package org.wildfly.security.auth.realm;

import java.io.File;
import java.lang.reflect.InvocationTargetException;
import java.net.URI;
import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.Security;
import java.security.URIParameter;
import java.security.spec.AlgorithmParameterSpec;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.callback.CredentialCallback;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.authz.Attributes;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.PasswordGuessEvidence;

/* loaded from: input_file:org/wildfly/security/auth/realm/JaasSecurityRealm.class */
public class JaasSecurityRealm implements SecurityRealm {
    private static final String DEFAULT_CONFIGURATION_POLICY_TYPE = "JavaLoginConfig";
    private final URI jaasConfigFilePath;
    private final String entry;
    private final CallbackHandler handler;
    private final ClassLoader classLoader;

    /* loaded from: input_file:org/wildfly/security/auth/realm/JaasSecurityRealm$JaasAuthorizationIdentity.class */
    private static class JaasAuthorizationIdentity implements AuthorizationIdentity {
        private MapAttributes attributes;

        /* JADX INFO: Access modifiers changed from: private */
        public static JaasAuthorizationIdentity fromSubject(Subject subject) {
            MapAttributes mapAttributes = new MapAttributes();
            if (subject != null) {
                for (Principal principal : subject.getPrincipals()) {
                    mapAttributes.addLast(principal.getClass().getSimpleName(), principal.getName());
                }
            }
            return new JaasAuthorizationIdentity(mapAttributes);
        }

        private JaasAuthorizationIdentity(MapAttributes mapAttributes) {
            this.attributes = mapAttributes;
        }

        @Override // org.wildfly.security.authz.AuthorizationIdentity
        public Attributes getAttributes() {
            return this.attributes;
        }
    }

    /* loaded from: input_file:org/wildfly/security/auth/realm/JaasSecurityRealm$JaasRealmIdentity.class */
    private class JaasRealmIdentity implements RealmIdentity {
        private final Principal principal;
        private LoginContext loginContext;
        private Subject subject;

        private JaasRealmIdentity(Principal principal) {
            this.principal = principal;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public Principal getRealmIdentityPrincipal() {
            return this.principal;
        }

        public Subject getSubject() {
            return this.subject;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            return JaasSecurityRealm.this.getCredentialAcquireSupport(cls, str, algorithmParameterSpec);
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C extends Credential> C getCredential(Class<C> cls) throws RealmUnavailableException {
            return (C) getCredential(cls, null);
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C extends Credential> C getCredential(Class<C> cls, String str) throws RealmUnavailableException {
            return (C) getCredential(cls, str, null);
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            return null;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            Assert.checkNotNullParam("evidenceType", cls);
            return JaasSecurityRealm.this.getEvidenceVerifySupport(cls, str);
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
            boolean z;
            Assert.checkNotNullParam("evidence", evidence);
            this.subject = null;
            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
            try {
                if (JaasSecurityRealm.this.classLoader != null) {
                    Thread.currentThread().setContextClassLoader(JaasSecurityRealm.this.classLoader);
                }
                this.loginContext = JaasSecurityRealm.this.createLoginContext(JaasSecurityRealm.this.entry, new Subject(), JaasSecurityRealm.this.createCallbackHandler(this.principal, evidence));
                ElytronMessages.log.tracef("Trying to authenticate subject %s using LoginContext %s using JaasSecurityRealm", this.principal, this.loginContext);
                try {
                    this.loginContext.login();
                    z = true;
                    this.subject = this.loginContext.getSubject();
                } catch (LoginException e) {
                    z = false;
                    ElytronMessages.log.debugInfoJaasAuthenticationFailure(this.principal, e);
                }
                Thread.currentThread().setContextClassLoader(contextClassLoader);
                return z;
            } catch (Throwable th) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
                throw th;
            }
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean exists() {
            return true;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
            return JaasAuthorizationIdentity.fromSubject(this.subject);
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public void dispose() {
            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
            try {
                try {
                    if (JaasSecurityRealm.this.classLoader != null) {
                        Thread.currentThread().setContextClassLoader(JaasSecurityRealm.this.classLoader);
                    }
                    if (this.loginContext != null) {
                        this.loginContext.logout();
                    }
                } catch (LoginException e) {
                    ElytronMessages.log.debugInfoJaasLogoutFailure(this.principal, e);
                }
                Thread.currentThread().setContextClassLoader(contextClassLoader);
            } catch (Throwable th) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/security/auth/realm/JaasSecurityRealm$JaasSecurityRealmDefaultCallbackHandler.class */
    public static class JaasSecurityRealmDefaultCallbackHandler implements CallbackHandler {
        private final Principal principal;
        private final Object evidence;

