package io.streamnative.pulsar.handlers.kop.security;

import io.streamnative.pulsar.handlers.kop.SaslAuth;
import io.streamnative.pulsar.handlers.kop.utils.SaslUtils;
import java.io.IOException;
import java.net.SocketAddress;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Set;
import javax.naming.AuthenticationException;
import javax.net.ssl.SSLSession;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.broker.authentication.AuthenticationProvider;
import org.apache.pulsar.broker.authentication.AuthenticationService;
import org.apache.pulsar.broker.authentication.AuthenticationState;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.common.api.AuthData;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/streamnative/pulsar/handlers/kop/security/PlainSaslServer.class */
public class PlainSaslServer implements SaslServer {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) PlainSaslServer.class);
    public static final String PLAIN_MECHANISM = "PLAIN";
    private final AuthenticationService authenticationService;
    private final PulsarAdmin admin;
    private boolean complete;
    private String authorizationId;
    private Set<String> proxyRoles;

    public PlainSaslServer(AuthenticationService authenticationService, PulsarAdmin pulsarAdmin, Set<String> set) {
        this.authenticationService = authenticationService;
        this.admin = pulsarAdmin;
        this.proxyRoles = set;
    }

    public String getMechanismName() {
        return "PLAIN";
    }

    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        try {
            SaslAuth parseSaslAuthBytes = SaslUtils.parseSaslAuthBytes(bArr);
            AuthenticationProvider authenticationProvider = this.authenticationService.getAuthenticationProvider(parseSaslAuthBytes.getAuthMethod());
            if (authenticationProvider == null) {
                throw new SaslException("No AuthenticationProvider found for method " + parseSaslAuthBytes.getAuthMethod());
            }
            try {
                AuthenticationState newAuthState = authenticationProvider.newAuthState(AuthData.of(parseSaslAuthBytes.getAuthData().getBytes(StandardCharsets.UTF_8)), (SocketAddress) null, (SSLSession) null);
                if (StringUtils.isEmpty(newAuthState.getAuthRole())) {
                    throw new AuthenticationException("Role cannot be empty.");
                }
                if (this.proxyRoles == null || !this.proxyRoles.contains(newAuthState.getAuthRole())) {
                    this.authorizationId = newAuthState.getAuthRole();
                    log.info("Authenticated User {}", this.authorizationId);
                } else {
                    this.authorizationId = parseSaslAuthBytes.getUsername();
                    log.info("Authenticated Proxy role {} as user role {}", newAuthState.getAuthRole(), this.authorizationId);
                    if (this.proxyRoles.contains(this.authorizationId)) {
                        throw new SaslException("The proxy (with role " + newAuthState.getAuthRole() + ") tried to forward another proxy user (with role " + this.authorizationId + ")");
                    }
                }
                this.complete = true;
                return new byte[0];
            } catch (AuthenticationException e) {
                throw new SaslException(e.getMessage());
            }
        } catch (IOException e2) {
            throw new SaslException(e2.getMessage());
        }
    }

    public boolean isComplete() {
        return this.complete;
    }

    public String getAuthorizationID() {
        return this.authorizationId;
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        if (this.complete) {
            return Arrays.copyOfRange(bArr, i, i + i2);
        }
        throw new IllegalStateException("Authentication exchange has not completed");
    }

    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        if (this.complete) {
            return Arrays.copyOfRange(bArr, i, i + i2);
        }
        throw new IllegalStateException("Authentication exchange has not completed");
    }

    public Object getNegotiatedProperty(String str) {
        if (this.complete) {
            return null;
        }
        throw new IllegalStateException("Authentication exchange has not completed");
    }

    public void dispose() throws SaslException {
    }
}
