package com.sun.jmx.remote.opt.security;

import com.sun.jmx.remote.generic.ProfileServer;
import com.sun.jmx.remote.opt.util.ClassLogger;
import com.sun.jmx.remote.socket.SocketConnectionIf;
import java.io.IOException;
import java.net.Socket;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Map;
import javax.management.remote.JMXPrincipal;
import javax.management.remote.generic.MessageConnection;
import javax.management.remote.message.ProfileMessage;
import javax.management.remote.message.SASLMessage;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslServer;

/* loaded from: input_file:brooklyn-jmxmp-agent-shaded-0.9.0-20151119.1110.jar:com/sun/jmx/remote/opt/security/SASLServerHandler.class */
public class SASLServerHandler implements ProfileServer {
    private Map env;
    private String profile;
    private static final ClassLogger logger = new ClassLogger("javax.management.remote.misc", "SASLServerHandler");
    private SaslServer saslServer = null;
    private byte[] blob = null;
    private MessageConnection mc = null;
    private Socket socket = null;
    private String mechanism = null;
    private Subject subject = null;

    public SASLServerHandler(String str, Map map) {
        this.env = null;
        this.profile = null;
        this.profile = str;
        this.env = map;
    }

    @Override // com.sun.jmx.remote.generic.ProfileServer
    public void initialize(MessageConnection messageConnection, Subject subject) throws IOException {
        this.mc = messageConnection;
        this.subject = subject;
        if (!(messageConnection instanceof SocketConnectionIf)) {
            throw new IOException("Not an instance of SocketConnectionIf");
        }
        this.socket = ((SocketConnectionIf) messageConnection).getSocket();
        this.mechanism = this.profile.substring(this.profile.indexOf("SASL/") + 5);
        String str = (String) this.env.get("jmx.remote.x.sasl.server.name");
        if (str == null) {
            str = this.socket.getLocalAddress().getHostName();
        }
        this.saslServer = Sasl.createSaslServer(this.mechanism, "jmxmp", str, this.env, (CallbackHandler) this.env.get("jmx.remote.sasl.callback.handler"));
        if (this.saslServer == null) {
            throw new IOException(new StringBuffer().append("Unable to create SASL server connection for authentication mechanism [").append(this.mechanism).append("]").toString());
        }
    }

    @Override // com.sun.jmx.remote.generic.ProfileServer
    public ProfileMessage produceMessage() throws IOException {
        SASLMessage sASLMessage = new SASLMessage(this.mechanism, this.saslServer.isComplete() ? 2 : 1, this.blob);
        if (logger.traceOn()) {
            logger.trace("produceMessage", ">>>>> SASL server message <<<<<");
            logger.trace("produceMessage", new StringBuffer().append("Profile Name : ").append(sASLMessage.getProfileName()).toString());
            logger.trace("produceMessage", new StringBuffer().append("Status : ").append(sASLMessage.getStatus()).toString());
        }
        return sASLMessage;
    }

    @Override // com.sun.jmx.remote.generic.ProfileServer
    public void consumeMessage(ProfileMessage profileMessage) throws IOException {
        if (!(profileMessage instanceof SASLMessage)) {
            throw new IOException(new StringBuffer().append("Unexpected profile message type: ").append(profileMessage.getClass().getName()).toString());
        }
        SASLMessage sASLMessage = (SASLMessage) profileMessage;
        if (logger.traceOn()) {
            logger.trace("consumeMessage", ">>>>> SASL client message <<<<<");
            logger.trace("consumeMessage", new StringBuffer().append("Profile Name : ").append(sASLMessage.getProfileName()).toString());
            logger.trace("consumeMessage", new StringBuffer().append("Status : ").append(sASLMessage.getStatus()).toString());
        }
        if (sASLMessage.getStatus() != 1) {
            throw new IOException(new StringBuffer().append("Unexpected SASL status [").append(sASLMessage.getStatus()).append("]").toString());
        }
        if (this.saslServer.isComplete()) {
            throw new IOException("SASL authentication complete despite the client claim for non-completion");
        }
        this.blob = this.saslServer.evaluateResponse(sASLMessage.getBlob());
    }

    @Override // com.sun.jmx.remote.generic.ProfileServer
    public boolean isComplete() {
        return this.saslServer.isComplete();
    }

    @Override // com.sun.jmx.remote.generic.ProfileServer
    public Subject activate() throws IOException {
        String str = (String) this.saslServer.getNegotiatedProperty("javax.security.sasl.qop");
        if (str != null && (str.equalsIgnoreCase("auth-int") || str.equalsIgnoreCase("auth-conf"))) {
            ((SocketConnectionIf) this.mc).replaceStreams(new SASLInputStream(this.saslServer, this.socket.getInputStream()), new SASLOutputStream(this.saslServer, this.socket.getOutputStream()));
        }
        JMXPrincipal jMXPrincipal = new JMXPrincipal(this.saslServer.getAuthorizationID());
        if (this.subject == null) {
            this.subject = new Subject();
        }
        AccessController.doPrivileged(new PrivilegedAction(this, jMXPrincipal) { // from class: com.sun.jmx.remote.opt.security.SASLServerHandler.1
            private final Principal val$principal;
            private final SASLServerHandler this$0;

            {
                this.this$0 = this;
                this.val$principal = jMXPrincipal;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                this.this$0.subject.getPrincipals().add(this.val$principal);
                return null;
            }
        });
        return this.subject;
    }

    @Override // com.sun.jmx.remote.generic.ProfileServer
    public void terminate() throws IOException {
        this.saslServer.dispose();
    }

    @Override // com.sun.jmx.remote.generic.ProfileServer
    public String getName() {
        return this.profile;
    }
}
