package org.jboss.as.domain.management.security;

import java.io.IOException;
import java.security.Principal;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import org.jboss.as.core.security.RealmGroup;
import org.jboss.as.core.security.ServerSecurityManager;
import org.jboss.as.domain.management.AuthMechanism;
import org.jboss.as.domain.management.RealmConfigurationConstants;
import org.jboss.as.domain.management.SecurityRealm;
import org.jboss.as.domain.management.logging.DomainManagementLogger;
import org.jboss.msc.service.Service;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.jboss.msc.value.InjectedValue;
import org.jboss.sasl.callback.VerifyPasswordCallback;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SimpleGroup;

/* loaded from: input_file:m2repo/org/wildfly/core/wildfly-domain-management/2.0.10.Final/wildfly-domain-management-2.0.10.Final.jar:org/jboss/as/domain/management/security/JaasCallbackHandler.class */
public class JaasCallbackHandler implements Service<CallbackHandlerService>, CallbackHandlerService, CallbackHandler {
    private static final String SERVICE_SUFFIX = "jaas";
    private static final Map<String, String> configurationOptions;
    private final String realm;
    private final String name;
    private final boolean assignGroups;
    private final InjectedValue<ServerSecurityManager> securityManagerValue = new InjectedValue<>();

    /* loaded from: input_file:m2repo/org/wildfly/core/wildfly-domain-management/2.0.10.Final/wildfly-domain-management-2.0.10.Final.jar:org/jboss/as/domain/management/security/JaasCallbackHandler$ServiceUtil.class */
    public static final class ServiceUtil {
        private ServiceUtil() {
        }

        public static ServiceName createServiceName(String str) {
            return SecurityRealm.ServiceUtil.createServiceName(str).append("jaas");
        }
    }

