package com.couchbase.client.core.endpoint.kv;

import com.couchbase.client.core.logging.CouchbaseLogger;
import com.couchbase.client.core.logging.CouchbaseLoggerFactory;
import com.couchbase.client.core.security.sasl.Sasl;
import com.couchbase.client.deps.io.netty.buffer.ByteBuf;
import com.couchbase.client.deps.io.netty.buffer.Unpooled;
import com.couchbase.client.deps.io.netty.channel.ChannelHandlerContext;
import com.couchbase.client.deps.io.netty.channel.ChannelOutboundHandler;
import com.couchbase.client.deps.io.netty.channel.ChannelPromise;
import com.couchbase.client.deps.io.netty.channel.SimpleChannelInboundHandler;
import com.couchbase.client.deps.io.netty.handler.codec.memcache.binary.DefaultBinaryMemcacheRequest;
import com.couchbase.client.deps.io.netty.handler.codec.memcache.binary.DefaultFullBinaryMemcacheRequest;
import com.couchbase.client.deps.io.netty.handler.codec.memcache.binary.FullBinaryMemcacheResponse;
import com.couchbase.client.deps.io.netty.util.CharsetUtil;
import com.couchbase.client.deps.io.netty.util.concurrent.Future;
import com.couchbase.client.deps.io.netty.util.concurrent.GenericFutureListener;
import java.io.IOException;
import java.net.SocketAddress;
import java.util.Arrays;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.SaslClient;

/* loaded from: input_file:com/couchbase/client/core/endpoint/kv/KeyValueAuthHandler.class */
public class KeyValueAuthHandler extends SimpleChannelInboundHandler<FullBinaryMemcacheResponse> implements CallbackHandler, ChannelOutboundHandler {
    private static final CouchbaseLogger LOGGER = CouchbaseLoggerFactory.getInstance((Class<?>) KeyValueAuthHandler.class);
    public static final byte SASL_LIST_MECHS_OPCODE = 32;
    private static final byte SASL_AUTH_OPCODE = 33;
    private static final byte SASL_STEP_OPCODE = 34;
    private static final byte SASL_AUTH_SUCCESS = 0;
    private static final byte SASL_AUTH_FAILURE = 32;
    private final String username;
    private final String password;
    private final boolean forceSaslPlain;
    private ChannelHandlerContext ctx;
    private SaslClient saslClient;
    private String selectedMechanism;
    private ChannelPromise originalPromise;

    public KeyValueAuthHandler(String str, String str2, boolean z) {
        this.username = str;
        this.password = str2 == null ? "" : str2;
        this.forceSaslPlain = z;
    }

    @Override // com.couchbase.client.deps.io.netty.channel.ChannelInboundHandlerAdapter, com.couchbase.client.deps.io.netty.channel.ChannelInboundHandler
    public void channelActive(ChannelHandlerContext channelHandlerContext) throws Exception {
        this.ctx = channelHandlerContext;
        channelHandlerContext.writeAndFlush(new DefaultBinaryMemcacheRequest().setOpcode((byte) 32));
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (Callback callback : callbackArr) {
            if (callback instanceof NameCallback) {
                ((NameCallback) callback).setName(this.username);
            } else {
                if (!(callback instanceof PasswordCallback)) {
                    throw new AuthenticationException("SASLClient requested unsupported callback: " + callback);
                }
                ((PasswordCallback) callback).setPassword(this.password.toCharArray());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.couchbase.client.deps.io.netty.channel.SimpleChannelInboundHandler
    public void channelRead0(ChannelHandlerContext channelHandlerContext, FullBinaryMemcacheResponse fullBinaryMemcacheResponse) throws Exception {
        if (fullBinaryMemcacheResponse.getOpcode() == 32) {
            handleListMechsResponse(channelHandlerContext, fullBinaryMemcacheResponse);
        } else if (fullBinaryMemcacheResponse.getOpcode() == 33) {
            handleAuthResponse(channelHandlerContext, fullBinaryMemcacheResponse);
        } else if (fullBinaryMemcacheResponse.getOpcode() == 34) {
            checkIsAuthed(fullBinaryMemcacheResponse);
        }
    }

