package org.apache.qpid.server.security;

import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.qpid.server.model.GroupProvider;
import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager;
import org.apache.qpid.server.security.auth.manager.AuthenticationManager;
import org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManager;

/* loaded from: input_file:org/apache/qpid/server/security/SubjectCreator.class */
public class SubjectCreator {
    private AuthenticationManager _authenticationManager;
    private Collection<GroupProvider> _groupProviders;

    public SubjectCreator(AuthenticationManager authenticationManager, Collection<GroupProvider> collection) {
        this._authenticationManager = authenticationManager;
        this._groupProviders = collection;
    }

    public String getMechanisms() {
        return this._authenticationManager.getMechanisms();
    }

    public SaslServer createSaslServer(String str, String str2, Principal principal) throws SaslException {
        return this._authenticationManager.createSaslServer(str, str2, principal);
    }

    public SubjectAuthenticationResult authenticate(SaslServer saslServer, byte[] bArr) {
        AuthenticationResult authenticate = this._authenticationManager.authenticate(saslServer, bArr);
        return saslServer.isComplete() ? createResultWithGroups(saslServer.getAuthorizationID(), authenticate) : new SubjectAuthenticationResult(authenticate);
    }

    public SubjectAuthenticationResult authenticate(String str, String str2) {
        return createResultWithGroups(str, this._authenticationManager.authenticate(str, str2));
    }

    private SubjectAuthenticationResult createResultWithGroups(String str, AuthenticationResult authenticationResult) {
        if (authenticationResult.getStatus() != AuthenticationResult.AuthenticationStatus.SUCCESS) {
            return new SubjectAuthenticationResult(authenticationResult);
        }
        Subject subject = new Subject();
        subject.getPrincipals().addAll(authenticationResult.getPrincipals());
        subject.getPrincipals().addAll(getGroupPrincipals(str));
        subject.setReadOnly();
        return new SubjectAuthenticationResult(authenticationResult, subject);
    }

    public Subject createSubjectWithGroups(Principal principal) {
        Subject subject = new Subject();
        subject.getPrincipals().add(principal);
        subject.getPrincipals().addAll(getGroupPrincipals(principal.getName()));
        subject.setReadOnly();
        return subject;
    }

    public Subject createSubjectWithGroups(String str) {
        Subject subject = new Subject();
        subject.getPrincipals().add(new AuthenticatedPrincipal(str));
        subject.getPrincipals().addAll(getGroupPrincipals(str));
        subject.setReadOnly();
        return subject;
    }

    public Set<Principal> getGroupPrincipals(String str) {
        HashSet hashSet = new HashSet();
        Iterator<GroupProvider> it = this._groupProviders.iterator();
        while (it.hasNext()) {
            Set<Principal> groupPrincipalsForUser = it.next().getGroupPrincipalsForUser(str);
            if (groupPrincipalsForUser != null) {
                hashSet.addAll(groupPrincipalsForUser);
            }
        }
        return Collections.unmodifiableSet(hashSet);
    }

    public boolean isAnonymousAuthenticationAllowed() {
        return this._authenticationManager instanceof AnonymousAuthenticationManager;
    }

    public boolean isExternalAuthenticationAllowed() {
        return this._authenticationManager instanceof ExternalAuthenticationManager;
    }
}
