package com.sun.jmx.remote.opt.security;

import com.sun.jmx.remote.generic.ProfileClient;
import com.sun.jmx.remote.opt.util.ClassLogger;
import com.sun.jmx.remote.socket.SocketConnectionIf;
import java.io.IOException;
import java.net.Socket;
import java.util.Arrays;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.Vector;
import javax.management.remote.generic.MessageConnection;
import javax.management.remote.message.ProfileMessage;
import javax.management.remote.message.SASLMessage;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;

/* loaded from: input_file:brooklyn-jmxmp-agent-shaded-1.2.0-20240729-1049.jar:com/sun/jmx/remote/opt/security/SASLClientHandler.class */
public class SASLClientHandler implements ProfileClient {
    private Map env;
    private String profile;
    private static final byte[] EMPTY = new byte[0];
    private static final ClassLogger logger = new ClassLogger("javax.management.remote.misc", "SASLClientHandler");
    private SaslClient saslClnt = null;
    private boolean completed = false;
    private boolean initialResponse = true;
    private byte[] blob = null;
    private MessageConnection mc = null;
    private Socket socket = null;
    private String mechanism = null;

    /* loaded from: input_file:brooklyn-jmxmp-agent-shaded-1.2.0-20240729-1049.jar:com/sun/jmx/remote/opt/security/SASLClientHandler$UserPasswordCallbackHandler.class */
    private static class UserPasswordCallbackHandler implements CallbackHandler {
        private String user;
        private char[] pwchars;

        UserPasswordCallbackHandler(String str, String str2) {
            this.user = str;
            this.pwchars = str2.toCharArray();
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (int i = 0; i < callbackArr.length; i++) {
                if (callbackArr[i] instanceof NameCallback) {
                    ((NameCallback) callbackArr[i]).setName(this.user);
                } else {
                    if (!(callbackArr[i] instanceof PasswordCallback)) {
                        throw new UnsupportedCallbackException(callbackArr[i]);
                    }
                    ((PasswordCallback) callbackArr[i]).setPassword(this.pwchars);
                }
            }
        }

        private void clearPassword() {
            if (this.pwchars != null) {
                for (int i = 0; i < this.pwchars.length; i++) {
                    this.pwchars[i] = 0;
                }
                this.pwchars = null;
            }
        }

        protected void finalize() {
            clearPassword();
        }
    }

    public SASLClientHandler(String str, Map map) {
        this.env = null;
        this.profile = null;
        this.env = map;
        this.profile = str;
    }

    @Override // com.sun.jmx.remote.generic.ProfileClient
    public void initialize(MessageConnection messageConnection) throws IOException {
        logger.trace("initialize", "starts");
        this.mc = messageConnection;
        if (!(messageConnection instanceof SocketConnectionIf)) {
            throw new IOException("Not an instance of SocketConnectionIf");
        }
        this.socket = ((SocketConnectionIf) messageConnection).getSocket();
        String substring = this.profile.substring(this.profile.indexOf("SASL/") + 5);
        String[] saslMechanismNames = getSaslMechanismNames(substring);
        String str = (String) this.env.get("jmx.remote.sasl.authorization.id");
        String str2 = (String) this.env.get("jmx.remote.x.sasl.server.name");
        if (str2 == null) {
            str2 = this.socket.getInetAddress().getHostName();
        }
        if (logger.traceOn()) {
            logger.trace("initialize", new StringBuffer().append("mech=").append(substring).append("; mechs=").append(Arrays.asList(saslMechanismNames)).append("; authzId=").append(str).append("; server=").append(str2).toString());
        }
        CallbackHandler callbackHandler = null;
        if (this.env.containsKey("jmx.remote.sasl.callback.handler")) {
            callbackHandler = (CallbackHandler) this.env.get("jmx.remote.sasl.callback.handler");
            if (logger.traceOn()) {
                logger.trace("initialize", new StringBuffer().append("found callback.handler property: ").append(callbackHandler).toString());
            }
        } else if (this.env.containsKey("jmx.remote.credentials")) {
            logger.trace("initialize", "found jmx.remote.credentials property");
            Object obj = this.env.get("jmx.remote.credentials");
            if (obj instanceof String[]) {
                String[] strArr = (String[]) obj;
                if (strArr.length == 2) {
                    callbackHandler = new UserPasswordCallbackHandler(strArr[0], strArr[1]);
                } else if (logger.traceOn()) {
                    logger.trace("initialize", new StringBuffer().append("...but it does not have 2 elements: ").append(Arrays.asList(strArr)).toString());
                }
            } else if (logger.traceOn()) {
                logger.trace("initialize", new StringBuffer().append("...but it is not a String[]: ").append(obj).toString());
            }
        }
        this.saslClnt = Sasl.createSaslClient(saslMechanismNames, str, "jmxmp", str2, this.env, callbackHandler);
        if (this.saslClnt == null) {
            throw new IOException(new StringBuffer().append("Unable to create SASL client connection for authentication mechanism [").append(substring).append("]").toString());
        }
        this.mechanism = this.saslClnt.getMechanismName();
    }

