package org.apache.zookeeper.server;

import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;
import org.apache.hadoop.registry.client.types.ProtocolTypes;
import org.apache.mina.proxy.handlers.socks.SocksProxyConstants;
import org.apache.zookeeper.Login;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-2.7.5.0/share/hadoop/common/lib/zookeeper-3.4.6.jar:org/apache/zookeeper/server/ZooKeeperSaslServer.class
  input_file:hadoop-2.7.5.0/share/hadoop/httpfs/tomcat/webapps/webhdfs/WEB-INF/lib/zookeeper-3.4.6.jar:org/apache/zookeeper/server/ZooKeeperSaslServer.class
  input_file:hadoop-2.7.5.0/share/hadoop/kms/tomcat/webapps/kms/WEB-INF/lib/zookeeper-3.4.6.jar:org/apache/zookeeper/server/ZooKeeperSaslServer.class
  input_file:hadoop-2.7.5.0/share/hadoop/yarn/lib/zookeeper-3.4.6.jar:org/apache/zookeeper/server/ZooKeeperSaslServer.class
 */
/* loaded from: input_file:hadoop-2.7.5.0/share/hadoop/tools/lib/zookeeper-3.4.6.jar:org/apache/zookeeper/server/ZooKeeperSaslServer.class */
public class ZooKeeperSaslServer {
    public static final String LOGIN_CONTEXT_NAME_KEY = "zookeeper.sasl.serverconfig";
    public static final String DEFAULT_LOGIN_CONTEXT_NAME = "Server";
    Logger LOG = LoggerFactory.getLogger((Class<?>) ZooKeeperSaslServer.class);
    private SaslServer saslServer;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ZooKeeperSaslServer(Login login) {
        this.saslServer = createSaslServer(login);
    }

    private SaslServer createSaslServer(final Login login) {
        synchronized (login) {
            Subject subject = login.getSubject();
            if (subject != null) {
                if (subject.getPrincipals().size() > 0) {
                    try {
                        String name = ((Principal) subject.getPrincipals().toArray()[0]).getName();
                        int indexOf = name.indexOf("/");
                        final String substring = name.substring(0, indexOf);
                        String substring2 = name.substring(indexOf + 1, name.length());
                        final String substring3 = substring2.substring(0, substring2.indexOf("@"));
                        this.LOG.debug("serviceHostname is '" + substring3 + "'");
                        this.LOG.debug("servicePrincipalName is '" + substring + "'");
                        this.LOG.debug("SASL mechanism(mech) is 'GSSAPI'");
                        if (Boolean.getBoolean("sun.security.jgss.native")) {
                            try {
                                GSSManager gSSManager = GSSManager.getInstance();
                                GSSCredential createCredential = gSSManager.createCredential(gSSManager.createName(substring + "@" + substring3, GSSName.NT_HOSTBASED_SERVICE), 0, new Oid(SocksProxyConstants.KERBEROS_V5_OID), 2);
                                subject.getPrivateCredentials().add(createCredential);
                                if (this.LOG.isDebugEnabled()) {
                                    this.LOG.debug("Added private credential to subject: " + createCredential);
                                }
                            } catch (GSSException e) {
                                this.LOG.warn("Cannot add private credential to subject; clients authentication may fail", e);
                            }
                        }
                        try {
                            return (SaslServer) Subject.doAs(subject, new PrivilegedExceptionAction<SaslServer>() { // from class: org.apache.zookeeper.server.ZooKeeperSaslServer.1
                                /* JADX WARN: Can't rename method to resolve collision */
                                @Override // java.security.PrivilegedExceptionAction
                                public SaslServer run() {
                                    try {
                                        return Sasl.createSaslServer(SupportedSaslMechanisms.GSSAPI, substring, substring3, (Map) null, login.callbackHandler);
                                    } catch (SaslException e2) {
                                        ZooKeeperSaslServer.this.LOG.error("Zookeeper Server failed to create a SaslServer to interact with a client during session initiation: " + e2);
                                        e2.printStackTrace();
                                        return null;
                                    }
                                }
                            });
                        } catch (PrivilegedActionException e2) {
                            this.LOG.error("Zookeeper Quorum member experienced a PrivilegedActionException exception while creating a SaslServer using a JAAS principal context:" + e2);
                            e2.printStackTrace();
                        }
                    } catch (IndexOutOfBoundsException e3) {
                        this.LOG.error("server principal name/hostname determination error: ", (Throwable) e3);
                    }
                } else {
                    try {
                        return Sasl.createSaslServer(SupportedSaslMechanisms.DIGEST_MD5, ProtocolTypes.PROTOCOL_ZOOKEEPER_BINDING, "zk-sasl-md5", (Map) null, login.callbackHandler);
                    } catch (SaslException e4) {
                        this.LOG.error("Zookeeper Quorum member failed to create a SaslServer to interact with a client during session initiation", e4);
                    }
                }
            }
            this.LOG.error("failed to create saslServer object.");
            return null;
        }
    }

    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        return this.saslServer.evaluateResponse(bArr);
    }

    public boolean isComplete() {
        return this.saslServer.isComplete();
    }

    public String getAuthorizationID() {
        return this.saslServer.getAuthorizationID();
    }
}
