package org.apache.qpid.server.security.auth.manager;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.login.AccountNotFoundException;
import org.apache.qpid.server.model.Container;
import org.apache.qpid.server.model.ManagedObject;
import org.apache.qpid.server.model.NamedAddressSpace;
import org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.UsernamePrincipal;
import org.apache.qpid.server.security.auth.sasl.PasswordSource;
import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
import org.apache.qpid.server.security.auth.sasl.SaslSettings;
import org.apache.qpid.server.security.auth.sasl.crammd5.CramMd5Negotiator;
import org.apache.qpid.server.security.auth.sasl.plain.PlainNegotiator;
import org.apache.qpid.server.security.auth.sasl.scram.ScramNegotiator;
import org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServerSourceAdapter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ManagedObject(category = false, type = "Simple", register = false)
/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/SimpleAuthenticationManager.class */
public class SimpleAuthenticationManager extends AbstractAuthenticationManager<SimpleAuthenticationManager> implements PasswordCredentialManagingAuthenticationProvider<SimpleAuthenticationManager> {
    private static final Logger LOGGER = LoggerFactory.getLogger(SimpleAuthenticationManager.class);
    private static final String PLAIN_MECHANISM = "PLAIN";
    private static final String CRAM_MD5_MECHANISM = "CRAM-MD5";
    private static final String SCRAM_SHA1_MECHANISM = "SCRAM-SHA-1";
    private static final String SCRAM_SHA256_MECHANISM = "SCRAM-SHA-256";
    private final Map<String, String> _users;
    private volatile ScramSaslServerSourceAdapter _scramSha1Adapter;
    private volatile ScramSaslServerSourceAdapter _scramSha256Adapter;

    public SimpleAuthenticationManager(Map<String, Object> map, Container<?> container) {
        super(map, container);
        this._users = Collections.synchronizedMap(new HashMap());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void postResolveChildren() {
        super.postResolveChildren();
        PasswordSource passwordSource = getPasswordSource();
        int intValue = ((Integer) getContextValue(Integer.class, AbstractScramAuthenticationManager.QPID_AUTHMANAGER_SCRAM_ITERATION_COUNT)).intValue();
        this._scramSha1Adapter = new ScramSaslServerSourceAdapter(intValue, ScramSHA1AuthenticationManager.HMAC_NAME, ScramSHA1AuthenticationManager.DIGEST_NAME, passwordSource);
        this._scramSha256Adapter = new ScramSaslServerSourceAdapter(intValue, ScramSHA256AuthenticationManager.HMAC_NAME, ScramSHA256AuthenticationManager.DIGEST_NAME, passwordSource);
    }

    public void addUser(String str, String str2) {
        createUser(str, str2, Collections.EMPTY_MAP);
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public List<String> getMechanisms() {
        return Collections.unmodifiableList(Arrays.asList("PLAIN", "CRAM-MD5", "SCRAM-SHA-1", "SCRAM-SHA-256"));
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public SaslNegotiator createSaslNegotiator(String str, SaslSettings saslSettings, NamedAddressSpace namedAddressSpace) {
        if ("PLAIN".equals(str)) {
            return new PlainNegotiator(this);
        }
        if ("CRAM-MD5".equals(str)) {
            return new CramMd5Negotiator(this, saslSettings.getLocalFQDN(), getPasswordSource());
        }
        if ("SCRAM-SHA-1".equals(str)) {
            return new ScramNegotiator(this, this._scramSha1Adapter, "SCRAM-SHA-1");
        }
        if ("SCRAM-SHA-256".equals(str)) {
            return new ScramNegotiator(this, this._scramSha256Adapter, "SCRAM-SHA-256");
        }
        return null;
    }

    @Override // org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider
    public AuthenticationResult authenticate(String str, String str2) {
        return (this._users.containsKey(str) && this._users.get(str).equals(str2)) ? new AuthenticationResult(new UsernamePrincipal(str, this)) : new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR);
    }

    @Override // org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider
    public boolean createUser(String str, String str2, Map<String, String> map) {
        this._users.put(str, str2);
        return true;
    }

    @Override // org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider
    public void deleteUser(String str) throws AccountNotFoundException {
        if (this._users.remove(str) == null) {
            throw new AccountNotFoundException("No such user: '" + str + "'");
        }
    }

    @Override // org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider
    public void setPassword(String str, String str2) throws AccountNotFoundException {
        if (!this._users.containsKey(str)) {
            throw new AccountNotFoundException("No such user: '" + str + "'");
        }
        this._users.put(str, str2);
    }

    @Override // org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider
    public Map<String, Map<String, String>> getUsers() {
        HashMap hashMap = new HashMap();
        Iterator<String> it = this._users.keySet().iterator();
        while (it.hasNext()) {
            hashMap.put(it.next(), Collections.EMPTY_MAP);
        }
        return hashMap;
    }

    @Override // org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider
    public void reload() {
    }

    private PasswordSource getPasswordSource() {
        return new PasswordSource() { // from class: org.apache.qpid.server.security.auth.manager.SimpleAuthenticationManager.1
            @Override // org.apache.qpid.server.security.auth.sasl.PasswordSource
            public char[] getPassword(String str) {
                String str2 = (String) SimpleAuthenticationManager.this._users.get(str);
                if (str2 == null) {
                    return null;
                }
                return str2.toCharArray();
            }
        };
    }
}
