package org.jboss.as.domain.management.security;

import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import org.jboss.as.domain.management.AuthenticationMechanism;
import org.jboss.as.domain.management.DomainManagementMessages;
import org.jboss.as.domain.management.RealmConfigurationConstants;
import org.jboss.msc.service.Service;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;

/* loaded from: input_file:org/jboss/as/domain/management/security/LocalCallbackHandlerService.class */
class LocalCallbackHandlerService implements Service<CallbackHandlerService>, CallbackHandlerService, CallbackHandler {
    public static final String SERVICE_SUFFIX = "local";
    private final String defaultUser;
    private final String allowedUsers;
    private boolean allowAll;
    private final Set<String> allowedUsersSet = new HashSet();

    /* JADX INFO: Access modifiers changed from: package-private */
    public LocalCallbackHandlerService(String str, String str2) {
        this.defaultUser = str;
        this.allowedUsers = str2;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public AuthenticationMechanism getPreferredMechanism() {
        return AuthenticationMechanism.LOCAL;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public Set<AuthenticationMechanism> getSupplementaryMechanisms() {
        return Collections.emptySet();
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public Map<String, String> getConfigurationOptions() {
        return this.defaultUser != null ? Collections.singletonMap(RealmConfigurationConstants.LOCAL_DEFAULT_USER, this.defaultUser) : Collections.emptyMap();
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public boolean isReady() {
        return true;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public CallbackHandler getCallbackHandler(Map<String, Object> map) {
        return this;
    }

    /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
    public CallbackHandlerService m30getValue() throws IllegalStateException, IllegalArgumentException {
        return this;
    }

    public void start(StartContext startContext) throws StartException {
        if (this.defaultUser != null) {
            this.allowedUsersSet.add(this.defaultUser);
        }
        if (this.allowedUsers != null) {
            if ("*".equals(this.allowedUsers)) {
                this.allowAll = true;
                return;
            }
            for (String str : this.allowedUsers.split(",")) {
                this.allowedUsersSet.add(str);
            }
        }
    }

    public void stop(StopContext stopContext) {
        this.allowAll = false;
        this.allowedUsersSet.clear();
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (Callback callback : callbackArr) {
            if (callback instanceof NameCallback) {
                String defaultName = ((NameCallback) callback).getDefaultName();
                if (!(this.allowAll || this.allowedUsersSet.contains(defaultName))) {
                    throw DomainManagementMessages.MESSAGES.invalidLocalUser(defaultName);
                }
            } else {
                if (!(callback instanceof AuthorizeCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
                authorizeCallback.setAuthorized(authorizeCallback.getAuthenticationID().equals(authorizeCallback.getAuthorizationID()));
            }
        }
    }
}
