package org.wildfly.security.sasl.external;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.text.Normalizer;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.sasl.util.AbstractSaslParticipant;
import org.wildfly.security.sasl.util.SaslMechanismInformation;
import org.wildfly.security.util._private.Arrays2;

/* loaded from: input_file:org/wildfly/security/sasl/external/ExternalSaslServer.class */
final class ExternalSaslServer implements SaslServer {
    private final CallbackHandler cbh;
    private boolean complete;
    private String authorizationID;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ExternalSaslServer(CallbackHandler callbackHandler) {
        this.cbh = callbackHandler;
    }

    public String getMechanismName() {
        return SaslMechanismInformation.Names.EXTERNAL;
    }

    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        String normalize;
        if (this.complete) {
            throw ElytronMessages.log.mechMessageAfterComplete(getMechanismName()).toSaslException();
        }
        this.complete = true;
        if (bArr.length == 0) {
            normalize = null;
        } else {
            normalize = Normalizer.normalize(new String(bArr, StandardCharsets.UTF_8), Normalizer.Form.NFKC);
            if (normalize.indexOf(0) != -1) {
                throw ElytronMessages.log.mechUserNameContainsInvalidCharacter(getMechanismName()).toSaslException();
            }
        }
        AuthorizeCallback authorizeCallback = new AuthorizeCallback((String) null, normalize);
        try {
            this.cbh.handle((Callback[]) Arrays2.of(authorizeCallback));
            if (!authorizeCallback.isAuthorized()) {
                throw ElytronMessages.log.mechAuthorizationFailed(getMechanismName(), null, normalize).toSaslException();
            }
            this.authorizationID = authorizeCallback.getAuthorizedID();
            return AbstractSaslParticipant.NO_BYTES;
        } catch (SaslException e) {
            throw e;
        } catch (IOException e2) {
            throw ElytronMessages.log.mechAuthorizationFailed(getMechanismName(), e2).toSaslException();
        } catch (UnsupportedCallbackException e3) {
            throw ElytronMessages.log.mechAuthorizationFailed(getMechanismName(), e3).toSaslException();
        }
    }

    public boolean isComplete() {
        return this.complete;
    }

    public String getAuthorizationID() {
        if (this.complete) {
            return this.authorizationID;
        }
        throw ElytronMessages.log.mechAuthenticationNotComplete(getMechanismName());
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        if (this.complete) {
            throw ElytronMessages.log.mechNoSecurityLayer(getMechanismName()).toSaslException();
        }
        throw ElytronMessages.log.mechAuthenticationNotComplete(getMechanismName());
    }

    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        if (this.complete) {
            throw ElytronMessages.log.mechNoSecurityLayer(getMechanismName()).toSaslException();
        }
        throw ElytronMessages.log.mechAuthenticationNotComplete(getMechanismName());
    }

    public Object getNegotiatedProperty(String str) {
        return null;
    }

    public void dispose() throws SaslException {
    }
}
