package org.apache.activemq.artemis.protocol.amqp.sasl.scram;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.activemq.artemis.core.server.ActiveMQServer;
import org.apache.activemq.artemis.protocol.amqp.broker.AmqpInterceptor;
import org.apache.activemq.artemis.protocol.amqp.broker.ProtonProtocolManager;
import org.apache.activemq.artemis.protocol.amqp.proton.AMQPRedirectHandler;
import org.apache.activemq.artemis.protocol.amqp.sasl.ServerSASL;
import org.apache.activemq.artemis.protocol.amqp.sasl.ServerSASLFactory;
import org.apache.activemq.artemis.spi.core.protocol.ProtocolManager;
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
import org.apache.activemq.artemis.spi.core.remoting.Connection;
import org.apache.activemq.artemis.spi.core.security.jaas.DigestCallback;
import org.apache.activemq.artemis.spi.core.security.jaas.HmacCallback;
import org.apache.activemq.artemis.spi.core.security.jaas.SCRAMMechanismCallback;
import org.apache.activemq.artemis.spi.core.security.scram.SCRAM;
import org.apache.activemq.artemis.spi.core.security.scram.UserData;
import org.jboss.logging.Logger;

/* loaded from: input_file:org/apache/activemq/artemis/protocol/amqp/sasl/scram/SCRAMServerSASLFactory.class */
public abstract class SCRAMServerSASLFactory implements ServerSASLFactory {
    private final Logger logger = Logger.getLogger(getClass());
    private final SCRAM scramType;

    /* loaded from: input_file:org/apache/activemq/artemis/protocol/amqp/sasl/scram/SCRAMServerSASLFactory$JAASSCRAMServerSASL.class */
    private static final class JAASSCRAMServerSASL extends SCRAMServerSASL {
        private final String loginConfigScope;
        private LoginContext loginContext;
        private Subject loginSubject;
        private final Logger logger;

        JAASSCRAMServerSASL(SCRAM scram, String str, Logger logger) throws NoSuchAlgorithmException {
            super(scram);
            this.loginContext = null;
            this.loginConfigScope = str;
            this.logger = logger;
        }

        @Override // org.apache.activemq.artemis.protocol.amqp.sasl.scram.SCRAMServerSASL
        protected UserData aquireUserData(final String str) throws LoginException {
            this.loginContext = new LoginContext(this.loginConfigScope, new CallbackHandler() { // from class: org.apache.activemq.artemis.protocol.amqp.sasl.scram.SCRAMServerSASLFactory.JAASSCRAMServerSASL.1
                @Override // javax.security.auth.callback.CallbackHandler
                public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                    for (Callback callback : callbackArr) {
                        if (callback instanceof NameCallback) {
                            ((NameCallback) callback).setName(str);
                        } else if (callback instanceof SCRAMMechanismCallback) {
                            ((SCRAMMechanismCallback) callback).setMechanism(JAASSCRAMServerSASL.this.mechanism.getName());
                        } else if (callback instanceof DigestCallback) {
                            ((DigestCallback) callback).setDigest(JAASSCRAMServerSASL.this.scram.getDigest());
                        } else {
                            if (!(callback instanceof HmacCallback)) {
                                throw new UnsupportedCallbackException(callback, "Unrecognized Callback " + callback.getClass().getSimpleName());
                            }
                            ((HmacCallback) callback).setHmac(JAASSCRAMServerSASL.this.scram.getHmac());
                        }
                    }
                }
            });
            this.loginContext.login();
            this.loginSubject = this.loginContext.getSubject();
            Iterator it = this.loginSubject.getPublicCredentials(UserData.class).iterator();
            if (it.hasNext()) {
                return (UserData) it.next();
            }
            throw new LoginException("can't aquire user data through configured login config scope (" + this.loginConfigScope + ")");
        }

        @Override // org.apache.activemq.artemis.protocol.amqp.sasl.scram.SCRAMServerSASL
        protected Subject createSaslSubject(String str, UserData userData) {
            return this.loginSubject != null ? new Subject(true, this.loginSubject.getPrincipals(), this.loginSubject.getPublicCredentials(), this.loginSubject.getPrivateCredentials()) : super.createSaslSubject(str, userData);
        }

        @Override // org.apache.activemq.artemis.protocol.amqp.sasl.ServerSASL
        public void done() {
            if (this.loginContext != null) {
                try {
                    this.loginContext.logout();
                } catch (LoginException e) {
                }
            }
            this.loginContext = null;
            this.loginSubject = null;
        }

        @Override // org.apache.activemq.artemis.protocol.amqp.sasl.scram.SCRAMServerSASL
        protected void failed(Exception exc) {
            this.logger.warn("SASL-SCRAM Authentication failed", exc);
        }
    }

    public SCRAMServerSASLFactory(SCRAM scram) {
        this.scramType = scram;
    }

    @Override // org.apache.activemq.artemis.protocol.amqp.sasl.ServerSASLFactory
    public String getMechanism() {
        return this.scramType.getName();
    }

    @Override // org.apache.activemq.artemis.protocol.amqp.sasl.ServerSASLFactory
    public boolean isDefaultPermitted() {
        return false;
    }

    @Override // org.apache.activemq.artemis.protocol.amqp.sasl.ServerSASLFactory
    public ServerSASL create(ActiveMQServer activeMQServer, ProtocolManager<AmqpInterceptor, AMQPRedirectHandler> protocolManager, Connection connection, RemotingConnection remotingConnection) {
        try {
            if (!(protocolManager instanceof ProtonProtocolManager)) {
                return null;
            }
            return new JAASSCRAMServerSASL(this.scramType, ((ProtonProtocolManager) protocolManager).getSaslLoginConfigScope(), this.logger);
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }
}
