package org.wildfly.security.auth.server;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Collection;
import java.util.Iterator;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Function;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import org.wildfly.common.Assert;
import org.wildfly.extension.elytron.ElytronDescriptionConstants;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.callback.AnonymousAuthorizationCallback;
import org.wildfly.security.auth.callback.AuthenticationCompleteCallback;
import org.wildfly.security.auth.callback.AvailableRealmsCallback;
import org.wildfly.security.auth.callback.CachedIdentityAuthorizeCallback;
import org.wildfly.security.auth.callback.CallbackUtil;
import org.wildfly.security.auth.callback.ChannelBindingCallback;
import org.wildfly.security.auth.callback.CredentialCallback;
import org.wildfly.security.auth.callback.CredentialUpdateCallback;
import org.wildfly.security.auth.callback.EvidenceVerifyCallback;
import org.wildfly.security.auth.callback.ExclusiveNameCallback;
import org.wildfly.security.auth.callback.FastUnsupportedCallbackException;
import org.wildfly.security.auth.callback.IdentityCredentialCallback;
import org.wildfly.security.auth.callback.MechanismInformationCallback;
import org.wildfly.security.auth.callback.PeerPrincipalCallback;
import org.wildfly.security.auth.callback.SSLCallback;
import org.wildfly.security.auth.callback.SecurityIdentityCallback;
import org.wildfly.security.auth.callback.ServerCredentialCallback;
import org.wildfly.security.auth.callback.SocketAddressCallback;
import org.wildfly.security.auth.permission.LoginPermission;
import org.wildfly.security.auth.permission.RunAsPrincipalPermission;
import org.wildfly.security.auth.principal.AnonymousPrincipal;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.server.event.RealmFailedAuthenticationEvent;
import org.wildfly.security.auth.server.event.RealmIdentityFailedAuthorizationEvent;
import org.wildfly.security.auth.server.event.RealmIdentitySuccessfulAuthorizationEvent;
import org.wildfly.security.auth.server.event.RealmSuccessfulAuthenticationEvent;
import org.wildfly.security.auth.server.event.SecurityAuthenticationFailedEvent;
import org.wildfly.security.auth.server.event.SecurityAuthenticationSuccessfulEvent;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.evidence.AlgorithmEvidence;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.X509PeerCertificateChainEvidence;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.TwoWayPassword;
import org.wildfly.security.password.interfaces.DigestPassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.ssl.SSLConnection;
import org.wildfly.security.x500.X500;

/* JADX WARN: Classes with same name are omitted:
  input_file:_bootstrap/lra-coordinator.war:WEB-INF/lib/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext.class
  input_file:m2repo/org/wildfly/security/wildfly-elytron-auth-server/2.0.0.Alpha4/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext.class
 */
/* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.7.0.Final/wildfly-elytron-1.7.0.Final.jar:org/wildfly/security/auth/server/ServerAuthenticationContext.class */
public final class ServerAuthenticationContext implements AutoCloseable {
    private final AtomicReference<State> stateRef;
    private static final State FAILED = new State() { // from class: org.wildfly.security.auth.server.ServerAuthenticationContext.2
        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void fail(boolean z) {
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean isDone() {
            return true;
        }
    };

    /* JADX WARN: Classes with same name are omitted:
      input_file:_bootstrap/lra-coordinator.war:WEB-INF/lib/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$ActiveState.class
      input_file:m2repo/org/wildfly/security/wildfly-elytron-auth-server/2.0.0.Alpha4/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$ActiveState.class
     */
    /* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.7.0.Final/wildfly-elytron-1.7.0.Final.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$ActiveState.class */
    abstract class ActiveState extends State {
        ActiveState() {
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean authorize(Principal principal, boolean z) throws RealmUnavailableException {
            AtomicReference<State> stateRef = ServerAuthenticationContext.this.getStateRef();
            SecurityIdentity sourceIdentity = getSourceIdentity();
            State assignName = ServerAuthenticationContext.this.assignName(sourceIdentity, getMechanismConfiguration(), getMechanismRealmConfiguration(), principal, null, IdentityCredentials.NONE, IdentityCredentials.NONE);
            if (!assignName.isNameAssigned()) {
                ElytronMessages.log.tracef("Authorization failed - unable to assign identity name", new Object[0]);
                return false;
            }
            NameAssignedState nameAssignedState = (NameAssignedState) assignName;
            RealmIdentity realmIdentity = nameAssignedState.getRealmIdentity();
            try {
                if (!realmIdentity.exists()) {
                    ElytronMessages.log.tracef("Authorization failed - identity does not exists", new Object[0]);
                    if (0 == 0) {
                        realmIdentity.dispose();
                    }
                    return false;
                }
                if (z && !sourceIdentity.implies(new RunAsPrincipalPermission(nameAssignedState.getAuthenticationPrincipal().getName()))) {
                    ElytronMessages.log.tracef("Authorization failed - source identity does not have RunAsPrincipalPermission", new Object[0]);
                    if (0 == 0) {
                        realmIdentity.dispose();
                    }
                    return false;
                }
                AuthorizedAuthenticationState doAuthorization = nameAssignedState.doAuthorization(false);
                if (doAuthorization == null) {
                    return false;
                }
                if (stateRef.compareAndSet(this, doAuthorization)) {
                    if (1 == 0) {
                        realmIdentity.dispose();
                    }
                    return true;
                }
                boolean authorize = stateRef.get().authorize(principal, z);
                if (0 == 0) {
                    realmIdentity.dispose();
                }
                return authorize;
            } finally {
                if (0 == 0) {
                    realmIdentity.dispose();
                }
            }
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void setMechanismRealmName(String str) {
            MechanismRealmConfiguration mechanismRealmConfiguration = getMechanismRealmConfiguration();
            MechanismConfiguration mechanismConfiguration = getMechanismConfiguration();
            if (mechanismConfiguration.getMechanismRealmNames().isEmpty()) {
                throw ElytronMessages.log.invalidMechRealmSelection(str);
            }
            MechanismRealmConfiguration mechanismRealmConfiguration2 = mechanismConfiguration.getMechanismRealmConfiguration(str);
            if (mechanismRealmConfiguration2 == null) {
                throw ElytronMessages.log.invalidMechRealmSelection(str);
            }
            if (mechanismRealmConfiguration != mechanismRealmConfiguration2) {
                throw ElytronMessages.log.mechRealmAlreadySelected();
            }
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void setMechanismInformation(MechanismInformation mechanismInformation) {
            throw ElytronMessages.log.tooLateToSetMechanismInformation();
        }

        abstract SecurityIdentity getSourceIdentity();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:_bootstrap/lra-coordinator.war:WEB-INF/lib/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$AnonymousAuthorizedState.class
      input_file:m2repo/org/wildfly/security/wildfly-elytron-auth-server/2.0.0.Alpha4/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$AnonymousAuthorizedState.class
     */
    /* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.7.0.Final/wildfly-elytron-1.7.0.Final.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$AnonymousAuthorizedState.class */
    public final class AnonymousAuthorizedState extends ActiveState {
        private final SecurityIdentity anonymousIdentity;

