package org.apache.qpid.client.transport;

import java.util.HashMap;
import java.util.List;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.apache.qpid.client.security.AMQCallbackHandler;
import org.apache.qpid.client.security.CallbackHandlerRegistry;
import org.apache.qpid.jms.ConnectionURL;
import org.apache.qpid.transport.ClientDelegate;
import org.apache.qpid.transport.Connection;
import org.apache.qpid.transport.ConnectionException;
import org.apache.qpid.transport.ConnectionOpenOk;
import org.apache.qpid.transport.ConnectionSettings;
import org.apache.qpid.transport.util.Logger;
import org.apache.qpid.util.Strings;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:org/apache/qpid/client/transport/ClientConnectionDelegate.class */
public class ClientConnectionDelegate extends ClientDelegate {
    private static final Logger LOGGER = Logger.get(ClientDelegate.class);
    private static final String KRB5_OID_STR = "1.2.840.113554.1.2.2";
    protected static final Oid KRB5_OID;
    private final ConnectionURL _connectionURL;

    public ClientConnectionDelegate(ConnectionSettings connectionSettings, ConnectionURL connectionURL) {
        super(connectionSettings);
        this._connectionURL = connectionURL;
    }

    protected SaslClient createSaslClient(List<Object> list) throws ConnectionException, SaslException {
        String join = Strings.join(" ", list);
        String saslMechs = getConnectionSettings().getSaslMechs();
        String selectMechanism = CallbackHandlerRegistry.getInstance().selectMechanism(join, saslMechs);
        if (selectMechanism == null) {
            throw new ConnectionException("Client and broker have no SASL mechanisms in common. Broker allows : " + join + " Client has : " + CallbackHandlerRegistry.getInstance().getMechanisms() + " Client restricted itself to : " + (saslMechs != null ? saslMechs : "no restriction"));
        }
        HashMap hashMap = new HashMap();
        if (getConnectionSettings().isUseSASLEncryption()) {
            hashMap.put("javax.security.sasl.qop", "auth-conf");
        }
        AMQCallbackHandler createCallbackHandler = CallbackHandlerRegistry.getInstance().createCallbackHandler(selectMechanism);
        createCallbackHandler.initialise(this._connectionURL);
        return Sasl.createSaslClient(new String[]{selectMechanism}, (String) null, getConnectionSettings().getSaslProtocol(), getConnectionSettings().getSaslServerName(), hashMap, createCallbackHandler);
    }

    public void connectionOpenOk(Connection connection, ConnectionOpenOk connectionOpenOk) {
        SaslClient saslClient = connection.getSaslClient();
        if (saslClient != null) {
            if (saslClient.getMechanismName().equals("GSSAPI")) {
                String kerberosUser = getKerberosUser();
                if (kerberosUser != null) {
                    connection.setUserID(kerberosUser);
                }
            } else if (saslClient.getMechanismName().equals("EXTERNAL") && connection.getSecurityLayer() != null) {
                connection.setUserID(connection.getSecurityLayer().getUserID());
            }
        }
        super.connectionOpenOk(connection, connectionOpenOk);
    }

    private String getKerberosUser() {
        LOGGER.debug("Obtaining userID from kerberos", new Object[0]);
        String str = getConnectionSettings().getSaslProtocol() + "@" + getConnectionSettings().getSaslServerName();
        GSSManager gSSManager = GSSManager.getInstance();
        try {
            GSSContext createContext = gSSManager.createContext(gSSManager.createName(str, GSSName.NT_HOSTBASED_SERVICE, KRB5_OID), KRB5_OID, (GSSCredential) null, Integer.MAX_VALUE);
            createContext.initSecContext(new byte[0], 0, 1);
            if (createContext.getSrcName() != null) {
                return createContext.getSrcName().toString();
            }
            return null;
        } catch (GSSException e) {
            LOGGER.warn("Unable to retrieve userID from Kerberos due to error", new Object[]{e});
            return null;
        }
    }

    static {
        Oid oid;
        try {
            oid = new Oid(KRB5_OID_STR);
        } catch (GSSException e) {
            oid = null;
        }
        KRB5_OID = oid;
    }
}
