package org.apache.zookeeper.server;

import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.proto.ReplyHeader;
import org.apache.zookeeper.server.auth.ProviderRegistry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/zookeeper/server/AuthenticationHelper.class */
public class AuthenticationHelper {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AuthenticationHelper.class);
    public static final String ENFORCE_AUTH_ENABLED = "zookeeper.enforce.auth.enabled";
    public static final String ENFORCE_AUTH_SCHEME = "zookeeper.enforce.auth.scheme";
    private boolean enforceAuthEnabled;
    private String enforceAuthScheme;

    public AuthenticationHelper() {
        initConfigurations();
    }

    private void initConfigurations() {
        this.enforceAuthEnabled = Boolean.parseBoolean(System.getProperty("zookeeper.enforce.auth.enabled", "false"));
        LOG.info("{} = {}", "zookeeper.enforce.auth.enabled", Boolean.valueOf(this.enforceAuthEnabled));
        this.enforceAuthScheme = System.getProperty("zookeeper.enforce.auth.scheme");
        LOG.info("{} = {}", "zookeeper.enforce.auth.scheme", this.enforceAuthScheme);
        validateConfiguredProperties();
    }

    private void validateConfiguredProperties() {
        if (this.enforceAuthEnabled) {
            if (this.enforceAuthScheme == null) {
                LOG.error("zookeeper.enforce.auth.enabled is true zookeeper.enforce.auth.scheme must be  configured.");
                throw new IllegalArgumentException("zookeeper.enforce.auth.enabled is true zookeeper.enforce.auth.scheme must be  configured.");
            }
            if (ProviderRegistry.getProvider(this.enforceAuthScheme) == null) {
                String str = "Authentication scheme " + this.enforceAuthScheme + " is not available.";
                LOG.error(str);
                throw new IllegalArgumentException(str);
            }
        }
    }

    private boolean isCnxnAuthenticated(ServerCnxn serverCnxn) {
        Iterator<Id> it = serverCnxn.getAuthInfo().iterator();
        while (it.hasNext()) {
            if (it.next().getScheme().equals(this.enforceAuthScheme)) {
                return true;
            }
        }
        return false;
    }

    public boolean isEnforceAuthEnabled() {
        return this.enforceAuthEnabled;
    }

    public boolean enforceAuthentication(ServerCnxn serverCnxn, ZooKeeperServer zooKeeperServer, int i) throws IOException {
        if (!isEnforceAuthEnabled() || isCnxnAuthenticated(serverCnxn)) {
            return true;
        }
        LOG.error("Client authentication scheme(s) {} does not match with expected  authentication scheme {}, closing connection.", getAuthSchemes(serverCnxn), this.enforceAuthScheme);
        serverCnxn.sendResponse(new ReplyHeader(i, 0L, KeeperException.Code.AUTHFAILED.intValue()), null, null);
        if (serverCnxn.getSessionId() > 0) {
            zooKeeperServer.close(serverCnxn.getSessionId());
        }
        serverCnxn.disableRecv();
        serverCnxn.close();
        return false;
    }

    private List<String> getAuthSchemes(ServerCnxn serverCnxn) {
        return (List) serverCnxn.authInfo.stream().map((v0) -> {
            return v0.getScheme();
        }).collect(Collectors.toList());
    }
}
