package org.infinispan.server.endpoint.subsystem.security;

import java.io.IOException;
import java.util.Collections;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import org.infinispan.rest.authentication.SecurityDomain;
import org.infinispan.server.core.security.simple.SimpleUserPrincipal;
import org.infinispan.server.endpoint.EndpointLogger;
import org.infinispan.server.endpoint.subsystem.ModelKeys;
import org.jboss.as.domain.management.AuthMechanism;
import org.jboss.as.domain.management.AuthorizingCallbackHandler;
import org.jboss.as.domain.management.SecurityRealm;
import org.wildfly.security.auth.callback.EvidenceVerifyCallback;
import org.wildfly.security.evidence.PasswordGuessEvidence;

/* loaded from: input_file:org/infinispan/server/endpoint/subsystem/security/BasicRestSecurityDomain.class */
public class BasicRestSecurityDomain implements SecurityDomain {
    private final SecurityRealm securityRealm;

    public BasicRestSecurityDomain(SecurityRealm securityRealm) {
        this.securityRealm = securityRealm;
    }

    public Subject authenticate(String str, String str2) throws SecurityException {
        AuthorizingCallbackHandler authorizingCallbackHandler = this.securityRealm.getAuthorizingCallbackHandler(AuthMechanism.PLAIN);
        Callback nameCallback = new NameCallback(ModelKeys.NAME, str);
        nameCallback.setName(str);
        Callback evidenceVerifyCallback = new EvidenceVerifyCallback(new PasswordGuessEvidence(str2.toCharArray()));
        try {
            authorizingCallbackHandler.handle(new Callback[]{nameCallback, evidenceVerifyCallback});
        } catch (Exception e) {
            EndpointLogger.ROOT_LOGGER.authenticationError(e);
        }
        if (!evidenceVerifyCallback.isVerified()) {
            throw new SecurityException("Invalid credentials");
        }
        try {
            return authorizingCallbackHandler.createSubjectUserInfo(Collections.singletonList(new SimpleUserPrincipal(str))).getSubject();
        } catch (IOException e2) {
            throw new SecurityException("Invalid credentials", e2);
        }
    }
}
