package org.wildfly.security.sasl.util;

import java.io.IOException;
import java.security.Principal;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Supplier;
import javax.net.ssl.SSLSession;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.x500.X500Principal;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslClientFactory;
import javax.security.sasl.SaslException;
import org.wildfly.security.auth.callback.CredentialCallback;
import org.wildfly.security.auth.callback.SSLCallback;
import org.wildfly.security.auth.principal.AnonymousPrincipal;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.X509CertificateChainCredential;
import org.wildfly.security.sasl.WildFlySasl;
import org.wildfly.security.sasl._private.ElytronMessages;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/wildfly-elytron-1.15.5.Final.jar:org/wildfly/security/sasl/util/LocalPrincipalSaslClientFactory.class
 */
/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-sasl-1.17.1.Final.jar:org/wildfly/security/sasl/util/LocalPrincipalSaslClientFactory.class */
public final class LocalPrincipalSaslClientFactory extends AbstractDelegatingSaslClientFactory {

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/wildfly-elytron-1.15.5.Final.jar:org/wildfly/security/sasl/util/LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.class
     */
    /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-sasl-1.17.1.Final.jar:org/wildfly/security/sasl/util/LocalPrincipalSaslClientFactory$ClientPrincipalQueryCallbackHandler.class */
    static final class ClientPrincipalQueryCallbackHandler implements CallbackHandler {
        private final CallbackHandler delegate;
        private final AtomicReference<Principal> principalRef = new AtomicReference<>(AnonymousPrincipal.getInstance());

        ClientPrincipalQueryCallbackHandler(CallbackHandler callbackHandler) {
            this.delegate = callbackHandler;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            SSLSession session;
            Principal localPrincipal;
            X500Principal subjectX500Principal;
            SSLSession session2;
            Principal localPrincipal2;
            X500Principal subjectX500Principal2;
            try {
                this.delegate.handle(callbackArr);
                for (Callback callback : callbackArr) {
                    if (callback instanceof NameCallback) {
                        String name = ((NameCallback) callback).getName();
                        if (name != null) {
                            this.principalRef.set(new NamePrincipal(name));
                        }
                    } else if (callback instanceof CredentialCallback) {
                        Credential credential = ((CredentialCallback) callback).getCredential();
                        if ((credential instanceof X509CertificateChainCredential) && (subjectX500Principal2 = ((X509CertificateChainCredential) credential).getFirstCertificate().getSubjectX500Principal()) != null) {
                            this.principalRef.set(subjectX500Principal2);
                        }
                    } else if ((callback instanceof SSLCallback) && (session2 = ((SSLCallback) callback).getSslConnection().getSession()) != null && (localPrincipal2 = session2.getLocalPrincipal()) != null) {
                        this.principalRef.set(localPrincipal2);
                    }
                }
            } catch (Throwable th) {
                for (Callback callback2 : callbackArr) {
                    if (callback2 instanceof NameCallback) {
                        String name2 = ((NameCallback) callback2).getName();
                        if (name2 != null) {
                            this.principalRef.set(new NamePrincipal(name2));
                        }
                    } else if (callback2 instanceof CredentialCallback) {
                        Credential credential2 = ((CredentialCallback) callback2).getCredential();
                        if ((credential2 instanceof X509CertificateChainCredential) && (subjectX500Principal = ((X509CertificateChainCredential) credential2).getFirstCertificate().getSubjectX500Principal()) != null) {
                            this.principalRef.set(subjectX500Principal);
                        }
                    } else if ((callback2 instanceof SSLCallback) && (session = ((SSLCallback) callback2).getSslConnection().getSession()) != null && (localPrincipal = session.getLocalPrincipal()) != null) {
                        this.principalRef.set(localPrincipal);
                    }
                }
                throw th;
            }
        }

        public Principal getPrincipal() {
            return this.principalRef.get();
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/wildfly-elytron-1.15.5.Final.jar:org/wildfly/security/sasl/util/LocalPrincipalSaslClientFactory$LocalPrincipalSaslClient.class
     */
    /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-sasl-1.17.1.Final.jar:org/wildfly/security/sasl/util/LocalPrincipalSaslClientFactory$LocalPrincipalSaslClient.class */
    final class LocalPrincipalSaslClient extends AbstractDelegatingSaslClient {
        private final Supplier<Principal> principalSupplier;

        LocalPrincipalSaslClient(SaslClient saslClient, Supplier<Principal> supplier) {
            super(saslClient);
            this.principalSupplier = supplier;
        }

        @Override // org.wildfly.security.sasl.util.AbstractDelegatingSaslClient
        public Object getNegotiatedProperty(String str) {
            if (!isComplete()) {
                throw ElytronMessages.sasl.mechAuthenticationNotComplete();
            }
            Object negotiatedProperty = super.getNegotiatedProperty(str);
            return (negotiatedProperty == null && WildFlySasl.PRINCIPAL.equals(str)) ? this.principalSupplier.get() : negotiatedProperty;
        }
    }

    public LocalPrincipalSaslClientFactory(SaslClientFactory saslClientFactory) {
        super(saslClientFactory);
    }

    @Override // org.wildfly.security.sasl.util.AbstractDelegatingSaslClientFactory
    public SaslClient createSaslClient(String[] strArr, String str, String str2, String str3, Map<String, ?> map, CallbackHandler callbackHandler) throws SaslException {
        Supplier supplier;
        CallbackHandler callbackHandler2;
        if (str != null) {
            NamePrincipal namePrincipal = new NamePrincipal(str);
            supplier = () -> {
                return namePrincipal;
            };
            callbackHandler2 = callbackHandler;
        } else {
            ClientPrincipalQueryCallbackHandler clientPrincipalQueryCallbackHandler = new ClientPrincipalQueryCallbackHandler(callbackHandler);
            Objects.requireNonNull(clientPrincipalQueryCallbackHandler);
            supplier = clientPrincipalQueryCallbackHandler::getPrincipal;
            callbackHandler2 = clientPrincipalQueryCallbackHandler;
        }
        SaslClient createSaslClient = super.createSaslClient(strArr, str, str2, str3, map, callbackHandler2);
        if (createSaslClient == null) {
            return null;
        }
        return new LocalPrincipalSaslClient(createSaslClient, supplier);
    }
}
