package org.jboss.sasl.localuser;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Map;
import java.util.Random;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.jboss.sasl.util.AbstractSaslParticipant;
import org.jboss.sasl.util.AbstractSaslServer;
import org.jboss.sasl.util.Charsets;
import org.jboss.sasl.util.SaslState;
import org.jboss.sasl.util.SaslStateContext;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;

/* loaded from: input_file:org/jboss/sasl/localuser/LocalUserServer.class */
public final class LocalUserServer extends AbstractSaslServer implements SaslServer {
    public static final String LOCAL_USER_USE_SECURE_RANDOM = "jboss.sasl.local-user.use-secure-random";
    public static final String LOCAL_USER_CHALLENGE_PATH = "jboss.sasl.local-user.challenge-path";
    public static final String DEFAULT_USER = "jboss.sasl.local-user.default-user";
    private static final byte UTF8NUL = 0;
    private volatile String authorizationId;
    private volatile File challengeFile;
    private final File basePath;
    private final String defaultUser;
    private final boolean useSecureRandom;

    /* JADX INFO: Access modifiers changed from: package-private */
    public LocalUserServer(String str, String str2, Map<String, ?> map, CallbackHandler callbackHandler) {
        super(LocalUserSaslFactory.JBOSS_LOCAL_USER, str, str2, callbackHandler);
        if (map.containsKey(LOCAL_USER_CHALLENGE_PATH)) {
            this.basePath = new File(map.get(LOCAL_USER_CHALLENGE_PATH).toString()).getAbsoluteFile();
        } else {
            String property = getProperty(LOCAL_USER_CHALLENGE_PATH);
            if (property != null) {
                this.basePath = new File(property).getAbsoluteFile();
            } else {
                this.basePath = new File(getProperty("java.io.tmpdir"));
            }
        }
        Object property2 = map.containsKey(LOCAL_USER_USE_SECURE_RANDOM) ? map.get(LOCAL_USER_USE_SECURE_RANDOM) : getProperty(LOCAL_USER_USE_SECURE_RANDOM);
        if (property2 == null) {
            this.useSecureRandom = true;
        } else if (property2 instanceof Boolean) {
            this.useSecureRandom = ((Boolean) property2).booleanValue();
        } else if (property2 instanceof String) {
            this.useSecureRandom = Boolean.parseBoolean((String) property2);
        } else {
            this.useSecureRandom = true;
        }
        this.defaultUser = (String) (map.containsKey(DEFAULT_USER) ? map.get(DEFAULT_USER) : null);
    }

    private static String getProperty(final String str) {
        return System.getSecurityManager() != null ? (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: org.jboss.sasl.localuser.LocalUserServer.1
            @Override // java.security.PrivilegedAction
            public String run() {
                return System.getProperty(String.this);
            }
        }) : System.getProperty(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Random getRandom() {
        return this.useSecureRandom ? new SecureRandom() : new Random();
    }