        AnonymousAuthorizedState(SecurityIdentity securityIdentity) {
            super();
            this.anonymousIdentity = securityIdentity;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        MechanismConfiguration getMechanismConfiguration() {
            return MechanismConfiguration.EMPTY;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        MechanismRealmConfiguration getMechanismRealmConfiguration() {
            return MechanismRealmConfiguration.NO_REALM;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        SecurityIdentity getAuthorizedIdentity() {
            return this.anonymousIdentity;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        Principal getAuthenticationPrincipal() {
            return AnonymousPrincipal.getInstance();
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean isSamePrincipal(Principal principal) {
            return principal instanceof AnonymousPrincipal;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            return SupportLevel.UNSUPPORTED;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            return SupportLevel.UNSUPPORTED;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            return null;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
            return false;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        RealmIdentity getRealmIdentity() {
            return RealmIdentity.ANONYMOUS;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        SecurityDomain getSecurityDomain() {
            return this.anonymousIdentity.getSecurityDomain();
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean authorizeAnonymous(boolean z) {
            return true;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void setPrincipal(Principal principal, boolean z) throws RealmUnavailableException {
            if (principal instanceof AnonymousPrincipal) {
                return;
            }
            super.setPrincipal(principal, z);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean authorize(boolean z) throws RealmUnavailableException {
            return !z || this.anonymousIdentity.implies(LoginPermission.getInstance());
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void updateCredential(Credential credential) throws RealmUnavailableException {
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void succeed() {
            AtomicReference<State> stateRef = ServerAuthenticationContext.this.getStateRef();
            if (stateRef.compareAndSet(this, new CompleteState(this.anonymousIdentity))) {
                return;
            }
            stateRef.get().succeed();
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void fail(boolean z) {
            AtomicReference<State> stateRef = ServerAuthenticationContext.this.getStateRef();
            if (stateRef.compareAndSet(this, ServerAuthenticationContext.FAILED)) {
                return;
            }
            stateRef.get().fail(z);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.ActiveState
        SecurityIdentity getSourceIdentity() {
            return this.anonymousIdentity;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:_bootstrap/lra-coordinator.war:WEB-INF/lib/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$AuthorizedAuthenticationState.class
      input_file:m2repo/org/wildfly/security/wildfly-elytron-auth-server/2.0.0.Alpha4/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$AuthorizedAuthenticationState.class
     */
    /* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.7.0.Final/wildfly-elytron-1.7.0.Final.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$AuthorizedAuthenticationState.class */
    public final class AuthorizedAuthenticationState extends AuthorizedState {
        private final RealmIdentity realmIdentity;

        AuthorizedAuthenticationState(SecurityIdentity securityIdentity, Principal principal, RealmInfo realmInfo, RealmIdentity realmIdentity, MechanismRealmConfiguration mechanismRealmConfiguration, MechanismConfiguration mechanismConfiguration) {
            super(securityIdentity, principal, realmInfo, mechanismConfiguration, mechanismRealmConfiguration);
            this.realmIdentity = realmIdentity;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            return this.realmIdentity.getCredentialAcquireSupport(cls, str, algorithmParameterSpec);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            return this.realmIdentity.getEvidenceVerifySupport(cls, str);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            return (C) this.realmIdentity.getCredential(cls, str, algorithmParameterSpec);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
            return this.realmIdentity.verifyEvidence(evidence);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        RealmIdentity getRealmIdentity() {
            return this.realmIdentity;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void updateCredential(Credential credential) throws RealmUnavailableException {
            this.realmIdentity.updateCredential(credential);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.AuthorizedState, org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void succeed() {
            SecurityIdentity sourceIdentity = getSourceIdentity();
            AtomicReference<State> stateRef = ServerAuthenticationContext.this.getStateRef();
            if (!stateRef.compareAndSet(this, new CompleteState(sourceIdentity))) {
                stateRef.get().succeed();
                return;
            }
            SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmSuccessfulAuthenticationEvent(this.realmIdentity, sourceIdentity.getAuthorizationIdentity(), null, null));
            SecurityDomain.safeHandleSecurityEvent(sourceIdentity.getSecurityDomain(), new SecurityAuthenticationSuccessfulEvent(sourceIdentity));
            this.realmIdentity.dispose();
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void fail(boolean z) {
            SecurityIdentity sourceIdentity = getSourceIdentity();
            AtomicReference<State> stateRef = ServerAuthenticationContext.this.getStateRef();
            if (!stateRef.compareAndSet(this, ServerAuthenticationContext.FAILED)) {
                stateRef.get().fail(z);
                return;
            }
            SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmFailedAuthenticationEvent(this.realmIdentity, null, null));
            SecurityDomain.safeHandleSecurityEvent(sourceIdentity.getSecurityDomain(), new SecurityAuthenticationFailedEvent(sourceIdentity, this.realmIdentity.getRealmIdentityPrincipal()));
            this.realmIdentity.dispose();
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.AuthorizedState, org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void addPublicCredential(Credential credential) {
            if (ServerAuthenticationContext.this.stateRef.compareAndSet(this, new AuthorizedAuthenticationState(getSourceIdentity().withPublicCredential(credential), getAuthenticationPrincipal(), getRealmInfo(), getRealmIdentity(), getMechanismRealmConfiguration(), getMechanismConfiguration()))) {
                return;
            }
            ((State) ServerAuthenticationContext.this.stateRef.get()).addPublicCredential(credential);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.AuthorizedState, org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void addPrivateCredential(Credential credential) {
            if (ServerAuthenticationContext.this.stateRef.compareAndSet(this, new AuthorizedAuthenticationState(getSourceIdentity().withPrivateCredential(credential), getAuthenticationPrincipal(), getRealmInfo(), getRealmIdentity(), getMechanismRealmConfiguration(), getMechanismConfiguration()))) {
                return;
            }
            ((State) ServerAuthenticationContext.this.stateRef.get()).addPrivateCredential(credential);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:_bootstrap/lra-coordinator.war:WEB-INF/lib/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$AuthorizedState.class
      input_file:m2repo/org/wildfly/security/wildfly-elytron-auth-server/2.0.0.Alpha4/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$AuthorizedState.class
     */
    /* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.7.0.Final/wildfly-elytron-1.7.0.Final.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$AuthorizedState.class */
    public class AuthorizedState extends ActiveState {
        private final SecurityIdentity authorizedIdentity;
        private final Principal authenticationPrincipal;
        private final RealmInfo realmInfo;
        private final MechanismConfiguration mechanismConfiguration;
        private final MechanismRealmConfiguration mechanismRealmConfiguration;

