package org.apache.activemq.artemis.spi.core.security.jaas;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.Principal;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.crypto.Mac;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.apache.activemq.artemis.api.core.QueueConfiguration;
import org.apache.activemq.artemis.spi.core.security.scram.SCRAM;
import org.apache.activemq.artemis.spi.core.security.scram.ScramException;
import org.apache.activemq.artemis.spi.core.security.scram.ScramUtils;
import org.apache.activemq.artemis.spi.core.security.scram.StringPrep;
import org.apache.activemq.artemis.spi.core.security.scram.UserData;
import org.apache.activemq.artemis.utils.PasswordMaskingUtil;

/* loaded from: input_file:artemis-server-2.19.1.jar:org/apache/activemq/artemis/spi/core/security/jaas/SCRAMPropertiesLoginModule.class */
public class SCRAMPropertiesLoginModule extends PropertiesLoader implements AuditLoginModule {
    private static final String SEPARATOR_MECHANISM = "|";
    private static final String SEPARATOR_PARAMETER = ":";
    private static final int MIN_ITERATIONS = 4096;
    private static final SecureRandom RANDOM_GENERATOR = new SecureRandom();
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Properties users;
    private Map<String, Set<String>> roles;
    private UserData userData;
    private String user;
    private final Set<Principal> principals = new HashSet();

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        init(map2);
        this.users = load(PropertiesLoginModule.USER_FILE_PROP_NAME, QueueConfiguration.USER, map2).getProps();
        this.roles = load(PropertiesLoginModule.ROLE_FILE_PROP_NAME, "role", map2).invertedPropertiesValuesMap();
    }

    public boolean login() throws LoginException {
        Callback nameCallback = new NameCallback("Username: ");
        executeCallbacks(nameCallback);
        this.user = nameCallback.getName();
        SCRAMMechanismCallback sCRAMMechanismCallback = new SCRAMMechanismCallback();
        executeCallbacks(sCRAMMechanismCallback);
        SCRAM typeByString = getTypeByString(sCRAMMechanismCallback.getMechanism());
        if (this.user == null) {
            this.userData = generateUserData(null);
            return true;
        }
        String property = this.users.getProperty(this.user + SEPARATOR_MECHANISM + typeByString.name());
        if (property == null) {
            property = this.users.getProperty(this.user);
        }
        if (!PasswordMaskingUtil.isEncMasked(property)) {
            this.userData = generateUserData(property);
            return true;
        }
        String[] split = PasswordMaskingUtil.unwrap(property).split(":");
        this.userData = new UserData(split[0], Integer.parseInt(split[1]), split[2], split[3]);
        return true;
    }

    private UserData generateUserData(String str) throws LoginException {
        if (str == null) {
            byte[] bArr = new byte[256];
            RANDOM_GENERATOR.nextBytes(bArr);
            str = new String(bArr);
        }
        DigestCallback digestCallback = new DigestCallback();
        HmacCallback hmacCallback = new HmacCallback();
        executeCallbacks(digestCallback, hmacCallback);
        try {
            ScramUtils.NewPasswordStringData byteArrayToStringData = ScramUtils.byteArrayToStringData(ScramUtils.newPassword(str, generateSalt(), 4096, digestCallback.getDigest(), hmacCallback.getHmac()));
            return new UserData(byteArrayToStringData.salt, byteArrayToStringData.iterations, byteArrayToStringData.serverKey, byteArrayToStringData.storedKey);
        } catch (ScramException e) {
            throw new LoginException();
        }
    }

    private static byte[] generateSalt() {
        byte[] bArr = new byte[32];
        RANDOM_GENERATOR.nextBytes(bArr);
        return bArr;
    }

    private void executeCallbacks(Callback... callbackArr) throws LoginException {
        try {
            this.callbackHandler.handle(callbackArr);
        } catch (IOException | UnsupportedCallbackException e) {
            throw new LoginException();
        }
    }

    public boolean commit() throws LoginException {
        if (this.userData == null) {
            throw new LoginException();
        }
        this.subject.getPublicCredentials().add(this.userData);
        Set principals = this.subject.getPrincipals(UserPrincipal.class);
        UserPrincipal userPrincipal = new UserPrincipal(this.user);
        this.principals.add(userPrincipal);
        principals.add(userPrincipal);
        Iterator it = principals.iterator();
        while (it.hasNext()) {
            Set<String> set = this.roles.get(((UserPrincipal) it.next()).getName());
            if (set != null) {
                Iterator<String> it2 = set.iterator();
                while (it2.hasNext()) {
                    this.principals.add(new RolePrincipal(it2.next()));
                }
            }
        }
        this.subject.getPrincipals().addAll(this.principals);
        return true;
    }

    public boolean abort() throws LoginException {
        return true;
    }

    public boolean logout() throws LoginException {
        this.subject.getPrincipals().removeAll(this.principals);
        this.principals.clear();
        this.subject.getPublicCredentials().remove(this.userData);
        this.userData = null;
        return true;
    }

    public static void main(String[] strArr) throws GeneralSecurityException, ScramException, StringPrep.StringPrepError, IOException {
        int i;
        if (strArr.length < 2) {
            System.out.println("Usage: " + SCRAMPropertiesLoginModule.class.getSimpleName() + " <username> <password> [<iterations>]");
            System.out.println("\ttype: " + getSupportedTypes());
            System.out.println("\titerations desired number of iteration (min value: 4096)");
            return;
        }
        String str = strArr[0];
        String str2 = strArr[1];
        Properties properties = new Properties();
        String prepAsQueryString = StringPrep.prepAsQueryString(str);
        for (SCRAM scram : SCRAM.values()) {
            MessageDigest messageDigest = MessageDigest.getInstance(scram.getDigest());
            Mac mac = Mac.getInstance(scram.getHmac());
            byte[] generateSalt = generateSalt();
            if (strArr.length > 2) {
                i = Integer.parseInt(strArr[2]);
                if (i < 4096) {
                    throw new IllegalArgumentException("minimum of 4096 required!");
                }
            } else {
                i = 4096;
            }
            ScramUtils.NewPasswordStringData byteArrayToStringData = ScramUtils.byteArrayToStringData(ScramUtils.newPassword(str2, generateSalt, i, messageDigest, mac));
            properties.setProperty(prepAsQueryString + SEPARATOR_MECHANISM + scram.name(), PasswordMaskingUtil.wrap(byteArrayToStringData.salt + ":" + byteArrayToStringData.iterations + ":" + byteArrayToStringData.serverKey + ":" + byteArrayToStringData.storedKey));
        }
        properties.store(System.out, "Insert the lines stating with '" + prepAsQueryString + "' into the desired user properties file");
    }

    private static SCRAM getTypeByString(String str) {
        return (SCRAM) Arrays.stream(SCRAM.values()).filter(scram -> {
            return scram.getName().equals(str);
        }).findFirst().orElseThrow(() -> {
            return new IllegalArgumentException("unkown type " + str + ", supported ones are " + getSupportedTypes());
        });
    }

    private static String getSupportedTypes() {
        return String.join(", ", (CharSequence[]) Arrays.stream(SCRAM.values()).map((v0) -> {
            return v0.getName();
        }).toArray(i -> {
            return new String[i];
        }));
    }
}
