package alluxio.security.authentication;

import alluxio.Configuration;
import alluxio.exception.ExceptionMessage;
import alluxio.security.User;
import alluxio.util.SecurityUtils;
import com.google.common.base.Preconditions;
import java.io.IOException;
import javax.annotation.concurrent.NotThreadSafe;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;

@NotThreadSafe
/* loaded from: input_file:alluxio/security/authentication/PlainSaslServer.class */
public final class PlainSaslServer implements SaslServer {
    private String mAuthorizationId;
    private boolean mCompleted = false;
    private CallbackHandler mHandler;

    /* loaded from: input_file:alluxio/security/authentication/PlainSaslServer$AuthorizedClientUser.class */
    public static final class AuthorizedClientUser {
        private static ThreadLocal<User> sUserThreadLocal = new ThreadLocal<>();

        public static void set(String str) {
            sUserThreadLocal.set(new User(str));
        }

        public static User get(Configuration configuration) throws IOException {
            if (SecurityUtils.isAuthenticationEnabled(configuration)) {
                return sUserThreadLocal.get();
            }
            throw new IOException(ExceptionMessage.AUTHENTICATION_IS_NOT_ENABLED.getMessage(new Object[0]));
        }

        public static void remove() {
            sUserThreadLocal.remove();
        }
    }

    /* loaded from: input_file:alluxio/security/authentication/PlainSaslServer$PlainServerCallbackHandler.class */
    public static final class PlainServerCallbackHandler implements CallbackHandler {
        private final AuthenticationProvider mAuthenticationProvider;

        public PlainServerCallbackHandler(AuthenticationProvider authenticationProvider) {
            this.mAuthenticationProvider = authenticationProvider;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            String str = null;
            String str2 = null;
            AuthorizeCallback authorizeCallback = null;
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    str = ((NameCallback) callback).getName();
                } else if (callback instanceof PasswordCallback) {
                    str2 = new String(((PasswordCallback) callback).getPassword());
                } else {
                    if (!(callback instanceof AuthorizeCallback)) {
                        throw new UnsupportedCallbackException(callback, "Unsupport callback");
                    }
                    authorizeCallback = (AuthorizeCallback) callback;
                }
            }
            this.mAuthenticationProvider.authenticate(str, str2);
            if (authorizeCallback != null) {
                authorizeCallback.setAuthorized(true);
                AuthorizedClientUser.set(authorizeCallback.getAuthorizedID());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PlainSaslServer(CallbackHandler callbackHandler) throws SaslException {
        this.mHandler = callbackHandler;
    }

    public String getMechanismName() {
        return PlainSaslServerProvider.MECHANISM;
    }

    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        Preconditions.checkState(!this.mCompleted, "PLAIN authentication has completed");
        Preconditions.checkArgument(bArr != null, "Received null response");
        try {
            try {
                String[] split = new String(bArr, "UTF-8").split("��", 3);
                if (split.length != 3) {
                    throw new IllegalArgumentException("Invalid message format, parts must contain 3 items");
                }
                String str = split[0];
                String str2 = split[1];
                String str3 = split[2];
                Preconditions.checkState((str2 == null || str2.isEmpty()) ? false : true, "No authentication identity provided");
                Preconditions.checkState((str3 == null || str3.isEmpty()) ? false : true, "No password provided");
                if (str == null || str.isEmpty()) {
                    str = str2;
                } else if (!str.equals(str2)) {
                    throw new UnsupportedOperationException("Impersonation is not supported now.");
                }
                Callback nameCallback = new NameCallback("User");
                nameCallback.setName(str2);
                PasswordCallback passwordCallback = new PasswordCallback("Password", false);
                passwordCallback.setPassword(str3.toCharArray());
                Callback authorizeCallback = new AuthorizeCallback(str2, str);
                this.mHandler.handle(new Callback[]{nameCallback, passwordCallback, authorizeCallback});
                if (!authorizeCallback.isAuthorized()) {
                    throw new SaslException("AuthorizeCallback authorized failure");
                }
                this.mAuthorizationId = authorizeCallback.getAuthorizedID();
                this.mCompleted = true;
                return null;
            } catch (Exception e) {
                throw new IllegalArgumentException("Received corrupt response", e);
            }
        } catch (Exception e2) {
            throw new SaslException("Plain authentication failed: " + e2.getMessage(), e2);
        }
    }

    public boolean isComplete() {
        return this.mCompleted;
    }

    public String getAuthorizationID() {
        checkNotComplete();
        return this.mAuthorizationId;
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) {
        throw new UnsupportedOperationException("PLAIN doesn't support wrap or unwrap operation");
    }

    public byte[] wrap(byte[] bArr, int i, int i2) {
        throw new UnsupportedOperationException("PLAIN doesn't support wrap or unwrap operation");
    }

    public Object getNegotiatedProperty(String str) {
        checkNotComplete();
        if ("javax.security.sasl.qop".equals(str)) {
            return "auth";
        }
        return null;
    }

    public void dispose() {
        if (this.mCompleted) {
            AuthorizedClientUser.remove();
        }
        this.mCompleted = false;
        this.mHandler = null;
        this.mAuthorizationId = null;
    }

    private void checkNotComplete() {
        if (!this.mCompleted) {
            throw new IllegalStateException("PLAIN authentication not completed");
        }
    }
}
