package org.infinispan.server.core.security.external;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;

/* loaded from: input_file:WEB-INF/lib/infinispan-server-core-9.0.0.Final.jar:org/infinispan/server/core/security/external/ExternalSaslServer.class */
final class ExternalSaslServer implements SaslServer {
    private final AtomicBoolean complete = new AtomicBoolean();
    private String authorizationID;
    private final Principal peerPrincipal;
    private final CallbackHandler callbackHandler;
    private static final byte[] EMPTY = new byte[0];

    /* JADX INFO: Access modifiers changed from: package-private */
    public ExternalSaslServer(CallbackHandler callbackHandler, Principal principal) {
        this.callbackHandler = callbackHandler;
        this.peerPrincipal = principal;
    }

    public String getMechanismName() {
        return "EXTERNAL";
    }

    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        if (this.complete.getAndSet(true)) {
            throw new SaslException("Received response after complete");
        }
        try {
            String str = new String(bArr, "UTF-8");
            if (str.length() == 0) {
                str = this.peerPrincipal.getName();
            }
            AuthorizeCallback authorizeCallback = new AuthorizeCallback(this.peerPrincipal.getName(), str);
            handleCallback(this.callbackHandler, authorizeCallback);
            if (!authorizeCallback.isAuthorized()) {
                throw new SaslException("EXTERNAL: " + this.peerPrincipal.getName() + " is not authorized to act as " + str);
            }
            this.authorizationID = authorizeCallback.getAuthorizedID();
            return EMPTY;
        } catch (UnsupportedEncodingException e) {
            throw new SaslException("Cannot convert user name from UTF-8", e);
        }
    }

    private static void handleCallback(CallbackHandler callbackHandler, Callback callback) throws SaslException {
        try {
            callbackHandler.handle(new Callback[]{callback});
        } catch (UnsupportedCallbackException e) {
            throw new SaslException("Failed to authenticate due to unsupported callback", e);
        } catch (SaslException e2) {
            throw e2;
        } catch (IOException e3) {
            throw new SaslException("Failed to authenticate due to callback exception", e3);
        }
    }

    public boolean isComplete() {
        return this.complete.get();
    }

    public String getAuthorizationID() {
        return this.authorizationID;
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        throw new IllegalStateException();
    }

    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        throw new IllegalStateException();
    }

    public Object getNegotiatedProperty(String str) {
        return null;
    }

    public void dispose() throws SaslException {
    }
}