        private JaasSecurityRealmDefaultCallbackHandler(Principal principal, Evidence evidence) {
            this.principal = principal;
            this.evidence = evidence;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
            Assert.checkNotNullParam("callbacks", callbackArr);
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    NameCallback nameCallback = (NameCallback) callback;
                    if (this.principal != null) {
                        nameCallback.setName(this.principal.getName());
                    }
                } else if (!(callback instanceof PasswordCallback)) {
                    if (!(callback instanceof CredentialCallback) || !(this.evidence instanceof Credential)) {
                        throw ElytronMessages.log.unableToHandleCallback(callback, getClass().getName(), callback.getClass().getCanonicalName());
                    }
                    CredentialCallback credentialCallback = (CredentialCallback) callback;
                    Credential credential = (Credential) this.evidence;
                    if (credentialCallback.isCredentialSupported(credential)) {
                        credentialCallback.setCredential(credential);
                    }
                } else if (this.evidence instanceof PasswordGuessEvidence) {
                    ((PasswordCallback) callback).setPassword(((PasswordGuessEvidence) this.evidence).getGuess());
                } else {
                    PasswordCallback passwordCallback = (PasswordCallback) callback;
                    char[] password = getPassword();
                    if (password != null) {
                        passwordCallback.setPassword(password);
                    }
                }
            }
        }

        private char[] getPassword() {
            char[] cArr = null;
            if (this.evidence instanceof char[]) {
                cArr = (char[]) this.evidence;
            } else if (this.evidence instanceof String) {
                cArr = ((String) this.evidence).toCharArray();
            } else {
                try {
                    cArr = (char[]) this.evidence.getClass().getMethod("toCharArray", new Class[0]).invoke(this.evidence, new Object[0]);
                } catch (Exception e) {
                    if (this.evidence != null) {
                        cArr = this.evidence.toString().toCharArray();
                    }
                }
            }
            return cArr;
        }
    }

    public JaasSecurityRealm(String str) {
        this(str, (String) null);
    }

    public JaasSecurityRealm(String str, ClassLoader classLoader) {
        this(str, null, classLoader);
    }

    public JaasSecurityRealm(String str, String str2) {
        this(str, str2, null);
    }

    public JaasSecurityRealm(String str, String str2, ClassLoader classLoader) {
        this(str, str2, classLoader, null);
    }

    public JaasSecurityRealm(String str, String str2, ClassLoader classLoader, CallbackHandler callbackHandler) {
        Assert.checkNotNullParam("entry", str);
        if (str2 != null) {
            this.jaasConfigFilePath = Paths.get(str2, new String[0]).toUri();
        } else {
            this.jaasConfigFilePath = null;
        }
        this.entry = str;
        this.handler = callbackHandler;
        if (classLoader != null) {
            this.classLoader = classLoader;
        } else {
            this.classLoader = Thread.currentThread().getContextClassLoader();
        }
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public RealmIdentity getRealmIdentity(Principal principal) {
        return new JaasRealmIdentity(principal);
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
        Assert.checkNotNullParam("credentialType", cls);
        return SupportLevel.UNSUPPORTED;
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
        Assert.checkNotNullParam("evidenceType", cls);
        return SupportLevel.POSSIBLY_SUPPORTED;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public LoginContext createLoginContext(String str, Subject subject, CallbackHandler callbackHandler) throws RealmUnavailableException {
        if (this.jaasConfigFilePath != null) {
            File file = new File(this.jaasConfigFilePath);
            if (!file.exists() && !file.isDirectory()) {
                throw ElytronMessages.log.failedToLoadJaasConfigFile();
            }
        }
        try {
            return this.jaasConfigFilePath == null ? new LoginContext(str, subject, callbackHandler) : new LoginContext(str, subject, callbackHandler, Configuration.getInstance(DEFAULT_CONFIGURATION_POLICY_TYPE, new URIParameter(this.jaasConfigFilePath)));
        } catch (NoSuchAlgorithmException | LoginException e) {
            throw ElytronMessages.log.failedToCreateLoginContext(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public CallbackHandler createCallbackHandler(Principal principal, Evidence evidence) {
        if (this.handler == null) {
            if (Security.getProperty("auth.login.defaultCallbackHandler") != null) {
                return null;
            }
            return new JaasSecurityRealmDefaultCallbackHandler(principal, evidence);
        }
        try {
            CallbackHandler callbackHandler = (CallbackHandler) this.handler.getClass().getConstructor(new Class[0]).newInstance(new Object[0]);
            this.handler.getClass().getMethod("setSecurityInfo", Principal.class, Object.class).invoke(callbackHandler, principal, evidence);
            return callbackHandler;
        } catch (IllegalAccessException | InstantiationException | NoSuchMethodException | InvocationTargetException e) {
            return this.handler;
        }
    }
}
