package io.confluent.rbacapi.login;

import java.io.IOException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.servlet.ServletRequest;
import org.apache.kafka.common.errors.AuthenticationException;
import org.apache.kafka.common.security.auth.AuthenticateCallbackHandler;
import org.apache.kafka.common.security.auth.AuthorizationIdProvider;
import org.apache.kafka.common.security.plain.PlainAuthenticateCallback;
import org.eclipse.jetty.security.AbstractLoginService;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.security.Password;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/rbacapi/login/MdsLoginService.class */
public class MdsLoginService extends AbstractLoginService {
    private static final String[] EMPTY_STRING_ARRAY = new String[0];
    private static final Logger log = LoggerFactory.getLogger((Class<?>) MdsLoginService.class);
    private final String realmName;
    private final AuthenticateCallbackHandler callbackHandler;

    public MdsLoginService(String str, AuthenticateCallbackHandler authenticateCallbackHandler) {
        this.realmName = str;
        this.callbackHandler = authenticateCallbackHandler;
    }

    @Override // org.eclipse.jetty.security.AbstractLoginService, org.eclipse.jetty.security.LoginService
    public String getName() {
        return this.realmName;
    }

    @Override // org.eclipse.jetty.security.AbstractLoginService, org.eclipse.jetty.security.LoginService
    public UserIdentity login(String str, Object obj, ServletRequest servletRequest) {
        log.trace("Login attempt for user {}", str);
        PlainAuthenticateCallback plainAuthenticateCallback = new PlainAuthenticateCallback(((String) obj).toCharArray());
        Callback nameCallback = new NameCallback("Name: ", str);
        try {
            this.callbackHandler.handle(new Callback[]{nameCallback, plainAuthenticateCallback});
            if (!plainAuthenticateCallback.authenticated()) {
                log.debug("Login failed for {}", str);
                return null;
            }
            if (this.callbackHandler instanceof AuthorizationIdProvider) {
                str = nameCallback.getName();
            }
            log.debug("Login succeeded for {}", str);
            return buildUserIdentity(str, (String) obj);
        } catch (IOException | UnsupportedCallbackException e) {
            log.error("Login failed with checked exceptions for {}: {}", str, e);
            return null;
        } catch (AuthenticationException e2) {
            log.debug("Login failed with AuthenticationException for {}: {}", str, e2);
            return null;
        } catch (Throwable th) {
            log.error("Login failed with unknown exception for {}: {}", str, th);
            return null;
        }
    }

    private UserIdentity buildUserIdentity(String str, String str2) {
        Password password = new Password(str2);
        Subject subject = new Subject();
        subject.getPublicCredentials().add(str);
        subject.getPrivateCredentials().add(password);
        return this._identityService.newUserIdentity(subject, new AbstractLoginService.UserPrincipal(str, password), EMPTY_STRING_ARRAY);
    }

    @Override // org.eclipse.jetty.security.AbstractLoginService
    protected AbstractLoginService.UserPrincipal loadUserInfo(String str) {
        throw new UnsupportedOperationException("loadUserInfo");
    }

    @Override // org.eclipse.jetty.security.AbstractLoginService
    protected String[] loadRoleInfo(AbstractLoginService.UserPrincipal userPrincipal) {
        throw new UnsupportedOperationException("loadRoleInfo");
    }
}
