package org.apache.activemq.artemis.protocol.amqp.sasl;

import java.io.IOException;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.LoginContext;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.jboss.logging.Logger;

/* loaded from: input_file:BOOT-INF/lib/artemis-amqp-protocol-2.17.0.jar:org/apache/activemq/artemis/protocol/amqp/sasl/GSSAPIServerSASL.class */
public class GSSAPIServerSASL implements ServerSASL {
    private static final Logger log = Logger.getLogger((Class<?>) GSSAPIServerSASL.class);
    public static final String NAME = "GSSAPI";
    private String loginConfigScope;
    private SaslServer saslServer;
    private Subject jaasId;
    private SASLResult result;

    @Override // org.apache.activemq.artemis.protocol.amqp.sasl.ServerSASL
    public String getName() {
        return NAME;
    }

    @Override // org.apache.activemq.artemis.protocol.amqp.sasl.ServerSASL
    public byte[] processSASL(byte[] bArr) {
        try {
            if (this.jaasId == null) {
                LoginContext loginContext = new LoginContext(this.loginConfigScope);
                loginContext.login();
                this.jaasId = loginContext.getSubject();
            }
            if (this.saslServer == null) {
                this.saslServer = (SaslServer) Subject.doAs(this.jaasId, () -> {
                    return Sasl.createSaslServer(NAME, (String) null, (String) null, new HashMap(), new CallbackHandler() { // from class: org.apache.activemq.artemis.protocol.amqp.sasl.GSSAPIServerSASL.1
                        @Override // javax.security.auth.callback.CallbackHandler
                        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                            for (Callback callback : callbackArr) {
                                if (callback instanceof AuthorizeCallback) {
                                    AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
                                    authorizeCallback.setAuthorized(authorizeCallback.getAuthenticationID().equals(authorizeCallback.getAuthorizationID()));
                                }
                            }
                        }
                    });
                });
            }
            byte[] bArr2 = (byte[]) Subject.doAs(this.jaasId, () -> {
                return this.saslServer.evaluateResponse(bArr);
            });
            if (this.saslServer.isComplete()) {
                this.result = new PrincipalSASLResult(true, new KerberosPrincipal(this.saslServer.getAuthorizationID()));
            }
            return bArr2;
        } catch (Exception e) {
            log.info("Error on sasl input: " + e.toString(), e);
            this.result = new PrincipalSASLResult(false, null);
            return null;
        }
    }

    @Override // org.apache.activemq.artemis.protocol.amqp.sasl.ServerSASL
    public SASLResult result() {
        return this.result;
    }

    @Override // org.apache.activemq.artemis.protocol.amqp.sasl.ServerSASL
    public void done() {
        if (this.saslServer != null) {
            try {
                this.saslServer.dispose();
            } catch (SaslException e) {
                log.debug("Exception on sasl dispose", e);
            }
        }
    }

    public String getLoginConfigScope() {
        return this.loginConfigScope;
    }

    public void setLoginConfigScope(String str) {
        this.loginConfigScope = str;
    }
}
