package org.wildfly.security.auth.client;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.util.Collection;
import java.util.function.Supplier;
import java.util.function.UnaryOperator;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslClientFactory;
import javax.security.sasl.SaslException;
import org.infinispan.client.hotrod.impl.RemoteCacheManagerAdminImpl;
import org.wildfly.common.Assert;
import org.wildfly.security.SecurityFactory;
import org.wildfly.security.auth.client._private.ElytronMessages;
import org.wildfly.security.auth.principal.AnonymousPrincipal;
import org.wildfly.security.auth.server.IdentityCredentials;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.permission.ElytronPermission;

/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.15.16.Final.jar:org/wildfly/security/auth/client/AuthenticationContextConfigurationClient.class */
public final class AuthenticationContextConfigurationClient {
    private static final ElytronPermission CREATE_PERMISSION = new ElytronPermission("createAuthenticationContextConfigurationClient");
    public static final PrivilegedAction<AuthenticationContextConfigurationClient> ACTION = AuthenticationContextConfigurationClient::new;

    public AuthenticationContextConfigurationClient() throws SecurityException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(CREATE_PERMISSION);
        }
    }

    public AuthenticationConfiguration getAuthenticationConfiguration(URI uri, AuthenticationContext authenticationContext) {
        return getAuthenticationConfiguration(uri, authenticationContext, -1);
    }

    public AuthenticationConfiguration getAuthenticationConfiguration(URI uri, AuthenticationContext authenticationContext, int i) {
        return getAuthenticationConfiguration(uri, authenticationContext, i, null, null);
    }

    public AuthenticationConfiguration getAuthenticationConfiguration(URI uri, AuthenticationContext authenticationContext, int i, String str, String str2) {
        Assert.checkNotNullParam("uri", uri);
        Assert.checkNotNullParam("authenticationContext", authenticationContext);
        RuleNode<AuthenticationConfiguration> authRuleMatching = authenticationContext.authRuleMatching(uri, str, str2);
        AuthenticationConfiguration establishOverrides = establishOverrides(uri, i, initializeConfiguration(uri, authRuleMatching != null ? authRuleMatching.getConfiguration() : AuthenticationConfiguration.empty()));
        ElytronMessages elytronMessages = ElytronMessages.log;
        Object[] objArr = new Object[6];
        objArr[0] = uri;
        objArr[1] = Integer.valueOf(i);
        objArr[2] = str;
        objArr[3] = str2;
        objArr[4] = authRuleMatching != null ? authRuleMatching.rule : null;
        objArr[5] = establishOverrides;
        elytronMessages.tracef("getAuthenticationConfiguration uri=%s, protocolDefaultPort=%d, abstractType=%s, abstractTypeAuthority=%s, MatchRule=[%s], AuthenticationConfiguration=[%s]", objArr);
        return establishOverrides;
    }

    public AuthenticationConfiguration getAuthenticationConfigurationNoOverrides(URI uri, AuthenticationContext authenticationContext, String str, String str2) {
        Assert.checkNotNullParam("uri", uri);
        Assert.checkNotNullParam("authenticationContext", authenticationContext);
        RuleNode<AuthenticationConfiguration> authRuleMatching = authenticationContext.authRuleMatching(uri, str, str2);
        AuthenticationConfiguration initializeConfiguration = initializeConfiguration(uri, authRuleMatching != null ? authRuleMatching.getConfiguration() : AuthenticationConfiguration.empty());
        ElytronMessages elytronMessages = ElytronMessages.log;
        Object[] objArr = new Object[5];
        objArr[0] = uri;
        objArr[1] = str;
        objArr[2] = str2;
        objArr[3] = authRuleMatching != null ? authRuleMatching.rule : null;
        objArr[4] = initializeConfiguration;
        elytronMessages.tracef("getAuthenticationConfiguration uri=%s, abstractType=%s, abstractTypeAuthority=%s, MatchRule=[%s], AuthenticationConfiguration=[%s]", objArr);
        return initializeConfiguration;
    }

    private static AuthenticationConfiguration establishOverrides(URI uri, int i, AuthenticationConfiguration authenticationConfiguration) {
        String host = uri.getHost();
        if (host != null && authenticationConfiguration.setHost == null) {
            authenticationConfiguration = authenticationConfiguration.useHost(host);
        }
        int port = uri.getPort();
        if (port == -1) {
            port = i;
        }
        if (port != -1 && authenticationConfiguration.setPort == -1) {
            authenticationConfiguration = authenticationConfiguration.usePort(port);
        }
        String scheme = uri.getScheme();
        if (scheme != null && authenticationConfiguration.setProtocol == null) {
            authenticationConfiguration = authenticationConfiguration.useProtocol(scheme);
        }
        return authenticationConfiguration;
    }

