package org.apache.kafka.common.security;

import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.util.Map;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.config.SaslConfigs;
import org.apache.kafka.common.config.types.Password;
import org.apache.kafka.common.network.LoginType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/bundled-dependencies/kafka-clients-0.10.2.1.jar:org/apache/kafka/common/security/JaasUtils.class */
public class JaasUtils {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) JaasUtils.class);
    public static final String JAVA_LOGIN_CONFIG_PARAM = "java.security.auth.login.config";
    public static final String LOGIN_CONTEXT_SERVER = "KafkaServer";
    public static final String LOGIN_CONTEXT_CLIENT = "KafkaClient";
    public static final String SERVICE_NAME = "serviceName";
    public static final String ZK_SASL_CLIENT = "zookeeper.sasl.client";
    public static final String ZK_LOGIN_CONTEXT_NAME_KEY = "zookeeper.sasl.clientconfig";

    public static Configuration jaasConfig(LoginType loginType, Map<String, ?> map) {
        Password password = (Password) map.get(SaslConfigs.SASL_JAAS_CONFIG);
        if (password == null) {
            return defaultJaasConfig(loginType);
        }
        if (loginType == LoginType.SERVER) {
            throw new IllegalArgumentException("JAAS config property not supported for server");
        }
        JaasConfig jaasConfig = new JaasConfig(loginType, password.value());
        AppConfigurationEntry[] appConfigurationEntry = jaasConfig.getAppConfigurationEntry(LoginType.CLIENT.contextName());
        int length = appConfigurationEntry == null ? 0 : appConfigurationEntry.length;
        if (length != 1) {
            throw new IllegalArgumentException("JAAS config property contains " + length + " login modules, should be one module");
        }
        return jaasConfig;
    }

    private static Configuration defaultJaasConfig(LoginType loginType) {
        String property = System.getProperty("java.security.auth.login.config");
        if (property == null) {
            LOG.debug("System property 'java.security.auth.login.config' and Kafka SASL property 'sasl.jaas.config' are not set, using default JAAS configuration.");
        }
        Configuration configuration = Configuration.getConfiguration();
        String contextName = loginType.contextName();
        if (configuration.getAppConfigurationEntry(contextName) == null) {
            throw new IllegalArgumentException("Could not find a '" + contextName + "' entry in the JAAS configuration. System property 'java.security.auth.login.config' is " + (property == null ? "not set" : property));
        }
        return configuration;
    }

    public static String defaultServerJaasConfigOption(String str, String str2) throws IOException {
        return jaasConfigOption(Configuration.getConfiguration(), LoginType.SERVER.contextName(), str, str2);
    }

    public static String jaasConfigOption(Configuration configuration, String str, String str2, String str3) throws IOException {
        Object obj;
        AppConfigurationEntry[] appConfigurationEntry = configuration.getAppConfigurationEntry(str);
        if (appConfigurationEntry == null) {
            throw new IOException("Could not find a '" + str + "' entry in this JAAS configuration.");
        }
        for (AppConfigurationEntry appConfigurationEntry2 : appConfigurationEntry) {
            if ((str3 == null || str3.equals(appConfigurationEntry2.getLoginModuleName())) && (obj = appConfigurationEntry2.getOptions().get(str2)) != null) {
                return (String) obj;
            }
        }
        return null;
    }

    public static String defaultKerberosRealm() throws ClassNotFoundException, NoSuchMethodException, IllegalArgumentException, IllegalAccessException, InvocationTargetException {
        Class<?> cls = System.getProperty("java.vendor").contains("IBM") ? Class.forName("com.ibm.security.krb5.internal.Config") : Class.forName("sun.security.krb5.Config");
        return (String) cls.getDeclaredMethod("getDefaultRealm", new Class[0]).invoke(cls.getMethod("getInstance", new Class[0]).invoke(cls, new Object[0]), new Object[0]);
    }

    public static boolean isZkSecurityEnabled() {
        boolean parseBoolean = Boolean.parseBoolean(System.getProperty("zookeeper.sasl.client", "true"));
        String property = System.getProperty("zookeeper.sasl.clientconfig", "Client");
        try {
            boolean z = Configuration.getConfiguration().getAppConfigurationEntry(property) != null;
            if (!z || parseBoolean) {
                return z;
            }
            LOG.error("JAAS configuration is present, but system property zookeeper.sasl.client is set to false, which disables SASL in the ZooKeeper client");
            throw new KafkaException("Exception while determining if ZooKeeper is secure");
        } catch (Exception e) {
            throw new KafkaException("Exception while loading Zookeeper JAAS login context '" + property + "'", e);
        }
    }
}
