package oadd.org.apache.zookeeper.client;

import java.io.IOException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginException;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import oadd.org.apache.commons.configuration2.tree.DefaultExpressionEngineSymbols;
import oadd.org.apache.drill.common.KerberosUtil;
import oadd.org.apache.drill.common.expression.fn.JodaDateValidator;
import oadd.org.apache.zookeeper.AsyncCallback;
import oadd.org.apache.zookeeper.ClientCnxn;
import oadd.org.apache.zookeeper.Login;
import oadd.org.apache.zookeeper.SaslClientCallbackHandler;
import oadd.org.apache.zookeeper.Watcher;
import oadd.org.apache.zookeeper.data.Stat;
import oadd.org.apache.zookeeper.proto.GetSASLRequest;
import oadd.org.apache.zookeeper.proto.SetSASLResponse;
import oadd.org.apache.zookeeper.util.SecurityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:oadd/org/apache/zookeeper/client/ZooKeeperSaslClient.class */
public class ZooKeeperSaslClient {

    @Deprecated
    public static final String LOGIN_CONTEXT_NAME_KEY = "zookeeper.sasl.clientconfig";

    @Deprecated
    public static final String ENABLE_CLIENT_SASL_KEY = "zookeeper.sasl.client";

    @Deprecated
    public static final String ENABLE_CLIENT_SASL_DEFAULT = "true";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ZooKeeperSaslClient.class);
    private SaslClient saslClient;
    private boolean isSASLConfigured;
    private final ZKClientConfig clientConfig;
    private SaslState saslState;
    private final String configStatus;
    private volatile boolean initializedLogin = false;
    private Login login = null;
    private byte[] saslToken = new byte[0];
    private boolean gotLastPacket = false;

    /* loaded from: input_file:oadd/org/apache/zookeeper/client/ZooKeeperSaslClient$SaslState.class */
    public enum SaslState {
        INITIAL,
        INTERMEDIATE,
        COMPLETE,
        FAILED
    }

    /* loaded from: input_file:oadd/org/apache/zookeeper/client/ZooKeeperSaslClient$ServerSaslResponseCallback.class */
    public static class ServerSaslResponseCallback implements AsyncCallback.DataCallback {
        @Override // oadd.org.apache.zookeeper.AsyncCallback.DataCallback
        public void processResult(int i, String str, Object obj, byte[] bArr, Stat stat) {
            ZooKeeperSaslClient zooKeeperSaslClient = ((ClientCnxn) obj).zooKeeperSaslClient;
            if (zooKeeperSaslClient == null) {
                ZooKeeperSaslClient.LOG.warn("sasl client was unexpectedly null: cannot respond to Zookeeper server.");
                return;
            }
            byte[] bArr2 = bArr;
            if (bArr != null) {
                ZooKeeperSaslClient.LOG.debug("ServerSaslResponseCallback(): saslToken server response: (length=" + bArr2.length + DefaultExpressionEngineSymbols.DEFAULT_INDEX_END);
            } else {
                bArr2 = new byte[0];
                ZooKeeperSaslClient.LOG.debug("ServerSaslResponseCallback(): using empty data[] as server response (length=" + bArr2.length + DefaultExpressionEngineSymbols.DEFAULT_INDEX_END);
            }
            zooKeeperSaslClient.respondToServer(bArr2, (ClientCnxn) obj);
        }
    }

    @Deprecated
    public static boolean isEnabled() {
        return Boolean.valueOf(System.getProperty("zookeeper.sasl.client", "true")).booleanValue();
    }

    public SaslState getSaslState() {
        return this.saslState;
    }

    public String getLoginContext() {
        if (this.login != null) {
            return this.login.getLoginContextName();
        }
        return null;
    }

