package org.apache.kafka.common.network;

import java.io.IOException;
import java.nio.channels.SelectionKey;
import java.nio.channels.SocketChannel;
import java.util.List;
import java.util.Map;
import javax.security.auth.login.Configuration;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.config.SaslConfigs;
import org.apache.kafka.common.protocol.SecurityProtocol;
import org.apache.kafka.common.security.JaasUtils;
import org.apache.kafka.common.security.authenticator.CredentialCache;
import org.apache.kafka.common.security.authenticator.LoginManager;
import org.apache.kafka.common.security.authenticator.SaslClientAuthenticator;
import org.apache.kafka.common.security.authenticator.SaslServerAuthenticator;
import org.apache.kafka.common.security.kerberos.KerberosShortNamer;
import org.apache.kafka.common.security.ssl.SslFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-310-12.zip:modules/system/layers/fuse/org/apache/kafka/clients/main/kafka-clients-0.10.2.0.jar:org/apache/kafka/common/network/SaslChannelBuilder.class */
public class SaslChannelBuilder implements ChannelBuilder {
    private static final Logger log = LoggerFactory.getLogger(SaslChannelBuilder.class);
    private final SecurityProtocol securityProtocol;
    private final String clientSaslMechanism;
    private final Mode mode;
    private final LoginType loginType;
    private final boolean handshakeRequestEnable;
    private final CredentialCache credentialCache;
    private Configuration jaasConfig;
    private LoginManager loginManager;
    private SslFactory sslFactory;
    private Map<String, ?> configs;
    private KerberosShortNamer kerberosShortNamer;

    public SaslChannelBuilder(Mode mode, LoginType loginType, SecurityProtocol securityProtocol, String str, boolean z, CredentialCache credentialCache) {
        this.mode = mode;
        this.loginType = loginType;
        this.securityProtocol = securityProtocol;
        this.handshakeRequestEnable = z;
        this.clientSaslMechanism = str;
        this.credentialCache = credentialCache;
    }

    @Override // org.apache.kafka.common.network.ChannelBuilder
    public void configure(Map<String, ?> map) throws KafkaException {
        boolean equals;
        String str;
        try {
            this.configs = map;
            if (this.mode == Mode.SERVER) {
                List list = (List) this.configs.get(SaslConfigs.SASL_ENABLED_MECHANISMS);
                equals = list == null || list.contains("GSSAPI");
            } else {
                equals = this.clientSaslMechanism.equals("GSSAPI");
            }
            if (equals) {
                try {
                    str = JaasUtils.defaultKerberosRealm();
                } catch (Exception e) {
                    str = "";
                }
                List list2 = (List) map.get(SaslConfigs.SASL_KERBEROS_PRINCIPAL_TO_LOCAL_RULES);
                if (list2 != null) {
                    this.kerberosShortNamer = KerberosShortNamer.fromUnparsedRules(str, list2);
                }
            }
            this.jaasConfig = JaasUtils.jaasConfig(this.loginType, map);
            this.loginManager = LoginManager.acquireLoginManager(this.loginType, equals, map, this.jaasConfig);
            if (this.securityProtocol == SecurityProtocol.SASL_SSL) {
                this.sslFactory = new SslFactory(this.mode, "none");
                this.sslFactory.configure(map);
            }
        } catch (Exception e2) {
            throw new KafkaException(e2);
        }
    }

    @Override // org.apache.kafka.common.network.ChannelBuilder
    public KafkaChannel buildChannel(String str, SelectionKey selectionKey, int i) throws KafkaException {
        try {
            SocketChannel socketChannel = (SocketChannel) selectionKey.channel();
            TransportLayer buildTransportLayer = buildTransportLayer(str, selectionKey, socketChannel);
            Authenticator saslServerAuthenticator = this.mode == Mode.SERVER ? new SaslServerAuthenticator(str, this.jaasConfig, this.loginManager.subject(), this.kerberosShortNamer, socketChannel.socket().getLocalAddress().getHostName(), i, this.credentialCache) : new SaslClientAuthenticator(str, this.loginManager.subject(), this.loginManager.serviceName(), socketChannel.socket().getInetAddress().getHostName(), this.clientSaslMechanism, this.handshakeRequestEnable);
            saslServerAuthenticator.configure(buildTransportLayer, null, this.configs);
            return new KafkaChannel(str, buildTransportLayer, saslServerAuthenticator, i);
        } catch (Exception e) {
            log.info("Failed to create channel due to ", e);
            throw new KafkaException(e);
        }
    }

    @Override // org.apache.kafka.common.network.ChannelBuilder
    public void close() {
        if (this.loginManager != null) {
            this.loginManager.release();
        }
    }

    protected TransportLayer buildTransportLayer(String str, SelectionKey selectionKey, SocketChannel socketChannel) throws IOException {
        return this.securityProtocol == SecurityProtocol.SASL_SSL ? SslTransportLayer.create(str, selectionKey, this.sslFactory.createSslEngine(socketChannel.socket().getInetAddress().getHostName(), socketChannel.socket().getPort())) : new PlaintextTransportLayer(selectionKey);
    }
}
