package org.apache.zookeeper.server;

import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.zookeeper.Login;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:hadoop-client-2.1.1-beta/share/hadoop/client/lib/zookeeper-3.4.2.jar:org/apache/zookeeper/server/ZooKeeperSaslServer.class */
public class ZooKeeperSaslServer {
    Logger LOG = LoggerFactory.getLogger(ZooKeeperSaslServer.class);
    private SaslServer saslServer;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ZooKeeperSaslServer(Login login) {
        this.saslServer = createSaslServer(login);
    }

    private SaslServer createSaslServer(final Login login) {
        synchronized (login) {
            Subject subject = login.getSubject();
            if (subject != null) {
                if (subject.getPrincipals().size() > 0) {
                    try {
                        String name = ((Principal) subject.getPrincipals().toArray()[0]).getName();
                        int indexOf = name.indexOf("/");
                        final String substring = name.substring(0, indexOf);
                        String substring2 = name.substring(indexOf + 1, name.length());
                        final String substring3 = substring2.substring(0, substring2.indexOf("@"));
                        this.LOG.debug("serviceHostname is '" + substring3 + "'");
                        this.LOG.debug("servicePrincipalName is " + substring + "'");
                        this.LOG.debug("SASL mechanism(mech) is GSSAPI'");
                        try {
                            return (SaslServer) Subject.doAs(subject, new PrivilegedExceptionAction<SaslServer>() { // from class: org.apache.zookeeper.server.ZooKeeperSaslServer.1
                                /* JADX WARN: Can't rename method to resolve collision */
                                @Override // java.security.PrivilegedExceptionAction
                                public SaslServer run() {
                                    try {
                                        return Sasl.createSaslServer("GSSAPI", substring, substring3, (Map) null, login.callbackHandler);
                                    } catch (SaslException e) {
                                        ZooKeeperSaslServer.this.LOG.error("Zookeeper Server failed to create a SaslServer to interact with a client during session initiation: " + e);
                                        e.printStackTrace();
                                        return null;
                                    }
                                }
                            });
                        } catch (PrivilegedActionException e) {
                            this.LOG.error("Zookeeper Quorum member experienced a PrivilegedActionException exception while creating a SaslServer using a JAAS principal context:" + e);
                            e.printStackTrace();
                        }
                    } catch (Exception e2) {
                        this.LOG.error("server principal name/hostname determination error: " + e2);
                    }
                } else {
                    try {
                        return Sasl.createSaslServer("DIGEST-MD5", "zookeeper", "zk-sasl-md5", (Map) null, login.callbackHandler);
                    } catch (SaslException e3) {
                        this.LOG.error("Zookeeper Quorum member failed to create a SaslServer to interact with a client during session initiation: " + e3);
                    }
                }
            }
            this.LOG.error("failed to create saslServer object.");
            return null;
        }
    }

    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        return this.saslServer.evaluateResponse(bArr);
    }

    public boolean isComplete() {
        return this.saslServer.isComplete();
    }

    public String getAuthorizationID() {
        return this.saslServer.getAuthorizationID();
    }
}