    @Override // com.sun.jmx.remote.generic.ProfileClient
    public ProfileMessage produceMessage() throws IOException {
        if (this.initialResponse) {
            this.blob = this.saslClnt.hasInitialResponse() ? this.saslClnt.evaluateChallenge(EMPTY) : EMPTY;
            this.initialResponse = false;
        }
        SASLMessage sASLMessage = new SASLMessage(this.mechanism, 1, this.blob);
        if (logger.traceOn()) {
            logger.trace("produceMessage", ">>>>> SASL client message <<<<<");
            logger.trace("produceMessage", new StringBuffer().append("Profile Name : ").append(sASLMessage.getProfileName()).toString());
            logger.trace("produceMessage", new StringBuffer().append("Status : ").append(sASLMessage.getStatus()).toString());
        }
        return sASLMessage;
    }

    @Override // com.sun.jmx.remote.generic.ProfileClient
    public void consumeMessage(ProfileMessage profileMessage) throws IOException {
        if (!(profileMessage instanceof SASLMessage)) {
            throw new IOException(new StringBuffer().append("Unexpected profile message type: ").append(profileMessage.getClass().getName()).toString());
        }
        SASLMessage sASLMessage = (SASLMessage) profileMessage;
        if (logger.traceOn()) {
            logger.trace("consumeMessage", ">>>>> SASL server message <<<<<");
            logger.trace("consumeMessage", new StringBuffer().append("Profile Name : ").append(sASLMessage.getProfileName()).toString());
            logger.trace("consumeMessage", new StringBuffer().append("Status : ").append(sASLMessage.getStatus()).toString());
        }
        if (sASLMessage.getStatus() != 1 && sASLMessage.getStatus() != 2) {
            throw new IOException(new StringBuffer().append("Unexpected SASL status [").append(sASLMessage.getStatus()).append("]").toString());
        }
        if (this.saslClnt.isComplete() && sASLMessage.getStatus() == 2) {
            this.completed = true;
            return;
        }
        if (this.saslClnt.isComplete() && sASLMessage.getStatus() != 2) {
            throw new IOException("SASL authentication complete despite the server claim for non-completion");
        }
        if (this.saslClnt.isComplete() || sASLMessage.getStatus() != 2) {
            if (this.saslClnt.isComplete() || sASLMessage.getStatus() == 2) {
                return;
            }
            this.blob = this.saslClnt.evaluateChallenge(sASLMessage.getBlob());
            return;
        }
        this.blob = this.saslClnt.evaluateChallenge(sASLMessage.getBlob());
        if (!this.saslClnt.isComplete()) {
            throw new IOException("SASL authentication not complete despite the server claim for completion");
        }
        this.completed = true;
    }

    @Override // com.sun.jmx.remote.generic.ProfileClient
    public boolean isComplete() {
        return this.completed;
    }

    @Override // com.sun.jmx.remote.generic.ProfileClient
    public void activate() throws IOException {
        String str = (String) this.saslClnt.getNegotiatedProperty("javax.security.sasl.qop");
        if (str != null) {
            if (str.equalsIgnoreCase("auth-int") || str.equalsIgnoreCase("auth-conf")) {
                ((SocketConnectionIf) this.mc).replaceStreams(new SASLInputStream(this.saslClnt, this.socket.getInputStream()), new SASLOutputStream(this.saslClnt, this.socket.getOutputStream()));
            }
        }
    }

    @Override // com.sun.jmx.remote.generic.ProfileClient
    public void terminate() throws IOException {
        this.saslClnt.dispose();
    }

    @Override // com.sun.jmx.remote.generic.ProfileClient
    public String getName() {
        return this.profile;
    }

    private static String[] getSaslMechanismNames(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str);
        Vector vector = new Vector(10);
        while (stringTokenizer.hasMoreTokens()) {
            vector.addElement(stringTokenizer.nextToken());
        }
        String[] strArr = new String[vector.size()];
        for (int i = 0; i < vector.size(); i++) {
            strArr[i] = (String) vector.elementAt(i);
        }
        return strArr;
    }
}