        AuthorizedState(SecurityIdentity securityIdentity, Principal principal, RealmInfo realmInfo, MechanismConfiguration mechanismConfiguration, MechanismRealmConfiguration mechanismRealmConfiguration) {
            super();
            this.authorizedIdentity = securityIdentity;
            this.authenticationPrincipal = principal;
            this.realmInfo = realmInfo;
            this.mechanismConfiguration = mechanismConfiguration;
            this.mechanismRealmConfiguration = mechanismRealmConfiguration;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        MechanismRealmConfiguration getMechanismRealmConfiguration() {
            return this.mechanismRealmConfiguration;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        MechanismConfiguration getMechanismConfiguration() {
            return this.mechanismConfiguration;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        SecurityIdentity getAuthorizedIdentity() {
            return this.authorizedIdentity;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        Principal getAuthenticationPrincipal() {
            return this.authenticationPrincipal;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        SecurityDomain getSecurityDomain() {
            return this.authorizedIdentity.getSecurityDomain();
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.ActiveState
        SecurityIdentity getSourceIdentity() {
            return this.authorizedIdentity;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean isSamePrincipal(Principal principal) {
            return this.authenticationPrincipal.equals(ServerAuthenticationContext.rewriteAll(principal, this.mechanismRealmConfiguration.getPreRealmRewriter(), this.mechanismConfiguration.getPreRealmRewriter(), this.authorizedIdentity.getSecurityDomain().getPreRealmRewriter()));
        }

        RealmInfo getRealmInfo() {
            return this.realmInfo;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean authorize(boolean z) throws RealmUnavailableException {
            return !z || this.authorizedIdentity.implies(LoginPermission.getInstance());
        }

        AuthorizedState authorizeRunAs(Principal principal, boolean z) throws RealmUnavailableException {
            if (isSamePrincipal(principal)) {
                ElytronMessages.log.trace("RunAs authorization succeed - the same identity");
                return this;
            }
            State assignName = ServerAuthenticationContext.this.assignName(this.authorizedIdentity, getMechanismConfiguration(), getMechanismRealmConfiguration(), principal, null, IdentityCredentials.NONE, IdentityCredentials.NONE);
            if (!assignName.isNameAssigned()) {
                ElytronMessages.log.tracef("RunAs authorization failed - unable to assign identity name", new Object[0]);
                return null;
            }
            NameAssignedState nameAssignedState = (NameAssignedState) assignName;
            RealmIdentity realmIdentity = nameAssignedState.getRealmIdentity();
            try {
                String name = nameAssignedState.getAuthenticationPrincipal().getName();
                if (z && !this.authorizedIdentity.implies(new RunAsPrincipalPermission(name))) {
                    ElytronMessages.log.tracef("RunAs authorization failed - identity does not have required RunAsPrincipalPermission(%s)", name);
                    if (0 == 0) {
                        realmIdentity.dispose();
                    }
                    return null;
                }
                AuthorizedAuthenticationState doAuthorization = nameAssignedState.doAuthorization(false);
                if (doAuthorization == null) {
                    ElytronMessages.log.trace("RunAs authorization failed");
                    if (0 == 0) {
                        realmIdentity.dispose();
                    }
                    return null;
                }
                ElytronMessages.log.trace("RunAs authorization succeed");
                if (1 == 0) {
                    realmIdentity.dispose();
                }
                return doAuthorization;
            } catch (Throwable th) {
                if (0 == 0) {
                    realmIdentity.dispose();
                }
                throw th;
            }
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void succeed() {
            if (this.authorizedIdentity != null) {
                return;
            }
            super.succeed();
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void addPublicCredential(Credential credential) {
            if (ServerAuthenticationContext.this.stateRef.compareAndSet(this, new AuthorizedState(getSourceIdentity().withPublicCredential(credential), getAuthenticationPrincipal(), getRealmInfo(), getMechanismConfiguration(), getMechanismRealmConfiguration()))) {
                return;
            }
            ((State) ServerAuthenticationContext.this.stateRef.get()).addPublicCredential(credential);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void addPrivateCredential(Credential credential) {
            if (ServerAuthenticationContext.this.stateRef.compareAndSet(this, new AuthorizedState(getSourceIdentity().withPrivateCredential(credential), getAuthenticationPrincipal(), getRealmInfo(), getMechanismConfiguration(), getMechanismRealmConfiguration()))) {
                return;
            }
            ((State) ServerAuthenticationContext.this.stateRef.get()).addPrivateCredential(credential);
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:_bootstrap/lra-coordinator.war:WEB-INF/lib/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$CompleteState.class
      input_file:m2repo/org/wildfly/security/wildfly-elytron-auth-server/2.0.0.Alpha4/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$CompleteState.class
     */
    /* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.7.0.Final/wildfly-elytron-1.7.0.Final.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$CompleteState.class */
    static final class CompleteState extends State {
        private final SecurityIdentity identity;