    public ZooKeeperSaslClient(String str, ZKClientConfig zKClientConfig) throws LoginException {
        this.isSASLConfigured = true;
        this.saslState = SaslState.INITIAL;
        String property = zKClientConfig.getProperty("zookeeper.sasl.clientconfig", ZKClientConfig.LOGIN_CONTEXT_NAME_KEY_DEFAULT);
        this.clientConfig = zKClientConfig;
        AppConfigurationEntry[] appConfigurationEntryArr = null;
        Throwable th = null;
        try {
            appConfigurationEntryArr = Configuration.getConfiguration().getAppConfigurationEntry(property);
        } catch (IllegalArgumentException e) {
            th = e;
        } catch (SecurityException e2) {
            th = e2;
        }
        if (appConfigurationEntryArr != null) {
            this.configStatus = "Will attempt to SASL-authenticate using Login Context section '" + property + JodaDateValidator.JODA_ESCAPE_CHARACTER;
            this.saslClient = createSaslClient(str, property);
            return;
        }
        this.saslState = SaslState.FAILED;
        String property2 = zKClientConfig.getProperty("zookeeper.sasl.clientconfig");
        if (property2 != null) {
            if (th == null) {
                throw new LoginException("Client cannot SASL-authenticate because the specified JAAS configuration section '" + property2 + "' could not be found.");
            }
            throw new LoginException("Zookeeper client cannot authenticate using the " + property2 + " section of the supplied JAAS configuration: '" + zKClientConfig.getJaasConfKey() + "' because of a RuntimeException: " + th);
        }
        this.configStatus = th != null ? "Will not attempt to authenticate using SASL " + DefaultExpressionEngineSymbols.DEFAULT_INDEX_START + th + DefaultExpressionEngineSymbols.DEFAULT_INDEX_END : "Will not attempt to authenticate using SASL (unknown error)";
        this.isSASLConfigured = false;
        if (zKClientConfig.getJaasConfKey() != null) {
            if (th == null) {
                throw new LoginException("No JAAS configuration section named '" + zKClientConfig.getProperty("zookeeper.sasl.clientconfig", ZKClientConfig.LOGIN_CONTEXT_NAME_KEY_DEFAULT) + "' was found in specified JAAS configuration file: '" + zKClientConfig.getJaasConfKey() + "'.");
            }
            throw new LoginException("Zookeeper client cannot authenticate using the '" + zKClientConfig.getProperty("zookeeper.sasl.clientconfig", ZKClientConfig.LOGIN_CONTEXT_NAME_KEY_DEFAULT) + "' section of the supplied JAAS configuration: '" + zKClientConfig.getJaasConfKey() + "' because of a RuntimeException: " + th);
        }
    }

    public String getConfigStatus() {
        return this.configStatus;
    }

    public boolean isComplete() {
        return this.saslState == SaslState.COMPLETE;
    }

    public boolean isFailed() {
        return this.saslState == SaslState.FAILED;
    }

    private SaslClient createSaslClient(String str, String str2) throws LoginException {
        try {
            if (!this.initializedLogin) {
                synchronized (this) {
                    if (this.login == null) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("JAAS loginContext is: " + str2);
                        }
                        this.login = new Login(str2, new SaslClientCallbackHandler(null, ZKClientConfig.LOGIN_CONTEXT_NAME_KEY_DEFAULT), this.clientConfig);
                        this.login.startThreadIfNeeded();
                        this.initializedLogin = true;
                    }
                }
            }
            return SecurityUtils.createSaslClient(this.login.getSubject(), str, ZKClientConfig.ZK_SASL_CLIENT_USERNAME_DEFAULT, "zk-sasl-md5", LOG, ZKClientConfig.LOGIN_CONTEXT_NAME_KEY_DEFAULT);
        } catch (LoginException e) {
            throw e;
        } catch (Exception e2) {
            LOG.error("Exception while trying to create SASL client: " + e2);
            return null;
        }
    }

    public void respondToServer(byte[] bArr, ClientCnxn clientCnxn) {
        if (this.saslClient == null) {
            LOG.error("saslClient is unexpectedly null. Cannot respond to server's SASL message; ignoring.");
            return;
        }
        if (!this.saslClient.isComplete()) {
            try {
                this.saslToken = createSaslToken(bArr);
                if (this.saslToken != null) {
                    sendSaslPacket(this.saslToken, clientCnxn);
                }
            } catch (SaslException e) {
                LOG.error("SASL authentication failed using login context '" + getLoginContext() + "' with exception: {}", e);
                this.saslState = SaslState.FAILED;
                this.gotLastPacket = true;
            }
        }
        if (this.saslClient.isComplete()) {
            if (bArr == null && this.saslClient.getMechanismName().equals(KerberosUtil.KERBEROS_SASL_NAME)) {
                this.gotLastPacket = true;
            }
            if (!this.saslClient.getMechanismName().equals(KerberosUtil.KERBEROS_SASL_NAME)) {
                this.gotLastPacket = true;
            }
            clientCnxn.saslCompleted();
        }
    }

    private byte[] createSaslToken() throws SaslException {
        this.saslState = SaslState.INTERMEDIATE;
        return createSaslToken(this.saslToken);
    }

