package org.apache.qpid.jms.provider.amqp;

import java.util.function.Function;
import org.apache.qpid.jms.provider.exceptions.ProviderConnectionSecurityException;
import org.apache.qpid.jms.provider.exceptions.ProviderConnectionSecuritySaslException;
import org.apache.qpid.jms.sasl.Mechanism;
import org.apache.qpid.jms.sasl.SaslSecurityRuntimeException;
import org.apache.qpid.proton.engine.Sasl;
import org.apache.qpid.proton.engine.Transport;

/* loaded from: input_file:qpid-jms-client-0.45.0.redhat-00002.jar:org/apache/qpid/jms/provider/amqp/AmqpSaslAuthenticator.class */
public class AmqpSaslAuthenticator {
    private final Function<String[], Mechanism> mechanismFinder;
    private Mechanism mechanism;
    private boolean complete;
    private ProviderConnectionSecurityException failureCause;

    public AmqpSaslAuthenticator(Function<String[], Mechanism> function) {
        this.mechanismFinder = function;
    }

    public boolean isComplete() {
        return this.complete;
    }

    public ProviderConnectionSecurityException getFailureCause() {
        return this.failureCause;
    }

    public boolean wasSuccessful() throws IllegalStateException {
        if (this.complete) {
            return this.failureCause == null;
        }
        throw new IllegalStateException("Authentication has not completed yet.");
    }

    public void handleSaslMechanisms(Sasl sasl, Transport transport) {
        try {
            String[] remoteMechanisms = sasl.getRemoteMechanisms();
            if (remoteMechanisms != null && remoteMechanisms.length != 0) {
                try {
                    this.mechanism = this.mechanismFinder.apply(remoteMechanisms);
                    byte[] initialResponse = this.mechanism.getInitialResponse();
                    if (initialResponse != null) {
                        sasl.send(initialResponse, 0, initialResponse.length);
                    }
                    sasl.setMechanisms(this.mechanism.getName());
                } catch (SaslSecurityRuntimeException e) {
                    recordFailure("Could not find a suitable SASL mechanism. " + e.getMessage(), e);
                }
            }
        } catch (Throwable th) {
            recordFailure("Exception while processing SASL init: " + th.getMessage(), th);
        }
    }

    public void handleSaslChallenge(Sasl sasl, Transport transport) {
        try {
            if (sasl.pending() >= 0) {
                byte[] bArr = new byte[sasl.pending()];
                sasl.recv(bArr, 0, bArr.length);
                byte[] challengeResponse = this.mechanism.getChallengeResponse(bArr);
                if (challengeResponse != null) {
                    sasl.send(challengeResponse, 0, challengeResponse.length);
                }
            }
        } catch (Throwable th) {
            recordFailure("Exception while processing SASL step: " + th.getMessage(), th);
        }
    }

    public void handleSaslOutcome(Sasl sasl, Transport transport) {
        try {
            switch (sasl.getState()) {
                case PN_SASL_FAIL:
                    handleSaslFail(sasl);
                    break;
                case PN_SASL_PASS:
                    handleSaslCompletion(sasl);
                    break;
            }
        } catch (Throwable th) {
            recordFailure(th.getMessage(), th);
        }
    }

    private void handleSaslFail(Sasl sasl) {
        StringBuilder sb = new StringBuilder("Client failed to authenticate");
        if (this.mechanism != null) {
            sb.append(" using SASL: ").append(this.mechanism.getName());
            if (this.mechanism.getAdditionalFailureInformation() != null) {
                sb.append(" (").append(this.mechanism.getAdditionalFailureInformation()).append(")");
            }
        }
        Sasl.SaslOutcome outcome = sasl.getOutcome();
        if (outcome.equals(Sasl.SaslOutcome.PN_SASL_TEMP)) {
            sb.append(", due to temporary system error.");
        }
        recordFailure(sb.toString(), null, outcome.getCode());
    }

    private void handleSaslCompletion(Sasl sasl) {
        try {
            if (sasl.pending() != 0) {
                byte[] bArr = new byte[sasl.pending()];
                sasl.recv(bArr, 0, bArr.length);
                this.mechanism.getChallengeResponse(bArr);
            }
            this.mechanism.verifyCompletion();
            this.complete = true;
        } catch (Throwable th) {
            recordFailure("Exception while processing SASL exchange completion: " + th.getMessage(), th);
        }
    }

    private void recordFailure(String str, Throwable th) {
        recordFailure(str, th, Sasl.SaslOutcome.PN_SASL_NONE.getCode());
    }

    private void recordFailure(String str, Throwable th, int i) {
        this.failureCause = new ProviderConnectionSecuritySaslException(str, i, th);
        this.complete = true;
    }
}