        public CompleteState(SecurityIdentity securityIdentity) {
            this.identity = securityIdentity;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        SecurityIdentity getAuthorizedIdentity() {
            return this.identity;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean isDone() {
            return true;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void succeed() {
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:_bootstrap/lra-coordinator.war:WEB-INF/lib/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$InactiveState.class
      input_file:m2repo/org/wildfly/security/wildfly-elytron-auth-server/2.0.0.Alpha4/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$InactiveState.class
     */
    /* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.7.0.Final/wildfly-elytron-1.7.0.Final.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$InactiveState.class */
    final class InactiveState extends State {
        private final SecurityIdentity capturedIdentity;
        private final MechanismConfigurationSelector mechanismConfigurationSelector;
        private final MechanismInformation mechanismInformation;
        private final IdentityCredentials privateCredentials;
        private final IdentityCredentials publicCredentials;

        public InactiveState(ServerAuthenticationContext serverAuthenticationContext, SecurityIdentity securityIdentity, MechanismConfigurationSelector mechanismConfigurationSelector, IdentityCredentials identityCredentials, IdentityCredentials identityCredentials2) {
            this(securityIdentity, mechanismConfigurationSelector, MechanismInformation.DEFAULT, identityCredentials, identityCredentials2);
        }

        public InactiveState(SecurityIdentity securityIdentity, MechanismConfigurationSelector mechanismConfigurationSelector, MechanismInformation mechanismInformation, IdentityCredentials identityCredentials, IdentityCredentials identityCredentials2) {
            this.capturedIdentity = securityIdentity;
            this.mechanismConfigurationSelector = mechanismConfigurationSelector;
            this.mechanismInformation = (MechanismInformation) Assert.checkNotNullParam("mechanismInformation", mechanismInformation);
            this.privateCredentials = identityCredentials;
            this.publicCredentials = identityCredentials2;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void setMechanismInformation(MechanismInformation mechanismInformation) {
            if (ServerAuthenticationContext.this.stateRef.compareAndSet(this, new InactiveState(this.capturedIdentity, this.mechanismConfigurationSelector, mechanismInformation, this.privateCredentials, this.publicCredentials).selectMechanismConfiguration())) {
                return;
            }
            ((State) ServerAuthenticationContext.this.stateRef.get()).setMechanismInformation(mechanismInformation);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        SecurityDomain getSecurityDomain() {
            return this.capturedIdentity.getSecurityDomain();
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean authorize(Principal principal, boolean z) throws RealmUnavailableException {
            transition();
            return ((State) ServerAuthenticationContext.this.stateRef.get()).authorize(principal, z);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void setMechanismRealmName(String str) {
            transition();
            ((State) ServerAuthenticationContext.this.stateRef.get()).setMechanismRealmName(str);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        MechanismRealmConfiguration getMechanismRealmConfiguration() {
            transition();
            return ((State) ServerAuthenticationContext.this.stateRef.get()).getMechanismRealmConfiguration();
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void fail(boolean z) {
            transition();
            ((State) ServerAuthenticationContext.this.stateRef.get()).fail(z);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean authorizeAnonymous(boolean z) {
            transition();
            return ((State) ServerAuthenticationContext.this.stateRef.get()).authorizeAnonymous(z);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean authorize(boolean z) throws RealmUnavailableException {
            transition();
            return ((State) ServerAuthenticationContext.this.stateRef.get()).authorize(z);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean importIdentity(SecurityIdentity securityIdentity) throws RealmUnavailableException {
            transition();
            return ((State) ServerAuthenticationContext.this.stateRef.get()).importIdentity(securityIdentity);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            return getSecurityDomain().getEvidenceVerifySupport(cls, str);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
            transition();
            return ((State) ServerAuthenticationContext.this.stateRef.get()).verifyEvidence(evidence);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void setPrincipal(Principal principal, boolean z) throws RealmUnavailableException {
            transition();
            ((State) ServerAuthenticationContext.this.stateRef.get()).setPrincipal(principal, z);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        MechanismConfiguration getMechanismConfiguration() {
            transition();
            return ((State) ServerAuthenticationContext.this.stateRef.get()).getMechanismConfiguration();
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void addPublicCredential(Credential credential) {
            if (ServerAuthenticationContext.this.stateRef.compareAndSet(this, new InactiveState(this.capturedIdentity, this.mechanismConfigurationSelector, this.mechanismInformation, this.privateCredentials, this.publicCredentials.withCredential(credential)))) {
                return;
            }
            ((State) ServerAuthenticationContext.this.stateRef.get()).addPublicCredential(credential);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void addPrivateCredential(Credential credential) {
            if (ServerAuthenticationContext.this.stateRef.compareAndSet(this, new InactiveState(this.capturedIdentity, this.mechanismConfigurationSelector, this.mechanismInformation, this.privateCredentials.withCredential(credential), this.publicCredentials))) {
                return;
            }
            ((State) ServerAuthenticationContext.this.stateRef.get()).addPrivateCredential(credential);
        }

        private void transition() {
            ServerAuthenticationContext.this.stateRef.compareAndSet(this, selectMechanismConfiguration());
        }

        /* JADX INFO: Access modifiers changed from: private */
        public InitialState selectMechanismConfiguration() {
            MechanismConfiguration selectConfiguration = this.mechanismConfigurationSelector.selectConfiguration(this.mechanismInformation);
            if (selectConfiguration == null) {
                throw ElytronMessages.log.unableToSelectMechanismConfiguration(this.mechanismInformation.getMechanismType(), this.mechanismInformation.getMechanismName(), this.mechanismInformation.getHostName(), this.mechanismInformation.getProtocol());
            }
            return new InitialState(this.capturedIdentity, selectConfiguration, this.mechanismConfigurationSelector, this.privateCredentials, this.publicCredentials);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:_bootstrap/lra-coordinator.war:WEB-INF/lib/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$InitialState.class
      input_file:m2repo/org/wildfly/security/wildfly-elytron-auth-server/2.0.0.Alpha4/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$InitialState.class
     */
    /* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.7.0.Final/wildfly-elytron-1.7.0.Final.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$InitialState.class */
    public final class InitialState extends UnassignedState {
        private final MechanismConfigurationSelector mechanismConfigurationSelector;

