package org.gridgain.grid.spi.authentication.jaas;

import java.security.Principal;
import java.util.Iterator;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.gridgain.grid.GridException;
import org.gridgain.grid.kernal.managers.security.GridSecuritySubjectAdapter;
import org.gridgain.grid.logger.GridLogger;
import org.gridgain.grid.resources.GridLoggerResource;
import org.gridgain.grid.security.GridSecurityPermissionSet;
import org.gridgain.grid.security.GridSecuritySubject;
import org.gridgain.grid.security.GridSecuritySubjectType;
import org.gridgain.grid.spi.GridSpiAdapter;
import org.gridgain.grid.spi.GridSpiConfiguration;
import org.gridgain.grid.spi.GridSpiException;
import org.gridgain.grid.spi.GridSpiMultipleInstancesSupport;
import org.gridgain.grid.spi.authentication.GridAuthenticationContext;
import org.gridgain.grid.spi.authentication.GridAuthenticationSpi;
import org.gridgain.grid.spi.authentication.GridSecurityPermissionSetJsonParser;
import org.gridgain.grid.util.typedef.internal.S;
import org.jetbrains.annotations.Nullable;

@GridSpiMultipleInstancesSupport(true)
/* loaded from: input_file:org/gridgain/grid/spi/authentication/jaas/GridJaasAuthenticationSpi.class */
public class GridJaasAuthenticationSpi extends GridSpiAdapter implements GridAuthenticationSpi, GridJaasAuthenticationSpiMBean {

    @GridLoggerResource
    private GridLogger log;
    private String loginCtxName = "GridJaasLoginContext";
    private GridJaasCallbackHandlerFactory callbackHndFactory = new DefaultCallbackFactory();
    private String dfltPermissions = "{defaultAllow:false}";
    private GridSecurityPermissionSet dfltPermSet;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:org/gridgain/grid/spi/authentication/jaas/GridJaasAuthenticationSpi$DefaultCallbackFactory.class */
    private static class DefaultCallbackFactory implements GridJaasCallbackHandlerFactory {
        private DefaultCallbackFactory() {
        }

        @Override // org.gridgain.grid.spi.authentication.jaas.GridJaasCallbackHandlerFactory
        public boolean supported(GridSecuritySubjectType gridSecuritySubjectType) {
            return true;
        }

        @Override // org.gridgain.grid.spi.authentication.jaas.GridJaasCallbackHandlerFactory
        @Nullable
        public CallbackHandler newInstance(final GridAuthenticationContext gridAuthenticationContext) throws GridSpiException {
            return new CallbackHandler() { // from class: org.gridgain.grid.spi.authentication.jaas.GridJaasAuthenticationSpi.DefaultCallbackFactory.1
                @Override // javax.security.auth.callback.CallbackHandler
                public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
                    for (Callback callback : callbackArr) {
                        if (callback instanceof NameCallback) {
                            Object login = gridAuthenticationContext.credentials() == null ? null : gridAuthenticationContext.credentials().getLogin();
                            if (!(login instanceof String)) {
                                throw new IllegalArgumentException("Failed to handle JAAS callback (unsupported login type: " + (login == null ? "null" : login.getClass().getName()) + ")");
                            }
                            ((NameCallback) callback).setName((String) login);
                        } else {
                            if (!(callback instanceof PasswordCallback)) {
                                throw new UnsupportedCallbackException(callback, "Failed to handle JAAS callback (unsupported callback type): " + callback.getClass().getName());
                            }
                            PasswordCallback passwordCallback = (PasswordCallback) callback;
                            Object password = gridAuthenticationContext.credentials() == null ? null : gridAuthenticationContext.credentials().getPassword();
                            if (!(password instanceof String) && !(password instanceof char[])) {
                                throw new IllegalArgumentException("Failed to handle JAAS callback (unsupported login type: " + (password == null ? "null" : password.getClass().getName()) + ")");
                            }
                            passwordCallback.setPassword(password instanceof String ? ((String) password).toCharArray() : (char[]) password);
                        }
                    }
                }
            };
        }
    }

