package org.apache.qpid.server.security.auth.manager;

import java.lang.reflect.InvocationTargetException;
import java.security.Principal;
import java.security.Security;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.log4j.Logger;
import org.apache.qpid.configuration.PropertyException;
import org.apache.qpid.configuration.PropertyUtils;
import org.apache.qpid.server.configuration.plugins.ConfigurationPlugin;
import org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.database.PrincipalDatabase;
import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser;
import org.apache.qpid.server.security.auth.sasl.JCAProvider;
import org.apache.qpid.server.security.auth.sasl.UsernamePrincipal;

/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager.class */
public class PrincipalDatabaseAuthenticationManager implements AuthenticationManager {
    private String _mechanisms;
    private final Map<String, CallbackHandler> _callbackHandlerMap = new HashMap();
    private final Map<String, Map<String, ?>> _serverCreationProperties = new HashMap();
    private PrincipalDatabase _principalDatabase = null;
    private static final Logger _logger = Logger.getLogger(PrincipalDatabaseAuthenticationManager.class);
    public static final AuthenticationManagerPluginFactory<PrincipalDatabaseAuthenticationManager> FACTORY = new AuthenticationManagerPluginFactory<PrincipalDatabaseAuthenticationManager>() { // from class: org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager.1
        @Override // org.apache.qpid.server.plugins.PluginFactory
        public PrincipalDatabaseAuthenticationManager newInstance(ConfigurationPlugin configurationPlugin) throws ConfigurationException {
            PrincipalDatabaseAuthenticationManagerConfiguration principalDatabaseAuthenticationManagerConfiguration = configurationPlugin == null ? null : (PrincipalDatabaseAuthenticationManagerConfiguration) configurationPlugin.getConfiguration(PrincipalDatabaseAuthenticationManagerConfiguration.class.getName());
            if (principalDatabaseAuthenticationManagerConfiguration == null) {
                PrincipalDatabaseAuthenticationManager._logger.info("No authentication-manager configuration found for PrincipalDatabaseAuthenticationManager");
                return null;
            }
            PrincipalDatabaseAuthenticationManager principalDatabaseAuthenticationManager = new PrincipalDatabaseAuthenticationManager();
            principalDatabaseAuthenticationManager.configure(principalDatabaseAuthenticationManagerConfiguration);
            principalDatabaseAuthenticationManager.initialise();
            return principalDatabaseAuthenticationManager;
        }

        @Override // org.apache.qpid.server.plugins.PluginFactory
        public Class<PrincipalDatabaseAuthenticationManager> getPluginClass() {
            return PrincipalDatabaseAuthenticationManager.class;
        }

        @Override // org.apache.qpid.server.plugins.PluginFactory
        public String getPluginName() {
            return PrincipalDatabaseAuthenticationManager.class.getName();
        }
    };

    /* loaded from: input_file:org/apache/qpid/server/security/auth/manager/PrincipalDatabaseAuthenticationManager$PrincipalDatabaseAuthenticationManagerConfiguration.class */
    public static class PrincipalDatabaseAuthenticationManagerConfiguration extends ConfigurationPlugin {
        public static final ConfigurationPluginFactory FACTORY = new ConfigurationPluginFactory() { // from class: org.apache.qpid.server.security.auth.manager.PrincipalDatabaseAuthenticationManager.PrincipalDatabaseAuthenticationManagerConfiguration.1
            @Override // org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory
            public List<String> getParentPaths() {
                return Arrays.asList("security.pd-auth-manager");
            }

            @Override // org.apache.qpid.server.configuration.plugins.ConfigurationPluginFactory
            public ConfigurationPlugin newInstance(String str, Configuration configuration) throws ConfigurationException {
                PrincipalDatabaseAuthenticationManagerConfiguration principalDatabaseAuthenticationManagerConfiguration = new PrincipalDatabaseAuthenticationManagerConfiguration();
                principalDatabaseAuthenticationManagerConfiguration.setConfiguration(str, configuration);
                return principalDatabaseAuthenticationManagerConfiguration;
            }
        };

        @Override // org.apache.qpid.server.configuration.plugins.ConfigurationPlugin
        public String[] getElementsProcessed() {
            return new String[]{"principal-database.class", "principal-database.attributes.attribute.name", "principal-database.attributes.attribute.value"};
        }

