package org.wso2.broker.auth;

import java.security.Security;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.broker.auth.BrokerAuthConfiguration;
import org.wso2.broker.auth.authentication.sasl.BrokerSecurityProvider;
import org.wso2.broker.auth.authentication.sasl.SaslServerBuilder;
import org.wso2.broker.auth.authentication.sasl.plain.PlainSaslServerBuilder;
import org.wso2.broker.auth.user.UserStoreManager;
import org.wso2.broker.common.BrokerConfigProvider;
import org.wso2.broker.common.StartupContext;

/* loaded from: input_file:org/wso2/broker/auth/AuthManager.class */
public class AuthManager {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthManager.class);
    private Map<String, SaslServerBuilder> saslMechanisms = new HashMap();
    private BrokerAuthConfiguration brokerAuthConfiguration;
    private UserStoreManager userStoreManager;

    public AuthManager(StartupContext startupContext) throws Exception {
        this.brokerAuthConfiguration = (BrokerAuthConfiguration) ((BrokerConfigProvider) startupContext.getService(BrokerConfigProvider.class)).getConfigurationObject(BrokerAuthConfiguration.NAMESPACE, BrokerAuthConfiguration.class);
        startupContext.registerService(AuthManager.class, this);
        this.userStoreManager = (UserStoreManager) startupContext.getService(UserStoreManager.class);
    }

    public void start() {
        if (this.brokerAuthConfiguration.getAuthentication().isEnabled()) {
            String property = System.getProperty(BrokerAuthConstants.SYSTEM_PARAM_JAAS_CONFIG);
            BrokerAuthConfiguration.JaasConfiguration jaas = this.brokerAuthConfiguration.getAuthentication().getJaas();
            if (property == null || property.trim().isEmpty()) {
                Configuration.setConfiguration(createJaasConfig(jaas.getLoginModule(), this.userStoreManager, jaas.getOptions()));
            }
            registerSaslServers();
        }
    }

    public void stop() {
        LOGGER.info("Broker auth manager service stopped.");
    }

    private void registerSaslServers() {
        PlainSaslServerBuilder plainSaslServerBuilder = new PlainSaslServerBuilder();
        this.saslMechanisms.put(plainSaslServerBuilder.getMechanismName(), plainSaslServerBuilder);
        if (Security.insertProviderAt(new BrokerSecurityProvider(BrokerAuthConstants.PROVIDER_NAME, this.saslMechanisms), 1) == -1) {
            LOGGER.info("AMQ security authentication providers are already installed.");
        } else if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("AMQ security authentication mechanisms providers are successfully registered.");
        }
    }

    private static Configuration createJaasConfig(String str, UserStoreManager userStoreManager, Map<String, Object> map) {
        map.put(BrokerAuthConstants.USER_STORE_MANAGER_PROPERTY, userStoreManager);
        final AppConfigurationEntry[] appConfigurationEntryArr = {new AppConfigurationEntry(str, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, map)};
        return new Configuration() { // from class: org.wso2.broker.auth.AuthManager.1
            public AppConfigurationEntry[] getAppConfigurationEntry(String str2) {
                return appConfigurationEntryArr;
            }
        };
    }

    public SaslServer createSaslServer(String str, String str2) throws SaslException {
        SaslServerBuilder saslServerBuilder = this.saslMechanisms.get(str2);
        if (saslServerBuilder == null) {
            throw new SaslException("Server does not support for mechanism: " + str2);
        }
        SaslServer createSaslServer = Sasl.createSaslServer(str2, BrokerAuthConstants.AMQP_PROTOCOL_IDENTIFIER, str, saslServerBuilder.getProperties(), saslServerBuilder.getCallbackHandler());
        if (createSaslServer != null) {
            return createSaslServer;
        }
        throw new SaslException("Sasl server cannot be found for mechanism: " + str2);
    }

    public boolean isAuthenticationEnabled() {
        return this.brokerAuthConfiguration.getAuthentication().isEnabled();
    }
}
