package org.apache.kafka.common.security.ldap.internals;

import java.util.List;
import java.util.Map;
import javax.security.auth.login.AppConfigurationEntry;
import org.apache.kafka.common.security.JaasContext;
import org.apache.kafka.common.security.plain.PlainLoginModule;
import org.apache.kafka.common.security.plain.internals.PlainServerCallbackHandler;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.ldap.DefaultLdapRealm;
import org.apache.shiro.realm.ldap.JndiLdapContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/kafka/common/security/ldap/internals/LdapPlainServerCallbackHandler.class */
public class LdapPlainServerCallbackHandler extends PlainServerCallbackHandler {
    private static final Logger log = LoggerFactory.getLogger(LdapPlainServerCallbackHandler.class);
    private DefaultSecurityManager securityManager;

    @Override // org.apache.kafka.common.security.plain.internals.PlainServerCallbackHandler, org.apache.kafka.common.security.auth.AuthenticateCallbackHandler
    public void configure(Map<String, ?> map, String str, List<AppConfigurationEntry> list) {
        this.jaasConfigEntries = list;
        String configEntryOption = JaasContext.configEntryOption(list, "ldap_url", PlainLoginModule.class.getName());
        String configEntryOption2 = JaasContext.configEntryOption(list, "user_dn_template", PlainLoginModule.class.getName());
        if (configEntryOption == null || configEntryOption2 == null) {
            throw new IllegalStateException("ldap_url and/or user_dn_template is missing from the jaas conf file.");
        }
        DefaultLdapRealm defaultLdapRealm = new DefaultLdapRealm();
        JndiLdapContextFactory contextFactory = defaultLdapRealm.getContextFactory();
        defaultLdapRealm.setUserDnTemplate(configEntryOption2);
        contextFactory.setUrl(configEntryOption);
        this.securityManager = new DefaultSecurityManager(defaultLdapRealm);
    }

    @Override // org.apache.kafka.common.security.plain.internals.PlainServerCallbackHandler
    protected boolean authenticate(String str, char[] cArr) {
        if (str == null) {
            return false;
        }
        try {
            this.securityManager.authenticate(new UsernamePasswordToken(str, cArr));
            return true;
        } catch (AuthenticationException e) {
            log.error("Authentication failed", e);
            return false;
        }
    }
}
