package com.zimbra.cs.security.sasl;

import com.zimbra.common.account.Key;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.Log;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.AccessManager;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.auth.AuthContext;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.security.sasl.SaslServer;

/* loaded from: input_file:com/zimbra/cs/security/sasl/Authenticator.class */
public abstract class Authenticator {
    private static final Map<String, AuthenticatorFactory> mRegisteredMechanisms = new LinkedHashMap();
    private static Collection<String> mMechanismList = Collections.emptyList();
    protected final String mProtocol;
    protected final String mMechanism;
    protected final AuthenticatorUser mAuthUser;
    protected boolean mComplete;
    protected boolean mAuthenticated;
    protected InetAddress localAddress;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/zimbra/cs/security/sasl/Authenticator$AuthenticatorFactory.class */
    public interface AuthenticatorFactory {
        Authenticator getAuthenticator(AuthenticatorUser authenticatorUser);
    }

    public static void registerMechanism(String str, AuthenticatorFactory authenticatorFactory) {
        mRegisteredMechanisms.put(str.toUpperCase(), authenticatorFactory);
        mMechanismList = Collections.unmodifiableCollection(mRegisteredMechanisms.keySet());
    }

    public static Authenticator getAuthenticator(String str, AuthenticatorUser authenticatorUser) {
        AuthenticatorFactory authenticatorFactory = mRegisteredMechanisms.get(str.toUpperCase());
        if (authenticatorFactory == null) {
            return null;
        }
        Authenticator authenticator = authenticatorFactory.getAuthenticator(authenticatorUser);
        if (authenticator.isSupported()) {
            return authenticator;
        }
        return null;
    }

    public static Collection<String> listMechanisms() {
        return mMechanismList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Authenticator(String str, AuthenticatorUser authenticatorUser) {
        this.mProtocol = authenticatorUser.getProtocol();
        this.mMechanism = str;
        this.mAuthUser = authenticatorUser;
    }

    protected abstract boolean isSupported();

    public abstract boolean initialize() throws IOException;

    public abstract void handle(byte[] bArr) throws IOException;

    public abstract Account authenticate(String str, String str2, String str3, AuthContext.Protocol protocol, String str4, String str5, String str6) throws ServiceException;

    public abstract boolean isEncryptionEnabled();

    public abstract InputStream unwrap(InputStream inputStream);

    public abstract OutputStream wrap(OutputStream outputStream);

    public abstract SaslServer getSaslServer();

    public abstract void dispose();

    public void setLocalAddress(InetAddress inetAddress) {
        this.localAddress = inetAddress;
    }

    public boolean isComplete() {
        return this.mComplete;
    }

    public boolean isAuthenticated() {
        return this.mAuthenticated;
    }

    public String getProtocol() {
        return this.mProtocol;
    }

    public String getMechanism() {
        return this.mMechanism;
    }

    public AuthenticatorUser getAuthenticatorUser() {
        return this.mAuthUser;
    }

    public void sendSuccess() throws IOException {
        this.mAuthUser.sendSuccessful();
    }

    public void sendFailed() throws IOException {
        this.mAuthUser.sendFailed();
        this.mComplete = true;
    }

    public void sendFailed(String str) throws IOException {
        this.mAuthUser.sendFailed(str);
    }

    public void sendBadRequest() throws IOException {
        this.mAuthUser.sendBadRequest("malformed authentication request");
        this.mComplete = true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendContinuation(String str) throws IOException {
        this.mAuthUser.sendContinuation(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Log getLog() {
        return this.mAuthUser.getLog();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isProtocolEnabled(Account account, AuthContext.Protocol protocol) {
        if (protocol == null) {
            return true;
        }
        switch (protocol) {
            case imap:
                return account.isImapEnabled();
            case pop3:
                return account.isPop3Enabled();
            default:
                return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean authenticate(String str, String str2, String str3) throws IOException {
        this.mAuthenticated = this.mAuthUser.authenticate(str, str2, str3, this);
        this.mComplete = true;
        return this.mAuthenticated;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Account authorize(Account account, String str, boolean z) throws ServiceException {
        int indexOf;
        String domainName;
        if (str == null || str.length() == 0) {
            return account;
        }
        Provisioning provisioning = Provisioning.getInstance();
        Account account2 = provisioning.get(Key.AccountBy.name, str);
        if (account2 == null && (indexOf = str.indexOf(64)) != -1 && (domainName = account.getDomainName()) != null) {
            str = str.substring(0, indexOf) + '@' + domainName;
            account2 = provisioning.get(Key.AccountBy.name, str);
        }
        if (account2 == null) {
            ZimbraLog.account.info("authorization failed for " + str + " (account not found)", new Object[]{str});
            return null;
        }
        if (account.getId().equals(account2.getId()) || AccessManager.getInstance().canAccessAccount(account, account2, z)) {
            return account2;
        }
        ZimbraLog.account.warn("authorization failed for " + str + " (authenticated user " + account.getName() + " has insufficient rights)");
        return null;
    }

    static {
        registerMechanism("PLAIN", new AuthenticatorFactory() { // from class: com.zimbra.cs.security.sasl.Authenticator.1
            @Override // com.zimbra.cs.security.sasl.Authenticator.AuthenticatorFactory
            public Authenticator getAuthenticator(AuthenticatorUser authenticatorUser) {
                return new PlainAuthenticator(authenticatorUser);
            }
        });
        registerMechanism("GSSAPI", new AuthenticatorFactory() { // from class: com.zimbra.cs.security.sasl.Authenticator.2
            @Override // com.zimbra.cs.security.sasl.Authenticator.AuthenticatorFactory
            public Authenticator getAuthenticator(AuthenticatorUser authenticatorUser) {
                return new GssAuthenticator(authenticatorUser);
            }
        });
        registerMechanism(ZimbraAuthenticator.MECHANISM, new AuthenticatorFactory() { // from class: com.zimbra.cs.security.sasl.Authenticator.3
            @Override // com.zimbra.cs.security.sasl.Authenticator.AuthenticatorFactory
            public Authenticator getAuthenticator(AuthenticatorUser authenticatorUser) {
                return new ZimbraAuthenticator(authenticatorUser);
            }
        });
    }
}