        InitialState(SecurityIdentity securityIdentity, MechanismConfiguration mechanismConfiguration, MechanismConfigurationSelector mechanismConfigurationSelector, IdentityCredentials identityCredentials, IdentityCredentials identityCredentials2) {
            super(securityIdentity, mechanismConfiguration, identityCredentials, identityCredentials2);
            this.mechanismConfigurationSelector = mechanismConfigurationSelector;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.ActiveState, org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void setMechanismRealmName(String str) {
            MechanismConfiguration mechanismConfiguration = getMechanismConfiguration();
            if (mechanismConfiguration.getMechanismRealmNames().isEmpty()) {
                throw ElytronMessages.log.invalidMechRealmSelection(str);
            }
            MechanismRealmConfiguration mechanismRealmConfiguration = mechanismConfiguration.getMechanismRealmConfiguration(str);
            if (mechanismRealmConfiguration == null) {
                throw ElytronMessages.log.invalidMechRealmSelection(str);
            }
            AtomicReference<State> stateRef = ServerAuthenticationContext.this.getStateRef();
            if (stateRef.compareAndSet(this, new RealmAssignedState(this.capturedIdentity, mechanismConfiguration, mechanismRealmConfiguration, this.privateCredentials, this.publicCredentials))) {
                return;
            }
            stateRef.get().setMechanismRealmName(str);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        MechanismRealmConfiguration getMechanismRealmConfiguration() {
            Iterator<String> it = this.mechanismConfiguration.getMechanismRealmNames().iterator();
            return it.hasNext() ? this.mechanismConfiguration.getMechanismRealmConfiguration(it.next()) : MechanismRealmConfiguration.NO_REALM;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.ActiveState, org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void setMechanismInformation(MechanismInformation mechanismInformation) {
            if (ServerAuthenticationContext.this.stateRef.compareAndSet(this, new InactiveState(this.capturedIdentity, this.mechanismConfigurationSelector, mechanismInformation, this.privateCredentials, this.publicCredentials).selectMechanismConfiguration())) {
                return;
            }
            ((State) ServerAuthenticationContext.this.stateRef.get()).setMechanismInformation(mechanismInformation);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void addPublicCredential(Credential credential) {
            if (ServerAuthenticationContext.this.stateRef.compareAndSet(this, new InitialState(getSourceIdentity(), getMechanismConfiguration(), this.mechanismConfigurationSelector, getPrivateCredentials(), getPublicCredentials().withCredential(credential)))) {
                return;
            }
            ((State) ServerAuthenticationContext.this.stateRef.get()).addPublicCredential(credential);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void addPrivateCredential(Credential credential) {
            if (ServerAuthenticationContext.this.stateRef.compareAndSet(this, new InitialState(getSourceIdentity(), getMechanismConfiguration(), this.mechanismConfigurationSelector, getPrivateCredentials().withCredential(credential), getPublicCredentials()))) {
                return;
            }
            ((State) ServerAuthenticationContext.this.stateRef.get()).addPublicCredential(credential);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:_bootstrap/lra-coordinator.war:WEB-INF/lib/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$InvalidNameState.class
      input_file:m2repo/org/wildfly/security/wildfly-elytron-auth-server/2.0.0.Alpha4/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$InvalidNameState.class
     */
    /* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.7.0.Final/wildfly-elytron-1.7.0.Final.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$InvalidNameState.class */
    public final class InvalidNameState extends UnassignedState {
        final MechanismRealmConfiguration mechanismRealmConfiguration;

        InvalidNameState(SecurityIdentity securityIdentity, MechanismConfiguration mechanismConfiguration, MechanismRealmConfiguration mechanismRealmConfiguration, IdentityCredentials identityCredentials, IdentityCredentials identityCredentials2) {
            super(securityIdentity, mechanismConfiguration, identityCredentials, identityCredentials2);
            this.mechanismRealmConfiguration = mechanismRealmConfiguration;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        MechanismRealmConfiguration getMechanismRealmConfiguration() {
            return this.mechanismRealmConfiguration;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        RealmIdentity getRealmIdentity() {
            return RealmIdentity.NON_EXISTENT;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.UnassignedState, org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void fail(boolean z) {
            AtomicReference<State> stateRef = ServerAuthenticationContext.this.getStateRef();
            if (stateRef.compareAndSet(this, ServerAuthenticationContext.FAILED)) {
                return;
            }
            stateRef.get().fail(z);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean isDone() {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:_bootstrap/lra-coordinator.war:WEB-INF/lib/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$NameAssignedState.class
      input_file:m2repo/org/wildfly/security/wildfly-elytron-auth-server/2.0.0.Alpha4/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$NameAssignedState.class
     */
    /* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.7.0.Final/wildfly-elytron-1.7.0.Final.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$NameAssignedState.class */
    public final class NameAssignedState extends ActiveState {
        private final SecurityIdentity capturedIdentity;
        private final RealmInfo realmInfo;
        private final RealmIdentity realmIdentity;
        private final Principal authenticationPrincipal;
        private final MechanismConfiguration mechanismConfiguration;
        private final MechanismRealmConfiguration mechanismRealmConfiguration;
        private final IdentityCredentials privateCredentials;
        private final IdentityCredentials publicCredentials;

        NameAssignedState(SecurityIdentity securityIdentity, RealmInfo realmInfo, RealmIdentity realmIdentity, Principal principal, MechanismConfiguration mechanismConfiguration, MechanismRealmConfiguration mechanismRealmConfiguration, IdentityCredentials identityCredentials, IdentityCredentials identityCredentials2) {
            super();
            this.capturedIdentity = securityIdentity;
            this.realmInfo = realmInfo;
            this.realmIdentity = realmIdentity;
            this.authenticationPrincipal = principal;
            this.mechanismConfiguration = mechanismConfiguration;
            this.mechanismRealmConfiguration = mechanismRealmConfiguration;
            this.privateCredentials = identityCredentials;
            this.publicCredentials = identityCredentials2;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        MechanismConfiguration getMechanismConfiguration() {
            return this.mechanismConfiguration;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        MechanismRealmConfiguration getMechanismRealmConfiguration() {
            return this.mechanismRealmConfiguration;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        Principal getAuthenticationPrincipal() {
            return this.authenticationPrincipal;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        RealmIdentity getRealmIdentity() {
            return this.realmIdentity;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        SecurityDomain getSecurityDomain() {
            return this.capturedIdentity.getSecurityDomain();
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            return this.realmIdentity.getCredentialAcquireSupport(cls, str, algorithmParameterSpec);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            return this.realmIdentity.getEvidenceVerifySupport(cls, str);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            return (C) this.realmIdentity.getCredential(cls, str, algorithmParameterSpec);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean authorize(boolean z) throws RealmUnavailableException {
            AuthorizedAuthenticationState doAuthorization = doAuthorization(z);
            if (doAuthorization == null) {
                return false;
            }
            AtomicReference<State> stateRef = ServerAuthenticationContext.this.getStateRef();
            return stateRef.compareAndSet(this, doAuthorization) || stateRef.get().authorize(z);
        }

