package org.apache.hadoop.hbase.shaded.org.apache.zookeeper.server.auth;

import java.nio.charset.StandardCharsets;
import java.util.Base64;
import javax.security.auth.login.AppConfigurationEntry;
import org.apache.hadoop.hbase.shaded.org.apache.zookeeper.KeeperException;
import org.apache.hadoop.hbase.shaded.org.apache.zookeeper.data.Id;
import org.apache.hadoop.hbase.shaded.org.apache.zookeeper.server.AuthenticationHelper;
import org.apache.hadoop.hbase.shaded.org.apache.zookeeper.server.ServerCnxn;
import org.apache.hadoop.hbase.shaded.org.apache.zookeeper.util.CertificateUtils;
import org.apache.hadoop.hbase.shaded.org.apache.zookeeper.util.ConfigurationUtils;
import org.apache.hadoop.hbase.shaded.org.apache.zookeeper.util.VerifyUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hbase/shaded/org/apache/zookeeper/server/auth/CspAuthenticationProvider.class */
public class CspAuthenticationProvider implements AuthenticationProvider {
    private static final Logger LOG = LoggerFactory.getLogger(CspAuthenticationProvider.class);
    private static String CSP_AUTH_SERVER_NAME_KEY;
    private static final String DEFAULT_CSP_AUTH_SERVER_NAME_KEY = "Server";
    private static final String SERVER_NAME_KEY = "server";
    private static final String SERVER_IP_KEY = "serverIp";
    private static final String SEP = "��";

    @Override // org.apache.hadoop.hbase.shaded.org.apache.zookeeper.server.auth.AuthenticationProvider
    public String getScheme() {
        return AuthenticationHelper.SASL_AUTH_SCHEME;
    }

    @Override // org.apache.hadoop.hbase.shaded.org.apache.zookeeper.server.auth.AuthenticationProvider
    public KeeperException.Code handleAuthentication(ServerCnxn serverCnxn, byte[] bArr) {
        if (bArr.length == 0) {
            LOG.error("got invalid auth data from {}, auth data length is 0", serverCnxn.getRemoteSocketAddress());
            return KeeperException.Code.AUTHFAILED;
        }
        String[] split = new String(bArr, StandardCharsets.UTF_8).split("��");
        if (split.length != 2) {
            LOG.error("invalid auth data, expect 2 tokens, got {}", Integer.valueOf(split.length));
            return KeeperException.Code.AUTHFAILED;
        }
        byte[] decode = Base64.getDecoder().decode(split[0]);
        if (!CertificateUtils.verifySign(decode, split[1])) {
            LOG.error("verify sign failed");
            return KeeperException.Code.AUTHFAILED;
        }
        String[] split2 = new String(CertificateUtils.decryptByPrivateKey(decode), StandardCharsets.UTF_8).split("��");
        if (split2.length != 5) {
            LOG.error("invalid auth info, expect 6 tokens, got {}", Integer.valueOf(split2.length));
            return KeeperException.Code.AUTHFAILED;
        }
        if (!VerifyUtils.isTimestampValid(split2[2])) {
            return KeeperException.Code.AUTHFAILED;
        }
        AppConfigurationEntry[] appConfigurationEntries = ConfigurationUtils.getAppConfigurationEntries(CSP_AUTH_SERVER_NAME_KEY);
        if (appConfigurationEntries == null || appConfigurationEntries.length == 0) {
            LOG.error("No JAAS configuration section named {}, so auth fail fast", CSP_AUTH_SERVER_NAME_KEY);
            return KeeperException.Code.AUTHFAILED;
        }
        String str = "";
        String str2 = "";
        for (AppConfigurationEntry appConfigurationEntry : appConfigurationEntries) {
            if (appConfigurationEntry.getOptions().containsKey("server")) {
                str = (String) appConfigurationEntry.getOptions().get("server");
            }
            if (appConfigurationEntry.getOptions().containsKey(SERVER_IP_KEY)) {
                str2 = (String) appConfigurationEntry.getOptions().get(SERVER_IP_KEY);
            }
        }
        String str3 = split2[3];
        if (!VerifyUtils.isServiceSignatureValid(str3, str, split2[4], str2)) {
            LOG.error("service signature error {}", str3);
            return KeeperException.Code.AUTHFAILED;
        }
        serverCnxn.addAuthInfo(new Id(getScheme(), split2[0]));
        return KeeperException.Code.OK;
    }

    @Override // org.apache.hadoop.hbase.shaded.org.apache.zookeeper.server.auth.AuthenticationProvider
    public boolean isAuthenticated() {
        return true;
    }

    @Override // org.apache.hadoop.hbase.shaded.org.apache.zookeeper.server.auth.AuthenticationProvider
    public boolean isValid(String str) {
        return (null == str || str.isEmpty()) ? false : true;
    }

    @Override // org.apache.hadoop.hbase.shaded.org.apache.zookeeper.server.auth.AuthenticationProvider
    public boolean matches(String str, String str2) {
        return null != str && str.equals(str2);
    }

    static {
        CSP_AUTH_SERVER_NAME_KEY = System.getProperty("zookeeper.csp.auth.serverconfig");
        if (null == CSP_AUTH_SERVER_NAME_KEY || CSP_AUTH_SERVER_NAME_KEY.isEmpty()) {
            CSP_AUTH_SERVER_NAME_KEY = "Server";
        }
    }
}
