package org.jboss.as.domain.management.security;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import org.jboss.as.domain.management.AuthenticationMechanism;
import org.jboss.as.domain.management.DomainManagementMessages;
import org.jboss.as.domain.management.ModelDescriptionConstants;
import org.jboss.as.domain.management.RealmConfigurationConstants;
import org.jboss.as.domain.management.plugin.AuthenticationPlugIn;
import org.jboss.as.domain.management.plugin.Credential;
import org.jboss.as.domain.management.plugin.DigestCredential;
import org.jboss.as.domain.management.plugin.Identity;
import org.jboss.as.domain.management.plugin.PlugInConfigurationSupport;
import org.jboss.as.domain.management.plugin.ValidatePasswordCredential;
import org.jboss.dmr.ModelNode;
import org.jboss.msc.service.Service;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.jboss.msc.value.InjectedValue;
import org.jboss.sasl.callback.DigestHashCallback;
import org.jboss.sasl.callback.VerifyPasswordCallback;
import org.jboss.sasl.util.UsernamePasswordHashUtil;

/* loaded from: input_file:org/jboss/as/domain/management/security/PlugInAuthenticationCallbackHandler.class */
public class PlugInAuthenticationCallbackHandler extends AbstractPlugInService implements Service<CallbackHandlerService>, CallbackHandlerService {
    public static final String SERVICE_SUFFIX = "plug-in-authentication";
    private static UsernamePasswordHashUtil hashUtil = null;
    private final ModelNode model;
    private final String realmName;
    private AuthenticationMechanism mechanism;

    /* JADX INFO: Access modifiers changed from: package-private */
    public PlugInAuthenticationCallbackHandler(String str, ModelNode modelNode) {
        super(modelNode);
        this.realmName = str;
        this.model = modelNode;
    }

    @Override // org.jboss.as.domain.management.security.AbstractPlugInService
    public void start(StartContext startContext) throws StartException {
        super.start(startContext);
        if (this.model.hasDefined(ModelDescriptionConstants.MECHANISM)) {
            this.mechanism = AuthenticationMechanism.valueOf(this.model.require(ModelDescriptionConstants.MECHANISM).asString());
        } else {
            this.mechanism = AuthenticationMechanism.DIGEST;
        }
    }

    @Override // org.jboss.as.domain.management.security.AbstractPlugInService
    public void stop(StopContext stopContext) {
        this.mechanism = null;
    }

    /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
    public CallbackHandlerService m33getValue() throws IllegalStateException, IllegalArgumentException {
        return this;
    }

