package org.apache.qpid.server.security.auth.manager;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.xml.bind.DatatypeConverter;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HashedSaslServer;
import org.apache.qpid.server.security.auth.sasl.crammd5.CRAMMD5HexSaslServer;
import org.apache.qpid.server.security.auth.sasl.plain.PlainAdapterSaslServer;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
import org.apache.qpid.util.Strings;

@ManagedObject(category = false, type = "MD5")
/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider.class */
public class MD5AuthenticationProvider extends ConfigModelPasswordManagingAuthenticationProvider<MD5AuthenticationProvider> {
    private final List<String> _mechanisms;
    private static final char[] HEX_CHARACTERS = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

    /* loaded from: input_file:org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider$MD5Callbackhandler.class */
    private class MD5Callbackhandler implements CallbackHandler {
        private final boolean _hexify;
        private String _username;

        public MD5Callbackhandler(boolean z) {
            this._hexify = z;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            char[] cArr;
            ArrayList<AuthorizeCallback> arrayList = new ArrayList(Arrays.asList(callbackArr));
            Iterator it = arrayList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                NameCallback nameCallback = (Callback) it.next();
                if (nameCallback instanceof NameCallback) {
                    this._username = nameCallback.getDefaultName();
                    it.remove();
                    break;
                }
            }
            if (this._username != null) {
                Iterator it2 = arrayList.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    Callback callback = (Callback) it2.next();
                    if (callback instanceof PasswordCallback) {
                        it2.remove();
                        ManagedUser user = MD5AuthenticationProvider.this.getUser(this._username);
                        if (user != null) {
                            byte[] decodeBase64 = Strings.decodeBase64(user.getPassword());
                            if (this._hexify) {
                                cArr = new char[decodeBase64.length * 2];
                                for (int i = 0; i < decodeBase64.length; i++) {
                                    cArr[2 * i] = MD5AuthenticationProvider.HEX_CHARACTERS[(decodeBase64[i] & 240) >> 4];
                                    cArr[(2 * i) + 1] = MD5AuthenticationProvider.HEX_CHARACTERS[decodeBase64[i] & 15];
                                }
                            } else {
                                cArr = new char[decodeBase64.length];
                                for (int i2 = 0; i2 < decodeBase64.length; i2++) {
                                    cArr[i2] = (char) decodeBase64[i2];
                                }
                            }
                            ((PasswordCallback) callback).setPassword(cArr);
                        } else {
                            ((PasswordCallback) callback).setPassword(null);
                        }
                    }
                }
            }
            for (AuthorizeCallback authorizeCallback : arrayList) {
                if (!(authorizeCallback instanceof AuthorizeCallback)) {
                    throw new UnsupportedCallbackException(authorizeCallback);
                }
                authorizeCallback.setAuthorized(true);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @ManagedObjectFactoryConstructor
    public MD5AuthenticationProvider(Map<String, Object> map, Broker broker) {
        super(map, broker);
        this._mechanisms = Collections.unmodifiableList(Arrays.asList("PLAIN", CRAMMD5HashedSaslServer.MECHANISM, CRAMMD5HexSaslServer.MECHANISM));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.security.auth.manager.ConfigModelPasswordManagingAuthenticationProvider
    public String createStoredPassword(String str) {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.update(bytes);
            return DatatypeConverter.printBase64Binary(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            throw new ServerScopedRuntimeException("MD5 not supported although Java compliance requires it");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.apache.qpid.server.security.auth.manager.ConfigModelPasswordManagingAuthenticationProvider
    public void validateUser(ManagedUser managedUser) {
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public List<String> getMechanisms() {
        return this._mechanisms;
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public SaslServer createSaslServer(String str, String str2, Principal principal) throws SaslException {
        if ("PLAIN".equals(str)) {
            return new PlainAdapterSaslServer(this);
        }
        if (CRAMMD5HashedSaslServer.MECHANISM.equals(str)) {
            return new CRAMMD5HashedSaslServer(str, "AMQP", str2, null, new MD5Callbackhandler(false));
        }
        if (CRAMMD5HexSaslServer.MECHANISM.equals(str)) {
            return new CRAMMD5HashedSaslServer(str, "AMQP", str2, null, new MD5Callbackhandler(true));
        }
        throw new SaslException("Unsupported mechanism: " + str);
    }

    @Override // org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider
    public AuthenticationResult authenticate(String str, String str2) {
        ManagedUser user = getUser(str);
        return (user == null || !user.getPassword().equals(createStoredPassword(str2))) ? new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR) : new AuthenticationResult(new UsernamePrincipal(str));
    }
}