        @Override // org.apache.qpid.server.configuration.plugins.ConfigurationPlugin
        public void validateConfiguration() throws ConfigurationException {
        }

        public String getPrincipalDatabaseClass() {
            return getConfig().getString("principal-database.class");
        }

        public Map<String, String> getPdClassAttributeMap() throws ConfigurationException {
            List list = getConfig().getList("principal-database.attributes.attribute.name");
            List list2 = getConfig().getList("principal-database.attributes.attribute.value");
            HashMap hashMap = new HashMap(list.size());
            for (int i = 0; i < list.size(); i++) {
                hashMap.put((String) list.get(i), (String) list2.get(i));
            }
            return Collections.unmodifiableMap(hashMap);
        }
    }

    protected PrincipalDatabaseAuthenticationManager() {
    }

    @Override // org.apache.qpid.server.security.auth.manager.AuthenticationManager
    public void initialise() {
        TreeMap treeMap = new TreeMap();
        initialiseAuthenticationMechanisms(treeMap, this._principalDatabase);
        if (treeMap.size() <= 0) {
            _logger.warn("No additional SASL providers registered.");
        } else if (Security.insertProviderAt(new JCAProvider(AuthenticationManager.PROVIDER_NAME, treeMap), 1) == -1) {
            _logger.error("Unable to load custom SASL providers. Qpid custom SASL authenticators unavailable.");
        } else {
            _logger.info("Additional SASL providers successfully registered.");
        }
    }

    private void initialiseAuthenticationMechanisms(Map<String, Class<? extends SaslServerFactory>> map, PrincipalDatabase principalDatabase) {
        if (principalDatabase == null || principalDatabase.getMechanisms().size() == 0) {
            _logger.warn("No Database or no mechanisms to initialise authentication");
            return;
        }
        for (Map.Entry<String, AuthenticationProviderInitialiser> entry : principalDatabase.getMechanisms().entrySet()) {
            initialiseAuthenticationMechanism(entry.getKey(), entry.getValue(), map);
        }
    }

    private void initialiseAuthenticationMechanism(String str, AuthenticationProviderInitialiser authenticationProviderInitialiser, Map<String, Class<? extends SaslServerFactory>> map) {
        if (this._mechanisms == null) {
            this._mechanisms = str;
        } else {
            this._mechanisms += " " + str;
        }
        this._callbackHandlerMap.put(str, authenticationProviderInitialiser.getCallbackHandler());
        this._serverCreationProperties.put(str, authenticationProviderInitialiser.getProperties());
        Class<? extends SaslServerFactory> serverFactoryClassForJCARegistration = authenticationProviderInitialiser.getServerFactoryClassForJCARegistration();
        if (serverFactoryClassForJCARegistration != null) {
            map.put(str, serverFactoryClassForJCARegistration);
        }
        _logger.info("Initialised " + str + " SASL provider successfully");
    }

    @Override // org.apache.qpid.server.plugins.Plugin
    public void configure(ConfigurationPlugin configurationPlugin) throws ConfigurationException {
        PrincipalDatabaseAuthenticationManagerConfiguration principalDatabaseAuthenticationManagerConfiguration = (PrincipalDatabaseAuthenticationManagerConfiguration) configurationPlugin;
        String principalDatabaseClass = principalDatabaseAuthenticationManagerConfiguration.getPrincipalDatabaseClass();
        _logger.info("PrincipalDatabase concrete implementation : " + principalDatabaseClass);
        this._principalDatabase = createPrincipalDatabaseImpl(principalDatabaseClass);
        configPrincipalDatabase(this._principalDatabase, principalDatabaseAuthenticationManagerConfiguration);
    }

    @Override // org.apache.qpid.server.security.auth.manager.AuthenticationManager
    public String getMechanisms() {
        return this._mechanisms;
    }

    @Override // org.apache.qpid.server.security.auth.manager.AuthenticationManager
    public SaslServer createSaslServer(String str, String str2, Principal principal) throws SaslException {
        return Sasl.createSaslServer(str, "AMQP", str2, this._serverCreationProperties.get(str), this._callbackHandlerMap.get(str));
    }