    public JaasCallbackHandler(String str, String str2, boolean z) {
        this.realm = str;
        this.name = str2;
        this.assignGroups = z;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public AuthMechanism getPreferredMechanism() {
        return AuthMechanism.PLAIN;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public Set<AuthMechanism> getSupplementaryMechanisms() {
        return Collections.emptySet();
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public Map<String, String> getConfigurationOptions() {
        return configurationOptions;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public CallbackHandler getCallbackHandler(Map<String, Object> map) {
        return this;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public boolean isReadyForHttpChallenge() {
        return true;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        if (callbackArr.length == 1 && (callbackArr[0] instanceof AuthorizeCallback)) {
            AuthorizeCallback authorizeCallback = (AuthorizeCallback) callbackArr[0];
            boolean equals = authorizeCallback.getAuthenticationID().equals(authorizeCallback.getAuthorizationID());
            if (!equals) {
                DomainManagementLogger.SECURITY_LOGGER.tracef("Checking 'AuthorizeCallback', authorized=false, authenticationID=%s, authorizationID=%s.", authorizeCallback.getAuthenticationID(), authorizeCallback.getAuthorizationID());
            }
            authorizeCallback.setAuthorized(equals);
            return;
        }
        NameCallback nameCallback = null;
        VerifyPasswordCallback verifyPasswordCallback = null;
        SubjectCallback subjectCallback = null;
        for (Callback callback : callbackArr) {
            if (callback instanceof NameCallback) {
                nameCallback = (NameCallback) callback;
            } else if (callback instanceof RealmCallback) {
                continue;
            } else if (callback instanceof VerifyPasswordCallback) {
                verifyPasswordCallback = (VerifyPasswordCallback) callback;
            } else {
                if (!(callback instanceof SubjectCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                subjectCallback = (SubjectCallback) callback;
            }
        }
        if (nameCallback == null) {
            DomainManagementLogger.SECURITY_LOGGER.trace("No username supplied in Callbacks.");
            throw DomainManagementLogger.ROOT_LOGGER.noUsername();
        }
        final String defaultName = nameCallback.getDefaultName();
        if (defaultName == null || defaultName.length() == 0) {
            DomainManagementLogger.SECURITY_LOGGER.trace("NameCallback either has no username or is 0 length.");
            throw DomainManagementLogger.ROOT_LOGGER.noUsername();
        }
        if (verifyPasswordCallback == null || verifyPasswordCallback.getPassword() == null) {
            DomainManagementLogger.SECURITY_LOGGER.trace("No password to verify.");
            throw DomainManagementLogger.ROOT_LOGGER.noPassword();
        }
        final char[] charArray = verifyPasswordCallback.getPassword().toCharArray();
        Subject subject = (subjectCallback == null || subjectCallback.getSubject() == null) ? new Subject() : subjectCallback.getSubject();
        ServerSecurityManager optionalValue = this.securityManagerValue.getOptionalValue();
        if (optionalValue == null) {
            try {
                new LoginContext(this.name, subject, new CallbackHandler() { // from class: org.jboss.as.domain.management.security.JaasCallbackHandler.1
                    @Override // javax.security.auth.callback.CallbackHandler
                    public void handle(Callback[] callbackArr2) throws IOException, UnsupportedCallbackException {
                        for (Callback callback2 : callbackArr2) {
                            if (callback2 instanceof NameCallback) {
                                ((NameCallback) callback2).setName(defaultName);
                            } else {
                                if (!(callback2 instanceof PasswordCallback)) {
                                    throw new UnsupportedCallbackException(callback2);
                                }
                                ((PasswordCallback) callback2).setPassword(charArray);
                            }
                        }
                    }
                }).login();
                verifyPasswordCallback.setVerified(true);
                subject.getPrivateCredentials().add(new PasswordCredential(defaultName, charArray));
                if (this.assignGroups) {
                    Set<Principal> principals = subject.getPrincipals();
                    for (SimpleGroup simpleGroup : subject.getPrincipals(SimpleGroup.class)) {
                        if (SecurityConstants.ROLES_IDENTIFIER.equals(simpleGroup.getName())) {
                            Enumeration<Principal> members = simpleGroup.members();
                            while (members.hasMoreElements()) {
                                principals.add(new RealmGroup(this.realm, members.nextElement().getName()));
                            }
                        }
                    }
                }
                if (subjectCallback != null) {
                    subjectCallback.setSubject(subject);
                }
                return;
            } catch (LoginException e) {
                DomainManagementLogger.SECURITY_LOGGER.debug("Login failed in JAAS callbackhandler " + this.name, e);
                verifyPasswordCallback.setVerified(false);
                return;
            }
        }
        try {
            try {
                optionalValue.push(this.name, defaultName, charArray, subject);
                optionalValue.authenticate();
                verifyPasswordCallback.setVerified(true);
                Subject subject2 = optionalValue.getSubject();
                subject2.getPrivateCredentials().add(new PasswordCredential(defaultName, charArray));
                if (this.assignGroups) {
                    Set<Principal> principals2 = subject2.getPrincipals();
                    for (SimpleGroup simpleGroup2 : subject2.getPrincipals(SimpleGroup.class)) {
                        if (SecurityConstants.ROLES_IDENTIFIER.equals(simpleGroup2.getName())) {
                            Enumeration<Principal> members2 = simpleGroup2.members();
                            while (members2.hasMoreElements()) {
                                principals2.add(new RealmGroup(this.realm, members2.nextElement().getName()));
                            }
                        }
                    }
                }
                if (subjectCallback != null) {
                    subjectCallback.setSubject(subject2);
                }
            } catch (SecurityException e2) {
                DomainManagementLogger.SECURITY_LOGGER.debug("Failed to verify password in JAAS callbackhandler " + this.name, e2);
                verifyPasswordCallback.setVerified(false);
                optionalValue.pop();
            }
        } finally {
            optionalValue.pop();
        }
    }

    @Override // org.jboss.msc.service.Service
    public void start(StartContext startContext) throws StartException {
    }

    @Override // org.jboss.msc.service.Service
    public void stop(StopContext stopContext) {
    }

    public InjectedValue<ServerSecurityManager> getSecurityManagerValue() {
        return this.securityManagerValue;
    }

    @Override // org.jboss.msc.value.Value
    public CallbackHandlerService getValue() throws IllegalStateException, IllegalArgumentException {
        return this;
    }

    static {
        HashMap hashMap = new HashMap(2);
        hashMap.put(RealmConfigurationConstants.SUBJECT_CALLBACK_SUPPORTED, Boolean.TRUE.toString());
        hashMap.put(RealmConfigurationConstants.VERIFY_PASSWORD_CALLBACK_SUPPORTED, Boolean.TRUE.toString());
        configurationOptions = Collections.unmodifiableMap(hashMap);
    }
}
