package org.infinispan.server.security.realm;

import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.Provider;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Consumer;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.infinispan.server.Server;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.realm.CacheableSecurityRealm;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.PasswordGuessEvidence;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.provider.util.ProviderUtil;

/* loaded from: input_file:org/infinispan/server/security/realm/EncryptedPropertiesSecurityRealm.class */
public class EncryptedPropertiesSecurityRealm implements CacheableSecurityRealm {
    private static final String COMMENT_PREFIX1 = "#";
    private static final String COMMENT_PREFIX2 = "!";
    private static final String REALM_COMMENT_PREFIX = "$REALM_NAME=";
    private static final String COMMENT_SUFFIX = "$";
    private static final String ALGORITHM_COMMENT_PREFIX = "$ALGORITHM=";
    private final Supplier<Provider[]> providers;
    private final String defaultRealm;
    private final boolean plainText;
    private final String groupsAttribute;
    private final AtomicReference<LoadedState> loadedState;
    private Set<Consumer<Principal>> listeners;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/infinispan/server/security/realm/EncryptedPropertiesSecurityRealm$AccountEntry.class */
    public static class AccountEntry {
        private final String name;
        private final List<Credential> credentials;
        private final Set<String> groups;

        private AccountEntry(String str, List<Credential> list, String str2) {
            this.name = str;
            this.credentials = list;
            this.groups = convertGroups(str2);
        }

        private Set<String> convertGroups(String str) {
            return str == null ? Collections.emptySet() : (Set) Arrays.stream(str.split(",")).map((v0) -> {
                return v0.trim();
            }).filter(str2 -> {
                return !str2.isEmpty();
            }).collect(Collectors.collectingAndThen(Collectors.toSet(), Collections::unmodifiableSet));
        }

        public String getName() {
            return this.name;
        }

        public List<Credential> getCredentials() {
            return this.credentials;
        }

        public Set<String> getGroups() {
            return this.groups;
        }
    }

    /* loaded from: input_file:org/infinispan/server/security/realm/EncryptedPropertiesSecurityRealm$Builder.class */
    public static class Builder {
        private InputStream usersStream;
        private InputStream groupsStream;
        private boolean plainText;
        private Supplier<Provider[]> providers = ProviderUtil.INSTALLED_PROVIDERS;
        private String defaultRealm = null;
        private String groupsAttribute = "groups";

        Builder() {
        }

        public Builder setUsersStream(InputStream inputStream) {
            this.usersStream = inputStream;
            return this;
        }

        public Builder setGroupsStream(InputStream inputStream) {
            this.groupsStream = inputStream;
            return this;
        }

        public Builder setGroupsAttribute(String str) {
            this.groupsAttribute = str;
            return this;
        }

        public Builder setDefaultRealm(String str) {
            this.defaultRealm = str;
            return this;
        }

        public Builder setPlainText(boolean z) {
            this.plainText = z;
            return this;
        }

        public EncryptedPropertiesSecurityRealm build() throws IOException {
            EncryptedPropertiesSecurityRealm encryptedPropertiesSecurityRealm = new EncryptedPropertiesSecurityRealm(this);
            encryptedPropertiesSecurityRealm.load(this.usersStream, this.groupsStream);
            return encryptedPropertiesSecurityRealm;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/infinispan/server/security/realm/EncryptedPropertiesSecurityRealm$LoadedState.class */
    public static class LoadedState {
        private final Map<String, AccountEntry> accounts;
        private final String realmName;
        private final long loadTime;

        private LoadedState(Map<String, AccountEntry> map, String str, long j) {
            this.accounts = map;
            this.realmName = str;
            this.loadTime = j;
        }

        public Map<String, AccountEntry> getAccounts() {
            return this.accounts;
        }

        public String getRealmName() {
            return this.realmName;
        }

        public long getLoadTime() {
            return this.loadTime;
        }
    }

    private EncryptedPropertiesSecurityRealm(Builder builder) {
        this.loadedState = new AtomicReference<>();
        this.listeners = new LinkedHashSet();
        this.plainText = builder.plainText;
        this.groupsAttribute = builder.groupsAttribute;
        this.providers = builder.providers;
        this.defaultRealm = builder.defaultRealm;
    }

    public RealmIdentity getRealmIdentity(final Principal principal) {
        if (!(principal instanceof NamePrincipal)) {
            Server.log.tracef("PropertiesRealm: unsupported principal type: [%s]", principal);
            return RealmIdentity.NON_EXISTENT;
        }
        final AccountEntry accountEntry = this.loadedState.get().getAccounts().get(principal.getName());
        if (accountEntry != null) {
            return new RealmIdentity() { // from class: org.infinispan.server.security.realm.EncryptedPropertiesSecurityRealm.1
                public Principal getRealmIdentityPrincipal() {
                    return principal;
                }

                public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) {
                    for (Credential credential : accountEntry.getCredentials()) {
                        if (credential != null && credential.matches(cls, str, algorithmParameterSpec)) {
                            return SupportLevel.SUPPORTED;
                        }
                    }
                    return SupportLevel.UNSUPPORTED;
                }

