package org.apache.storm.security.auth.kerberos;

import java.io.IOException;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.Configuration;
import javax.security.sasl.AuthorizeCallback;
import org.apache.storm.security.auth.AuthUtils;
import org.apache.storm.security.auth.ReqContext;
import org.apache.storm.security.auth.SaslTransportPlugin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/storm/security/auth/kerberos/ServerCallbackHandler.class */
public class ServerCallbackHandler implements CallbackHandler {
    private static final Logger LOG = LoggerFactory.getLogger(ServerCallbackHandler.class);
    private String userName;
    private final boolean impersonationAllowed;

    public ServerCallbackHandler(Configuration configuration, Map map, boolean z) throws IOException {
        this.impersonationAllowed = z;
        if (configuration != null && configuration.getAppConfigurationEntry(AuthUtils.LOGIN_CONTEXT_SERVER) == null) {
            LOG.error("Could not find a 'StormServer' entry in this configuration: Server cannot start.");
            throw new IOException("Could not find a 'StormServer' entry in this configuration: Server cannot start.");
        }
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) {
        for (Callback callback : callbackArr) {
            if (callback instanceof NameCallback) {
                handleNameCallback((NameCallback) callback);
            } else if (callback instanceof PasswordCallback) {
                handlePasswordCallback((PasswordCallback) callback);
            } else if (callback instanceof AuthorizeCallback) {
                handleAuthorizeCallback((AuthorizeCallback) callback);
            }
        }
    }

    private void handleNameCallback(NameCallback nameCallback) {
        LOG.debug("handleNameCallback");
        this.userName = nameCallback.getDefaultName();
        nameCallback.setName(nameCallback.getDefaultName());
    }

    private void handlePasswordCallback(PasswordCallback passwordCallback) {
        LOG.warn("No password found for user: " + this.userName);
    }

    private void handleAuthorizeCallback(AuthorizeCallback authorizeCallback) {
        String authenticationID = authorizeCallback.getAuthenticationID();
        LOG.info("Successfully authenticated client: authenticationID=" + authenticationID + " authorizationID= " + authorizeCallback.getAuthorizationID());
        if (authorizeCallback.getAuthorizationID() == null) {
            authorizeCallback.setAuthorizedID(authenticationID);
        }
        if (authorizeCallback.getAuthenticationID().equals(authorizeCallback.getAuthorizationID())) {
            ReqContext.context().setRealPrincipal(null);
        } else {
            if (!this.impersonationAllowed) {
                throw new IllegalArgumentException(authorizeCallback.getAuthenticationID() + " attempting to impersonate " + authorizeCallback.getAuthorizationID() + ".  This is not allowed by this server");
            }
            ReqContext.context().setRealPrincipal(new SaslTransportPlugin.User(authorizeCallback.getAuthenticationID()));
        }
        authorizeCallback.setAuthorized(true);
    }
}
