package org.wildfly.security.auth.realm;

import java.io.IOException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.acl.Group;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.callback.CallbackUtil;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.PasswordGuessEvidence;

/* loaded from: input_file:org/wildfly/security/auth/realm/JaasSecurityRealm.class */
public class JaasSecurityRealm implements SecurityRealm {
    private final String loginConfiguration;
    private final CallbackHandler handler;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/security/auth/realm/JaasSecurityRealm$DefaultCallbackHandler.class */
    public static class DefaultCallbackHandler implements CallbackHandler {
        private final Principal principal;
        private final PasswordGuessEvidence evidence;

        private DefaultCallbackHandler(Principal principal, PasswordGuessEvidence passwordGuessEvidence) {
            this.principal = principal;
            this.evidence = passwordGuessEvidence;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            Assert.checkNotNullParam("callbacks", callbackArr);
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    NameCallback nameCallback = (NameCallback) callback;
                    if (this.principal != null) {
                        nameCallback.setName(this.principal.getName());
                    }
                } else if (callback instanceof PasswordCallback) {
                    ((PasswordCallback) callback).setPassword(this.evidence.getGuess());
                } else {
                    CallbackUtil.unsupported(callback);
                }
            }
        }
    }

    /* loaded from: input_file:org/wildfly/security/auth/realm/JaasSecurityRealm$JaasAuthorizationIdentity.class */
    private static class JaasAuthorizationIdentity implements AuthorizationIdentity {
        private static final String CALLER_PRINCIPAL_GROUP = "CallerPrincipal";
        private final Principal principal;
        private Principal callerPrincipal;
        private final Subject subject;

        private JaasAuthorizationIdentity(Principal principal, Subject subject) {
            this.principal = principal;
            this.subject = subject;
            this.callerPrincipal = getCallerPrincipal(subject);
        }

        private Principal getCallerPrincipal(Subject subject) {
            Set<Principal> principals;
            Principal principal = null;
            if (subject != null && (principals = subject.getPrincipals()) != null && !principals.isEmpty()) {
                Iterator<Principal> it = principals.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Principal next = it.next();
                    if ((next instanceof Group) && next.getName().equals(CALLER_PRINCIPAL_GROUP)) {
                        Enumeration<? extends Principal> members = ((Group) next).members();
                        if (members.hasMoreElements()) {
                            principal = members.nextElement();
                            break;
                        }
                    }
                }
            }
            return principal;
        }
    }

    /* loaded from: input_file:org/wildfly/security/auth/realm/JaasSecurityRealm$JaasRealmIdentity.class */
    private class JaasRealmIdentity implements RealmIdentity {
        private final Principal principal;
        private Subject subject;

        private JaasRealmIdentity(Principal principal) {
            this.principal = principal;
        }

        public Principal getRealmIdentityPrincipal() {
            return this.principal;
        }

        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            return JaasSecurityRealm.this.getCredentialAcquireSupport(cls, str, algorithmParameterSpec);
        }

        public <C extends Credential> C getCredential(Class<C> cls) throws RealmUnavailableException {
            return (C) getCredential(cls, null);
        }

        public <C extends Credential> C getCredential(Class<C> cls, String str) throws RealmUnavailableException {
            return (C) getCredential(cls, str, null);
        }

        public <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            return null;
        }

        public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            Assert.checkNotNullParam("evidenceType", cls);
            return JaasSecurityRealm.this.getEvidenceVerifySupport(cls, str);
        }

        public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
            boolean z;
            Assert.checkNotNullParam("evidence", evidence);
            if (!(evidence instanceof PasswordGuessEvidence)) {
                return false;
            }
            this.subject = null;
            CallbackHandler createCallbackHandler = JaasSecurityRealm.this.createCallbackHandler(this.principal, (PasswordGuessEvidence) evidence);
            Subject subject = new Subject();
            LoginContext createLoginContext = JaasSecurityRealm.this.createLoginContext(JaasSecurityRealm.this.loginConfiguration, subject, createCallbackHandler);
            ElytronMessages.log.tracef("Trying to authenticate subject %s using LoginContext %s using JaasSecurityRealm", this.principal, createLoginContext);
            try {
                createLoginContext.login();
                z = true;
                this.subject = subject;
            } catch (LoginException e) {
                ElytronMessages.log.debugJAASAuthenticationFailure(this.principal, e);
                z = false;
            }
            return z;
        }

        public boolean exists() throws RealmUnavailableException {
            return true;
        }

        public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
            return new JaasAuthorizationIdentity(this.principal, this.subject);
        }
    }

    public JaasSecurityRealm(String str) {
        this(str, null);
    }

    public JaasSecurityRealm(String str, CallbackHandler callbackHandler) {
        this.loginConfiguration = str;
        this.handler = callbackHandler;
    }

    public RealmIdentity getRealmIdentity(Principal principal) {
        return principal instanceof NamePrincipal ? new JaasRealmIdentity(principal) : RealmIdentity.NON_EXISTENT;
    }

    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
        Assert.checkNotNullParam("credentialType", cls);
        return SupportLevel.UNSUPPORTED;
    }

    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
        Assert.checkNotNullParam("evidenceType", cls);
        return PasswordGuessEvidence.class.isAssignableFrom(cls) ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public LoginContext createLoginContext(String str, Subject subject, CallbackHandler callbackHandler) throws RealmUnavailableException {
        if (System.getSecurityManager() != null) {
            try {
                return (LoginContext) AccessController.doPrivileged(() -> {
                    return new LoginContext(str, subject, callbackHandler);
                });
            } catch (PrivilegedActionException e) {
                throw ElytronMessages.log.failedToCreateLoginContext(e.getCause());
            }
        }
        try {
            return new LoginContext(str, subject, callbackHandler);
        } catch (LoginException e2) {
            throw ElytronMessages.log.failedToCreateLoginContext(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public CallbackHandler createCallbackHandler(Principal principal, PasswordGuessEvidence passwordGuessEvidence) throws RealmUnavailableException {
        if (this.handler == null) {
            return new DefaultCallbackHandler(principal, passwordGuessEvidence);
        }
        try {
            CallbackHandler callbackHandler = (CallbackHandler) this.handler.getClass().newInstance();
            this.handler.getClass().getMethod("setSecurityInfo", Principal.class, Object.class).invoke(callbackHandler, principal, passwordGuessEvidence);
            return callbackHandler;
        } catch (Exception e) {
            throw ElytronMessages.log.failedToInstantiateCustomHandler(e);
        }
    }
}
