package org.apache.activemq.transport.amqp.sasl;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Set;
import org.apache.activemq.broker.BrokerService;
import org.apache.activemq.command.ConnectionInfo;
import org.apache.activemq.security.AuthenticationBroker;
import org.apache.activemq.security.SecurityContext;
import org.apache.activemq.transport.amqp.AmqpTransport;
import org.apache.qpid.proton.engine.Sasl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:activemq-amqp-5.11.0.redhat-630329-04.jar:org/apache/activemq/transport/amqp/sasl/AmqpAuthenticator.class */
public class AmqpAuthenticator {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AmqpAuthenticator.class);
    private static final String[] mechanisms = {"PLAIN", "ANONYMOUS"};
    private final BrokerService brokerService;
    private final AmqpTransport transport;
    private final Sasl sasl;
    private AuthenticationBroker authenticator;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:activemq-amqp-5.11.0.redhat-630329-04.jar:org/apache/activemq/transport/amqp/sasl/AmqpAuthenticator$DefaultAuthenticationBroker.class */
    public class DefaultAuthenticationBroker implements AuthenticationBroker {
        private DefaultAuthenticationBroker() {
        }

        @Override // org.apache.activemq.security.AuthenticationBroker
        public SecurityContext authenticate(String str, String str2, X509Certificate[] x509CertificateArr) throws SecurityException {
            return new SecurityContext(str) { // from class: org.apache.activemq.transport.amqp.sasl.AmqpAuthenticator.DefaultAuthenticationBroker.1
                @Override // org.apache.activemq.security.SecurityContext
                public Set<Principal> getPrincipals() {
                    return null;
                }
            };
        }
    }

    public AmqpAuthenticator(AmqpTransport amqpTransport, Sasl sasl, BrokerService brokerService) {
        this.brokerService = brokerService;
        this.transport = amqpTransport;
        this.sasl = sasl;
        sasl.setMechanisms(mechanisms);
        sasl.server();
    }

    public boolean isDone() {
        return this.sasl.getOutcome() != Sasl.SaslOutcome.PN_SASL_NONE;
    }

    public String[] getSupportedMechanisms() {
        return mechanisms;
    }

    public void processSaslExchange(ConnectionInfo connectionInfo) {
        if (this.sasl.getRemoteMechanisms().length > 0) {
            SaslMechanism saslMechanism = getSaslMechanism(this.sasl.getRemoteMechanisms());
            if (saslMechanism == null) {
                LOG.info("SASL: could not find supported mechanism");
                this.sasl.done(Sasl.SaslOutcome.PN_SASL_PERM);
                return;
            }
            LOG.debug("SASL [{}} Handshake started.", saslMechanism.getMechanismName());
            saslMechanism.processSaslStep(this.sasl);
            if (saslMechanism.isFailed()) {
                LOG.debug("SASL [{}} Handshake failed: {}", saslMechanism.getMechanismName(), saslMechanism.getFailureReason());
                this.sasl.done(Sasl.SaslOutcome.PN_SASL_AUTH);
                return;
            }
            connectionInfo.setUserName(saslMechanism.getUsername());
            connectionInfo.setPassword(saslMechanism.getPassword());
            if (tryAuthenticate(connectionInfo, this.transport.getPeerCertificates())) {
                this.sasl.done(Sasl.SaslOutcome.PN_SASL_OK);
            } else {
                this.sasl.done(Sasl.SaslOutcome.PN_SASL_AUTH);
            }
            LOG.debug("SASL [{}} Handshake complete.", saslMechanism.getMechanismName());
        }
    }

    private SaslMechanism getSaslMechanism(String[] strArr) {
        String str = strArr[0];
        if (str.equalsIgnoreCase("PLAIN")) {
            return new PlainMechanism();
        }
        if (str.equalsIgnoreCase("ANONYMOUS")) {
            return new AnonymousMechanism();
        }
        return null;
    }

    private boolean tryAuthenticate(ConnectionInfo connectionInfo, X509Certificate[] x509CertificateArr) {
        try {
            return getAuthenticator().authenticate(connectionInfo.getUserName(), connectionInfo.getPassword(), x509CertificateArr) != null;
        } catch (Throwable th) {
            return false;
        }
    }

    private AuthenticationBroker getAuthenticator() {
        if (this.authenticator == null) {
            try {
                this.authenticator = (AuthenticationBroker) this.brokerService.getBroker().getAdaptor(AuthenticationBroker.class);
            } catch (Exception e) {
                LOG.debug("Failed to lookup AuthenticationBroker from Broker, will use a default Noop version.");
            }
            if (this.authenticator == null) {
                this.authenticator = new DefaultAuthenticationBroker();
            }
        }
        return this.authenticator;
    }
}
