package org.apache.zookeeper.server.auth;

import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.server.ServerCnxn;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/zookeeper-3.5.1-mrs-1.6.0.jar:org/apache/zookeeper/server/auth/SASLAuthenticationProvider.class */
public class SASLAuthenticationProvider implements ExtAuthenticationProvider {
    static final String PROP_COMPARE_SHORT_NAME = "zookeeper.acl.compare.shortName";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SASLAuthenticationProvider.class);
    private boolean compareShortName = Boolean.getBoolean(PROP_COMPARE_SHORT_NAME);
    private boolean removeHost = Boolean.getBoolean("zookeeper.kerberos.removeHostFromPrincipal");
    private boolean removeRelm = Boolean.getBoolean("zookeeper.kerberos.removeRealmFromPrincipal");

    public SASLAuthenticationProvider() {
        LOG.info("Property {} value is {}", PROP_COMPARE_SHORT_NAME, Boolean.valueOf(this.compareShortName));
        LOG.info("Property {} value is {}", "zookeeper.kerberos.removeHostFromPrincipal", Boolean.valueOf(this.removeHost));
        LOG.info("Property {} value is {}", "zookeeper.kerberos.removeRealmFromPrincipal", Boolean.valueOf(this.removeRelm));
    }

    @Override // org.apache.zookeeper.server.auth.AuthenticationProvider
    public String getScheme() {
        return "sasl";
    }

    @Override // org.apache.zookeeper.server.auth.AuthenticationProvider
    public KeeperException.Code handleAuthentication(ServerCnxn serverCnxn, byte[] bArr) {
        return KeeperException.Code.AUTHFAILED;
    }

    @Override // org.apache.zookeeper.server.auth.AuthenticationProvider
    public boolean matches(String str, String str2) {
        if ((System.getProperty("zookeeper.superUser") != null && (str.equals(System.getProperty("zookeeper.superUser")) || match(str, str2))) || str.equals("super") || match(str, str2)) {
            return true;
        }
        String property = System.getProperty("zookeeper.letAnySaslUserDoX");
        return property != null && str2.equals(property);
    }

    private boolean match(String str, String str2) {
        if (str.equals(str2)) {
            return true;
        }
        if (!this.compareShortName) {
            return false;
        }
        String shortName = getShortName(str);
        boolean equals = shortName.equals(str2);
        if (!equals) {
            try {
                return shortName.equals(new KerberosName(str2).getServiceName());
            } catch (IllegalArgumentException e) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Failed to parse the ACL Expression with KerberosName {}", str2, e);
                }
            }
        }
        return equals;
    }

    private String getShortName(String str) {
        int lastIndexOf;
        if (this.removeHost && this.removeRelm) {
            return str;
        }
        if (!this.removeHost && (lastIndexOf = str.lastIndexOf(47)) != -1) {
            return str.substring(0, lastIndexOf);
        }
        return getShortNameUptoRealm(str);
    }

    private String getShortNameUptoRealm(String str) {
        int lastIndexOf = str.lastIndexOf(64);
        return lastIndexOf == -1 ? str : str.substring(0, lastIndexOf);
    }

    @Override // org.apache.zookeeper.server.auth.AuthenticationProvider
    public boolean isAuthenticated() {
        return true;
    }

    @Override // org.apache.zookeeper.server.auth.AuthenticationProvider
    public boolean isValid(String str) {
        try {
            new KerberosName(str);
            return true;
        } catch (IllegalArgumentException e) {
            return false;
        }
    }

    @Override // org.apache.zookeeper.server.auth.ExtAuthenticationProvider
    public String getUserName(String str) {
        return str;
    }
}