    private static AuthenticationConfiguration initializeConfiguration(URI uri, AuthenticationConfiguration authenticationConfiguration) {
        SecurityDomain securityDomain = authenticationConfiguration.authenticationNameForwardSecurityDomain;
        String userInfo = uri.getUserInfo();
        if (userInfo != null && authenticationConfiguration.getPrincipal() == AnonymousPrincipal.getInstance() && securityDomain == null) {
            authenticationConfiguration = authenticationConfiguration.useName(userInfo);
        }
        if (securityDomain != null) {
            authenticationConfiguration = authenticationConfiguration.useForwardedAuthenticationIdentity(null).usePrincipal(securityDomain.getCurrentSecurityIdentity().getPrincipal());
        }
        SecurityDomain securityDomain2 = authenticationConfiguration.authenticationCredentialsForwardSecurityDomain;
        if (securityDomain2 != null) {
            SecurityIdentity currentSecurityIdentity = securityDomain2.getCurrentSecurityIdentity();
            IdentityCredentials privateCredentials = currentSecurityIdentity.getPrivateCredentials();
            authenticationConfiguration = authenticationConfiguration.useForwardedAuthenticationCredentials(null).useCredentials(currentSecurityIdentity.getPublicCredentials().with(privateCredentials));
        }
        AuthenticationConfiguration captureAuthorizationIdentity = authenticationConfiguration.captureAuthorizationIdentity();
        if (AuthenticationConfiguration.WILDFLY_ELYTRON_CAPTURE_ACCESS_CONTROL_CONTEXT_PROPERTY && captureAuthorizationIdentity.getCapturedContext() == null) {
            captureAuthorizationIdentity = captureAuthorizationIdentity.withCapturedAccessControlContext();
        }
        return captureAuthorizationIdentity;
    }

    public SSLContext getSSLContext(URI uri, AuthenticationContext authenticationContext) throws GeneralSecurityException {
        return getSSLContext(uri, authenticationContext, null, null);
    }

    public SSLContext getSSLContext(URI uri, AuthenticationContext authenticationContext, String str, String str2) throws GeneralSecurityException {
        return getSSLContextFactory(uri, authenticationContext, str, str2).create();
    }

    public SecurityFactory<SSLContext> getSSLContextFactory(URI uri, AuthenticationContext authenticationContext, String str, String str2) {
        Assert.checkNotNullParam("uri", uri);
        Assert.checkNotNullParam("authenticationContext", authenticationContext);
        RuleNode<SecurityFactory<SSLContext>> sslRuleMatching = authenticationContext.sslRuleMatching(uri, str, str2);
        return sslRuleMatching == null ? SSLContext::getDefault : sslRuleMatching.getConfiguration();
    }

    public CallbackHandler getCallbackHandler(AuthenticationConfiguration authenticationConfiguration) {
        Assert.checkNotNullParam(RemoteCacheManagerAdminImpl.CACHE_CONFIGURATION, authenticationConfiguration);
        CallbackHandler userCallbackHandler = authenticationConfiguration.getUserCallbackHandler();
        return userCallbackHandler == null ? authenticationConfiguration.createCallbackHandler() : userCallbackHandler;
    }

    @Deprecated
    public String getRealHost(URI uri, AuthenticationConfiguration authenticationConfiguration) {
        Assert.checkNotNullParam("uri", uri);
        Assert.checkNotNullParam(RemoteCacheManagerAdminImpl.CACHE_CONFIGURATION, authenticationConfiguration);
        String host = authenticationConfiguration.getHost();
        return host == null ? uri.getHost() : host;
    }

    @Deprecated
    public String getRealHost(AuthenticationConfiguration authenticationConfiguration) {
        Assert.checkNotNullParam(RemoteCacheManagerAdminImpl.CACHE_CONFIGURATION, authenticationConfiguration);
        return authenticationConfiguration.getHost();
    }

    @Deprecated
    public int getRealPort(URI uri, AuthenticationConfiguration authenticationConfiguration) {
        Assert.checkNotNullParam("uri", uri);
        Assert.checkNotNullParam(RemoteCacheManagerAdminImpl.CACHE_CONFIGURATION, authenticationConfiguration);
        int port = authenticationConfiguration.getPort();
        return port == -1 ? uri.getPort() : port;
    }

    @Deprecated
    public int getRealPort(AuthenticationConfiguration authenticationConfiguration) {
        Assert.checkNotNullParam(RemoteCacheManagerAdminImpl.CACHE_CONFIGURATION, authenticationConfiguration);
        return authenticationConfiguration.getPort();
    }