    private byte[] createSaslToken(final byte[] bArr) throws SaslException {
        byte[] bArr2;
        if (bArr == null) {
            this.saslState = SaslState.FAILED;
            throw new SaslException("Error in authenticating with a Zookeeper Quorum member: the quorum member's saslToken is null.");
        }
        Subject subject = this.login.getSubject();
        if (subject == null) {
            throw new SaslException("Cannot make SASL token without subject defined. For diagnosis, please look for WARNs and ERRORs in your log related to the Login class.");
        }
        synchronized (this.login) {
            try {
                bArr2 = (byte[]) Subject.doAs(subject, new PrivilegedExceptionAction<byte[]>() { // from class: oadd.org.apache.zookeeper.client.ZooKeeperSaslClient.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public byte[] run() throws SaslException {
                        ZooKeeperSaslClient.LOG.debug("saslClient.evaluateChallenge(len=" + bArr.length + DefaultExpressionEngineSymbols.DEFAULT_INDEX_END);
                        return ZooKeeperSaslClient.this.saslClient.evaluateChallenge(bArr);
                    }
                });
            } catch (PrivilegedActionException e) {
                String str = "An error: (" + e + ") occurred when evaluating Zookeeper Quorum Member's  received SASL token.";
                if (e.toString().contains("(Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)")) {
                    str = str + " This may be caused by Java's being unable to resolve the Zookeeper Quorum Member's hostname correctly. You may want to try to adding '-Dsun.net.spi.nameservice.provider.1=dns,sun' to your client's JVMFLAGS environment.";
                }
                String str2 = str + " Zookeeper Client will go to AUTH_FAILED state.";
                LOG.error(str2);
                this.saslState = SaslState.FAILED;
                throw new SaslException(str2, e);
            }
        }
        return bArr2;
    }

    private void sendSaslPacket(byte[] bArr, ClientCnxn clientCnxn) throws SaslException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("ClientCnxn:sendSaslPacket:length=" + bArr.length);
        }
        GetSASLRequest getSASLRequest = new GetSASLRequest();
        getSASLRequest.setToken(bArr);
        try {
            clientCnxn.sendPacket(getSASLRequest, new SetSASLResponse(), new ServerSaslResponseCallback(), 102);
        } catch (IOException e) {
            throw new SaslException("Failed to send SASL packet to server.", e);
        }
    }

    private void sendSaslPacket(ClientCnxn clientCnxn) throws SaslException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("ClientCnxn:sendSaslPacket:length=" + this.saslToken.length);
        }
        GetSASLRequest getSASLRequest = new GetSASLRequest();
        getSASLRequest.setToken(createSaslToken());
        try {
            clientCnxn.sendPacket(getSASLRequest, new SetSASLResponse(), new ServerSaslResponseCallback(), 102);
        } catch (IOException e) {
            throw new SaslException("Failed to send SASL packet to server due to IOException:", e);
        }
    }

    public Watcher.Event.KeeperState getKeeperState() {
        if (this.saslClient == null) {
            return null;
        }
        if (this.saslState == SaslState.FAILED) {
            return Watcher.Event.KeeperState.AuthFailed;
        }
        if (!this.saslClient.isComplete() || this.saslState != SaslState.INTERMEDIATE) {
            return null;
        }
        this.saslState = SaslState.COMPLETE;
        return Watcher.Event.KeeperState.SaslAuthenticated;
    }

    public void initialize(ClientCnxn clientCnxn) throws SaslException {
        if (this.saslClient == null) {
            this.saslState = SaslState.FAILED;
            throw new SaslException("saslClient failed to initialize properly: it's null.");
        }
        if (this.saslState == SaslState.INITIAL) {
            if (this.saslClient.hasInitialResponse()) {
                sendSaslPacket(clientCnxn);
            } else {
                sendSaslPacket(new byte[0], clientCnxn);
            }
            this.saslState = SaslState.INTERMEDIATE;
        }
    }

    public boolean clientTunneledAuthenticationInProgress() {
        if (!this.isSASLConfigured) {
            return false;
        }
        try {
            if (this.clientConfig.getJaasConfKey() == null && (Configuration.getConfiguration() == null || Configuration.getConfiguration().getAppConfigurationEntry(this.clientConfig.getProperty("zookeeper.sasl.clientconfig", ZKClientConfig.LOGIN_CONTEXT_NAME_KEY_DEFAULT)) == null)) {
                return false;
            }
            if (isComplete() || isFailed()) {
                return !this.gotLastPacket;
            }
            return true;
        } catch (SecurityException e) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug("Could not retrieve login configuration: " + e);
            return false;
        }
    }

    public void shutdown() {
        if (null != this.login) {
            this.login.shutdown();
        }
    }
}