        AuthorizedAuthenticationState doAuthorization(boolean z) throws RealmUnavailableException {
            RealmIdentity realmIdentity = this.realmIdentity;
            if (!realmIdentity.exists()) {
                ElytronMessages.log.trace("Authorization failed - realm identity does not exists");
                return null;
            }
            RealmInfo realmInfo = this.realmInfo;
            Principal principal = this.authenticationPrincipal;
            AuthorizationIdentity authorizationIdentity = realmIdentity.getAuthorizationIdentity();
            SecurityDomain securityDomain = this.capturedIdentity.getSecurityDomain();
            SecurityIdentity withPrivateCredentials = ((SecurityIdentity) Assert.assertNotNull(securityDomain.transform(new SecurityIdentity(securityDomain, principal, realmInfo, authorizationIdentity, securityDomain.getCategoryRoleMappers(), IdentityCredentials.NONE, IdentityCredentials.NONE)))).withPublicCredentials(this.publicCredentials).withPrivateCredentials(this.privateCredentials);
            if (ElytronMessages.log.isTraceEnabled()) {
                ElytronMessages.log.tracef("Authorizing principal %s.", principal.getName());
                if (authorizationIdentity != null) {
                    ElytronMessages.log.tracef("Authorizing against the following attributes: %s => %s", authorizationIdentity.getAttributes().keySet(), authorizationIdentity.getAttributes().values());
                } else {
                    ElytronMessages.log.tracef("Authorizing against the following attributes: Cannot obtain the attributes. Authorization Identity is null.", new Object[0]);
                }
            }
            if (z) {
                if (!withPrivateCredentials.implies(LoginPermission.getInstance())) {
                    SecurityRealm.safeHandleRealmEvent(realmInfo.getSecurityRealm(), new RealmIdentityFailedAuthorizationEvent(withPrivateCredentials.getAuthorizationIdentity(), withPrivateCredentials.getPrincipal(), principal));
                    ElytronMessages.log.trace("Authorization failed - identity does not have required LoginPermission");
                    return null;
                }
                SecurityRealm.safeHandleRealmEvent(realmInfo.getSecurityRealm(), new RealmIdentitySuccessfulAuthorizationEvent(withPrivateCredentials.getAuthorizationIdentity(), withPrivateCredentials.getPrincipal(), principal));
            }
            ElytronMessages.log.trace("Authorization succeed");
            return new AuthorizedAuthenticationState(withPrivateCredentials, principal, realmInfo, realmIdentity, this.mechanismRealmConfiguration, this.mechanismConfiguration);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.ActiveState, org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean authorize(Principal principal, boolean z) throws RealmUnavailableException {
            AuthorizedState authorizeRunAs;
            AuthorizedAuthenticationState doAuthorization = doAuthorization(true);
            if (doAuthorization == null || (authorizeRunAs = doAuthorization.authorizeRunAs(principal, z)) == null) {
                return false;
            }
            AtomicReference<State> stateRef = ServerAuthenticationContext.this.getStateRef();
            if (!stateRef.compareAndSet(this, authorizeRunAs)) {
                return stateRef.get().authorize(principal, z);
            }
            if (authorizeRunAs == doAuthorization) {
                return true;
            }
            getRealmIdentity().dispose();
            return true;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.ActiveState
        SecurityIdentity getSourceIdentity() {
            return this.capturedIdentity;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
            Principal principal = evidence.getPrincipal();
            return (principal == null || isSamePrincipal(principal)) && getRealmIdentity().verifyEvidence(evidence);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void updateCredential(Credential credential) throws RealmUnavailableException {
            this.realmIdentity.updateCredential(credential);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void succeed() {
            throw ElytronMessages.log.cannotSucceedNotAuthorized();
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void fail(boolean z) {
            SecurityIdentity sourceIdentity = getSourceIdentity();
            AtomicReference<State> stateRef = ServerAuthenticationContext.this.getStateRef();
            if (!stateRef.compareAndSet(this, ServerAuthenticationContext.FAILED)) {
                stateRef.get().fail(z);
                return;
            }
            SecurityRealm.safeHandleRealmEvent(getRealmInfo().getSecurityRealm(), new RealmFailedAuthenticationEvent(this.realmIdentity, null, null));
            SecurityDomain.safeHandleSecurityEvent(sourceIdentity.getSecurityDomain(), new SecurityAuthenticationFailedEvent(sourceIdentity, this.realmIdentity.getRealmIdentityPrincipal()));
            this.realmIdentity.dispose();
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void setPrincipal(Principal principal, boolean z) {
            if (!isSamePrincipal(principal)) {
                throw ElytronMessages.log.nameAlreadySet();
            }
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean isSamePrincipal(Principal principal) {
            return this.authenticationPrincipal.equals(ServerAuthenticationContext.rewriteAll(principal, this.mechanismRealmConfiguration.getPreRealmRewriter(), this.mechanismConfiguration.getPreRealmRewriter(), this.capturedIdentity.getSecurityDomain().getPreRealmRewriter()));
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void addPublicCredential(Credential credential) {
            if (ServerAuthenticationContext.this.stateRef.compareAndSet(this, new NameAssignedState(getSourceIdentity(), getRealmInfo(), getRealmIdentity(), getAuthenticationPrincipal(), getMechanismConfiguration(), getMechanismRealmConfiguration(), this.privateCredentials, this.publicCredentials.withCredential(credential)))) {
                return;
            }
            ((State) ServerAuthenticationContext.this.stateRef.get()).addPublicCredential(credential);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void addPrivateCredential(Credential credential) {
            if (ServerAuthenticationContext.this.stateRef.compareAndSet(this, new NameAssignedState(getSourceIdentity(), getRealmInfo(), getRealmIdentity(), getAuthenticationPrincipal(), getMechanismConfiguration(), getMechanismRealmConfiguration(), this.privateCredentials.withCredential(credential), this.publicCredentials))) {
                return;
            }
            ((State) ServerAuthenticationContext.this.stateRef.get()).addPublicCredential(credential);
        }