                public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) {
                    for (Credential credential : accountEntry.getCredentials()) {
                        if (credential != null && credential.canVerify(cls, str)) {
                            return SupportLevel.SUPPORTED;
                        }
                    }
                    return SupportLevel.UNSUPPORTED;
                }

                public <C extends Credential> C getCredential(Class<C> cls) {
                    return (C) getCredential(cls, null);
                }

                public <C extends Credential> C getCredential(Class<C> cls, String str) {
                    return (C) getCredential(cls, str, null);
                }

                public <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) {
                    for (Credential credential : accountEntry.getCredentials()) {
                        if (credential != null && credential.matches(cls, str, algorithmParameterSpec)) {
                            return cls.cast(credential.clone());
                        }
                    }
                    return null;
                }

                public boolean verifyEvidence(Evidence evidence) {
                    for (Credential credential : accountEntry.getCredentials()) {
                        if (credential != null && credential.canVerify(evidence)) {
                            return credential.verify(evidence);
                        }
                    }
                    Server.log.tracef("Unable to verify evidence for identity [%s]", principal);
                    return false;
                }

                public boolean exists() {
                    return true;
                }

                public AuthorizationIdentity getAuthorizationIdentity() {
                    return AuthorizationIdentity.basicIdentity(new MapAttributes(Collections.singletonMap(EncryptedPropertiesSecurityRealm.this.groupsAttribute, accountEntry.getGroups())));
                }
            };
        }
        Server.log.tracef("PropertiesRealm: identity [%s] does not exist", principal);
        return RealmIdentity.NON_EXISTENT;
    }

    private PasswordFactory getPasswordFactory(String str) {
        try {
            return PasswordFactory.getInstance(str, this.providers);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        }
    }

    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) {
        Assert.checkNotNullParam("credentialType", cls);
        return PasswordCredential.class.isAssignableFrom(cls) ? SupportLevel.POSSIBLY_SUPPORTED : SupportLevel.UNSUPPORTED;
    }

    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) {
        return PasswordGuessEvidence.class.isAssignableFrom(cls) ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:104:0x02ec, code lost:
    
        r0.add(new org.wildfly.security.credential.PasswordCredential(getPasswordFactory("clear").generatePassword(new org.wildfly.security.password.spec.ClearPasswordSpec(r20.toString().trim().toCharArray()))));
     */
    /* JADX WARN: Code restructure failed: missing block: B:106:0x0315, code lost:
    
        r27 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:108:0x0320, code lost:
    
        throw new java.io.IOException(r27);
     */
    /* JADX WARN: Code restructure failed: missing block: B:109:0x0321, code lost:
    
        r0.put(r19, new org.infinispan.server.security.realm.EncryptedPropertiesSecurityRealm.AccountEntry(r19, r0, r0.getProperty(r19), null));
        r0 = r9.listeners.iterator();
     */
    /* JADX WARN: Code restructure failed: missing block: B:111:0x034f, code lost:
    
        if (r0.hasNext() == false) goto L140;
     */
    /* JADX WARN: Code restructure failed: missing block: B:112:0x0352, code lost:
    
        r0.next().accept(new org.wildfly.security.auth.principal.NamePrincipal(r19));
     */
    /* JADX WARN: Code restructure failed: missing block: B:88:0x023f, code lost:
    
        switch(r24) {
            case 0: goto L75;
            case 1: goto L85;
            default: goto L90;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:89:0x0258, code lost:
    
        r0 = r20.toString().trim().split(";");
        r0 = r0.length;
        r28 = 0;
     */
    /* JADX WARN: Code restructure failed: missing block: B:91:0x0277, code lost:
    
        if (r28 >= r0) goto L145;
     */
    /* JADX WARN: Code restructure failed: missing block: B:92:0x027a, code lost:
    
        r0 = r0[r28];
        r0 = r0.indexOf(58);
     */
    /* JADX WARN: Code restructure failed: missing block: B:94:0x02b6, code lost:
    
        r0.add(new org.wildfly.security.credential.PasswordCredential(getPasswordFactory(r0.substring(0, r0)).generatePassword(org.wildfly.security.password.spec.BasicPasswordSpecEncoding.decode(org.wildfly.common.iteration.CodePointIterator.ofChars(r0.substring(r0 + 1).toCharArray()).base64Decode().drain()))));
     */
    /* JADX WARN: Code restructure failed: missing block: B:95:0x02db, code lost:
    
        r28 = r28 + 1;
     */
    /* JADX WARN: Code restructure failed: missing block: B:97:0x02cf, code lost:
    
        r34 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:99:0x02da, code lost:
    
        throw new java.io.IOException(r34);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void load(java.io.InputStream r10, java.io.InputStream r11) throws java.io.IOException {
        /*
            Method dump skipped, instructions count: 1048
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.infinispan.server.security.realm.EncryptedPropertiesSecurityRealm.load(java.io.InputStream, java.io.InputStream):void");
    }

    public long getLoadTime() {
        return this.loadedState.get().getLoadTime();
    }

    public static Builder builder() {
        return new Builder();
    }

    public void registerIdentityChangeListener(Consumer<Principal> consumer) {
        this.listeners.add(consumer);
    }
}
