package org.apache.activemq.transport.amqp.client.sasl;

import java.lang.invoke.MethodHandles;
import java.util.ArrayList;
import java.util.Collections;
import javax.security.sasl.SaslException;
import org.apache.qpid.proton.engine.Sasl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/activemq/transport/amqp/client/sasl/SaslAuthenticator.class */
public class SaslAuthenticator {
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private final Sasl sasl;
    private final String username;
    private final String password;
    private final String authzid;
    private Mechanism mechanism;
    private String mechanismRestriction;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.activemq.transport.amqp.client.sasl.SaslAuthenticator$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/activemq/transport/amqp/client/sasl/SaslAuthenticator$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslState = new int[Sasl.SaslState.values().length];

        static {
            try {
                $SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslState[Sasl.SaslState.PN_SASL_IDLE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslState[Sasl.SaslState.PN_SASL_STEP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslState[Sasl.SaslState.PN_SASL_FAIL.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslState[Sasl.SaslState.PN_SASL_PASS.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public SaslAuthenticator(Sasl sasl, String str, String str2, String str3, String str4) {
        this.sasl = sasl;
        this.username = str;
        this.password = str2;
        this.authzid = str3;
        this.mechanismRestriction = str4;
    }

    public boolean authenticate() throws SecurityException {
        switch (AnonymousClass1.$SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslState[this.sasl.getState().ordinal()]) {
            case 1:
                handleSaslInit();
                return false;
            case 2:
                handleSaslStep();
                return false;
            case 3:
                handleSaslFail();
                return false;
            case 4:
                return true;
            default:
                return false;
        }
    }

    private void handleSaslInit() throws SecurityException {
        try {
            String[] remoteMechanisms = this.sasl.getRemoteMechanisms();
            if (remoteMechanisms != null && remoteMechanisms.length != 0) {
                this.mechanism = findMatchingMechanism(remoteMechanisms);
                if (this.mechanism == null) {
                    throw new SecurityException("Could not find a matching SASL mechanism for the remote peer.");
                }
                this.mechanism.setUsername(this.username);
                this.mechanism.setPassword(this.password);
                this.mechanism.setAuthzid(this.authzid);
                this.sasl.setMechanisms(new String[]{this.mechanism.getName()});
                byte[] initialResponse = this.mechanism.getInitialResponse();
                if (initialResponse != null && initialResponse.length != 0) {
                    this.sasl.send(initialResponse, 0, initialResponse.length);
                }
            }
        } catch (SaslException e) {
            SecurityException securityException = new SecurityException("Exception while processing SASL init.");
            securityException.initCause(e);
            throw securityException;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v28, types: [org.apache.activemq.transport.amqp.client.sasl.AnonymousMechanism] */
    /* JADX WARN: Type inference failed for: r0v33, types: [org.apache.activemq.transport.amqp.client.sasl.PlainMechanism] */
    private Mechanism findMatchingMechanism(String... strArr) {
        CramMD5Mechanism cramMD5Mechanism;
        Mechanism mechanism = null;
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            if (this.mechanismRestriction == null || this.mechanismRestriction.equals(str)) {
                if (str.equalsIgnoreCase(PlainMechanism.MECH_NAME)) {
                    cramMD5Mechanism = new PlainMechanism();
                } else if (str.equalsIgnoreCase("ANONYMOUS")) {
                    cramMD5Mechanism = new AnonymousMechanism();
                } else if (str.equalsIgnoreCase("CRAM-MD5")) {
                    cramMD5Mechanism = new CramMD5Mechanism();
                } else {
                    logger.debug("Unknown remote mechanism {}, skipping", str);
                }
                if (cramMD5Mechanism.isApplicable(this.username, this.password)) {
                    arrayList.add(cramMD5Mechanism);
                }
            } else {
                logger.debug("Skipping {} mechanism because it is not the configured mechanism restriction {}", str, this.mechanismRestriction);
            }
        }
        if (!arrayList.isEmpty()) {
            Collections.sort(arrayList);
            mechanism = (Mechanism) arrayList.get(arrayList.size() - 1);
        }
        logger.info("Best match for SASL auth was: {}", mechanism);
        return mechanism;
    }

    private void handleSaslStep() throws SecurityException {
        try {
            if (this.sasl.pending() != 0) {
                byte[] bArr = new byte[this.sasl.pending()];
                this.sasl.recv(bArr, 0, bArr.length);
                byte[] challengeResponse = this.mechanism.getChallengeResponse(bArr);
                this.sasl.send(challengeResponse, 0, challengeResponse.length);
            }
        } catch (SaslException e) {
            SecurityException securityException = new SecurityException("Exception while processing SASL step.");
            securityException.initCause(e);
            throw securityException;
        }
    }

    private void handleSaslFail() throws SecurityException {
        throw new SecurityException("Client failed to authenticate");
    }
}