    private void handleListMechsResponse(ChannelHandlerContext channelHandlerContext, FullBinaryMemcacheResponse fullBinaryMemcacheResponse) throws Exception {
        String obj = channelHandlerContext.channel().remoteAddress().toString();
        String[] split = fullBinaryMemcacheResponse.content().toString(CharsetUtil.UTF_8).split(" ");
        if (split.length == 0) {
            throw new AuthenticationException("Received empty SASL mechanisms list from server: " + obj);
        }
        if (this.forceSaslPlain) {
            LOGGER.trace("Got SASL Mechs {} but forcing PLAIN due to config setting.", Arrays.asList(split));
            split = new String[]{"PLAIN"};
        }
        this.saslClient = Sasl.createSaslClient(split, null, "couchbase", obj, null, this);
        this.selectedMechanism = this.saslClient.getMechanismName();
        int length = this.selectedMechanism.length();
        byte[] evaluateChallenge = this.saslClient.hasInitialResponse() ? this.saslClient.evaluateChallenge(new byte[0]) : null;
        ByteBuf writeBytes = evaluateChallenge != null ? channelHandlerContext.alloc().buffer().writeBytes(evaluateChallenge) : Unpooled.EMPTY_BUFFER;
        DefaultFullBinaryMemcacheRequest defaultFullBinaryMemcacheRequest = new DefaultFullBinaryMemcacheRequest(this.selectedMechanism.getBytes(CharsetUtil.UTF_8), Unpooled.EMPTY_BUFFER, writeBytes);
        defaultFullBinaryMemcacheRequest.setOpcode((byte) 33).setKeyLength((short) length).setTotalBodyLength(length + writeBytes.readableBytes());
        channelHandlerContext.writeAndFlush(defaultFullBinaryMemcacheRequest).addListener2(new GenericFutureListener<Future<Void>>() { // from class: com.couchbase.client.core.endpoint.kv.KeyValueAuthHandler.1
            @Override // com.couchbase.client.deps.io.netty.util.concurrent.GenericFutureListener
            public void operationComplete(Future<Void> future) throws Exception {
                if (future.isSuccess()) {
                    return;
                }
                KeyValueAuthHandler.LOGGER.warn("Error during SASL Auth negotiation phase.", future);
            }
        });
    }

    private void handleAuthResponse(ChannelHandlerContext channelHandlerContext, FullBinaryMemcacheResponse fullBinaryMemcacheResponse) throws Exception {
        ByteBuf copiedBuffer;
        if (this.saslClient.isComplete()) {
            checkIsAuthed(fullBinaryMemcacheResponse);
            return;
        }
        byte[] bArr = new byte[fullBinaryMemcacheResponse.content().readableBytes()];
        fullBinaryMemcacheResponse.content().readBytes(bArr);
        byte[] evaluateChallenge = this.saslClient.evaluateChallenge(bArr);
        if (evaluateChallenge == null) {
            throw new AuthenticationException("SASL Challenge evaluation returned null.");
        }
        if (this.selectedMechanism.equals("CRAM-MD5") || this.selectedMechanism.equals("PLAIN")) {
            copiedBuffer = Unpooled.copiedBuffer(this.username + "��" + new String(evaluateChallenge).split(" ")[1], CharsetUtil.UTF_8);
        } else {
            copiedBuffer = Unpooled.wrappedBuffer(evaluateChallenge);
        }
        DefaultFullBinaryMemcacheRequest defaultFullBinaryMemcacheRequest = new DefaultFullBinaryMemcacheRequest(this.selectedMechanism.getBytes(CharsetUtil.UTF_8), Unpooled.EMPTY_BUFFER, copiedBuffer);
        defaultFullBinaryMemcacheRequest.setOpcode((byte) 34).setKeyLength((short) this.selectedMechanism.length()).setTotalBodyLength(copiedBuffer.readableBytes() + this.selectedMechanism.length());
        channelHandlerContext.writeAndFlush(defaultFullBinaryMemcacheRequest).addListener2(new GenericFutureListener<Future<Void>>() { // from class: com.couchbase.client.core.endpoint.kv.KeyValueAuthHandler.2
            @Override // com.couchbase.client.deps.io.netty.util.concurrent.GenericFutureListener
            public void operationComplete(Future<Void> future) throws Exception {
                if (future.isSuccess()) {
                    return;
                }
                KeyValueAuthHandler.LOGGER.warn("Error during SASL Auth negotiation phase.", future);
            }
        });
    }

