEntry appConfigurationEntry2 : appConfigurationEntry) {
                for (Map.Entry entry : appConfigurationEntry2.getOptions().entrySet()) {
                    String str = (String) entry.getKey();
                    if (str.startsWith(USER_PREFIX)) {
                        this.credentials.put(str.substring(USER_PREFIX.length()), (String) entry.getValue());
                    }
                }
            }
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    handleNameCallback((NameCallback) callback);
                } else if (callback instanceof PasswordCallback) {
                    handlePasswordCallback((PasswordCallback) callback);
                } else if (callback instanceof RealmCallback) {
                    handleRealmCallback((RealmCallback) callback);
                } else if (callback instanceof AuthorizeCallback) {
                    handleAuthorizeCallback((AuthorizeCallback) callback);
                }
            }
        }

        private void handleNameCallback(NameCallback nameCallback) {
            if (this.credentials.get(nameCallback.getDefaultName()) == null) {
                SaslNettyServer.LOG.severe("User '" + nameCallback.getDefaultName() + "' not found in list of JAAS DIGEST-MD5 users.");
            } else {
                nameCallback.setName(nameCallback.getDefaultName());
                this.userName = nameCallback.getDefaultName();
            }
        }

        private void handlePasswordCallback(PasswordCallback passwordCallback) {
            if (this.credentials.containsKey(this.userName)) {
                passwordCallback.setPassword(this.credentials.get(this.userName).toCharArray());
            } else {
                SaslNettyServer.LOG.severe("No password found for user: " + this.userName);
            }
        }

        private void handleRealmCallback(RealmCallback realmCallback) {
            SaslNettyServer.LOG.severe("client supplied realm: " + realmCallback.getDefaultText());
            realmCallback.setText(realmCallback.getDefaultText());
        }

        private void handleAuthorizeCallback(AuthorizeCallback authorizeCallback) {
            String authenticationID = authorizeCallback.getAuthenticationID();
            SaslNettyServer.LOG.severe("Successfully authenticated client: authenticationID=" + authenticationID + ";  authorizationID=" + authorizeCallback.getAuthorizationID() + ".");
            authorizeCallback.setAuthorized(true);
            KerberosName kerberosName = new KerberosName(authenticationID);
            try {
                StringBuilder sb = new StringBuilder(kerberosName.getShortName());
                sb.append("/").append(kerberosName.getHostName());
                sb.append("@").append(kerberosName.getRealm());
                SaslNettyServer.LOG.severe("Setting authorizedID: " + ((Object) sb));
                authorizeCallback.setAuthorizedID(sb.toString());
            } catch (IOException e) {
                SaslNettyServer.LOG.severe("Failed to set name based on Kerberos authentication rules.");
            }
        }
    }

    public SaslNettyServer(String str, String str2) throws IOException {
        this.sharedSecret = str;
        try {
            this.saslServer = createSaslServer(str2, loginServer());
            if (this.saslServer == null) {
                throw new IOException("Cannot create JVM SASL Server");
            }
        } catch (Exception e) {
            LOG.severe("SaslNettyServer: Could not create SaslServer: " + e);
            throw new IOException(e);
        }
    }

    private SaslServer createSaslServer(String str, Subject subject) throws SaslException, IOException {
        String substring;
        String str2;
        if (subject == null) {
            LOG.log(Level.FINEST, "Authentication will use SASL/DIGEST-MD5, no JAAS");
            return Sasl.createSaslServer(str, (String) null, SaslUtils.DEFAULT_REALM, SaslUtils.getSaslProps(), new SaslDigestCallbackHandler());
        }
        final SaslServerCallbackHandler saslServerCallbackHandler = new SaslServerCallbackHandler(Configuration.getConfiguration());
        if (subject.getPrincipals().size() > 0) {
            LOG.log(Level.FINEST, "Authentication will use SASL/JAAS/Kerberos");
            try {
                String name = ((Principal) subject.getPrincipals().toArray()[0]).getName();
                int indexOf = name.indexOf("/");
                String substring2 = name.substring(indexOf + 1, name.length());
                int indexOf2 = substring2.indexOf("@");
                if (indexOf > 0) {
                    substring = name.substring(0, indexOf);
                    str2 = substring2.substring(0, indexOf2);
                } else {
                    substring = name.substring(0, indexOf2);
                    str2 = null;
                }
                LOG.log(Level.INFO, "serviceHostname is ''{0}'', servicePrincipalName is ''{1}'', SASL mechanism(mech) is ''GSSAPI'', Subject is ''{2}''", new Object[]{str2, substring, subject});
                try {
                    final String str3 = substring;
                    final String str4 = str2;
                    return (SaslServer) Subject.doAs(subject, new PrivilegedExceptionAction<SaslServer>() { // from class: majordodo.security.sasl.SaslNettyServer.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedExceptionAction
                        public SaslServer run() {
                            try {
                                return Sasl.createSaslServer("GSSAPI", str3, str4, (Map) null, saslServerCallbackHandler);
                            } catch (SaslException e) {
                                throw new RuntimeException((Throwable) e);
                            }
                        }
                    });
                } catch (PrivilegedActionException e) {
                    e.printStackTrace();
                }
            } catch (IndexOutOfBoundsException e2) {
                throw new RuntimeException(e2);
            }
        } else {
            LOG.log(Level.INFO, "Authentication will use SASL/JAAS/DIGEST-MD5");
            try {
                return Sasl.createSaslServer(SaslUtils.AUTH_DIGEST_MD5, "majordodo", "majordodo", (Map) null, saslServerCallbackHandler);
            } catch (SaslException e3) {
                e3.printStackTrace();
            }
        }
        LOG.severe("failed to create saslServer object.");
        return null;
    }

    private Subject loginServer() throws SaslException, PrivilegedActionException, LoginException {
        if (Configuration.getConfiguration().getAppConfigurationEntry("MajordodoServer") == null) {
            LOG.log(Level.INFO, "JAAS not configured or no MajordodoServer present in JAAS Configuration file");
            return null;
        }
        LoginContext loginContext = new LoginContext("MajordodoServer", new ClientCallbackHandler(null));
        loginContext.login();
        return loginContext.getSubject();
    }

    public boolean isComplete() {
        return this.saslServer.isComplete();
    }

    public String getUserName() {
        return this.saslServer.getAuthorizationID();
    }

    public byte[] response(byte[] bArr) throws SaslException {
        try {
            return this.saslServer.evaluateResponse(bArr);
        } catch (SaslException e) {
            LOG.severe("response: Failed to evaluate client token of length: " + bArr.length + " : " + e);
            throw e;
        }
    }
}
