package org.apache.qpid.server.security.auth.manager;

import java.io.IOException;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.PreferencesSupportingAuthenticationProvider;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.sasl.plain.PlainPasswordCallback;
import org.apache.qpid.server.security.auth.sasl.plain.PlainSaslServer;
import org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServer;
import org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServerSourceAdapter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ManagedObject(category = false, type = "Simple", register = false)
/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.class */
public class SimpleAuthenticationManager extends AbstractAuthenticationManager<SimpleAuthenticationManager> implements UsernamePasswordAuthenticationProvider<SimpleAuthenticationManager>, PreferencesSupportingAuthenticationProvider {
    private static final Logger _logger = LoggerFactory.getLogger(SimpleAuthenticationManager.class);
    private static final String PLAIN_MECHANISM = "PLAIN";
    private static final String CRAM_MD5_MECHANISM = "CRAM-MD5";
    private static final String SCRAM_SHA1_MECHANISM = "SCRAM-SHA-1";
    private static final String SCRAM_SHA256_MECHANISM = "SCRAM-SHA-256";
    private final Map<String, String> _users;
    private final ScramSaslServerSourceAdapter _scramSha1Adapter;
    private final ScramSaslServerSourceAdapter _scramSha256Adapter;

    /* loaded from: input_file:org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager$SimpleCramMd5CallbackHandler.class */
    private class SimpleCramMd5CallbackHandler implements CallbackHandler {
        private SimpleCramMd5CallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            String str = null;
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    str = ((NameCallback) callback).getDefaultName();
                } else if (callback instanceof PasswordCallback) {
                    if (!SimpleAuthenticationManager.this._users.containsKey(str)) {
                        throw new SaslException("Authentication failed");
                    }
                    ((PasswordCallback) callback).setPassword(((String) SimpleAuthenticationManager.this._users.get(str)).toCharArray());
                } else {
                    if (!(callback instanceof AuthorizeCallback)) {
                        throw new UnsupportedCallbackException(callback);
                    }
                    ((AuthorizeCallback) callback).setAuthorized(true);
                }
            }
        }
    }

    /* loaded from: input_file:org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager$SimplePlainCallbackHandler.class */
    private class SimplePlainCallbackHandler implements CallbackHandler {
        private SimplePlainCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            String str = null;
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    str = ((NameCallback) callback).getDefaultName();
                } else if (!(callback instanceof PlainPasswordCallback)) {
                    if (!(callback instanceof AuthorizeCallback)) {
                        throw new UnsupportedCallbackException(callback);
                    }
                    ((AuthorizeCallback) callback).setAuthorized(true);
                } else if (SimpleAuthenticationManager.this._users.containsKey(str)) {
                    PlainPasswordCallback plainPasswordCallback = (PlainPasswordCallback) callback;
                    plainPasswordCallback.setAuthenticated(plainPasswordCallback.getPlainPassword().equals(SimpleAuthenticationManager.this._users.get(str)));
                }
            }
        }
    }

    public SimpleAuthenticationManager(Map<String, Object> map, Broker broker) {
        super(map, broker);
        this._users = Collections.synchronizedMap(new HashMap());
        ScramSaslServerSourceAdapter.PasswordSource passwordSource = new ScramSaslServerSourceAdapter.PasswordSource() { // from class: org.apache.qpid.server.security.auth.manager.SimpleAuthenticationManager.1
            @Override // org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServerSourceAdapter.PasswordSource
            public char[] getPassword(String str) {
                String str2 = (String) SimpleAuthenticationManager.this._users.get(str);
                if (str2 == null) {
                    return null;
                }
                return str2.toCharArray();
            }
        };
        int intValue = ((Integer) getContextValue(Integer.class, AbstractScramAuthenticationManager.QPID_AUTHMANAGER_SCRAM_ITERATION_COUNT)).intValue();
        this._scramSha1Adapter = new ScramSaslServerSourceAdapter(intValue, "HmacSHA1", "SHA-1", passwordSource);
        this._scramSha256Adapter = new ScramSaslServerSourceAdapter(intValue, "HmacSHA256", "SHA-256", passwordSource);
    }

    public void addUser(String str, String str2) {
        this._users.put(str, str2);
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public List<String> getMechanisms() {
        return Collections.unmodifiableList(Arrays.asList("PLAIN", "CRAM-MD5", "SCRAM-SHA-1", "SCRAM-SHA-256"));
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public SaslServer createSaslServer(String str, String str2, Principal principal) throws SaslException {
        if ("PLAIN".equals(str)) {
            return new PlainSaslServer(new SimplePlainCallbackHandler());
        }
        if ("CRAM-MD5".equals(str)) {
            return Sasl.createSaslServer(str, "AMQP", str2, (Map) null, new SimpleCramMd5CallbackHandler());
        }
        if ("SCRAM-SHA-1".equals(str)) {
            return new ScramSaslServer(this._scramSha1Adapter, str, "HmacSHA1", "SHA-1");
        }
        if ("SCRAM-SHA-256".equals(str)) {
            return new ScramSaslServer(this._scramSha256Adapter, str, "HmacSHA256", "SHA-256");
        }
        throw new SaslException("Unknown mechanism: " + str);
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public AuthenticationResult authenticate(SaslServer saslServer, byte[] bArr) {
        byte[] bArr2;
        if (bArr != null) {
            bArr2 = bArr;
        } else {
            try {
                bArr2 = new byte[0];
            } catch (SaslException e) {
                return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, (Exception) e);
            }
        }
        byte[] evaluateResponse = saslServer.evaluateResponse(bArr2);
        if (!saslServer.isComplete()) {
            return new AuthenticationResult(evaluateResponse, AuthenticationResult.AuthenticationStatus.CONTINUE);
        }
        String authorizationID = saslServer.getAuthorizationID();
        _logger.debug("Authenticated as " + authorizationID);
        return new AuthenticationResult(new UsernamePrincipal(authorizationID));
    }

    @Override // org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider
    public AuthenticationResult authenticate(String str, String str2) {
        return (this._users.containsKey(str) && this._users.get(str).equals(str2)) ? new AuthenticationResult(new UsernamePrincipal(str)) : new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR);
    }
}
