package org.apache.qpid.server.security.auth.manager;

import java.io.IOException;
import java.security.Principal;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.log4j.Logger;
import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal;
import org.apache.qpid.server.security.auth.sasl.plain.PlainPasswordCallback;

/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager.class */
public class SimpleLDAPAuthenticationManager implements AuthenticationManager {
    private static final String PLAIN_MECHANISM = "PLAIN";
    private static final String DEFAULT_LDAP_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    private String _providerSearchURL;
    private String _searchContext;
    private String _searchFilter;
    private String _providerAuthURL;
    private String _ldapContextFactory;
    private static final Logger _logger = Logger.getLogger(SimpleLDAPAuthenticationManager.class);
    public static final AuthenticationManagerPluginFactory<SimpleLDAPAuthenticationManager> FACTORY = new AuthenticationManagerPluginFactory<SimpleLDAPAuthenticationManager>() { // from class: org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager.1
        @Override // org.apache.qpid.server.plugins.PluginFactory
        public SimpleLDAPAuthenticationManager newInstance(ConfigurationPlugin configurationPlugin) throws ConfigurationException {
            SimpleLDAPAuthenticationManagerConfiguration simpleLDAPAuthenticationManagerConfiguration = configurationPlugin == null ? null : (SimpleLDAPAuthenticationManagerConfiguration) configurationPlugin.getConfiguration(SimpleLDAPAuthenticationManagerConfiguration.class.getName());
            if (simpleLDAPAuthenticationManagerConfiguration == null) {
                SimpleLDAPAuthenticationManager._logger.info("No authentication-manager configuration found for SimpleLDAPAuthenticationManager");
                return null;
            }
            SimpleLDAPAuthenticationManager simpleLDAPAuthenticationManager = new SimpleLDAPAuthenticationManager();
            simpleLDAPAuthenticationManager.configure(simpleLDAPAuthenticationManagerConfiguration);
            return simpleLDAPAuthenticationManager;
        }

        @Override // org.apache.qpid.server.plugins.PluginFactory
        public Class<SimpleLDAPAuthenticationManager> getPluginClass() {
            return SimpleLDAPAuthenticationManager.class;
        }

        @Override // org.apache.qpid.server.plugins.PluginFactory
        public String getPluginName() {
            return SimpleLDAPAuthenticationManager.class.getName();
        }
    };

    /* loaded from: input_file:org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager$PlainCallbackHandler.class */
    private class PlainCallbackHandler implements CallbackHandler {
        private PlainCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            String str = null;
            String str2 = null;
            AuthenticationResult authenticationResult = null;
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    try {
                        str = SimpleLDAPAuthenticationManager.this.getNameFromId(((NameCallback) callback).getDefaultName());
                    } catch (NamingException e) {
                        SimpleLDAPAuthenticationManager._logger.info("SASL Authentication Error", e);
                    }
                    if (str2 != null) {
                        try {
                            authenticationResult = SimpleLDAPAuthenticationManager.this.doLDAPNameAuthentication(str, str2);
                        } catch (NamingException e2) {
                            authenticationResult = new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, (Exception) e2);
                        }
                    }
                } else if (callback instanceof PlainPasswordCallback) {
                    str2 = ((PlainPasswordCallback) callback).getPlainPassword();
                    if (str != null) {
                        try {
                            authenticationResult = SimpleLDAPAuthenticationManager.this.doLDAPNameAuthentication(str, str2);
                            if (authenticationResult.getStatus() == AuthenticationResult.AuthenticationStatus.SUCCESS) {
                                ((PlainPasswordCallback) callback).setAuthenticated(true);
                            }
                        } catch (NamingException e3) {
                            authenticationResult = new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, (Exception) e3);
                        }
                    }
                } else {
                    if (!(callback instanceof AuthorizeCallback)) {
                        throw new UnsupportedCallbackException(callback);
                    }
                    ((AuthorizeCallback) callback).setAuthorized(authenticationResult != null && authenticationResult.getStatus() == AuthenticationResult.AuthenticationStatus.SUCCESS);
                }
            }
        }
    }

    /* loaded from: input_file:org/apache/qpid/server/security/auth/manager/SimpleLDAPAuthenticationManager$SimpleLDAPAuthenticationManagerConfiguration.class */
    public static class SimpleLDAPAuthenticationManagerConfiguration extends ConfigurationPlugin {
        public static final ConfigurationPluginFactory FACTORY = new ConfigurationPluginFactory() { // from class: org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager.SimpleLDAPAuthenticationManagerConfiguration.1
            @Override // org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory
            public List<String> getParentPaths() {
                return Arrays.asList("security.simple-ldap-auth-manager");
            }

            @Override // org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory
            public ConfigurationPlugin newInstance(String str, Configuration configuration) throws ConfigurationException {
                SimpleLDAPAuthenticationManagerConfiguration simpleLDAPAuthenticationManagerConfiguration = new SimpleLDAPAuthenticationManagerConfiguration();
                simpleLDAPAuthenticationManagerConfiguration.setConfiguration(str, configuration);
                return simpleLDAPAuthenticationManagerConfiguration;
            }
        };
        private static final String PROVIDER_URL = "provider-url";
        private static final String PROVIDER_SEARCH_URL = "provider-search-url";
        private static final String PROVIDER_AUTH_URL = "provider-auth-url";
        private static final String SEARCH_CONTEXT = "search-context";
        private static final String SEARCH_FILTER = "search-filter";
        private static final String LDAP_CONTEXT_FACTORY = "ldap-context-factory";

