package oadd.org.apache.drill.exec.rpc.security.plain;

import java.nio.charset.StandardCharsets;
import java.util.Map;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import oadd.org.apache.drill.common.config.DrillProperties;
import oadd.org.apache.drill.exec.rpc.user.security.UserAuthenticationException;
import oadd.org.apache.drill.exec.rpc.user.security.UserAuthenticator;

/* loaded from: input_file:oadd/org/apache/drill/exec/rpc/security/plain/PlainServer.class */
class PlainServer implements SaslServer {
    private static final String UTF_8_NULL = "��";
    public static final String MECHANISM_NAME = "PLAIN";
    private final UserAuthenticator authenticator;
    private boolean completed = false;
    private String authorizationID;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PlainServer(UserAuthenticator userAuthenticator, Map<String, ?> map) throws SaslException {
        if (map != null && "true".equalsIgnoreCase((String) map.get("javax.security.sasl.policy.noplaintext"))) {
            throw new SaslException("PLAIN authentication is not permitted.");
        }
        this.authenticator = userAuthenticator;
    }

    public String getMechanismName() {
        return "PLAIN";
    }

    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        if (this.completed) {
            throw new IllegalStateException("PLAIN authentication already completed");
        }
        if (bArr == null) {
            throw new SaslException("Received null response");
        }
        String[] split = new String(bArr, StandardCharsets.UTF_8).split(UTF_8_NULL, 3);
        if (split.length != 3) {
            throw new SaslException("Received corrupt response. Expected 3 parts, but received " + split.length);
        }
        String str = split[0];
        String str2 = split[1];
        String str3 = split[2];
        if (str.isEmpty()) {
            str = str2;
        }
        try {
            this.authenticator.authenticate(str2, str3);
            if (!str.equals(str2)) {
                throw new SaslException("Drill expects authorization ID and authentication ID to match. Use inbound impersonation feature so one entity can act on behalf of another.");
            }
            this.authorizationID = str;
            this.completed = true;
            return null;
        } catch (UserAuthenticationException e) {
            throw new SaslException(e.getMessage());
        }
    }

    public boolean isComplete() {
        return this.completed;
    }

    public String getAuthorizationID() {
        if (this.completed) {
            return this.authorizationID;
        }
        throw new IllegalStateException("PLAIN authentication not completed");
    }

    public Object getNegotiatedProperty(String str) {
        if (!this.completed) {
            throw new IllegalStateException("PLAIN authentication not completed");
        }
        if ("javax.security.sasl.qop".equals(str)) {
            return DrillProperties.AUTH_MECHANISM;
        }
        return null;
    }

    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        if (this.completed) {
            throw new SaslException("PLAIN supports neither integrity nor privacy");
        }
        throw new IllegalStateException("PLAIN authentication not completed");
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        if (this.completed) {
            throw new SaslException("PLAIN supports neither integrity nor privacy");
        }
        throw new IllegalStateException("PLAIN authentication not completed");
    }

    public void dispose() throws SaslException {
        this.authorizationID = null;
    }
}
