package org.apache.qpid.server.security;

import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.qpid.server.logging.messages.AuthenticationProviderMessages;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.GroupProvider;
import org.apache.qpid.server.model.NamedAddressSpace;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
import org.apache.qpid.server.security.auth.sasl.SaslNegotiator;
import org.apache.qpid.server.security.auth.sasl.SaslSettings;

/* loaded from: input_file:org/apache/qpid/server/security/SubjectCreator.class */
public class SubjectCreator {
    private final NamedAddressSpace _addressSpace;
    private final AuthenticationProvider<?> _authenticationProvider;
    private final Collection<GroupProvider<?>> _groupProviders;

    public SubjectCreator(AuthenticationProvider<?> authenticationProvider, Collection<GroupProvider<?>> collection, NamedAddressSpace namedAddressSpace) {
        this._authenticationProvider = authenticationProvider;
        this._groupProviders = collection;
        this._addressSpace = namedAddressSpace;
    }

    public AuthenticationProvider<?> getAuthenticationProvider() {
        return this._authenticationProvider;
    }

    public SaslNegotiator createSaslNegotiator(String str, SaslSettings saslSettings) {
        return this._authenticationProvider.createSaslNegotiator(str, saslSettings, this._addressSpace);
    }

    public SubjectAuthenticationResult authenticate(SaslNegotiator saslNegotiator, byte[] bArr) {
        AuthenticationResult handleResponse = saslNegotiator.handleResponse(bArr);
        if (handleResponse.getStatus() == AuthenticationResult.AuthenticationStatus.SUCCESS) {
            return createResultWithGroups(handleResponse);
        }
        if (handleResponse.getStatus() == AuthenticationResult.AuthenticationStatus.ERROR) {
            String attemptedAuthenticationId = saslNegotiator.getAttemptedAuthenticationId();
            this._authenticationProvider.getEventLogger().message(AuthenticationProviderMessages.AUTHENTICATION_FAILED(attemptedAuthenticationId, attemptedAuthenticationId != null));
        }
        return new SubjectAuthenticationResult(handleResponse);
    }

    public SubjectAuthenticationResult createResultWithGroups(AuthenticationResult authenticationResult) {
        if (authenticationResult.getStatus() != AuthenticationResult.AuthenticationStatus.SUCCESS) {
            return new SubjectAuthenticationResult(authenticationResult);
        }
        Subject subject = new Subject();
        subject.getPrincipals().addAll(authenticationResult.getPrincipals());
        subject.getPrincipals().addAll(getGroupPrincipals(authenticationResult.getMainPrincipal()));
        subject.setReadOnly();
        return new SubjectAuthenticationResult(authenticationResult, subject);
    }

    public Subject createSubjectWithGroups(Principal principal) {
        Subject subject = new Subject();
        subject.getPrincipals().add(principal);
        subject.getPrincipals().addAll(getGroupPrincipals(principal));
        subject.setReadOnly();
        return subject;
    }

    Set<Principal> getGroupPrincipals(Principal principal) {
        HashSet hashSet = new HashSet();
        Iterator<GroupProvider<?>> it = this._groupProviders.iterator();
        while (it.hasNext()) {
            Set<Principal> groupPrincipalsForUser = it.next().getGroupPrincipalsForUser(principal);
            if (groupPrincipalsForUser != null) {
                hashSet.addAll(groupPrincipalsForUser);
            }
        }
        return Collections.unmodifiableSet(hashSet);
    }
}
