package org.ldaptive.sasl;

import java.util.Collections;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.stream.Collectors;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.RealmCallback;
import org.ldaptive.transport.DefaultSaslClient;
import org.ldaptive.transport.GssApiSaslClient;

/* loaded from: input_file:org/ldaptive/sasl/GssApiBindRequest.class */
public class GssApiBindRequest extends DefaultSaslClientRequest {
    private static final Mechanism MECHANISM = Mechanism.GSSAPI;
    private static final String JAAS_OPTIONS_PROPERTY_PREFIX = "org.ldaptive.sasl.gssapi.jaas.";
    public static final String JAAS_NAME_PROPERTY = "org.ldaptive.sasl.gssapi.jaas.name";
    private static final String DEFAULT_GSSAPI_JAAS_NAME = "ldaptive-gssapi";
    public static final String JAAS_REFRESH_CONFIG_PROPERTY = "org.ldaptive.sasl.gssapi.jaas.refreshConfig";
    private static final String JAAS_LOGIN_MODULE_PROPERTY = "org.ldaptive.sasl.gssapi.jaas.loginModule";
    private static final String DEFAULT_GSSAPI_LOGIN_MODULE = "com.sun.security.auth.module.Krb5LoginModule";
    private final String authenticationID;
    private final String authorizationID;
    private final String saslRealm;
    private final Map<String, ?> saslProperties;
    private final String jaasName;
    private final boolean jaasRefreshConfig;
    private final String jaasLoginModule;
    private final Map<String, ?> jaasOptions;
    private final String password;
    private final AtomicBoolean invokeOnce = new AtomicBoolean();

    public GssApiBindRequest(String str, String str2, String str3, String str4, Map<String, Object> map) {
        this.authenticationID = str;
        this.authorizationID = str2;
        this.password = str3;
        this.saslRealm = str4;
        this.saslProperties = (Map) map.entrySet().stream().filter(entry -> {
            return !((String) entry.getKey()).startsWith(JAAS_OPTIONS_PROPERTY_PREFIX);
        }).collect(Collectors.collectingAndThen(Collectors.toMap(entry2 -> {
            return (String) entry2.getKey();
        }, entry3 -> {
            return entry3.getValue();
        }), Collections::unmodifiableMap));
        this.jaasLoginModule = (String) map.getOrDefault(JAAS_LOGIN_MODULE_PROPERTY, DEFAULT_GSSAPI_LOGIN_MODULE);
        this.jaasOptions = (Map) map.entrySet().stream().filter(entry4 -> {
            return (!((String) entry4.getKey()).startsWith(JAAS_OPTIONS_PROPERTY_PREFIX) || ((String) entry4.getKey()).equals(JAAS_NAME_PROPERTY) || ((String) entry4.getKey()).equals(JAAS_LOGIN_MODULE_PROPERTY)) ? false : true;
        }).collect(Collectors.collectingAndThen(Collectors.toMap(entry5 -> {
            return ((String) entry5.getKey()).substring(JAAS_OPTIONS_PROPERTY_PREFIX.length());
        }, entry6 -> {
            return entry6.getValue();
        }), Collections::unmodifiableMap));
        if (map.get(JAAS_NAME_PROPERTY) != null) {
            this.jaasName = (String) map.get(JAAS_NAME_PROPERTY);
        } else if (map.get(JAAS_LOGIN_MODULE_PROPERTY) == null && this.jaasOptions.isEmpty()) {
            this.jaasName = DEFAULT_GSSAPI_JAAS_NAME;
        } else {
            this.jaasName = null;
        }
        this.jaasRefreshConfig = Boolean.valueOf((String) map.getOrDefault(JAAS_REFRESH_CONFIG_PROPERTY, "false")).booleanValue();
    }

    @Override // org.ldaptive.sasl.DefaultSaslClientRequest
    public SaslClient getSaslClient() {
        return this.invokeOnce.compareAndSet(false, true) ? new GssApiSaslClient() : new DefaultSaslClient();
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
        for (Callback callback : callbackArr) {
            if (callback instanceof NameCallback) {
                ((NameCallback) callback).setName(this.authenticationID);
            } else if ((callback instanceof PasswordCallback) && this.password != null) {
                ((PasswordCallback) callback).setPassword(this.password.toCharArray());
            } else {
                if (!(callback instanceof RealmCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                RealmCallback realmCallback = (RealmCallback) callback;
                if (this.saslRealm == null) {
                    throw new IllegalStateException("Realm required, but none provided");
                }
                realmCallback.setText(this.saslRealm);
            }
        }
    }

    @Override // org.ldaptive.sasl.DefaultSaslClientRequest
    public Mechanism getMechanism() {
        return MECHANISM;
    }

    @Override // org.ldaptive.sasl.DefaultSaslClientRequest
    public String getAuthorizationID() {
        return this.authorizationID;
    }

    @Override // org.ldaptive.sasl.DefaultSaslClientRequest
    public Map<String, ?> getSaslProperties() {
        return this.saslProperties;
    }

    public String getJaasName() {
        return this.jaasName;
    }

    public boolean getJaasRefreshConfig() {
        return this.jaasRefreshConfig;
    }

    public String getJaasLoginModule() {
        return this.jaasLoginModule;
    }

    public Map<String, ?> getJaasOptions() {
        return this.jaasOptions;
    }

    @Override // org.ldaptive.sasl.DefaultSaslClientRequest
    public String toString() {
        return super.toString() + ", authenticationID=" + this.authenticationID + ", authorizationID=" + this.authorizationID + ", realm=" + this.saslRealm + ", saslProperties=" + this.saslProperties + ", jaasName=" + this.jaasName + ", jaasRefreshConfig=" + this.jaasRefreshConfig + ", jaasLoginModule=" + this.jaasLoginModule + ", jaasOptions=" + this.jaasOptions;
    }
}
