package org.apache.cassandra.auth;

import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.cassandra.config.DatabaseDescriptor;
import org.apache.cassandra.exceptions.AuthenticationException;
import org.apache.cassandra.service.StorageService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/cassandra/auth/CassandraLoginModule.class */
public class CassandraLoginModule implements LoginModule {
    private static final Logger logger = LoggerFactory.getLogger(CassandraLoginModule.class);
    private Subject subject;
    private CallbackHandler callbackHandler;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    private String username;
    private char[] password;
    private IAuthContext authContext;
    private CassandraPrincipal principal;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
    }

    public boolean login() throws LoginException {
        if (this.callbackHandler == null) {
            logger.info("No CallbackHandler available for authentication");
            throw new LoginException("Authentication failed");
        }
        Callback nameCallback = new NameCallback("username: ");
        PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
        try {
            this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            this.username = nameCallback.getName();
            char[] password = passwordCallback.getPassword();
            if (password == null) {
                password = new char[0];
            }
            this.password = Arrays.copyOf(password, password.length);
            passwordCallback.clearPassword();
            try {
                this.authContext = authenticate().getAuthContext();
                this.succeeded = true;
                return true;
            } catch (AuthenticationException e) {
                this.succeeded = false;
                cleanUpInternalState();
                throw new FailedLoginException(e.getMessage());
            }
        } catch (IOException | UnsupportedCallbackException e2) {
            logger.info("Unexpected exception processing authentication callbacks", e2);
            throw new LoginException("Authentication failed");
        }
    }

    private AuthenticatedUser authenticate() {
        if (!StorageService.instance.isAuthSetupComplete()) {
            throw new AuthenticationException("Cannot login as server authentication setup is not yet completed");
        }
        IAuthenticator authenticator = DatabaseDescriptor.getAuthenticator();
        HashMap hashMap = new HashMap();
        hashMap.put("username", this.username);
        hashMap.put("password", String.valueOf(this.password));
        PasswordAuthenticator.checkValidCredentials(hashMap);
        AuthenticatedUser legacyAuthenticate = authenticator.legacyAuthenticate(hashMap);
        if (legacyAuthenticate.isAnonymous() || legacyAuthenticate.isSystem()) {
            throw new AuthenticationException(String.format("Invalid user %s", legacyAuthenticate.getName()));
        }
        if (DatabaseDescriptor.getAuthManager().canLogin(legacyAuthenticate).blockingGet().booleanValue()) {
            return legacyAuthenticate;
        }
        throw new AuthenticationException(legacyAuthenticate.getName() + " is not permitted to log in");
    }

    public boolean commit() throws LoginException {
        if (!this.succeeded) {
            return false;
        }
        this.principal = new CassandraPrincipal(this.username, this.authContext);
        if (!this.subject.getPrincipals().contains(this.principal)) {
            this.subject.getPrincipals().add(this.principal);
        }
        cleanUpInternalState();
        this.commitSucceeded = true;
        return true;
    }

    public boolean abort() throws LoginException {
        if (!this.succeeded) {
            return false;
        }
        if (this.commitSucceeded) {
            logout();
            return true;
        }
        this.succeeded = false;
        cleanUpInternalState();
        this.principal = null;
        return true;
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().remove(this.principal);
        this.succeeded = false;
        cleanUpInternalState();
        this.principal = null;
        return true;
    }

    private void cleanUpInternalState() {
        this.username = null;
        if (this.password != null) {
            for (int i = 0; i < this.password.length; i++) {
                this.password[i] = ' ';
            }
            this.password = null;
        }
        this.authContext = null;
    }
}
