package org.infinispan.client.hotrod.impl.transport.netty;

import io.netty.channel.Channel;
import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.LengthFieldBasedFrameDecoder;
import io.netty.util.internal.EmptyArrays;
import java.security.PrivilegedActionException;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionException;
import java.util.concurrent.CompletionStage;
import java.util.function.Function;
import javax.security.auth.Subject;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.infinispan.client.hotrod.configuration.AuthenticationConfiguration;
import org.infinispan.client.hotrod.impl.operations.OperationsFactory;
import org.infinispan.client.hotrod.logging.Log;
import org.infinispan.client.hotrod.logging.LogFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/infinispan-client-hotrod-10.1.4.Final.jar:org/infinispan/client/hotrod/impl/transport/netty/AuthHandler.class */
public class AuthHandler extends ActivationHandler {
    private static final Log log = LogFactory.getLog(AuthHandler.class);
    private static final boolean trace = log.isTraceEnabled();
    private static final String AUTH_INT = "auth-int";
    private static final String AUTH_CONF = "auth-conf";
    static final String NAME = "auth-handler";
    private final AuthenticationConfiguration authentication;
    private final SaslClient saslClient;
    private final OperationsFactory operationsFactory;

    /* loaded from: input_file:BOOT-INF/lib/infinispan-client-hotrod-10.1.4.Final.jar:org/infinispan/client/hotrod/impl/transport/netty/AuthHandler$ChallengeEvaluator.class */
    private class ChallengeEvaluator implements Function<byte[], CompletableFuture<byte[]>> {
        private final Channel channel;
        private final SaslClient saslClient;

        private ChallengeEvaluator(Channel channel, SaslClient saslClient) {
            this.channel = channel;
            this.saslClient = saslClient;
        }

        @Override // java.util.function.Function
        public CompletableFuture<byte[]> apply(byte[] bArr) {
            if (!this.saslClient.isComplete() && bArr != null) {
                try {
                    byte[] evaluateChallenge = AuthHandler.this.evaluateChallenge(this.saslClient, bArr, AuthHandler.this.authentication.clientSubject());
                    if (evaluateChallenge != null) {
                        return AuthHandler.this.operationsFactory.newAuthOperation(this.channel, AuthHandler.this.authentication.saslMechanism(), evaluateChallenge).execute().thenCompose((Function<? super byte[], ? extends CompletionStage<U>>) this);
                    }
                } catch (SaslException e) {
                    throw new CompletionException((Throwable) e);
                }
            }
            return CompletableFuture.completedFuture(null);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthHandler(AuthenticationConfiguration authenticationConfiguration, SaslClient saslClient, OperationsFactory operationsFactory) {
        this.authentication = authenticationConfiguration;
        this.saslClient = saslClient;
        this.operationsFactory = operationsFactory;
    }

    @Override // org.infinispan.client.hotrod.impl.transport.netty.ActivationHandler, io.netty.channel.ChannelInboundHandlerAdapter, io.netty.channel.ChannelInboundHandler
    public void channelActive(ChannelHandlerContext channelHandlerContext) {
        Channel channel = channelHandlerContext.channel();
        this.operationsFactory.newAuthMechListOperation(channel).execute().thenCompose(list -> {
            byte[] evaluateChallenge;
            if (!list.contains(this.authentication.saslMechanism())) {
                throw Log.HOTROD.unsupportedMech(this.authentication.saslMechanism(), list);
            }
            if (trace) {
                log.tracef("Authenticating using mech: %s", this.authentication.saslMechanism());
            }
            if (this.saslClient.hasInitialResponse()) {
                try {
                    evaluateChallenge = evaluateChallenge(this.saslClient, EmptyArrays.EMPTY_BYTES, this.authentication.clientSubject());
                } catch (SaslException e) {
                    throw new CompletionException((Throwable) e);
                }
            } else {
                evaluateChallenge = EmptyArrays.EMPTY_BYTES;
            }
            return this.operationsFactory.newAuthOperation(channel, this.authentication.saslMechanism(), evaluateChallenge).execute();
        }).thenCompose((Function<? super U, ? extends CompletionStage<U>>) new ChallengeEvaluator(channel, this.saslClient)).thenRun(() -> {
            String str = (String) this.saslClient.getNegotiatedProperty("javax.security.sasl.qop");
            if (str == null || !(str.equalsIgnoreCase("auth-int") || str.equalsIgnoreCase("auth-conf"))) {
                try {
                    this.saslClient.dispose();
                } catch (SaslException e) {
                    channel.pipeline().fireExceptionCaught((Throwable) e);
                }
            } else {
                channel.pipeline().addFirst(new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4), new SaslDecoderEncoder(this.saslClient));
            }
            channel.pipeline().remove(this);
            channel.pipeline().fireUserEventTriggered(ActivationHandler.ACTIVATION_EVENT);
        }).exceptionally(th -> {
            while ((th instanceof CompletionException) && th.getCause() != null) {
                th = th.getCause();
            }
            channel.pipeline().fireExceptionCaught(th);
            return null;
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] evaluateChallenge(SaslClient saslClient, byte[] bArr, Subject subject) throws SaslException {
        if (subject == null) {
            return saslClient.evaluateChallenge(bArr);
        }
        try {
            return (byte[]) Subject.doAs(subject, () -> {
                return saslClient.evaluateChallenge(bArr);
            });
        } catch (PrivilegedActionException e) {
            SaslException cause = e.getCause();
            if (cause instanceof SaslException) {
                throw cause;
            }
            throw new RuntimeException((Throwable) cause);
        }
    }
}