        RealmInfo getRealmInfo() {
            return this.realmInfo;
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:_bootstrap/lra-coordinator.war:WEB-INF/lib/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$RealmAssignedState.class
      input_file:m2repo/org/wildfly/security/wildfly-elytron-auth-server/2.0.0.Alpha4/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$RealmAssignedState.class
     */
    /* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.7.0.Final/wildfly-elytron-1.7.0.Final.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$RealmAssignedState.class */
    final class RealmAssignedState extends UnassignedState {
        final MechanismRealmConfiguration mechanismRealmConfiguration;

        RealmAssignedState(SecurityIdentity securityIdentity, MechanismConfiguration mechanismConfiguration, MechanismRealmConfiguration mechanismRealmConfiguration, IdentityCredentials identityCredentials, IdentityCredentials identityCredentials2) {
            super(securityIdentity, mechanismConfiguration, identityCredentials, identityCredentials2);
            this.mechanismRealmConfiguration = mechanismRealmConfiguration;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        MechanismRealmConfiguration getMechanismRealmConfiguration() {
            return this.mechanismRealmConfiguration;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void addPublicCredential(Credential credential) {
            if (ServerAuthenticationContext.this.stateRef.compareAndSet(this, new RealmAssignedState(getSourceIdentity(), getMechanismConfiguration(), getMechanismRealmConfiguration(), getPrivateCredentials(), getPublicCredentials().withCredential(credential)))) {
                return;
            }
            ((State) ServerAuthenticationContext.this.stateRef.get()).addPublicCredential(credential);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void addPrivateCredential(Credential credential) {
            if (ServerAuthenticationContext.this.stateRef.compareAndSet(this, new RealmAssignedState(getSourceIdentity(), getMechanismConfiguration(), getMechanismRealmConfiguration(), getPrivateCredentials().withCredential(credential), getPublicCredentials()))) {
                return;
            }
            ((State) ServerAuthenticationContext.this.stateRef.get()).addPublicCredential(credential);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:_bootstrap/lra-coordinator.war:WEB-INF/lib/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$State.class
      input_file:m2repo/org/wildfly/security/wildfly-elytron-auth-server/2.0.0.Alpha4/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$State.class
     */
    /* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.7.0.Final/wildfly-elytron-1.7.0.Final.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$State.class */
    public static abstract class State {
        State() {
        }

        MechanismConfiguration getMechanismConfiguration() {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        MechanismRealmConfiguration getMechanismRealmConfiguration() {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        SecurityIdentity getAuthorizedIdentity() {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        Principal getAuthenticationPrincipal() {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        boolean isSamePrincipal(Principal principal) {
            return false;
        }

        SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        boolean importIdentity(SecurityIdentity securityIdentity) throws RealmUnavailableException {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        RealmIdentity getRealmIdentity() {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        SecurityDomain getSecurityDomain() {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        boolean authorizeAnonymous(boolean z) {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        void setMechanismInformation(MechanismInformation mechanismInformation) {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        void setPrincipal(Principal principal, boolean z) throws RealmUnavailableException {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        boolean authorize(boolean z) throws RealmUnavailableException {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        boolean authorize(Principal principal, boolean z) throws RealmUnavailableException {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        void setMechanismRealmName(String str) {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        void updateCredential(Credential credential) throws RealmUnavailableException {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        void succeed() {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        void fail(boolean z) {
            if (z) {
                throw ElytronMessages.log.noAuthenticationInProgress();
            }
        }

        boolean isDone() {
            return false;
        }

        void addPublicCredential(Credential credential) {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        void addPrivateCredential(Credential credential) {
            throw ElytronMessages.log.noAuthenticationInProgress();
        }

        public boolean isNameAssigned() {
            return this instanceof NameAssignedState;
        }

        public boolean isAuthorized() {
            return this instanceof AuthorizedState;
        }

        public boolean canVerifyEvidence() {
            return ((this instanceof NameAssignedState) || (this instanceof AuthorizedState)) ? false : true;
        }
    }

    /* JADX WARN: Classes with same name are omitted:
      input_file:_bootstrap/lra-coordinator.war:WEB-INF/lib/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$UnassignedState.class
      input_file:m2repo/org/wildfly/security/wildfly-elytron-auth-server/2.0.0.Alpha4/wildfly-elytron-auth-server-2.0.0.Alpha4.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$UnassignedState.class
     */
    /* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron/1.7.0.Final/wildfly-elytron-1.7.0.Final.jar:org/wildfly/security/auth/server/ServerAuthenticationContext$UnassignedState.class */
    abstract class UnassignedState extends ActiveState {
        final SecurityIdentity capturedIdentity;
        final MechanismConfiguration mechanismConfiguration;
        final IdentityCredentials privateCredentials;
        final IdentityCredentials publicCredentials;