    private static UsernamePasswordHashUtil getHashUtil() {
        if (hashUtil == null) {
            try {
                hashUtil = new UsernamePasswordHashUtil();
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException(e);
            }
        }
        return hashUtil;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public AuthenticationMechanism getPreferredMechanism() {
        return this.mechanism;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public Set<AuthenticationMechanism> getSupplementaryMechanisms() {
        return Collections.emptySet();
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public Map<String, String> getConfigurationOptions() {
        return this.mechanism == AuthenticationMechanism.DIGEST ? Collections.singletonMap(RealmConfigurationConstants.DIGEST_PLAIN_TEXT, Boolean.FALSE.toString()) : Collections.singletonMap(RealmConfigurationConstants.VERIFY_PASSWORD_CALLBACK_SUPPORTED, Boolean.TRUE.toString());
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public boolean isReady() {
        return true;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public CallbackHandler getCallbackHandler(Map<String, Object> map) {
        String plugInName = getPlugInName();
        final AuthenticationPlugIn<Credential> loadAuthenticationPlugIn = getPlugInLoader().loadAuthenticationPlugIn(plugInName);
        if (loadAuthenticationPlugIn instanceof PlugInConfigurationSupport) {
            try {
                ((PlugInConfigurationSupport) loadAuthenticationPlugIn).init(getConfiguration(), map);
            } catch (IOException e) {
                throw DomainManagementMessages.MESSAGES.unableToInitialisePlugIn(plugInName, e.getMessage());
            }
        }
        return new CallbackHandler() { // from class: org.jboss.as.domain.management.security.PlugInAuthenticationCallbackHandler.1
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                String generateHashedHexURP;
                String generateHashedHexURP2;
                LinkedList<VerifyPasswordCallback> linkedList = new LinkedList();
                String str = null;
                Object obj = null;
                for (Callback callback : callbackArr) {
                    if (callback instanceof AuthorizeCallback) {
                        linkedList.add(callback);
                    } else if (callback instanceof NameCallback) {
                        str = ((NameCallback) callback).getDefaultName();
                        Identity loadIdentity = loadAuthenticationPlugIn.loadIdentity(str, PlugInAuthenticationCallbackHandler.this.realmName);
                        if (loadIdentity != null) {
                            obj = loadIdentity.getCredential();
                        }
                    } else if (callback instanceof PasswordCallback) {
                        linkedList.add(callback);
                    } else if (callback instanceof DigestHashCallback) {
                        linkedList.add(callback);
                    } else if (callback instanceof VerifyPasswordCallback) {
                        linkedList.add(callback);
                    } else {
                        if (!(callback instanceof RealmCallback)) {
                            throw new UnsupportedCallbackException(callback);
                        }
                        String defaultText = ((RealmCallback) callback).getDefaultText();
                        if (!PlugInAuthenticationCallbackHandler.this.realmName.equals(defaultText)) {
                            throw DomainManagementMessages.MESSAGES.invalidRealm(defaultText, PlugInAuthenticationCallbackHandler.this.realmName);
                        }
                    }
                }
                for (VerifyPasswordCallback verifyPasswordCallback : linkedList) {
                    if (verifyPasswordCallback instanceof AuthorizeCallback) {
                        AuthorizeCallback authorizeCallback = (AuthorizeCallback) verifyPasswordCallback;
                        authorizeCallback.setAuthorized(authorizeCallback.getAuthenticationID().equals(authorizeCallback.getAuthorizationID()));
                    } else if (verifyPasswordCallback instanceof PasswordCallback) {
                        if (obj == null) {
                            throw new UserNotFoundException(str);
                        }
                        if (!(obj instanceof org.jboss.as.domain.management.plugin.PasswordCredential)) {
                            throw new UnsupportedCallbackException(verifyPasswordCallback);
                        }
                        ((PasswordCallback) verifyPasswordCallback).setPassword(((org.jboss.as.domain.management.plugin.PasswordCredential) obj).getPassword());
                    } else if (verifyPasswordCallback instanceof DigestHashCallback) {
                        if (obj == null) {
                            throw new UserNotFoundException(str);
                        }
                        if (obj instanceof DigestCredential) {
                            ((DigestHashCallback) verifyPasswordCallback).setHexHash(((DigestCredential) obj).getHash());
                        } else {
                            if (!(obj instanceof org.jboss.as.domain.management.plugin.PasswordCredential)) {
                                throw new UnsupportedCallbackException(verifyPasswordCallback);
                            }
                            UsernamePasswordHashUtil access$100 = PlugInAuthenticationCallbackHandler.access$100();
                            synchronized (access$100) {
                                generateHashedHexURP = access$100.generateHashedHexURP(str, PlugInAuthenticationCallbackHandler.this.realmName, ((org.jboss.as.domain.management.plugin.PasswordCredential) obj).getPassword());
                            }
                            ((DigestHashCallback) verifyPasswordCallback).setHexHash(generateHashedHexURP);
                        }
                    } else if (!(verifyPasswordCallback instanceof VerifyPasswordCallback)) {
                        continue;
                    } else {
                        if (obj == null) {
                            throw new UserNotFoundException(str);
                        }
                        VerifyPasswordCallback verifyPasswordCallback2 = verifyPasswordCallback;
                        if (obj instanceof org.jboss.as.domain.management.plugin.PasswordCredential) {
                            verifyPasswordCallback2.setVerified(Arrays.equals(((org.jboss.as.domain.management.plugin.PasswordCredential) obj).getPassword(), verifyPasswordCallback2.getPassword().toCharArray()));
                        } else if (obj instanceof DigestCredential) {
                            UsernamePasswordHashUtil access$1002 = PlugInAuthenticationCallbackHandler.access$100();
                            synchronized (access$1002) {
                                generateHashedHexURP2 = access$1002.generateHashedHexURP(str, PlugInAuthenticationCallbackHandler.this.realmName, verifyPasswordCallback2.getPassword().toCharArray());
                            }
                            verifyPasswordCallback2.setVerified(((DigestCredential) obj).getHash().equals(generateHashedHexURP2));
                        } else if (obj instanceof ValidatePasswordCredential) {
                            verifyPasswordCallback2.setVerified(((ValidatePasswordCredential) obj).validatePassword(verifyPasswordCallback2.getPassword().toCharArray()));
                        }
                    }
                }
            }
        };
    }

    @Override // org.jboss.as.domain.management.security.AbstractPlugInService
    public /* bridge */ /* synthetic */ InjectedValue getPlugInLoaderServiceValue() {
        return super.getPlugInLoaderServiceValue();
    }

    static /* synthetic */ UsernamePasswordHashUtil access$100() {
        return getHashUtil();
    }
}
