package org.apache.qpid.server.security.auth.sasl.kerberos;

import java.io.IOException;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManager;
import org.apache.qpid.server.security.auth.sasl.AbstractSaslServerNegotiator;
import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/qpid/server/security/auth/sasl/kerberos/KerberosNegotiator.class */
public class KerberosNegotiator extends AbstractSaslServerNegotiator implements SaslNegotiator {
    private static final Logger LOGGER = LoggerFactory.getLogger(KerberosNegotiator.class);
    private final SaslServer _saslServer;
    private final AuthenticationProvider<?> _authenticationProvider;
    private final SaslException _exception;

    /* loaded from: input_file:org/apache/qpid/server/security/auth/sasl/kerberos/KerberosNegotiator$GssApiCallbackHandler.class */
    private static class GssApiCallbackHandler implements CallbackHandler {
        private GssApiCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (!(callback instanceof AuthorizeCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                ((AuthorizeCallback) callback).setAuthorized(true);
            }
        }
    }

    public KerberosNegotiator(AuthenticationProvider<?> authenticationProvider, String str) {
        this._authenticationProvider = authenticationProvider;
        SaslServer saslServer = null;
        SaslException saslException = null;
        try {
            saslServer = Sasl.createSaslServer(KerberosAuthenticationManager.GSSAPI_MECHANISM, "AMQP", str, (Map) null, new GssApiCallbackHandler());
        } catch (SaslException e) {
            saslException = e;
            LOGGER.warn("Creation of SASL server for mechanism '{}' failed.", KerberosAuthenticationManager.GSSAPI_MECHANISM, e);
        }
        this._exception = saslException;
        this._saslServer = saslServer;
    }

    @Override // org.apache.qpid.server.security.auth.sasl.AbstractSaslServerNegotiator
    protected Exception getSaslServerCreationException() {
        return this._exception;
    }

    @Override // org.apache.qpid.server.security.auth.sasl.AbstractSaslServerNegotiator
    protected SaslServer getSaslServer() {
        return this._saslServer;
    }

    @Override // org.apache.qpid.server.security.auth.sasl.AbstractSaslServerNegotiator
    protected AuthenticationProvider<?> getAuthenticationProvider() {
        return this._authenticationProvider;
    }

    @Override // org.apache.qpid.server.security.auth.sasl.SaslNegotiator
    public String getAttemptedAuthenticationId() {
        return null;
    }
}