    @Override // org.jboss.sasl.util.AbstractSaslParticipant
    public void init() {
        getContext().setNegotiationState(new SaslState() { // from class: org.jboss.sasl.localuser.LocalUserServer.2
            @Override // org.jboss.sasl.util.SaslState
            public byte[] evaluateMessage(SaslStateContext saslStateContext, byte[] bArr) throws SaslException {
                if (bArr.length == 0) {
                    return AbstractSaslParticipant.NO_BYTES;
                }
                if (bArr.length == 1 && bArr[0] == 0) {
                    LocalUserServer.this.authorizationId = null;
                } else {
                    LocalUserServer.this.authorizationId = new String(bArr, Charsets.UTF_8);
                }
                Random random = LocalUserServer.this.getRandom();
                try {
                    LocalUserServer.this.challengeFile = File.createTempFile(BeanDefinitionParserDelegate.LOCAL_REF_ATTRIBUTE, ".challenge", LocalUserServer.this.basePath);
                    try {
                        FileOutputStream fileOutputStream = new FileOutputStream(LocalUserServer.this.challengeFile);
                        boolean z = false;
                        try {
                            final byte[] bArr2 = new byte[8];
                            random.nextBytes(bArr2);
                            try {
                                fileOutputStream.write(bArr2);
                                fileOutputStream.close();
                                z = true;
                                if (1 == 0) {
                                    LocalUserServer.this.deleteChallenge();
                                }
                                try {
                                    fileOutputStream.close();
                                } catch (Throwable th) {
                                }
                                String absolutePath = LocalUserServer.this.challengeFile.getAbsolutePath();
                                byte[] bArr3 = new byte[Charsets.encodedLengthOf(absolutePath)];
                                Charsets.encodeTo(absolutePath, bArr3, 0);
                                LocalUserServer.this.getContext().setNegotiationState(new SaslState() { // from class: org.jboss.sasl.localuser.LocalUserServer.2.1
                                    @Override // org.jboss.sasl.util.SaslState
                                    public byte[] evaluateMessage(SaslStateContext saslStateContext2, byte[] bArr4) throws SaslException {
                                        String str;
                                        String str2;
                                        LocalUserServer.this.deleteChallenge();
                                        if (bArr4.length < 8) {
                                            throw new SaslException("Invalid response");
                                        }
                                        if (!Arrays.equals(bArr2, Arrays.copyOf(bArr4, 8))) {
                                            throw new SaslException("Invalid response");
                                        }
                                        int indexOf = Charsets.indexOf(bArr4, 0, 8);
                                        if (indexOf > -1) {
                                            str = new String(bArr4, 8, indexOf - 8, Charsets.UTF_8);
                                            int indexOf2 = Charsets.indexOf(bArr4, 0, indexOf + 1);
                                            str2 = indexOf2 > -1 ? new String(bArr4, indexOf + 1, (indexOf2 - indexOf) - 1, Charsets.UTF_8) : null;
                                        } else {
                                            str = null;
                                            str2 = null;
                                        }
                                        if (str == null || str.length() == 0) {
                                            str = LocalUserServer.this.defaultUser;
                                        }
                                        if (str == null) {
                                            throw new SaslException("No authentication ID given");
                                        }
                                        if (LocalUserServer.this.authorizationId == null) {
                                            LocalUserServer.this.authorizationId = str;
                                        }
                                        Callback nameCallback = new NameCallback("User name", str);
                                        Callback authorizeCallback = new AuthorizeCallback(str, LocalUserServer.this.authorizationId);
                                        if (str2 == null) {
                                            LocalUserServer.this.handleCallbacks(nameCallback, authorizeCallback);
                                        } else {
                                            LocalUserServer.this.handleCallbacks(new RealmCallback("User realm", str2), nameCallback, authorizeCallback);
                                        }
                                        if (!authorizeCallback.isAuthorized()) {
                                            throw new SaslException("User " + LocalUserServer.this.authorizationId + " is not authorized");
                                        }
                                        saslStateContext2.negotiationComplete();
                                        return null;
                                    }
                                });
                                return bArr3;
                            } catch (IOException e) {
                                throw new SaslException("Failed to create challenge file", e);
                            }
                        } catch (Throwable th2) {
                            if (!z) {
                                LocalUserServer.this.deleteChallenge();
                            }
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th3) {
                            }
                            throw th2;
                        }
                    } catch (FileNotFoundException e2) {
                        throw new SaslException("Failed to create challenge file", e2);
                    }
                } catch (IOException e3) {
                    throw new SaslException("Failed to create challenge file", e3);
                }
            }
        });
    }

    public String getAuthorizationID() {
        if (isComplete()) {
            return this.authorizationId;
        }
        throw new IllegalStateException("JBOSS-LOCAL-USER server negotiation not complete");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void deleteChallenge() {
        if (this.challengeFile != null) {
            this.challengeFile.delete();
            this.challengeFile = null;
        }
    }

    @Override // org.jboss.sasl.util.AbstractSaslParticipant
    public void dispose() throws SaslException {
        super.dispose();
        deleteChallenge();
    }

    protected void finalize() throws Throwable {
        deleteChallenge();
    }
}
