package org.infinispan.client.hotrod.impl.transport.tcp;

import java.io.IOException;
import java.net.SocketAddress;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.List;
import java.util.concurrent.atomic.AtomicInteger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.infinispan.client.hotrod.configuration.AuthenticationConfiguration;
import org.infinispan.client.hotrod.impl.operations.AuthMechListOperation;
import org.infinispan.client.hotrod.impl.operations.AuthOperation;
import org.infinispan.client.hotrod.impl.protocol.Codec;
import org.infinispan.client.hotrod.logging.Log;
import org.infinispan.client.hotrod.logging.LogFactory;
import org.jboss.util.Strings;

/* loaded from: input_file:WEB-INF/lib/infinispan-client-hotrod-7.0.0.Beta2.jar:org/infinispan/client/hotrod/impl/transport/tcp/SaslTransportObjectFactory.class */
public class SaslTransportObjectFactory extends TransportObjectFactory {
    private static final Log log = LogFactory.getLog(SaslTransportObjectFactory.class);
    private static final byte[] EMPTY_BYTES = new byte[0];
    private static final String AUTH_INT = "auth-int";
    private static final String AUTH_CONF = "auth-conf";
    private final AuthenticationConfiguration configuration;

    /* loaded from: input_file:WEB-INF/lib/infinispan-client-hotrod-7.0.0.Beta2.jar:org/infinispan/client/hotrod/impl/transport/tcp/SaslTransportObjectFactory$NoOpCallbackHandler.class */
    public static final class NoOpCallbackHandler implements CallbackHandler {
        public static final NoOpCallbackHandler INSTANCE = new NoOpCallbackHandler();

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        }
    }

    public SaslTransportObjectFactory(Codec codec, TcpTransportFactory tcpTransportFactory, AtomicInteger atomicInteger, boolean z, AuthenticationConfiguration authenticationConfiguration) {
        super(codec, tcpTransportFactory, atomicInteger, z);
        this.configuration = authenticationConfiguration;
    }

    @Override // org.infinispan.client.hotrod.impl.transport.tcp.TransportObjectFactory, org.apache.commons.pool.BaseKeyedPoolableObjectFactory, org.apache.commons.pool.KeyedPoolableObjectFactory
    public TcpTransport makeObject(SocketAddress socketAddress) throws Exception {
        byte[] evaluateChallenge;
        TcpTransport tcpTransport = new TcpTransport(socketAddress, this.tcpTransportFactory);
        if (log.isTraceEnabled()) {
            log.tracef("Created tcp transport: %s", tcpTransport);
        }
        List<String> mechList = mechList(tcpTransport, this.defaultCacheTopologyId);
        if (!mechList.contains(this.configuration.saslMechanism())) {
            throw log.unsupportedMech(this.configuration.saslMechanism(), mechList);
        }
        SaslClient createSaslClient = this.configuration.clientSubject() != null ? (SaslClient) Subject.doAs(this.configuration.clientSubject(), new PrivilegedExceptionAction<SaslClient>() { // from class: org.infinispan.client.hotrod.impl.transport.tcp.SaslTransportObjectFactory.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public SaslClient run() throws Exception {
                CallbackHandler callbackHandler = SaslTransportObjectFactory.this.configuration.callbackHandler();
                if (callbackHandler == null) {
                    callbackHandler = NoOpCallbackHandler.INSTANCE;
                }
                return Sasl.createSaslClient(new String[]{SaslTransportObjectFactory.this.configuration.saslMechanism()}, (String) null, "hotrod", SaslTransportObjectFactory.this.configuration.serverName(), SaslTransportObjectFactory.this.configuration.saslProperties(), callbackHandler);
            }
        }) : Sasl.createSaslClient(new String[]{this.configuration.saslMechanism()}, (String) null, "hotrod", this.configuration.serverName(), this.configuration.saslProperties(), this.configuration.callbackHandler());
        if (log.isTraceEnabled()) {
            log.tracef("Authenticating using mech: %s", this.configuration.saslMechanism());
        }
        byte[] auth = auth(tcpTransport, this.defaultCacheTopologyId, this.configuration.saslMechanism(), createSaslClient.hasInitialResponse() ? evaluateChallenge(createSaslClient, EMPTY_BYTES) : EMPTY_BYTES);
        while (true) {
            byte[] bArr = auth;
            if (createSaslClient.isComplete() || bArr == null || (evaluateChallenge = evaluateChallenge(createSaslClient, bArr)) == null) {
                break;
            }
            auth = auth(tcpTransport, this.defaultCacheTopologyId, Strings.EMPTY, evaluateChallenge);
        }
        String str = (String) createSaslClient.getNegotiatedProperty("javax.security.sasl.qop");
        if (str == null || !(str.equalsIgnoreCase(AUTH_INT) || str.equalsIgnoreCase(AUTH_CONF))) {
            createSaslClient.dispose();
        } else {
            tcpTransport.setSaslClient(createSaslClient);
        }
        if (this.pingOnStartup && !this.firstPingExecuted) {
            log.trace("Executing first ping!");
            this.firstPingExecuted = true;
            ping(tcpTransport, this.defaultCacheTopologyId);
        }
        return tcpTransport;
    }

    private byte[] evaluateChallenge(final SaslClient saslClient, final byte[] bArr) throws SaslException {
        if (this.configuration.clientSubject() == null) {
            return saslClient.evaluateChallenge(bArr);
        }
        try {
            return (byte[]) Subject.doAs(this.configuration.clientSubject(), new PrivilegedExceptionAction<byte[]>() { // from class: org.infinispan.client.hotrod.impl.transport.tcp.SaslTransportObjectFactory.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public byte[] run() throws Exception {
                    return saslClient.evaluateChallenge(bArr);
                }
            });
        } catch (PrivilegedActionException e) {
            SaslException cause = e.getCause();
            if (cause instanceof SaslException) {
                throw cause;
            }
            throw new RuntimeException((Throwable) cause);
        }
    }

    private List<String> mechList(TcpTransport tcpTransport, AtomicInteger atomicInteger) {
        return new AuthMechListOperation(this.codec, atomicInteger, tcpTransport).execute();
    }

    private byte[] auth(TcpTransport tcpTransport, AtomicInteger atomicInteger, String str, byte[] bArr) {
        return new AuthOperation(this.codec, atomicInteger, tcpTransport, str, bArr).execute();
    }
}
