package alluxio.security.authentication.plain;

import alluxio.metrics.CommonMetrics;
import alluxio.security.authentication.AuthenticatedClientUser;
import com.google.common.base.Preconditions;
import java.util.Map;
import javax.annotation.Nullable;
import javax.annotation.concurrent.NotThreadSafe;
import javax.annotation.concurrent.ThreadSafe;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;

@NotThreadSafe
/* loaded from: input_file:alluxio/security/authentication/plain/PlainSaslServer.class */
public final class PlainSaslServer implements SaslServer {
    private String mAuthorizationId;
    private boolean mCompleted = false;
    private CallbackHandler mHandler;

    @ThreadSafe
    /* loaded from: input_file:alluxio/security/authentication/plain/PlainSaslServer$Factory.class */
    public static class Factory implements SaslServerFactory {
        public SaslServer createSaslServer(String str, String str2, String str3, Map<String, ?> map, CallbackHandler callbackHandler) throws SaslException {
            Preconditions.checkArgument(PlainSaslServerProvider.MECHANISM.equals(str));
            return new PlainSaslServer(callbackHandler);
        }

        public String[] getMechanismNames(Map<String, ?> map) {
            return new String[]{PlainSaslServerProvider.MECHANISM};
        }
    }

    PlainSaslServer(CallbackHandler callbackHandler) throws SaslException {
        this.mHandler = callbackHandler;
    }

    public String getMechanismName() {
        return PlainSaslServerProvider.MECHANISM;
    }

    @Nullable
    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        Preconditions.checkState(!this.mCompleted, "PLAIN authentication has completed");
        Preconditions.checkArgument(bArr != null, "Received null response");
        try {
            try {
                String[] split = new String(bArr, "UTF-8").split("��", 3);
                if (split.length != 3) {
                    throw new IllegalArgumentException("Invalid message format, parts must contain 3 items");
                }
                String str = split[0];
                String str2 = split[1];
                String str3 = split[2];
                Preconditions.checkState((str2 == null || str2.isEmpty()) ? false : true, "No authentication identity provided");
                Preconditions.checkState((str3 == null || str3.isEmpty()) ? false : true, "No password provided");
                if (str == null || str.isEmpty()) {
                    str = str2;
                }
                Callback nameCallback = new NameCallback(CommonMetrics.TAG_USER);
                nameCallback.setName(str2);
                PasswordCallback passwordCallback = new PasswordCallback("Password", false);
                passwordCallback.setPassword(str3.toCharArray());
                Callback authorizeCallback = new AuthorizeCallback(str2, str);
                this.mHandler.handle(new Callback[]{nameCallback, passwordCallback, authorizeCallback});
                if (!authorizeCallback.isAuthorized()) {
                    throw new SaslException("AuthorizeCallback authorized failure");
                }
                this.mAuthorizationId = authorizeCallback.getAuthorizedID();
                this.mCompleted = true;
                return null;
            } catch (Exception e) {
                throw new IllegalArgumentException("Received corrupt response", e);
            }
        } catch (Exception e2) {
            throw new SaslException("Plain authentication failed: " + e2.getMessage(), e2);
        }
    }

    public boolean isComplete() {
        return this.mCompleted;
    }

    public String getAuthorizationID() {
        checkNotComplete();
        return this.mAuthorizationId;
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) {
        throw new UnsupportedOperationException("PLAIN doesn't support wrap or unwrap operation");
    }

    public byte[] wrap(byte[] bArr, int i, int i2) {
        throw new UnsupportedOperationException("PLAIN doesn't support wrap or unwrap operation");
    }

    @Nullable
    public Object getNegotiatedProperty(String str) {
        checkNotComplete();
        if ("javax.security.sasl.qop".equals(str)) {
            return "auth";
        }
        return null;
    }

    public void dispose() {
        if (this.mCompleted) {
            AuthenticatedClientUser.remove();
        }
        this.mCompleted = false;
        this.mHandler = null;
        this.mAuthorizationId = null;
    }

    private void checkNotComplete() {
        if (!this.mCompleted) {
            throw new IllegalStateException("PLAIN authentication not completed");
        }
    }
}
