package org.zeromq;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.zeromq.ZMQ;
import org.zeromq.ZThread;

/* loaded from: input_file:org/zeromq/ZAuth.class */
public class ZAuth {
    private ZMQ.Socket pipe;
    private boolean verbose;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:org/zeromq/ZAuth$ZAPRequest.class */
    public static class ZAPRequest {
        public ZMQ.Socket handler;
        public String version;
        public String sequence;
        public String domain;
        public String address;
        public String identity;
        public String mechanism;
        public String username;
        public String password;
        public String clientKey;
        public String principal;
        static final /* synthetic */ boolean $assertionsDisabled;

        static ZAPRequest recvRequest(ZMQ.Socket socket) {
            if (ZMQ.getMajorVersion() != 4) {
                return null;
            }
            ZMsg recvMsg = ZMsg.recvMsg(socket);
            ZAPRequest zAPRequest = new ZAPRequest();
            zAPRequest.handler = socket;
            zAPRequest.version = recvMsg.popString();
            zAPRequest.sequence = recvMsg.popString();
            zAPRequest.domain = recvMsg.popString();
            zAPRequest.address = recvMsg.popString();
            zAPRequest.identity = recvMsg.popString();
            zAPRequest.mechanism = recvMsg.popString();
            if (!$assertionsDisabled && !zAPRequest.version.equals("1.0")) {
                throw new AssertionError();
            }
            if (zAPRequest.mechanism.equals("PLAIN")) {
                zAPRequest.username = recvMsg.popString();
                zAPRequest.password = recvMsg.popString();
            } else if (!zAPRequest.mechanism.equals("CURVE") && zAPRequest.mechanism.equals("GSSAPI")) {
                zAPRequest.principal = recvMsg.popString();
            }
            recvMsg.destroy();
            return zAPRequest;
        }

        static void reply(ZAPRequest zAPRequest, String str, String str2) {
            if (zAPRequest == null) {
                return;
            }
            ZMsg zMsg = new ZMsg();
            zMsg.add("1.0");
            zMsg.add(zAPRequest.sequence);
            zMsg.add(str);
            zMsg.add(str2);
            zMsg.add("");
            zMsg.add("");
            zMsg.send(zAPRequest.handler);
        }

        static {
            $assertionsDisabled = !ZAuth.class.desiredAssertionStatus();
        }
    }

    /* loaded from: input_file:org/zeromq/ZAuth$ZAuthAgent.class */
    private static class ZAuthAgent implements ZThread.IAttachedRunnable {
        private ZMQ.Socket pipe;
        private ZMQ.Socket handler;
        private boolean verbose;
        private ConcurrentMap<String, String> whitelist;
        private ConcurrentMap<String, String> blacklist;
        private ConcurrentMap<String, String> passwords;
        private boolean terminated;
        private File passwords_file;
        private long passwords_modified;
        private final ZAuth auth;

        private ZAuthAgent(ZAuth zAuth) {
            this.whitelist = new ConcurrentHashMap();
            this.blacklist = new ConcurrentHashMap();
            this.passwords = new ConcurrentHashMap();
            this.auth = zAuth;
        }

        private boolean controlMessage() {
            ZMsg recvMsg = ZMsg.recvMsg(this.pipe);
            String popString = recvMsg.popString();
            if (popString == null) {
                return false;
            }
            if (popString.equals("ALLOW")) {
                this.whitelist.put(recvMsg.popString(), "OK");
            } else if (popString.equals("DENY")) {
                this.blacklist.put(recvMsg.popString(), "OK");
            } else if (popString.equals("PLAIN")) {
                recvMsg.popString();
                this.passwords_file = new File(recvMsg.popString());
                loadPasswords(true);
                ZMsg zMsg = new ZMsg();
                zMsg.add("OK");
                zMsg.send(this.pipe);
                zMsg.destroy();
            } else if (popString.equals("GSSAPI")) {
                recvMsg.popString();
            } else if (popString.equals("VERBOSE")) {
                this.verbose = recvMsg.popString().equals("true");
            } else if (popString.equals("TERMINATE")) {
                this.terminated = true;
                ZMsg zMsg2 = new ZMsg();
                zMsg2.add("OK");
                zMsg2.send(this.pipe);
                zMsg2.destroy();
            }
            recvMsg.destroy();
            return true;
        }

        private boolean authenticate() {
            ZAPRequest recvRequest = ZAPRequest.recvRequest(this.handler);
            if (recvRequest == null) {
                return false;
            }
            boolean z = false;
            boolean z2 = false;
            if (this.whitelist.isEmpty()) {
                if (!this.blacklist.isEmpty()) {
                    if (this.blacklist.containsKey(recvRequest.address)) {
                        z2 = true;
                        if (this.verbose) {
                            System.out.printf("I: DENIED (blacklist) address = %s\n", recvRequest.address);
                        }
                    } else {
                        z = true;
                        if (this.verbose) {
                            System.out.printf("I: PASSED (not in blacklist) address = %s\n", recvRequest.address);
                        }
                    }
                }
            } else if (this.whitelist.containsKey(recvRequest.address)) {
                z = true;
                if (this.verbose) {
                    System.out.printf("I: PASSED (whitelist) address = %s\n", recvRequest.address);
                }
            } else {
                z2 = true;
                if (this.verbose) {
                    System.out.printf("I: DENIED (not in whitelist) address = %s\n", recvRequest.address);
                }
            }
            if (!z2) {
                if (recvRequest.mechanism.equals("NULL") && !z) {
                    if (this.verbose) {
                        System.out.printf("I: ALLOWED (NULL)\n", new Object[0]);
                    }
                    z = true;
                } else if (recvRequest.mechanism.equals("PLAIN")) {
                    z = authenticatePlain(recvRequest);
                } else if (!recvRequest.mechanism.equals("CURVE")) {
                    if (recvRequest.mechanism.equals("GSSAPI")) {
                        z = this.auth.authenticateGSS(recvRequest);
                    } else {
                        System.out.printf("Skipping unknown mechanism%n", new Object[0]);
                    }
                }
            }
            if (z) {
                ZAPRequest.reply(recvRequest, "200", "OK");
                return true;
            }
            ZAPRequest.reply(recvRequest, "400", "NO ACCESS");
            return true;
        }