        @Override // org.apache.qpid.server.configuration.plugins.ConfigurationPlugin
        public String[] getElementsProcessed() {
            return new String[]{PROVIDER_URL, PROVIDER_SEARCH_URL, PROVIDER_AUTH_URL, SEARCH_CONTEXT, SEARCH_FILTER, LDAP_CONTEXT_FACTORY};
        }

        @Override // org.apache.qpid.server.configuration.plugins.ConfigurationPlugin
        public void validateConfiguration() throws ConfigurationException {
        }

        public String getLDAPContextFactory() {
            return getConfig().getString(LDAP_CONTEXT_FACTORY, SimpleLDAPAuthenticationManager.DEFAULT_LDAP_CONTEXT_FACTORY);
        }

        public String getProviderURL() {
            return getConfig().getString(PROVIDER_URL);
        }

        public String getProviderSearchURL() {
            return getConfig().getString(PROVIDER_SEARCH_URL, getProviderURL());
        }

        public String getSearchContext() {
            return getConfig().getString(SEARCH_CONTEXT);
        }

        public String getSearchFilter() {
            return getConfig().getString(SEARCH_FILTER);
        }

        public String getProviderAuthURL() {
            return getConfig().getString(PROVIDER_AUTH_URL, getProviderURL());
        }
    }

    private SimpleLDAPAuthenticationManager() {
    }

    @Override // org.apache.qpid.server.security.auth.manager.AuthenticationManager
    public void initialise() {
    }

    @Override // org.apache.qpid.server.security.auth.manager.AuthenticationManager
    public String getMechanisms() {
        return "PLAIN";
    }

    @Override // org.apache.qpid.server.security.auth.manager.AuthenticationManager
    public SaslServer createSaslServer(String str, String str2, Principal principal) throws SaslException {
        if ("PLAIN".equals(str)) {
            return Sasl.createSaslServer("PLAIN", "AMQP", str2, new HashMap(), new PlainCallbackHandler());
        }
        throw new SaslException("Unknown mechanism: " + str);
    }

    @Override // org.apache.qpid.server.security.auth.manager.AuthenticationManager
    public AuthenticationResult authenticate(SaslServer saslServer, byte[] bArr) {
        byte[] bArr2;
        if (bArr != null) {
            bArr2 = bArr;
        } else {
            try {
                bArr2 = new byte[0];
            } catch (SaslException e) {
                return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, (Exception) e);
            }
        }
        byte[] evaluateResponse = saslServer.evaluateResponse(bArr2);
        if (!saslServer.isComplete()) {
            return new AuthenticationResult(evaluateResponse, AuthenticationResult.AuthenticationStatus.CONTINUE);
        }
        Subject subject = new Subject();
        _logger.debug("Authenticated as " + saslServer.getAuthorizationID());
        subject.getPrincipals().add(new UsernamePrincipal(saslServer.getAuthorizationID()));
        return new AuthenticationResult(subject);
    }

    @Override // org.apache.qpid.server.security.auth.manager.AuthenticationManager
    public AuthenticationResult authenticate(String str, String str2) {
        try {
            return doLDAPNameAuthentication(getNameFromId(str), str2);
        } catch (NamingException e) {
            return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, (Exception) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AuthenticationResult doLDAPNameAuthentication(String str, String str2) throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", this._ldapContextFactory);
        hashtable.put("java.naming.provider.url", this._providerAuthURL);
        hashtable.put("java.naming.security.authentication", "simple");
        hashtable.put("java.naming.security.principal", str);
        hashtable.put("java.naming.security.credentials", str2);
        new InitialDirContext(hashtable).close();
        Subject subject = new Subject();
        subject.getPrincipals().add(new UsernamePrincipal(str));
        return new AuthenticationResult(subject);
    }

    public void close() {
    }

    @Override // org.apache.qpid.server.plugins.Plugin
    public void configure(ConfigurationPlugin configurationPlugin) throws ConfigurationException {
        SimpleLDAPAuthenticationManagerConfiguration simpleLDAPAuthenticationManagerConfiguration = (SimpleLDAPAuthenticationManagerConfiguration) configurationPlugin;
        this._ldapContextFactory = simpleLDAPAuthenticationManagerConfiguration.getLDAPContextFactory();
        this._providerSearchURL = simpleLDAPAuthenticationManagerConfiguration.getProviderSearchURL();
        this._providerAuthURL = simpleLDAPAuthenticationManagerConfiguration.getProviderAuthURL();
        this._searchContext = simpleLDAPAuthenticationManagerConfiguration.getSearchContext();
        this._searchFilter = simpleLDAPAuthenticationManagerConfiguration.getSearchFilter();
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", this._ldapContextFactory);
        hashtable.put("java.naming.provider.url", this._providerSearchURL);
        hashtable.put("java.naming.security.authentication", "none");
        try {
            new InitialDirContext(hashtable);
        } catch (NamingException e) {
            throw new ConfigurationException("Unable to establish anonymous connection to the ldap server at " + this._providerSearchURL, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getNameFromId(String str) throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", this._ldapContextFactory);
        hashtable.put("java.naming.provider.url", this._providerSearchURL);
        hashtable.put("java.naming.security.authentication", "none");
        InitialDirContext initialDirContext = new InitialDirContext(hashtable);
        try {
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(new String[0]);
            searchControls.setCountLimit(1L);
            searchControls.setSearchScope(2);
            String str2 = null;
            NamingEnumeration search = initialDirContext.search(this._searchContext, this._searchFilter, new String[]{str}, searchControls);
            if (search.hasMore()) {
                str2 = ((SearchResult) search.next()).getNameInNamespace();
            }
            return str2;
        } finally {
            initialDirContext.close();
        }
    }
}
