package org.apache.kerby.kerberos.kerb.admin.server.kadmin.impl;

import java.io.File;
import java.io.IOException;
import java.net.SocketTimeoutException;
import java.nio.ByteBuffer;
import java.security.PrivilegedAction;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslServer;
import org.apache.kerby.kerberos.kerb.admin.AuthUtil;
import org.apache.kerby.kerberos.kerb.admin.server.kadmin.AdminServerContext;
import org.apache.kerby.kerberos.kerb.admin.server.kadmin.AdminServerHandler;
import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/DefaultAdminServerHandler.class */
public class DefaultAdminServerHandler extends AdminServerHandler implements Runnable {
    private final KrbTransport transport;
    private AdminServerContext adminServerContext;
    private static Logger logger = LoggerFactory.getLogger(DefaultAdminServerHandler.class);
    private static boolean sasl = false;

    /* loaded from: input_file:org/apache/kerby/kerberos/kerb/admin/server/kadmin/impl/DefaultAdminServerHandler$SaslGssCallbackHandler.class */
    private static class SaslGssCallbackHandler implements CallbackHandler {
        private SaslGssCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
            AuthorizeCallback authorizeCallback = null;
            for (Callback callback : callbackArr) {
                if (!(callback instanceof AuthorizeCallback)) {
                    throw new UnsupportedCallbackException(callback, "Unrecognized SASL GSSAPI Callback");
                }
                authorizeCallback = (AuthorizeCallback) callback;
            }
            if (authorizeCallback != null) {
                String authenticationID = authorizeCallback.getAuthenticationID();
                String authorizationID = authorizeCallback.getAuthorizationID();
                if (authenticationID.equals(authorizationID)) {
                    authorizeCallback.setAuthorized(true);
                } else {
                    authorizeCallback.setAuthorized(false);
                }
                if (authorizeCallback.isAuthorized()) {
                    authorizeCallback.setAuthorizedID(authorizationID);
                }
            }
        }
    }

    public DefaultAdminServerHandler(AdminServerContext adminServerContext, KrbTransport krbTransport) {
        super(adminServerContext);
        this.transport = krbTransport;
        this.adminServerContext = adminServerContext;
    }

    @Override // java.lang.Runnable
    public void run() {
        while (true) {
            try {
                if (sasl) {
                    ByteBuffer receiveMessage = this.transport.receiveMessage();
                    if (receiveMessage == null) {
                        logger.debug("No valid request recved. Disconnect actively");
                        this.transport.release();
                        return;
                    }
                    handleMessage(receiveMessage);
                } else {
                    logger.info("Doing the sasl negotiation !!!");
                    try {
                        saslNegotiation();
                    } catch (Exception e) {
                        logger.error("With exception when sasl negotiation." + e);
                    }
                }
            } catch (IOException e2) {
                this.transport.release();
                logger.debug("Transport or decoding error occurred, disconnecting abnormally", e2);
                return;
            }
            this.transport.release();
            logger.debug("Transport or decoding error occurred, disconnecting abnormally", e2);
            return;
        }
    }

    protected void handleMessage(ByteBuffer byteBuffer) {
        try {
            this.transport.sendMessage(handleMessage(byteBuffer, this.transport.getRemoteAddress()));
        } catch (Exception e) {
            this.transport.release();
            logger.error("Error occured while processing request:", e);
        }
    }

    private void saslNegotiation() throws Exception {
        Subject.doAs(AuthUtil.loginUsingKeytab(this.adminServerContext.getConfig().getProtocol() + "/" + this.adminServerContext.getConfig().getAdminHost(), new File(this.adminServerContext.getConfig().getKeyTabFile())), new PrivilegedAction<Object>() { // from class: org.apache.kerby.kerberos.kerb.admin.server.kadmin.impl.DefaultAdminServerHandler.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    try {
                        ByteBuffer receiveMessage = DefaultAdminServerHandler.this.transport.receiveMessage();
                        HashMap hashMap = new HashMap();
                        hashMap.put("javax.security.sasl.qop", "auth-conf");
                        hashMap.put("javax.security.sasl.server.authentication", "true");
                        SaslServer createSaslServer = Sasl.createSaslServer("GSSAPI", DefaultAdminServerHandler.this.adminServerContext.getConfig().getProtocol(), DefaultAdminServerHandler.this.adminServerContext.getConfig().getServerName(), hashMap, new SaslGssCallbackHandler());
                        if (createSaslServer == null) {
                            throw new Exception("Unable to find server implementation for: GSSAPI");
                        }
                        while (true) {
                            if (createSaslServer.isComplete()) {
                                break;
                            }
                            if (receiveMessage.getInt() == 0) {
                                DefaultAdminServerHandler.logger.info("sasl negotiation success!!!");
                                boolean unused = DefaultAdminServerHandler.sasl = true;
                                break;
                            }
                            DefaultAdminServerHandler.this.sendMessage(receiveMessage, createSaslServer);
                            if (!createSaslServer.isComplete()) {
                                DefaultAdminServerHandler.logger.info("Waiting receive message");
                                receiveMessage = DefaultAdminServerHandler.this.transport.receiveMessage();
                            }
                        }
                        return null;
                    } catch (Exception e) {
                        DefaultAdminServerHandler.logger.error("With exception when sasl negotiation. " + e);
                        return null;
                    }
                } catch (SocketTimeoutException e2) {
                    return null;
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void sendMessage(ByteBuffer byteBuffer, SaslServer saslServer) throws IOException {
        byte[] bArr = new byte[byteBuffer.remaining()];
        byteBuffer.get(bArr);
        byte[] evaluateResponse = saslServer.evaluateResponse(bArr);
        ByteBuffer allocate = ByteBuffer.allocate(evaluateResponse.length + 8);
        allocate.putInt(evaluateResponse.length + 4);
        allocate.putInt(saslServer.isComplete() ? 0 : 1);
        allocate.put(evaluateResponse);
        allocate.flip();
        this.transport.sendMessage(allocate);
        logger.info("Send message to admin client.");
    }
}
