package io.vertx.proton.impl;

import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.net.NetSocket;
import io.vertx.proton.ProtonConnection;
import io.vertx.proton.sasl.MechanismMismatchException;
import io.vertx.proton.sasl.ProtonSaslAuthenticator;
import io.vertx.proton.sasl.ProtonSaslMechanism;
import io.vertx.proton.sasl.SaslSystemException;
import io.vertx.proton.sasl.impl.ProtonSaslMechanismFinderImpl;
import java.security.Principal;
import java.util.Set;
import javax.net.ssl.SSLSession;
import javax.security.sasl.AuthenticationException;
import javax.security.sasl.SaslException;
import org.apache.qpid.proton.engine.Sasl;
import org.apache.qpid.proton.engine.Transport;

/* loaded from: input_file:io/vertx/proton/impl/ProtonSaslClientAuthenticatorImpl.class */
public class ProtonSaslClientAuthenticatorImpl implements ProtonSaslAuthenticator {
    private Sasl sasl;
    private final String username;
    private final String password;
    private ProtonSaslMechanism mechanism;
    private Set<String> mechanismsRestriction;
    private Handler<AsyncResult<ProtonConnection>> handler;
    private NetSocket socket;
    private ProtonConnection connection;
    private boolean succeeded;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.vertx.proton.impl.ProtonSaslClientAuthenticatorImpl$1, reason: invalid class name */
    /* loaded from: input_file:io/vertx/proton/impl/ProtonSaslClientAuthenticatorImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslState;
        static final /* synthetic */ int[] $SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslOutcome = new int[Sasl.SaslOutcome.values().length];

        static {
            try {
                $SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslOutcome[Sasl.SaslOutcome.PN_SASL_AUTH.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslOutcome[Sasl.SaslOutcome.PN_SASL_SYS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslOutcome[Sasl.SaslOutcome.PN_SASL_TEMP.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslOutcome[Sasl.SaslOutcome.PN_SASL_PERM.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslState = new int[Sasl.SaslState.values().length];
            try {
                $SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslState[Sasl.SaslState.PN_SASL_IDLE.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslState[Sasl.SaslState.PN_SASL_STEP.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslState[Sasl.SaslState.PN_SASL_FAIL.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslState[Sasl.SaslState.PN_SASL_PASS.ordinal()] = 4;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    public ProtonSaslClientAuthenticatorImpl(String str, String str2, Set<String> set, Handler<AsyncResult<ProtonConnection>> handler) {
        this.handler = handler;
        this.username = str;
        this.password = str2;
        this.mechanismsRestriction = set;
    }

    @Override // io.vertx.proton.sasl.ProtonSaslAuthenticator
    public void init(NetSocket netSocket, ProtonConnection protonConnection, Transport transport) {
        this.socket = netSocket;
        this.connection = protonConnection;
        this.sasl = transport.sasl();
        this.sasl.client();
    }

    @Override // io.vertx.proton.sasl.ProtonSaslAuthenticator
    public void process(Handler<Boolean> handler) {
        if (this.sasl == null) {
            throw new IllegalStateException("Init was not called with the associated transport");
        }
        boolean z = false;
        this.succeeded = false;
        try {
            switch (AnonymousClass1.$SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslState[this.sasl.getState().ordinal()]) {
                case 1:
                    handleSaslInit();
                    break;
                case 2:
                    handleSaslStep();
                    break;
                case 3:
                    handleSaslFail();
                    break;
                case 4:
                    z = true;
                    this.succeeded = true;
                    this.handler.handle(Future.succeededFuture(this.connection));
                    break;
            }
        } catch (Exception e) {
            z = true;
            try {
                if (this.socket != null) {
                    this.socket.close();
                }
            } finally {
                this.handler.handle(Future.failedFuture(e));
            }
        }
        handler.handle(Boolean.valueOf(z));
    }

    @Override // io.vertx.proton.sasl.ProtonSaslAuthenticator
    public boolean succeeded() {
        return this.succeeded;
    }

    private void handleSaslInit() throws SaslException {
        String[] remoteMechanisms = this.sasl.getRemoteMechanisms();
        if (remoteMechanisms == null || remoteMechanisms.length == 0) {
            return;
        }
        Principal principal = null;
        SSLSession sslSession = this.socket.sslSession();
        if (sslSession != null) {
            principal = sslSession.getLocalPrincipal();
        }
        this.mechanism = ProtonSaslMechanismFinderImpl.findMatchingMechanism(this.username, this.password, principal, this.mechanismsRestriction, remoteMechanisms);
        if (this.mechanism == null) {
            throw new MechanismMismatchException("Could not find a suitable SASL mechanism for the remote peer using the available credentials.", remoteMechanisms);
        }
        this.mechanism.setUsername(this.username);
        this.mechanism.setPassword(this.password);
        this.sasl.setMechanisms(new String[]{this.mechanism.getName()});
        byte[] initialResponse = this.mechanism.getInitialResponse();
        if (initialResponse != null) {
            this.sasl.send(initialResponse, 0, initialResponse.length);
        }
    }

    private void handleSaslStep() throws SaslException {
        if (this.sasl.pending() != 0) {
            byte[] bArr = new byte[this.sasl.pending()];
            this.sasl.recv(bArr, 0, bArr.length);
            byte[] challengeResponse = this.mechanism.getChallengeResponse(bArr);
            this.sasl.send(challengeResponse, 0, challengeResponse.length);
        }
    }

    private void handleSaslFail() throws SaslException {
        switch (AnonymousClass1.$SwitchMap$org$apache$qpid$proton$engine$Sasl$SaslOutcome[this.sasl.getOutcome().ordinal()]) {
            case 1:
                throw new AuthenticationException("Failed to authenticate");
            case 2:
            case 3:
                throw new SaslSystemException(false, "SASL handshake failed due to a transient error");
            case 4:
                throw new SaslSystemException(true, "SASL handshake failed due to an unrecoverable error");
            default:
                throw new SaslException("SASL handshake failed");
        }
    }
}
