package org.apache.qpid.server.security.auth.sasl.external;

import java.security.Principal;
import javax.security.auth.x500.X500Principal;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManager;
import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/qpid/server/security/auth/sasl/external/ExternalNegotiator.class */
public class ExternalNegotiator implements SaslNegotiator {
    private static final Logger LOGGER = LoggerFactory.getLogger(ExternalNegotiator.class);
    private final AuthenticationResult _result;
    private final Principal _principal;
    private volatile boolean _isComplete;

    public ExternalNegotiator(ExternalAuthenticationManager externalAuthenticationManager, Principal principal) {
        boolean useFullDN = externalAuthenticationManager.getUseFullDN();
        if (!(principal instanceof X500Principal) || useFullDN) {
            LOGGER.debug("Using external Principal: {}", principal);
            this._principal = principal;
        } else {
            String name = ((X500Principal) principal).getName("RFC2253");
            LOGGER.debug("Parsing username from Principal DN: {}", name);
            String idFromSubjectDN = SSLUtil.getIdFromSubjectDN(name);
            if (idFromSubjectDN.isEmpty()) {
                LOGGER.debug("CN value was empty in Principal name, unable to construct username");
                this._principal = null;
            } else {
                LOGGER.debug("Constructing Principal with username: {}", idFromSubjectDN);
                this._principal = new UsernamePrincipal(idFromSubjectDN, externalAuthenticationManager);
            }
        }
        if (this._principal == null) {
            this._result = new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, new IllegalArgumentException("CN value was empty in Principal name, unable to construct username"));
        } else {
            this._result = new AuthenticationResult(this._principal);
        }
    }

    @Override // org.apache.qpid.server.security.auth.sasl.SaslNegotiator
    public AuthenticationResult handleResponse(byte[] bArr) {
        if (this._isComplete) {
            return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, new IllegalStateException("Multiple Authentications not permitted."));
        }
        this._isComplete = true;
        return this._result;
    }

    @Override // org.apache.qpid.server.security.auth.sasl.SaslNegotiator
    public void dispose() {
    }

    @Override // org.apache.qpid.server.security.auth.sasl.SaslNegotiator
    public String getAttemptedAuthenticationId() {
        if (this._principal == null) {
            return null;
        }
        return this._principal.getName();
    }
}
