package org.infinispan.server.memcached.binary;

import java.nio.charset.StandardCharsets;
import javax.security.auth.Subject;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.infinispan.commons.util.Util;
import org.infinispan.commons.util.concurrent.CompletableFutures;
import org.infinispan.server.core.security.sasl.SaslAuthenticator;
import org.infinispan.server.core.transport.SaslQopHandler;
import org.infinispan.server.memcached.MemcachedResponse;
import org.infinispan.server.memcached.MemcachedServer;
import org.infinispan.server.memcached.MemcachedStatus;
import org.infinispan.server.memcached.configuration.MemcachedAuthenticationConfiguration;
import org.infinispan.server.memcached.configuration.MemcachedServerConfiguration;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/infinispan/server/memcached/binary/BinaryAuthDecoder.class */
public abstract class BinaryAuthDecoder extends BinaryDecoder {
    private SaslServer saslServer;

    /* JADX INFO: Access modifiers changed from: protected */
    public BinaryAuthDecoder(MemcachedServer memcachedServer) {
        super(memcachedServer, ANONYMOUS);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MemcachedResponse saslListMechs(BinaryHeader binaryHeader) {
        response(binaryHeader, MemcachedStatus.NO_ERROR, String.join(" ", ((MemcachedAuthenticationConfiguration) ((MemcachedServerConfiguration) this.server.getConfiguration()).authentication()).sasl().mechanisms()).getBytes(StandardCharsets.US_ASCII));
        return send(binaryHeader, CompletableFutures.completedNull());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MemcachedResponse saslAuth(BinaryHeader binaryHeader, byte[] bArr, byte[] bArr2) {
        return send(binaryHeader, this.server.getBlockingManager().supplyBlocking(() -> {
            try {
                this.saslServer = SaslAuthenticator.createSaslServer(((MemcachedAuthenticationConfiguration) ((MemcachedServerConfiguration) this.server.getConfiguration()).authentication()).sasl(), this.ctx.channel(), new String(bArr, StandardCharsets.US_ASCII), BinaryConstants.MEMCACHED_SASL_PROTOCOL);
                doSasl(binaryHeader, bArr2);
                return null;
            } catch (Throwable th) {
                response(binaryHeader, MemcachedStatus.AUTHN_ERROR, th);
                return null;
            }
        }, "memcached-sasl-auth"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MemcachedResponse saslStep(BinaryHeader binaryHeader, byte[] bArr, byte[] bArr2) {
        return send(binaryHeader, this.server.getBlockingManager().supplyBlocking(() -> {
            doSasl(binaryHeader, bArr2);
            return null;
        }, "memcached-sasl-step"));
    }

    private void doSasl(BinaryHeader binaryHeader, byte[] bArr) {
        try {
            byte[] evaluateResponse = this.saslServer.evaluateResponse(bArr);
            if (this.saslServer.isComplete()) {
                Subject subject = (Subject) this.saslServer.getNegotiatedProperty("org.infinispan.security.Subject");
                String str = (String) this.saslServer.getNegotiatedProperty("javax.security.sasl.qop");
                if ("auth-int".equals(str) || "auth-conf".equals(str)) {
                    this.ctx.channel().eventLoop().submit(() -> {
                        response(binaryHeader, MemcachedStatus.NO_ERROR);
                        this.ctx.pipeline().addBefore("decoder", "saslQop", new SaslQopHandler(this.saslServer));
                    });
                } else {
                    this.ctx.channel().eventLoop().submit(() -> {
                        response(binaryHeader, MemcachedStatus.NO_ERROR, evaluateResponse == null ? Util.EMPTY_BYTE_ARRAY : evaluateResponse);
                        this.ctx.pipeline().replace("decoder", "decoder", new BinaryOpDecoderImpl(this.server, subject));
                        disposeSaslServer();
                    });
                }
            } else {
                response(binaryHeader, MemcachedStatus.AUTHN_CONTINUE, evaluateResponse);
            }
        } catch (Throwable th) {
            response(binaryHeader, MemcachedStatus.AUTHN_ERROR, th);
        }
    }

    private void disposeSaslServer() {
        try {
            if (this.saslServer != null) {
                this.saslServer.dispose();
            }
        } catch (SaslException e) {
            log.debug("Exception while disposing SaslServer", e);
        } finally {
            this.saslServer = null;
        }
    }
}
