package org.apache.qpid.server.security.auth.manager;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
import org.apache.qpid.server.model.NamedAddressSpace;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
import org.apache.qpid.server.security.auth.sasl.SaslSettings;
import org.apache.qpid.server.security.auth.sasl.crammd5.CramMd5Base64HashedNegotiator;
import org.apache.qpid.server.security.auth.sasl.crammd5.CramMd5Base64HexNegotiator;
import org.apache.qpid.server.security.auth.sasl.plain.PlainNegotiator;
import org.apache.qpid.server.util.ServerScopedRuntimeException;

@ManagedObject(category = false, type = "MD5", validChildTypes = "org.apache.qpid.server.security.auth.manager.ConfigModelPasswordManagingAuthenticationProvider#getSupportedUserTypes()")
/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider.class */
public class MD5AuthenticationProvider extends ConfigModelPasswordManagingAuthenticationProvider<MD5AuthenticationProvider> {
    private final List<String> _mechanisms;

    /* JADX INFO: Access modifiers changed from: protected */
    @ManagedObjectFactoryConstructor
    public MD5AuthenticationProvider(Map<String, Object> map, Broker broker) {
        super(map, broker);
        this._mechanisms = Collections.unmodifiableList(Arrays.asList("PLAIN", "CRAM-MD5-HASHED", "CRAM-MD5-HEX"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.security.auth.manager.ConfigModelPasswordManagingAuthenticationProvider
    public String createStoredPassword(String str) {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            messageDigest.update(bytes);
            return Base64.getEncoder().encodeToString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            throw new ServerScopedRuntimeException("MD5 not supported although Java compliance requires it");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.apache.qpid.server.security.auth.manager.ConfigModelPasswordManagingAuthenticationProvider
    public void validateUser(ManagedUser managedUser) {
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public List<String> getMechanisms() {
        return this._mechanisms;
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public SaslNegotiator createSaslNegotiator(String str, SaslSettings saslSettings, NamedAddressSpace namedAddressSpace) {
        if ("PLAIN".equals(str)) {
            return new PlainNegotiator(this);
        }
        if ("CRAM-MD5-HASHED".equals(str)) {
            return new CramMd5Base64HashedNegotiator(this, saslSettings.getLocalFQDN(), getPasswordSource());
        }
        if ("CRAM-MD5-HEX".equals(str)) {
            return new CramMd5Base64HexNegotiator(this, saslSettings.getLocalFQDN(), getPasswordSource());
        }
        return null;
    }

    @Override // org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider
    public AuthenticationResult authenticate(String str, String str2) {
        ManagedUser user = getUser(str);
        return (user == null || !user.getPassword().equals(createStoredPassword(str2))) ? new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR) : new AuthenticationResult(new UsernamePrincipal(str, this));
    }
}
