package org.apache.kafka.common.security.plain;

import java.io.UnsupportedEncodingException;
import java.util.Arrays;
import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
import org.apache.kafka.common.errors.SaslAuthenticationException;
import org.apache.kafka.common.security.JaasContext;
import org.apache.kafka.common.security.authenticator.SaslServerCallbackHandler;
import org.glassfish.jersey.internal.l10n.Localizable;

/* loaded from: input_file:org/apache/kafka/common/security/plain/PlainSaslServer.class */
public class PlainSaslServer implements SaslServer {
    public static final String PLAIN_MECHANISM = "PLAIN";
    private static final String JAAS_USER_PREFIX = "user_";
    private final JaasContext jaasContext;
    private boolean complete;
    private String authorizationId;

    /* loaded from: input_file:org/apache/kafka/common/security/plain/PlainSaslServer$PlainSaslServerFactory.class */
    public static class PlainSaslServerFactory implements SaslServerFactory {
        public SaslServer createSaslServer(String str, String str2, String str3, Map<String, ?> map, CallbackHandler callbackHandler) throws SaslException {
            if (!PlainSaslServer.PLAIN_MECHANISM.equals(str)) {
                throw new SaslException(String.format("Mechanism '%s' is not supported. Only PLAIN is supported.", str));
            }
            if (callbackHandler instanceof SaslServerCallbackHandler) {
                return new PlainSaslServer(((SaslServerCallbackHandler) callbackHandler).jaasContext());
            }
            throw new SaslException("CallbackHandler must be of type SaslServerCallbackHandler, but it is: " + callbackHandler.getClass());
        }

        public String[] getMechanismNames(Map<String, ?> map) {
            if (map != null && "true".equals((String) map.get("javax.security.sasl.policy.noplaintext"))) {
                return new String[0];
            }
            return new String[]{PlainSaslServer.PLAIN_MECHANISM};
        }
    }

    public PlainSaslServer(JaasContext jaasContext) {
        this.jaasContext = jaasContext;
    }

    public byte[] evaluateResponse(byte[] bArr) throws SaslException, SaslAuthenticationException {
        try {
            String[] split = new String(bArr, "UTF-8").split(Localizable.NOT_LOCALIZABLE);
            if (split.length != 3) {
                throw new SaslException("Invalid SASL/PLAIN response: expected 3 tokens, got " + split.length);
            }
            String str = split[0];
            String str2 = split[1];
            String str3 = split[2];
            if (str2.isEmpty()) {
                throw new SaslException("Authentication failed: username not specified");
            }
            if (str3.isEmpty()) {
                throw new SaslException("Authentication failed: password not specified");
            }
            if (!str3.equals(this.jaasContext.configEntryOption(JAAS_USER_PREFIX + str2, PlainLoginModule.class.getName()))) {
                throw new SaslAuthenticationException("Authentication failed: Invalid username or password");
            }
            if (!str.isEmpty() && !str.equals(str2)) {
                throw new SaslAuthenticationException("Authentication failed: Client requested an authorization id that is different from username");
            }
            this.authorizationId = str2;
            this.complete = true;
            return new byte[0];
        } catch (UnsupportedEncodingException e) {
            throw new SaslException("UTF-8 encoding not supported", e);
        }
    }

    public String getAuthorizationID() {
        if (this.complete) {
            return this.authorizationId;
        }
        throw new IllegalStateException("Authentication exchange has not completed");
    }

    public String getMechanismName() {
        return PLAIN_MECHANISM;
    }

    public Object getNegotiatedProperty(String str) {
        if (this.complete) {
            return null;
        }
        throw new IllegalStateException("Authentication exchange has not completed");
    }

    public boolean isComplete() {
        return this.complete;
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        if (this.complete) {
            return Arrays.copyOfRange(bArr, i, i + i2);
        }
        throw new IllegalStateException("Authentication exchange has not completed");
    }

    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        if (this.complete) {
            return Arrays.copyOfRange(bArr, i, i + i2);
        }
        throw new IllegalStateException("Authentication exchange has not completed");
    }

    public void dispose() throws SaslException {
    }
}