        private boolean authenticatePlain(ZAPRequest zAPRequest) {
            loadPasswords(false);
            String str = this.passwords.get(zAPRequest.username);
            if (str == null || !str.equals(zAPRequest.password)) {
                if (!this.verbose) {
                    return false;
                }
                System.out.printf("ZAUTH I: DENIED (PLAIN) username=%s password=%s\n", zAPRequest.username, zAPRequest.password);
                return false;
            }
            if (!this.verbose) {
                return true;
            }
            System.out.printf("ZAUTH I: ALLOWED (PLAIN) username=%s password=%s\n", zAPRequest.username, zAPRequest.password);
            return true;
        }

        @Override // org.zeromq.ZThread.IAttachedRunnable
        public void run(Object[] objArr, ZContext zContext, ZMQ.Socket socket) {
            this.pipe = socket;
            this.handler = zContext.createSocket(4);
            try {
                this.handler.bind("inproc://zeromq.zap.01");
                socket.send("OK");
                ZMQ.PollItem[] pollItemArr = {new ZMQ.PollItem(socket, 1), new ZMQ.PollItem(this.handler, 1)};
                while (!this.terminated && !Thread.currentThread().isInterrupted() && ZMQ.poll(pollItemArr, -1L) != -1) {
                    if (pollItemArr[0].isReadable() && !controlMessage()) {
                        return;
                    }
                    if (pollItemArr[1].isReadable() && !authenticate()) {
                        return;
                    }
                }
            } catch (ZMQException e) {
                socket.send("ERROR");
            }
        }

        private void loadPasswords(boolean z) {
            if (!z) {
                long lastModified = this.passwords_file.lastModified();
                long currentTimeMillis = System.currentTimeMillis() - lastModified;
                if (lastModified <= this.passwords_modified || currentTimeMillis <= 1000) {
                    return;
                } else {
                    this.passwords.clear();
                }
            }
            this.passwords_modified = this.passwords_file.lastModified();
            try {
                BufferedReader bufferedReader = new BufferedReader(new FileReader(this.passwords_file));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        bufferedReader.close();
                        return;
                    }
                    int indexOf = readLine.indexOf(61);
                    if (readLine.charAt(0) != '#' && indexOf != -1 && indexOf != readLine.length() - 1) {
                        this.passwords.put(readLine.substring(0, indexOf), readLine.substring(indexOf + 1, readLine.length()));
                    }
                }
            } catch (Exception e) {
            }
        }
    }

    public ZAuth(ZContext zContext) {
        this.pipe = ZThread.fork(zContext, new ZAuthAgent(), new Object[0]);
        ZMsg recvMsg = ZMsg.recvMsg(this.pipe);
        recvMsg.popString();
        recvMsg.destroy();
    }

    public void setVerbose(boolean z) {
        this.verbose = z;
        ZMsg zMsg = new ZMsg();
        zMsg.add("VERBOSE");
        zMsg.add(String.format("%b", Boolean.valueOf(z)));
        zMsg.send(this.pipe);
        zMsg.destroy();
    }

    public void allow(String str) {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        ZMsg zMsg = new ZMsg();
        zMsg.add("ALLOW");
        zMsg.add(str);
        zMsg.send(this.pipe);
        zMsg.destroy();
    }

    public void deny(String str) {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        ZMsg zMsg = new ZMsg();
        zMsg.add("DENY");
        zMsg.add(str);
        zMsg.send(this.pipe);
        zMsg.destroy();
    }

    public void configurePlain(String str, String str2) {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && str2 == null) {
            throw new AssertionError();
        }
        ZMsg zMsg = new ZMsg();
        zMsg.add("PLAIN");
        zMsg.add(str);
        zMsg.add(str2);
        zMsg.send(this.pipe);
        zMsg.destroy();
    }

    public void destroy() {
        ZMsg zMsg = new ZMsg();
        zMsg.add("TERMINATE");
        zMsg.send(this.pipe);
        zMsg.destroy();
        ZMsg.recvMsg(this.pipe).destroy();
    }

    public void configureGSSAPI(String str) {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        ZMsg zMsg = new ZMsg();
        zMsg.add("GSSAPI");
        zMsg.add(str);
        zMsg.send(this.pipe);
        zMsg.destroy();
    }

    protected boolean authenticateGSS(ZAPRequest zAPRequest) {
        if (!this.verbose) {
            return true;
        }
        System.out.printf("I: ALLOWED (GSSAPI allow any client) principal = %s identity = %s%n", zAPRequest.principal, zAPRequest.identity);
        return true;
    }

    static {
        $assertionsDisabled = !ZAuth.class.desiredAssertionStatus();
    }
}
