package org.apache.qpid.server.security.auth.manager;

import java.io.IOException;
import java.security.Principal;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.log4j.Logger;
import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal;

/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager.class */
public class KerberosAuthenticationManager implements AuthenticationManager {
    private static final String GSSAPI_MECHANISM = "GSSAPI";
    private final CallbackHandler _callbackHandler;
    private static final Logger _logger = Logger.getLogger(KerberosAuthenticationManager.class);
    public static final AuthenticationManagerPluginFactory<KerberosAuthenticationManager> FACTORY = new AuthenticationManagerPluginFactory<KerberosAuthenticationManager>() { // from class: org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManager.1
        @Override // org.apache.qpid.server.plugins.PluginFactory
        public KerberosAuthenticationManager newInstance(ConfigurationPlugin configurationPlugin) throws ConfigurationException {
            KerberosAuthenticationManagerConfiguration kerberosAuthenticationManagerConfiguration = configurationPlugin == null ? null : (KerberosAuthenticationManagerConfiguration) configurationPlugin.getConfiguration(KerberosAuthenticationManagerConfiguration.class.getName());
            if (kerberosAuthenticationManagerConfiguration == null) {
                KerberosAuthenticationManager._logger.info("No authentication-manager configuration found for KerberosAuthenticationManager");
                return null;
            }
            KerberosAuthenticationManager kerberosAuthenticationManager = new KerberosAuthenticationManager();
            kerberosAuthenticationManager.configure(kerberosAuthenticationManagerConfiguration);
            return kerberosAuthenticationManager;
        }

        @Override // org.apache.qpid.server.plugins.PluginFactory
        public Class<KerberosAuthenticationManager> getPluginClass() {
            return KerberosAuthenticationManager.class;
        }

        @Override // org.apache.qpid.server.plugins.PluginFactory
        public String getPluginName() {
            return KerberosAuthenticationManager.class.getName();
        }
    };

    /* loaded from: input_file:org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager$GssApiCallbackHandler.class */
    private static class GssApiCallbackHandler implements CallbackHandler {
        private GssApiCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (!(callback instanceof AuthorizeCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                ((AuthorizeCallback) callback).setAuthorized(true);
            }
        }
    }

    /* loaded from: input_file:org/apache/qpid/server/security/auth/manager/KerberosAuthenticationManager$KerberosAuthenticationManagerConfiguration.class */
    public static class KerberosAuthenticationManagerConfiguration extends ConfigurationPlugin {
        public static final ConfigurationPluginFactory FACTORY = new ConfigurationPluginFactory() { // from class: org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManager.KerberosAuthenticationManagerConfiguration.1
            @Override // org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory
            public List<String> getParentPaths() {
                return Arrays.asList("security.kerberos-auth-manager");
            }

            @Override // org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory
            public ConfigurationPlugin newInstance(String str, Configuration configuration) throws ConfigurationException {
                KerberosAuthenticationManagerConfiguration kerberosAuthenticationManagerConfiguration = new KerberosAuthenticationManagerConfiguration();
                kerberosAuthenticationManagerConfiguration.setConfiguration(str, configuration);
                return kerberosAuthenticationManagerConfiguration;
            }
        };

        @Override // org.apache.qpid.server.configuration.plugins.ConfigurationPlugin
        public String[] getElementsProcessed() {
            return new String[0];
        }

        @Override // org.apache.qpid.server.configuration.plugins.ConfigurationPlugin
        public void validateConfiguration() throws ConfigurationException {
        }
    }

    private KerberosAuthenticationManager() {
        this._callbackHandler = new GssApiCallbackHandler();
    }

    @Override // org.apache.qpid.server.security.auth.manager.AuthenticationManager
    public void initialise() {
    }

    @Override // org.apache.qpid.server.security.auth.manager.AuthenticationManager
    public String getMechanisms() {
        return GSSAPI_MECHANISM;
    }

    @Override // org.apache.qpid.server.security.auth.manager.AuthenticationManager
    public SaslServer createSaslServer(String str, String str2, Principal principal) throws SaslException {
        if (!GSSAPI_MECHANISM.equals(str)) {
            throw new SaslException("Unknown mechanism: " + str);
        }
        try {
            return Sasl.createSaslServer(GSSAPI_MECHANISM, "AMQP", str2, new HashMap(), this._callbackHandler);
        } catch (SaslException e) {
            e.printStackTrace(System.err);
            throw e;
        }
    }

    @Override // org.apache.qpid.server.security.auth.manager.AuthenticationManager
    public AuthenticationResult authenticate(SaslServer saslServer, byte[] bArr) {
        byte[] bArr2;
        if (bArr != null) {
            bArr2 = bArr;
        } else {
            try {
                bArr2 = new byte[0];
            } catch (SaslException e) {
                e.printStackTrace(System.err);
                return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, (Exception) e);
            }
        }
        byte[] evaluateResponse = saslServer.evaluateResponse(bArr2);
        if (!saslServer.isComplete()) {
            return new AuthenticationResult(evaluateResponse, AuthenticationResult.AuthenticationStatus.CONTINUE);
        }
        Subject subject = new Subject();
        _logger.debug("Authenticated as " + saslServer.getAuthorizationID());
        subject.getPrincipals().add(new UsernamePrincipal(saslServer.getAuthorizationID()));
        return new AuthenticationResult(subject);
    }

    @Override // org.apache.qpid.server.security.auth.manager.AuthenticationManager
    public AuthenticationResult authenticate(String str, String str2) {
        return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR);
    }

    public void close() {
    }

    @Override // org.apache.qpid.server.plugins.Plugin
    public void configure(ConfigurationPlugin configurationPlugin) throws ConfigurationException {
    }
}
