package org.apache.zookeeper.server.auth;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import org.apache.zookeeper.server.ZooKeeperSaslServer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-hdfs-httpfs-2.4.1/share/hadoop/httpfs/tomcat/webapps/webhdfs/WEB-INF/lib/zookeeper-3.4.5.jar:org/apache/zookeeper/server/auth/SaslServerCallbackHandler.class
  input_file:webhdfs/WEB-INF/lib/zookeeper-3.4.5.jar:org/apache/zookeeper/server/auth/SaslServerCallbackHandler.class
 */
/* loaded from: input_file:webhdfs.war:WEB-INF/lib/zookeeper-3.4.5.jar:org/apache/zookeeper/server/auth/SaslServerCallbackHandler.class */
public class SaslServerCallbackHandler implements CallbackHandler {
    private static final String USER_PREFIX = "user_";
    private static final Logger LOG = LoggerFactory.getLogger(SaslServerCallbackHandler.class);
    private static final String SYSPROP_SUPER_PASSWORD = "zookeeper.SASLAuthenticationProvider.superPassword";
    private static final String SYSPROP_REMOVE_HOST = "zookeeper.kerberos.removeHostFromPrincipal";
    private static final String SYSPROP_REMOVE_REALM = "zookeeper.kerberos.removeRealmFromPrincipal";
    private String userName;
    private final Map<String, String> credentials = new HashMap();

    public SaslServerCallbackHandler(Configuration configuration) throws IOException {
        AppConfigurationEntry[] appConfigurationEntry = configuration.getAppConfigurationEntry(System.getProperty(ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, "Server"));
        if (appConfigurationEntry == null) {
            LOG.error("Could not find a 'Server' entry in this configuration: Server cannot start.");
            throw new IOException("Could not find a 'Server' entry in this configuration: Server cannot start.");
        }
        this.credentials.clear();
        for (AppConfigurationEntry appConfigurationEntry2 : appConfigurationEntry) {
            for (Map.Entry entry : appConfigurationEntry2.getOptions().entrySet()) {
                String str = (String) entry.getKey();
                if (str.startsWith(USER_PREFIX)) {
                    this.credentials.put(str.substring(USER_PREFIX.length()), (String) entry.getValue());
                }
            }
        }
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
        for (Callback callback : callbackArr) {
            if (callback instanceof NameCallback) {
                handleNameCallback((NameCallback) callback);
            } else if (callback instanceof PasswordCallback) {
                handlePasswordCallback((PasswordCallback) callback);
            } else if (callback instanceof RealmCallback) {
                handleRealmCallback((RealmCallback) callback);
            } else if (callback instanceof AuthorizeCallback) {
                handleAuthorizeCallback((AuthorizeCallback) callback);
            }
        }
    }

    private void handleNameCallback(NameCallback nameCallback) {
        if (this.credentials.get(nameCallback.getDefaultName()) == null) {
            LOG.warn("User '" + nameCallback.getDefaultName() + "' not found in list of DIGEST-MD5 authenticateable users.");
        } else {
            nameCallback.setName(nameCallback.getDefaultName());
            this.userName = nameCallback.getDefaultName();
        }
    }

    private void handlePasswordCallback(PasswordCallback passwordCallback) {
        if ("super".equals(this.userName) && System.getProperty(SYSPROP_SUPER_PASSWORD) != null) {
            passwordCallback.setPassword(System.getProperty(SYSPROP_SUPER_PASSWORD).toCharArray());
        } else if (this.credentials.containsKey(this.userName)) {
            passwordCallback.setPassword(this.credentials.get(this.userName).toCharArray());
        } else {
            LOG.warn("No password found for user: " + this.userName);
        }
    }

    private void handleRealmCallback(RealmCallback realmCallback) {
        LOG.debug("client supplied realm: " + realmCallback.getDefaultText());
        realmCallback.setText(realmCallback.getDefaultText());
    }

    private void handleAuthorizeCallback(AuthorizeCallback authorizeCallback) {
        String authenticationID = authorizeCallback.getAuthenticationID();
        LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + ";  authorizationID=" + authorizeCallback.getAuthorizationID() + ".");
        authorizeCallback.setAuthorized(true);
        KerberosName kerberosName = new KerberosName(authenticationID);
        try {
            StringBuilder sb = new StringBuilder(kerberosName.getShortName());
            if (shouldAppendHost(kerberosName)) {
                sb.append("/").append(kerberosName.getHostName());
            }
            if (shouldAppendRealm(kerberosName)) {
                sb.append("@").append(kerberosName.getRealm());
            }
            LOG.info("Setting authorizedID: " + ((Object) sb));
            authorizeCallback.setAuthorizedID(sb.toString());
        } catch (IOException e) {
            LOG.error("Failed to set name based on Kerberos authentication rules.");
        }
    }

    private boolean shouldAppendRealm(KerberosName kerberosName) {
        return (isSystemPropertyTrue(SYSPROP_REMOVE_REALM) || kerberosName.getRealm() == null) ? false : true;
    }

    private boolean shouldAppendHost(KerberosName kerberosName) {
        return (isSystemPropertyTrue(SYSPROP_REMOVE_HOST) || kerberosName.getHostName() == null) ? false : true;
    }

    private boolean isSystemPropertyTrue(String str) {
        return "true".equals(System.getProperty(str));
    }
}