    private void checkIsAuthed(FullBinaryMemcacheResponse fullBinaryMemcacheResponse) {
        switch (fullBinaryMemcacheResponse.getStatus()) {
            case 0:
                this.originalPromise.setSuccess();
                this.ctx.pipeline().remove(this);
                this.ctx.fireChannelActive();
                return;
            case 32:
                this.originalPromise.setFailure((Throwable) new AuthenticationException("Authentication Failure"));
                return;
            default:
                this.originalPromise.setFailure((Throwable) new AuthenticationException("Unhandled SASL auth status: " + ((int) fullBinaryMemcacheResponse.getStatus())));
                return;
        }
    }

    @Override // com.couchbase.client.deps.io.netty.channel.ChannelOutboundHandler
    public void bind(ChannelHandlerContext channelHandlerContext, SocketAddress socketAddress, ChannelPromise channelPromise) throws Exception {
        channelHandlerContext.bind(socketAddress, channelPromise);
    }

    @Override // com.couchbase.client.deps.io.netty.channel.ChannelOutboundHandler
    public void connect(ChannelHandlerContext channelHandlerContext, SocketAddress socketAddress, SocketAddress socketAddress2, ChannelPromise channelPromise) throws Exception {
        this.originalPromise = channelPromise;
        ChannelPromise newPromise = channelHandlerContext.newPromise();
        newPromise.addListener2((GenericFutureListener<? extends Future<? super Void>>) new GenericFutureListener<Future<Void>>() { // from class: com.couchbase.client.core.endpoint.kv.KeyValueAuthHandler.3
            @Override // com.couchbase.client.deps.io.netty.util.concurrent.GenericFutureListener
            public void operationComplete(Future<Void> future) throws Exception {
                if (future.isSuccess() || KeyValueAuthHandler.this.originalPromise.isDone()) {
                    return;
                }
                KeyValueAuthHandler.this.originalPromise.setFailure(future.cause());
            }
        });
        channelHandlerContext.connect(socketAddress, socketAddress2, newPromise);
    }

    @Override // com.couchbase.client.deps.io.netty.channel.ChannelOutboundHandler
    public void disconnect(ChannelHandlerContext channelHandlerContext, ChannelPromise channelPromise) throws Exception {
        channelHandlerContext.disconnect(channelPromise);
    }

    @Override // com.couchbase.client.deps.io.netty.channel.ChannelOutboundHandler
    public void close(ChannelHandlerContext channelHandlerContext, ChannelPromise channelPromise) throws Exception {
        channelHandlerContext.close(channelPromise);
    }

    @Override // com.couchbase.client.deps.io.netty.channel.ChannelOutboundHandler
    public void deregister(ChannelHandlerContext channelHandlerContext, ChannelPromise channelPromise) throws Exception {
        channelHandlerContext.deregister(channelPromise);
    }

    @Override // com.couchbase.client.deps.io.netty.channel.ChannelOutboundHandler
    public void read(ChannelHandlerContext channelHandlerContext) throws Exception {
        channelHandlerContext.read();
    }

    @Override // com.couchbase.client.deps.io.netty.channel.ChannelOutboundHandler
    public void write(ChannelHandlerContext channelHandlerContext, Object obj, ChannelPromise channelPromise) throws Exception {
        channelHandlerContext.write(obj, channelPromise);
    }

    @Override // com.couchbase.client.deps.io.netty.channel.ChannelOutboundHandler
    public void flush(ChannelHandlerContext channelHandlerContext) throws Exception {
        channelHandlerContext.flush();
    }
}
