package org.apache.storm.security.auth;

import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import org.apache.storm.security.auth.SaslTransportPlugin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/storm/security/auth/AbstractSaslServerCallbackHandler.class */
public abstract class AbstractSaslServerCallbackHandler implements CallbackHandler {
    private static final Logger LOG = LoggerFactory.getLogger(AbstractSaslServerCallbackHandler.class);
    protected final Map<String, String> credentials = new HashMap();
    protected String userName;

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
        for (Callback callback : callbackArr) {
            if (callback instanceof NameCallback) {
                handleNameCallback((NameCallback) callback);
            } else if (callback instanceof PasswordCallback) {
                handlePasswordCallback((PasswordCallback) callback);
            } else if (callback instanceof RealmCallback) {
                handleRealmCallback((RealmCallback) callback);
            } else if (callback instanceof AuthorizeCallback) {
                handleAuthorizeCallback((AuthorizeCallback) callback);
            }
        }
    }

    private void handleNameCallback(NameCallback nameCallback) {
        LOG.debug("handleNameCallback");
        this.userName = nameCallback.getDefaultName();
        nameCallback.setName(nameCallback.getDefaultName());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handlePasswordCallback(PasswordCallback passwordCallback) {
        LOG.debug("handlePasswordCallback");
        if (this.credentials.containsKey(this.userName)) {
            passwordCallback.setPassword(this.credentials.get(this.userName).toCharArray());
        } else {
            LOG.warn("No password found for user: {}", this.userName);
        }
    }

    private void handleRealmCallback(RealmCallback realmCallback) {
        LOG.debug("handleRealmCallback: {}", realmCallback.getDefaultText());
        realmCallback.setText(realmCallback.getDefaultText());
    }

    private void handleAuthorizeCallback(AuthorizeCallback authorizeCallback) {
        String authenticationID = authorizeCallback.getAuthenticationID();
        LOG.info("Successfully authenticated client: authenticationID = {} authorizationID = {}", authenticationID, authorizeCallback.getAuthorizationID());
        if (authorizeCallback.getAuthorizationID() == null) {
            authorizeCallback.setAuthorizedID(authenticationID);
        }
        if (authenticationID.equals(authorizeCallback.getAuthorizationID())) {
            ReqContext.context().setRealPrincipal(null);
        } else {
            LOG.info("Impersonation attempt  authenticationID = {} authorizationID = {}", authorizeCallback.getAuthenticationID(), authorizeCallback.getAuthorizationID());
            ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(authorizeCallback.getAuthenticationID()));
        }
        authorizeCallback.setAuthorized(true);
    }
}
