package org.apache.qpid.server.security.auth.sasl.crammd5;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.PasswordCredentialManagingAuthenticationProvider;
import org.apache.qpid.server.security.auth.sasl.AbstractSaslServerNegotiator;
import org.apache.qpid.server.security.auth.sasl.PasswordSource;
import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/qpid/server/security/auth/sasl/crammd5/AbstractCramMd5Negotiator.class */
public class AbstractCramMd5Negotiator extends AbstractSaslServerNegotiator implements SaslNegotiator {
    protected static final PasswordTransformer PLAIN_PASSWORD_TRANSFORMER = new PasswordTransformer() { // from class: org.apache.qpid.server.security.auth.sasl.crammd5.AbstractCramMd5Negotiator.1
        @Override // org.apache.qpid.server.security.auth.sasl.crammd5.AbstractCramMd5Negotiator.PasswordTransformer
        public char[] transform(char[] cArr) {
            return cArr;
        }
    };
    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractCramMd5Negotiator.class);
    private final SaslServer _saslServer;
    private final SaslException _exception;
    private final PasswordCredentialManagingAuthenticationProvider<?> _authenticationProvider;
    private volatile String _username;

    /* loaded from: input_file:org/apache/qpid/server/security/auth/sasl/crammd5/AbstractCramMd5Negotiator$PasswordTransformer.class */
    interface PasswordTransformer {
        char[] transform(char[] cArr);
    }

    /* loaded from: input_file:org/apache/qpid/server/security/auth/sasl/crammd5/AbstractCramMd5Negotiator$ServerCallbackHandler.class */
    private class ServerCallbackHandler implements CallbackHandler {
        private final PasswordSource _passwordSource;
        private final PasswordTransformer _passwordTransformer;

        private ServerCallbackHandler(PasswordSource passwordSource, PasswordTransformer passwordTransformer) {
            this._passwordTransformer = passwordTransformer;
            this._passwordSource = passwordSource;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            ArrayList<AuthorizeCallback> arrayList = new ArrayList(Arrays.asList(callbackArr));
            Iterator it = arrayList.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                NameCallback nameCallback = (Callback) it.next();
                if (nameCallback instanceof NameCallback) {
                    AbstractCramMd5Negotiator.this._username = nameCallback.getDefaultName();
                    it.remove();
                    break;
                }
            }
            if (AbstractCramMd5Negotiator.this._username != null) {
                Iterator it2 = arrayList.iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    Callback callback = (Callback) it2.next();
                    if (callback instanceof PasswordCallback) {
                        it2.remove();
                        char[] password = this._passwordSource.getPassword(AbstractCramMd5Negotiator.this._username);
                        if (password != null) {
                            ((PasswordCallback) callback).setPassword(this._passwordTransformer.transform(password));
                        } else {
                            ((PasswordCallback) callback).setPassword(null);
                        }
                    }
                }
            }
            for (AuthorizeCallback authorizeCallback : arrayList) {
                if (!(authorizeCallback instanceof AuthorizeCallback)) {
                    throw new UnsupportedCallbackException(authorizeCallback);
                }
                authorizeCallback.setAuthorized(true);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AbstractCramMd5Negotiator(PasswordCredentialManagingAuthenticationProvider<?> passwordCredentialManagingAuthenticationProvider, String str, PasswordSource passwordSource, PasswordTransformer passwordTransformer) {
        this._authenticationProvider = passwordCredentialManagingAuthenticationProvider;
        SaslServer saslServer = null;
        SaslException saslException = null;
        try {
            saslServer = Sasl.createSaslServer(CramMd5Negotiator.MECHANISM, "AMQP", str, (Map) null, new ServerCallbackHandler(passwordSource, passwordTransformer));
        } catch (SaslException e) {
            saslException = e;
            LOGGER.warn("Creation of SASL server for mechanism '{}' failed.", CramMd5Negotiator.MECHANISM, e);
        }
        this._saslServer = saslServer;
        this._exception = saslException;
    }

    @Override // org.apache.qpid.server.security.auth.sasl.AbstractSaslServerNegotiator
    protected Exception getSaslServerCreationException() {
        return this._exception;
    }

    @Override // org.apache.qpid.server.security.auth.sasl.AbstractSaslServerNegotiator
    protected SaslServer getSaslServer() {
        return this._saslServer;
    }

    @Override // org.apache.qpid.server.security.auth.sasl.AbstractSaslServerNegotiator
    protected AuthenticationProvider<?> getAuthenticationProvider() {
        return this._authenticationProvider;
    }

    @Override // org.apache.qpid.server.security.auth.sasl.SaslNegotiator
    public String getAttemptedAuthenticationId() {
        return this._username;
    }
}