    @Deprecated
    public String getRealProtocol(URI uri, AuthenticationConfiguration authenticationConfiguration) {
        Assert.checkNotNullParam("uri", uri);
        Assert.checkNotNullParam(RemoteCacheManagerAdminImpl.CACHE_CONFIGURATION, authenticationConfiguration);
        String protocol = authenticationConfiguration.getProtocol();
        return protocol == null ? uri.getScheme() : protocol;
    }

    @Deprecated
    public String getRealProtocol(AuthenticationConfiguration authenticationConfiguration) {
        Assert.checkNotNullParam(RemoteCacheManagerAdminImpl.CACHE_CONFIGURATION, authenticationConfiguration);
        return authenticationConfiguration.getProtocol();
    }

    public String getSaslProtocol(AuthenticationConfiguration authenticationConfiguration) {
        Assert.checkNotNullParam(RemoteCacheManagerAdminImpl.CACHE_CONFIGURATION, authenticationConfiguration);
        return authenticationConfiguration.getSaslProtocol();
    }

    public String getWsHttpMech(AuthenticationConfiguration authenticationConfiguration) {
        Assert.checkNotNullParam(RemoteCacheManagerAdminImpl.CACHE_CONFIGURATION, authenticationConfiguration);
        return authenticationConfiguration.getWsHttpMechanism();
    }

    public String getWsSecurityType(AuthenticationConfiguration authenticationConfiguration) {
        Assert.checkNotNullParam(RemoteCacheManagerAdminImpl.CACHE_CONFIGURATION, authenticationConfiguration);
        return authenticationConfiguration.getWsSecurityType();
    }

    public Principal getPrincipal(AuthenticationConfiguration authenticationConfiguration) {
        Assert.checkNotNullParam(RemoteCacheManagerAdminImpl.CACHE_CONFIGURATION, authenticationConfiguration);
        return authenticationConfiguration.getPrincipal();
    }

    public Principal getAuthorizationPrincipal(AuthenticationConfiguration authenticationConfiguration) {
        Assert.checkNotNullParam(RemoteCacheManagerAdminImpl.CACHE_CONFIGURATION, authenticationConfiguration);
        return authenticationConfiguration.getAuthorizationPrincipal();
    }

    public SaslClient createSaslClient(URI uri, AuthenticationConfiguration authenticationConfiguration, Collection<String> collection) throws SaslException {
        return createSaslClient(uri, authenticationConfiguration, collection, UnaryOperator.identity());
    }

    public SaslClient createSaslClient(URI uri, AuthenticationConfiguration authenticationConfiguration, Collection<String> collection, UnaryOperator<SaslClientFactory> unaryOperator) throws SaslException {
        return createSaslClient(uri, authenticationConfiguration, collection, unaryOperator, null);
    }

    public SaslClient createSaslClient(URI uri, AuthenticationConfiguration authenticationConfiguration, Collection<String> collection, UnaryOperator<SaslClientFactory> unaryOperator, SSLSession sSLSession) throws SaslException {
        return authenticationConfiguration.createSaslClient(uri, collection, unaryOperator, sSLSession);
    }

    @Deprecated
    public InetSocketAddress getDestinationInetSocketAddress(URI uri, AuthenticationConfiguration authenticationConfiguration, int i) {
        Assert.checkNotNullParam("uri", uri);
        Assert.checkNotNullParam(RemoteCacheManagerAdminImpl.CACHE_CONFIGURATION, authenticationConfiguration);
        String host = authenticationConfiguration.getHost();
        if (host == null) {
            host = uri.getHost();
        }
        int port = authenticationConfiguration.getPort();
        if (port == -1) {
            port = uri.getPort();
        }
        if (port == -1) {
            port = i;
        }
        return new InetSocketAddress(host, port);
    }

    @Deprecated
    public InetSocketAddress getDestinationInetSocketAddress(AuthenticationConfiguration authenticationConfiguration) {
        Assert.checkNotNullParam(RemoteCacheManagerAdminImpl.CACHE_CONFIGURATION, authenticationConfiguration);
        return new InetSocketAddress(authenticationConfiguration.getHost(), authenticationConfiguration.getPort());
    }

    @Deprecated
    public Socket connect(URI uri, AuthenticationConfiguration authenticationConfiguration, int i) throws IOException {
        InetSocketAddress destinationInetSocketAddress = getDestinationInetSocketAddress(uri, authenticationConfiguration, i);
        return new Socket(destinationInetSocketAddress.getAddress(), destinationInetSocketAddress.getPort());
    }

    public Supplier<Provider[]> getProviderSupplier(AuthenticationConfiguration authenticationConfiguration) {
        Assert.checkNotNullParam(RemoteCacheManagerAdminImpl.CACHE_CONFIGURATION, authenticationConfiguration);
        return authenticationConfiguration.getProviderSupplier();
    }
}
