package com.mongodb.internal.connection;

import com.mongodb.AuthenticationMechanism;
import com.mongodb.KerberosSubjectProvider;
import com.mongodb.MongoCredential;
import com.mongodb.MongoException;
import com.mongodb.MongoSecurityException;
import com.mongodb.ServerAddress;
import com.mongodb.ServerApi;
import com.mongodb.SubjectProvider;
import com.mongodb.connection.ClusterConnectionMode;
import com.mongodb.lang.NonNull;
import com.mongodb.lang.Nullable;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:com/mongodb/internal/connection/GSSAPIAuthenticator.class */
class GSSAPIAuthenticator extends SaslAuthenticator {
    private static final String GSSAPI_MECHANISM_NAME = "GSSAPI";
    private static final String GSSAPI_OID = "1.2.840.113554.1.2.2";
    private static final String SERVICE_NAME_DEFAULT_VALUE = "mongodb";
    private static final Boolean CANONICALIZE_HOST_NAME_DEFAULT_VALUE = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    public GSSAPIAuthenticator(MongoCredentialWithCache mongoCredentialWithCache, ClusterConnectionMode clusterConnectionMode, @Nullable ServerApi serverApi) {
        super(mongoCredentialWithCache, clusterConnectionMode, serverApi);
        if (getMongoCredential().getAuthenticationMechanism() != AuthenticationMechanism.GSSAPI) {
            throw new MongoException("Incorrect mechanism: " + getMongoCredential().getMechanism());
        }
    }

    @Override // com.mongodb.internal.connection.SaslAuthenticator
    public String getMechanismName() {
        return "GSSAPI";
    }

    @Override // com.mongodb.internal.connection.SaslAuthenticator
    protected SaslClient createSaslClient(ServerAddress serverAddress) {
        MongoCredential mongoCredential = getMongoCredential();
        try {
            Map map = (Map) mongoCredential.getMechanismProperty(MongoCredential.JAVA_SASL_CLIENT_PROPERTIES_KEY, null);
            if (map == null) {
                map = new HashMap();
                map.put("javax.security.sasl.maxbuffer", "0");
                map.put("javax.security.sasl.credentials", getGSSCredential(mongoCredential.getUserName()));
            }
            SaslClient createSaslClient = Sasl.createSaslClient(new String[]{AuthenticationMechanism.GSSAPI.getMechanismName()}, mongoCredential.getUserName(), (String) mongoCredential.getMechanismProperty(MongoCredential.SERVICE_NAME_KEY, SERVICE_NAME_DEFAULT_VALUE), getHostName(serverAddress), map, (CallbackHandler) null);
            if (createSaslClient == null) {
                throw new MongoSecurityException(mongoCredential, String.format("No platform support for %s mechanism", AuthenticationMechanism.GSSAPI));
            }
            return createSaslClient;
        } catch (SaslException e) {
            throw new MongoSecurityException(mongoCredential, "Exception initializing SASL client", e);
        } catch (UnknownHostException e2) {
            throw new MongoSecurityException(mongoCredential, "Unable to canonicalize host name + " + serverAddress);
        } catch (GSSException e3) {
            throw new MongoSecurityException(mongoCredential, "Exception initializing GSSAPI credentials", e3);
        }
    }

    private GSSCredential getGSSCredential(String str) throws GSSException {
        Oid oid = new Oid(GSSAPI_OID);
        GSSManager gSSManager = GSSManager.getInstance();
        return gSSManager.createCredential(gSSManager.createName(str, GSSName.NT_USER_NAME), Integer.MAX_VALUE, oid, 1);
    }

    private String getHostName(ServerAddress serverAddress) throws UnknownHostException {
        return ((Boolean) getNonNullMechanismProperty(MongoCredential.CANONICALIZE_HOST_NAME_KEY, CANONICALIZE_HOST_NAME_DEFAULT_VALUE)).booleanValue() ? InetAddress.getByName(serverAddress.getHost()).getCanonicalHostName() : serverAddress.getHost();
    }

    @Override // com.mongodb.internal.connection.SaslAuthenticator
    @NonNull
    protected SubjectProvider getDefaultSubjectProvider() {
        return new KerberosSubjectProvider();
    }
}