    @Override // org.apache.qpid.server.security.auth.manager.AuthenticationManager
    public AuthenticationResult authenticate(SaslServer saslServer, byte[] bArr) {
        byte[] bArr2;
        if (bArr != null) {
            bArr2 = bArr;
        } else {
            try {
                bArr2 = new byte[0];
            } catch (SaslException e) {
                return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.ERROR, (Exception) e);
            }
        }
        byte[] evaluateResponse = saslServer.evaluateResponse(bArr2);
        if (!saslServer.isComplete()) {
            return new AuthenticationResult(evaluateResponse, AuthenticationResult.AuthenticationStatus.CONTINUE);
        }
        Subject subject = new Subject();
        subject.getPrincipals().add(new UsernamePrincipal(saslServer.getAuthorizationID()));
        return new AuthenticationResult(subject);
    }

    @Override // org.apache.qpid.server.security.auth.manager.AuthenticationManager
    public AuthenticationResult authenticate(String str, String str2) {
        try {
            if (!this._principalDatabase.verifyPassword(str, str2.toCharArray())) {
                return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.CONTINUE);
            }
            Subject subject = new Subject();
            subject.getPrincipals().add(new UsernamePrincipal(str));
            return new AuthenticationResult(subject);
        } catch (AccountNotFoundException e) {
            return new AuthenticationResult(AuthenticationResult.AuthenticationStatus.CONTINUE);
        }
    }

    public void close() {
        this._mechanisms = null;
        Security.removeProvider(AuthenticationManager.PROVIDER_NAME);
    }

    private PrincipalDatabase createPrincipalDatabaseImpl(String str) throws ConfigurationException {
        try {
            return (PrincipalDatabase) Class.forName(str).newInstance();
        } catch (ClassCastException e) {
            throw new ConfigurationException("Expecting a " + PrincipalDatabase.class + " implementation", e);
        } catch (ClassNotFoundException e2) {
            throw new ConfigurationException("Cannot load " + str + " implementation", e2);
        } catch (IllegalAccessException e3) {
            throw new ConfigurationException("Cannot access " + str, e3);
        } catch (InstantiationException e4) {
            throw new ConfigurationException("Cannot instantiate " + str, e4);
        }
    }

    private void configPrincipalDatabase(PrincipalDatabase principalDatabase, PrincipalDatabaseAuthenticationManagerConfiguration principalDatabaseAuthenticationManagerConfiguration) throws ConfigurationException {
        for (Map.Entry<String, String> entry : principalDatabaseAuthenticationManagerConfiguration.getPdClassAttributeMap().entrySet()) {
            String generateSetterName = generateSetterName(entry.getKey());
            try {
                try {
                    principalDatabase.getClass().getMethod(generateSetterName, String.class).invoke(principalDatabase, PropertyUtils.replaceProperties(entry.getValue()));
                } catch (IllegalAccessException e) {
                    throw new ConfigurationException(e.getMessage(), e);
                } catch (IllegalArgumentException e2) {
                    throw new ConfigurationException(e2.getMessage(), e2);
                } catch (PropertyException e3) {
                    throw new ConfigurationException(e3.getMessage(), e3);
                } catch (InvocationTargetException e4) {
                    throw new ConfigurationException(e4.getCause().getMessage(), e4.getCause());
                }
            } catch (Exception e5) {
                throw new ConfigurationException("No method " + generateSetterName + " found in class " + principalDatabase.getClass() + " hence unable to configure principal database. The method must be public and have a single String argument with a void return type", e5);
            }
        }
    }

    public PrincipalDatabase getPrincipalDatabase() {
        return this._principalDatabase;
    }

    private String generateSetterName(String str) throws ConfigurationException {
        if (str == null || str.length() == 0) {
            throw new ConfigurationException("Argument names must have length >= 1 character");
        }
        if (Character.isLowerCase(str.charAt(0))) {
            str = Character.toUpperCase(str.charAt(0)) + str.substring(1);
        }
        return "set" + str;
    }

    protected void setPrincipalDatabase(PrincipalDatabase principalDatabase) {
        this._principalDatabase = principalDatabase;
    }
}
