package org.apache.qpid.server.security.auth;

import java.lang.reflect.Method;
import java.security.Security;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
import org.apache.commons.configuration.Configuration;
import org.apache.log4j.Logger;
import org.apache.qpid.configuration.PropertyUtils;
import org.apache.qpid.server.registry.ApplicationRegistry;
import org.apache.qpid.server.security.auth.AuthenticationResult;

/* loaded from: input_file:org/apache/qpid/server/security/auth/SASLAuthenticationManager.class */
public class SASLAuthenticationManager implements AuthenticationManager {
    private static final Logger _log = Logger.getLogger(SASLAuthenticationManager.class);
    private String _mechanisms;
    private Map<String, CallbackHandler> _callbackHandlerMap = new HashMap();
    private Map<String, Map<String, ?>> _serverCreationProperties = new HashMap();

    public SASLAuthenticationManager() throws Exception {
        _log.info("Initialising SASL authentication manager");
        initialiseAuthenticationMechanisms(initialisePrincipalDatabases());
    }

    private Map<String, PrincipalDatabase> initialisePrincipalDatabases() throws Exception {
        Configuration configuration = ApplicationRegistry.getInstance().getConfiguration();
        List list = configuration.getList("security.principal-databases.principal-database.name");
        List list2 = configuration.getList("security.principal-databases.principal-database.class");
        HashMap hashMap = new HashMap();
        for (int i = 0; i < list.size(); i++) {
            try {
                Object newInstance = Class.forName((String) list2.get(i)).newInstance();
                if (!(newInstance instanceof PrincipalDatabase)) {
                    throw new Exception("Principal databases must implement the PrincipalDatabase interface");
                }
                initialisePrincipalDatabase((PrincipalDatabase) newInstance, configuration, i);
                String str = (String) list.get(i);
                if (str == null || str.length() == 0) {
                    throw new Exception("Principal database names must have length greater than or equal to one character");
                }
                if (((PrincipalDatabase) hashMap.get(str)) != null) {
                    throw new Exception("Duplicate principal database name provided");
                }
                _log.info("Initialised principal database " + str + " successfully");
                hashMap.put(str, (PrincipalDatabase) newInstance);
            } catch (Exception e) {
                throw new Exception("Error initialising principal database: " + e, e);
            }
        }
        return hashMap;
    }

    private void initialisePrincipalDatabase(PrincipalDatabase principalDatabase, Configuration configuration, int i) throws Exception {
        String str = "security.principal-databases.principal-database(" + i + ").attributes.attribute.";
        List list = configuration.getList(str + "name");
        List list2 = configuration.getList(str + "value");
        for (int i2 = 0; i2 < list.size(); i2++) {
            String str2 = (String) list.get(i2);
            if (str2 == null || str2.length() == 0) {
                throw new Exception("Argument names must have length >= 1 character");
            }
            if (Character.isLowerCase(str2.charAt(0))) {
                str2 = Character.toUpperCase(str2.charAt(0)) + str2.substring(1);
            }
            String str3 = "set" + str2;
            Method method = principalDatabase.getClass().getMethod(str3, String.class);
            if (method == null) {
                throw new Exception("No method " + str3 + " found in class " + principalDatabase.getClass() + " hence unable to configure principal database. The method must be public and have a single String argument with a void return type");
            }
            method.invoke(principalDatabase, PropertyUtils.replaceProperties((String) list2.get(i2)));
        }
    }

    private void initialiseAuthenticationMechanisms(Map<String, PrincipalDatabase> map) throws Exception {
        Configuration configuration = ApplicationRegistry.getInstance().getConfiguration();
        List list = configuration.getList("security.sasl.mechanisms.mechanism.initialiser.class");
        TreeMap treeMap = new TreeMap();
        for (int i = 0; i < list.size(); i++) {
            String str = "security.sasl.mechanisms.mechanism(" + i + ").initialiser";
            initialiseAuthenticationMechanism(str, configuration.getString(str + ".class"), map, configuration, treeMap);
        }
        if (treeMap.size() > 0) {
            Security.addProvider(new JCAProvider(treeMap));
        }
    }

    private void initialiseAuthenticationMechanism(String str, String str2, Map<String, PrincipalDatabase> map, Configuration configuration, Map<String, Class<? extends SaslServerFactory>> map2) throws Exception {
        Object newInstance = Class.forName(str2).newInstance();
        if (!(newInstance instanceof AuthenticationProviderInitialiser)) {
            throw new Exception("The class " + str2 + " must be an instance of " + AuthenticationProviderInitialiser.class);
        }
        AuthenticationProviderInitialiser authenticationProviderInitialiser = (AuthenticationProviderInitialiser) newInstance;
        authenticationProviderInitialiser.initialise(str, configuration, map);
        String mechanismName = authenticationProviderInitialiser.getMechanismName();
        if (this._mechanisms == null) {
            this._mechanisms = mechanismName;
        } else {
            this._mechanisms += " " + mechanismName;
        }
        this._callbackHandlerMap.put(mechanismName, authenticationProviderInitialiser.getCallbackHandler());
        this._serverCreationProperties.put(mechanismName, authenticationProviderInitialiser.getProperties());
        Class<? extends SaslServerFactory> serverFactoryClassForJCARegistration = authenticationProviderInitialiser.getServerFactoryClassForJCARegistration();
        if (serverFactoryClassForJCARegistration != null) {
            map2.put(mechanismName, serverFactoryClassForJCARegistration);
        }
        _log.info("Initialised " + mechanismName + " SASL provider successfully");
    }

    @Override // org.apache.qpid.server.security.auth.AuthenticationManager
    public String getMechanisms() {
        return this._mechanisms;
    }

    @Override // org.apache.qpid.server.security.auth.AuthenticationManager
    public SaslServer createSaslServer(String str, String str2) throws SaslException {
        return Sasl.createSaslServer(str, "AMQP", str2, this._serverCreationProperties.get(str), this._callbackHandlerMap.get(str));
    }

    @Override // org.apache.qpid.server.security.auth.AuthenticationManager
    public AuthenticationResult authenticate(SaslServer saslServer, byte[] bArr) {
        byte[] bArr2;
        if (bArr != null) {
            bArr2 = bArr;
        } else {
            try {
                bArr2 = new byte[0];
            } catch (SaslException e) {
                return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR);
            }
        }
        byte[] evaluateResponse = saslServer.evaluateResponse(bArr2);
        return saslServer.isComplete() ? new AuthenticationResult(evaluateResponse, AuthenticationResult.AuthenticationStatus.SUCCESS) : new AuthenticationResult(evaluateResponse, AuthenticationResult.AuthenticationStatus.CONTINUE);
    }
}