    @Override // org.gridgain.grid.spi.authentication.jaas.GridJaasAuthenticationSpiMBean
    public String getLoginContextName() {
        return this.loginCtxName;
    }

    @Override // org.gridgain.grid.spi.authentication.jaas.GridJaasAuthenticationSpiMBean
    @GridSpiConfiguration(optional = true)
    public void setLoginContextName(String str) {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        this.loginCtxName = str;
    }

    @Override // org.gridgain.grid.spi.authentication.jaas.GridJaasAuthenticationSpiMBean
    public String getCallbackHandlerFactoryFormatted() {
        return this.callbackHndFactory.toString();
    }

    @GridSpiConfiguration(optional = true)
    public void setCallbackHandlerFactory(GridJaasCallbackHandlerFactory gridJaasCallbackHandlerFactory) {
        this.callbackHndFactory = gridJaasCallbackHandlerFactory;
    }

    public String getDefaultPermissions() {
        return this.dfltPermissions;
    }

    @GridSpiConfiguration(optional = true)
    public void setDefaultPermissions(String str) {
        this.dfltPermissions = str;
    }

    public GridSecuritySubject authenticate(GridAuthenticationContext gridAuthenticationContext) throws GridSpiException {
        CallbackHandler newInstance = this.callbackHndFactory.newInstance(gridAuthenticationContext);
        if (newInstance == null) {
            return null;
        }
        try {
            LoginContext loginContext = new LoginContext(this.loginCtxName, newInstance);
            try {
                loginContext.login();
                GridSecurityPermissionSet gridSecurityPermissionSet = null;
                Iterator<Principal> it = loginContext.getSubject().getPrincipals().iterator();
                while (it.hasNext()) {
                    gridSecurityPermissionSet = parsePermissions(it.next().getName());
                    if (gridSecurityPermissionSet != null) {
                        break;
                    }
                }
                if (gridSecurityPermissionSet == null) {
                    gridSecurityPermissionSet = this.dfltPermSet;
                }
                GridSecuritySubjectAdapter gridSecuritySubjectAdapter = new GridSecuritySubjectAdapter(gridAuthenticationContext.subjectType(), gridAuthenticationContext.subjectId());
                gridSecuritySubjectAdapter.permissions(gridSecurityPermissionSet);
                gridSecuritySubjectAdapter.address(gridAuthenticationContext.address());
                if (gridAuthenticationContext.credentials() != null) {
                    gridSecuritySubjectAdapter.login(gridAuthenticationContext.credentials().getLogin());
                }
                return gridSecuritySubjectAdapter;
            } catch (LoginException e) {
                return null;
            }
        } catch (LoginException e2) {
            throw new GridSpiException("Failed to create login context: " + this.loginCtxName, e2);
        }
    }

    public boolean supported(GridSecuritySubjectType gridSecuritySubjectType) {
        return this.callbackHndFactory.supported(gridSecuritySubjectType);
    }

    public void spiStart(String str) throws GridSpiException {
        assertParameter(this.callbackHndFactory != null, "callbackHandlerFactory != null");
        assertParameter(this.dfltPermissions != null, "defaultPermissions != null");
        this.dfltPermSet = parsePermissions(this.dfltPermissions);
        startStopwatch();
        registerMBean(str, this, GridJaasAuthenticationSpiMBean.class);
        if (this.log.isDebugEnabled()) {
            this.log.debug(startInfo());
        }
    }

    public void spiStop() throws GridSpiException {
        unregisterMBean();
        if (this.log.isDebugEnabled()) {
            this.log.debug(stopInfo());
        }
    }

    private GridSecurityPermissionSet parsePermissions(String str) {
        try {
            return new GridSecurityPermissionSetJsonParser(str).parse();
        } catch (GridException e) {
            return null;
        }
    }

    public String toString() {
        return S.toString(GridJaasAuthenticationSpi.class, this);
    }

    static {
        $assertionsDisabled = !GridJaasAuthenticationSpi.class.desiredAssertionStatus();
    }
}
