package io.confluent.kafka.security.auth.plain;

import java.io.IOException;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.kafka.common.security.plain.internals.PlainSaslServerProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/kafka/security/auth/plain/DynamicPlainLoginModule.class */
public class DynamicPlainLoginModule implements LoginModule {
    private static final Logger log = LoggerFactory.getLogger(DynamicPlainLoginModule.class);
    private Subject subject;
    private CallbackHandler loginCallbackHandler;
    private volatile LoginState loginState = LoginState.NOT_INITIALIZED;
    private volatile DynamicPlainCredential currentCredential;
    private volatile DynamicPlainCredential oldCredential;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/confluent/kafka/security/auth/plain/DynamicPlainLoginModule$LoginState.class */
    public enum LoginState {
        NOT_INITIALIZED,
        INITIALIZED,
        LOGGED_IN,
        COMMITTED
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        log.debug("Initialize login, current state {}", this.loginState);
        ensureLoginState(LoginState.NOT_INITIALIZED);
        this.subject = subject;
        this.loginCallbackHandler = callbackHandler;
        this.loginState = LoginState.INITIALIZED;
    }

    public boolean login() throws LoginException {
        log.debug("Logging in, current state {}", this.loginState);
        ensureLoginState(LoginState.INITIALIZED);
        Callback nameCallback = new NameCallback("username");
        PasswordCallback passwordCallback = new PasswordCallback("password", false);
        try {
            this.loginCallbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            this.currentCredential = new DynamicPlainCredential(nameCallback.getName(), passwordCallback.getPassword());
            this.loginState = LoginState.LOGGED_IN;
            return true;
        } catch (IOException | UnsupportedCallbackException e) {
            log.error(e.getMessage(), e);
            throw new LoginException("Credentials could not be retrieved using the configured login callback handler");
        }
    }

    public boolean logout() {
        log.debug("Logging out, current state {}", this.loginState);
        switch (this.loginState) {
            case NOT_INITIALIZED:
            case INITIALIZED:
            case LOGGED_IN:
            default:
                return true;
            case COMMITTED:
                this.oldCredential = this.currentCredential;
                this.currentCredential = null;
                this.loginState = LoginState.INITIALIZED;
                return true;
        }
    }

    public boolean commit() {
        log.debug("Committing login, current state {}", this.loginState);
        ensureLoginState(LoginState.LOGGED_IN);
        if (this.currentCredential == null) {
            return true;
        }
        this.subject.getPrivateCredentials().add(this.currentCredential);
        if (this.oldCredential != null && !this.oldCredential.equals(this.currentCredential)) {
            this.subject.getPrivateCredentials().remove(this.oldCredential);
        }
        this.oldCredential = null;
        this.loginState = LoginState.COMMITTED;
        return true;
    }

    public boolean abort() {
        log.debug("Abort login, current state {}", this.loginState);
        if (this.loginState != LoginState.LOGGED_IN) {
            return true;
        }
        this.currentCredential = null;
        this.loginState = LoginState.INITIALIZED;
        return true;
    }

    private void ensureLoginState(LoginState loginState) {
        if (this.loginState != loginState) {
            throw new IllegalStateException("Expected login state " + loginState + ", but was " + this.loginState);
        }
    }

    static {
        PlainSaslServerProvider.initialize();
    }
}
