package io.stargate.auth;

import com.datastax.oss.driver.shaded.guava.common.annotations.VisibleForTesting;
import io.stargate.db.AuthenticatedUser;
import io.stargate.db.Authenticator;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import org.apache.cassandra.stargate.exceptions.AuthenticationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/stargate/auth/PlainTextTokenSaslNegotiator.class */
public abstract class PlainTextTokenSaslNegotiator implements Authenticator.SaslNegotiator {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) PlainTextTokenSaslNegotiator.class);
    static final byte NUL = 0;
    protected final AuthenticationService authentication;
    private final Authenticator.SaslNegotiator wrapped;
    protected AuthenticationSubject authenticationSubject;
    protected final String tokenUsername;
    protected final int tokenMaxLength;

    public PlainTextTokenSaslNegotiator(AuthenticationService authenticationService, Authenticator.SaslNegotiator saslNegotiator, String str, int i) {
        this.authentication = authenticationService;
        this.wrapped = saslNegotiator;
        this.tokenUsername = str;
        this.tokenMaxLength = i;
    }

    public byte[] evaluateResponse(byte[] bArr) throws AuthenticationException {
        if (attemptTokenAuthentication(bArr)) {
            return null;
        }
        return this.wrapped.evaluateResponse(bArr);
    }

    public boolean isComplete() {
        return this.authenticationSubject != null || this.wrapped.isComplete();
    }

    public AuthenticatedUser getAuthenticatedUser() throws AuthenticationException {
        return this.authenticationSubject != null ? AuthenticatedUser.of(this.authenticationSubject.roleName(), this.authenticationSubject.token(), this.authenticationSubject.isFromExternalAuth(), this.authenticationSubject.customProperties()) : this.wrapped.getAuthenticatedUser();
    }

    public abstract boolean attemptTokenAuthentication(byte[] bArr);

    @VisibleForTesting
    public static Credentials decodeCredentials(byte[] bArr) throws AuthenticationException {
        logger.trace("Decoding credentials from client token");
        byte[] bArr2 = null;
        byte[] bArr3 = null;
        int length = bArr.length;
        for (int length2 = bArr.length - 1; length2 >= 0; length2--) {
            if (bArr[length2] == 0) {
                if (bArr3 == null) {
                    bArr3 = Arrays.copyOfRange(bArr, length2 + 1, length);
                } else {
                    if (bArr2 != null) {
                        throw new AuthenticationException("Credential format error: username or password is empty or contains NUL(\\0) character");
                    }
                    bArr2 = Arrays.copyOfRange(bArr, length2 + 1, length);
                }
                length = length2;
            }
        }
        if (bArr3 == null || bArr3.length == 0) {
            throw new AuthenticationException("Password must not be null");
        }
        if (bArr2 == null || bArr2.length == 0) {
            throw new AuthenticationException("Authentication ID must not be null");
        }
        return new Credentials(new String(bArr2, StandardCharsets.UTF_8), new String(bArr3, StandardCharsets.UTF_8).toCharArray());
    }
}
