package io.confluent.ksql.api.auth;

import com.google.common.annotations.VisibleForTesting;
import io.confluent.ksql.api.server.Server;
import io.confluent.ksql.security.DefaultKsqlPrincipal;
import io.confluent.ksql.security.KsqlPrincipal;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.Promise;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.AuthProvider;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.authorization.Authorization;
import io.vertx.ext.auth.authorization.Authorizations;
import io.vertx.ext.auth.authorization.RoleBasedAuthorization;
import io.vertx.ext.auth.authorization.impl.AuthorizationsImpl;
import java.security.Principal;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.eclipse.jetty.security.UserIdentity;
import org.eclipse.jetty.security.jaas.JAASLoginService;
import org.eclipse.jetty.server.Request;

/* loaded from: input_file:io/confluent/ksql/api/auth/JaasAuthProvider.class */
public class JaasAuthProvider implements AuthProvider {
    private static final Logger LOG = LogManager.getLogger(JaasAuthProvider.class);
    private final Server server;
    private final String contextName;
    private final LoginContextSupplier loginContext;

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    @FunctionalInterface
    /* loaded from: input_file:io/confluent/ksql/api/auth/JaasAuthProvider$LoginContextSupplier.class */
    public interface LoginContextSupplier {
        JAASLoginService get();
    }

    public JaasAuthProvider(Server server, String str) {
        this(server, str, JAASLoginService::new);
    }

    @VisibleForTesting
    JaasAuthProvider(Server server, String str, LoginContextSupplier loginContextSupplier) {
        this.server = (Server) Objects.requireNonNull(server, "server");
        this.contextName = (String) Objects.requireNonNull(str, "contextName");
        this.loginContext = (LoginContextSupplier) Objects.requireNonNull(loginContextSupplier, "loginContextSupplier");
    }

    public void authenticate(JsonObject jsonObject, Handler<AsyncResult<User>> handler) {
        String string = jsonObject.getString("username");
        if (string == null) {
            handler.handle(Future.failedFuture("authInfo missing 'username' field"));
            return;
        }
        String string2 = jsonObject.getString("password");
        if (string2 == null) {
            handler.handle(Future.failedFuture("authInfo missing 'password' field"));
        } else {
            this.server.getWorkerExecutor().executeBlocking(promise -> {
                getUser(this.contextName, string, string2, promise);
            }, false, handler);
        }
    }

    private void getUser(String str, final String str2, final String str3, Promise<User> promise) {
        JAASLoginService jAASLoginService = this.loginContext.get();
        jAASLoginService.setCallbackHandlerClass(BasicCallbackHandler.class.getName());
        jAASLoginService.setLoginModuleName(str);
        try {
            jAASLoginService.start();
        } catch (Exception e) {
            LOG.error("Could not start login service.", e);
            promise.fail("Could not start login service.");
        }
        UserIdentity login = jAASLoginService.login(str2, str3, (Request) null, bool -> {
            return null;
        });
        if (login == null) {
            LOG.error("Failed to log in. ");
            promise.fail("Failed to log in: Invalid username/password.");
            return;
        }
        Stream<Principal> stream = login.getSubject().getPrincipals().stream();
        Class<KsqlPrincipal> cls = KsqlPrincipal.class;
        Objects.requireNonNull(KsqlPrincipal.class);
        Stream<Principal> filter = stream.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<KsqlPrincipal> cls2 = KsqlPrincipal.class;
        Objects.requireNonNull(KsqlPrincipal.class);
        final Optional findFirst = filter.map((v1) -> {
            return r1.cast(v1);
        }).findFirst();
        final AuthorizationsImpl authorizationsImpl = new AuthorizationsImpl();
        login.getSubject().getPrincipals().forEach(principal -> {
            authorizationsImpl.add("default", RoleBasedAuthorization.create(principal.getName()));
        });
        promise.complete(new ApiUser() { // from class: io.confluent.ksql.api.auth.JaasAuthProvider.1
            public Authorizations authorizations() {
                return authorizationsImpl;
            }

            @Override // io.confluent.ksql.api.auth.ApiUser
            public DefaultKsqlPrincipal getPrincipal() {
                Optional map = findFirst.map((v1) -> {
                    return new DefaultKsqlPrincipal(v1);
                });
                String str4 = str2;
                String str5 = str3;
                return (DefaultKsqlPrincipal) map.orElseGet(() -> {
                    return new JaasPrincipal(str4, str5);
                });
            }

            public JsonObject attributes() {
                throw new UnsupportedOperationException();
            }

            public User isAuthorized(Authorization authorization, Handler<AsyncResult<Boolean>> handler) {
                throw new UnsupportedOperationException();
            }

            public JsonObject principal() {
                throw new UnsupportedOperationException();
            }

            public void setAuthProvider(AuthProvider authProvider) {
                throw new UnsupportedOperationException();
            }

            public User merge(User user) {
                throw new UnsupportedOperationException();
            }
        });
    }
}