        UnassignedState(SecurityIdentity securityIdentity, MechanismConfiguration mechanismConfiguration, IdentityCredentials identityCredentials, IdentityCredentials identityCredentials2) {
            super();
            this.capturedIdentity = securityIdentity;
            this.mechanismConfiguration = mechanismConfiguration;
            this.privateCredentials = identityCredentials;
            this.publicCredentials = identityCredentials2;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.ActiveState
        SecurityIdentity getSourceIdentity() {
            return this.capturedIdentity;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        SecurityDomain getSecurityDomain() {
            return this.capturedIdentity.getSecurityDomain();
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void fail(boolean z) {
            AtomicReference<State> stateRef = ServerAuthenticationContext.this.getStateRef();
            if (stateRef.compareAndSet(this, ServerAuthenticationContext.FAILED)) {
                return;
            }
            stateRef.get().fail(z);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean authorizeAnonymous(boolean z) {
            AtomicReference<State> stateRef = ServerAuthenticationContext.this.getStateRef();
            SecurityIdentity anonymousSecurityIdentity = getSecurityDomain().getAnonymousSecurityIdentity();
            return (!z || anonymousSecurityIdentity.implies(LoginPermission.getInstance())) && (stateRef.compareAndSet(this, new AnonymousAuthorizedState(anonymousSecurityIdentity)) || stateRef.get().authorizeAnonymous(z));
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean authorize(boolean z) throws RealmUnavailableException {
            SecurityIdentity securityIdentity = this.capturedIdentity;
            if (securityIdentity.isAnonymous()) {
                return authorizeAnonymous(z);
            }
            AtomicReference<State> stateRef = ServerAuthenticationContext.this.getStateRef();
            return (!z || securityIdentity.implies(LoginPermission.getInstance())) && (stateRef.compareAndSet(this, new AuthorizedState(securityIdentity, securityIdentity.getPrincipal(), securityIdentity.getRealmInfo(), this.mechanismConfiguration, getMechanismRealmConfiguration())) || stateRef.get().authorize(z));
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean importIdentity(SecurityIdentity securityIdentity) throws RealmUnavailableException {
            SecurityRealm securityRealm = securityIdentity.getRealmInfo().getSecurityRealm();
            SecurityDomain securityDomain = securityIdentity.getSecurityDomain();
            AtomicReference<State> stateRef = ServerAuthenticationContext.this.getStateRef();
            SecurityIdentity sourceIdentity = getSourceIdentity();
            SecurityDomain securityDomain2 = sourceIdentity.getSecurityDomain();
            if (securityIdentity.isAnonymous()) {
                return stateRef.compareAndSet(this, new AnonymousAuthorizedState(securityDomain2.getAnonymousSecurityIdentity())) || stateRef.get().importIdentity(securityIdentity);
            }
            Principal principal = securityIdentity.getPrincipal();
            if (securityDomain2 == securityIdentity.getSecurityDomain()) {
                return stateRef.compareAndSet(this, new AuthorizedState(securityIdentity, principal, securityIdentity.getRealmInfo(), this.mechanismConfiguration, getMechanismRealmConfiguration())) || stateRef.get().importIdentity(securityIdentity);
            }
            boolean z = false;
            if (securityDomain2.trustsDomain(securityDomain)) {
                z = true;
            }
            State assignName = ServerAuthenticationContext.this.assignName(sourceIdentity, this.mechanismConfiguration, getMechanismRealmConfiguration(), principal, null, this.privateCredentials, this.publicCredentials);
            if (!assignName.isNameAssigned()) {
                return false;
            }
            NameAssignedState nameAssignedState = (NameAssignedState) assignName;
            RealmIdentity realmIdentity = nameAssignedState.getRealmIdentity();
            if (!z) {
                try {
                    if (nameAssignedState.getRealmInfo().getSecurityRealm() != securityRealm) {
                        if (0 == 0) {
                            realmIdentity.dispose();
                        }
                        return false;
                    }
                } finally {
                    if (0 == 0) {
                        realmIdentity.dispose();
                    }
                }
            }
            AuthorizedAuthenticationState doAuthorization = nameAssignedState.doAuthorization(false);
            if (doAuthorization == null) {
                return false;
            }
            if (stateRef.compareAndSet(this, doAuthorization)) {
                if (1 == 0) {
                    realmIdentity.dispose();
                }
                return true;
            }
            boolean importIdentity = stateRef.get().importIdentity(securityIdentity);
            if (0 == 0) {
                realmIdentity.dispose();
            }
            return importIdentity;
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            return getSecurityDomain().getEvidenceVerifySupport(cls, str);
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r21v0 */
        /* JADX WARN: Type inference failed for: r21v1 */
        /* JADX WARN: Type inference failed for: r21v2 */
        /* JADX WARN: Type inference failed for: r21v3, types: [org.wildfly.security.auth.server.RealmIdentity] */
        /* JADX WARN: Type inference failed for: r21v4 */
        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
            AtomicReference<State> stateRef = ServerAuthenticationContext.this.getStateRef();
            Principal principal = evidence.getPrincipal();
            ElytronMessages.log.tracef("Evidence verification: evidence = %s  evidencePrincipal = %s", evidence, principal);
            MechanismRealmConfiguration mechanismRealmConfiguration = getMechanismRealmConfiguration();
            if (principal != null) {
                State assignName = ServerAuthenticationContext.this.assignName(getSourceIdentity(), this.mechanismConfiguration, mechanismRealmConfiguration, principal, evidence, this.privateCredentials, this.publicCredentials);
                if (!assignName.verifyEvidence(evidence)) {
                    if (!assignName.isNameAssigned()) {
                        return false;
                    }
                    ((NameAssignedState) assignName).realmIdentity.dispose();
                    return false;
                }
                if (stateRef.compareAndSet(this, assignName)) {
                    return true;
                }
                if (assignName.isNameAssigned()) {
                    ((NameAssignedState) assignName).realmIdentity.dispose();
                }
                return stateRef.get().verifyEvidence(evidence);
            }
            Class<?> cls = evidence.getClass();
            String algorithm = evidence instanceof AlgorithmEvidence ? ((AlgorithmEvidence) evidence).getAlgorithm() : null;
            RealmIdentity realmIdentity = 0;
            RealmInfo realmInfo = null;
            Iterator<RealmInfo> it = getSecurityDomain().getRealmInfos().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                RealmInfo next = it.next();
                realmIdentity = next.getSecurityRealm().getRealmIdentity(evidence);
                if (realmIdentity.getEvidenceVerifySupport(cls, algorithm).mayBeSupported()) {
                    realmInfo = next;
                    break;
                }
                realmIdentity.dispose();
                realmIdentity = realmIdentity;
            }
            if (realmInfo == null) {
                return false;
            }
            Principal realmIdentityPrincipal = realmIdentity.getRealmIdentityPrincipal();
            if (realmIdentityPrincipal == null) {
                realmIdentity.dispose();
                return false;
            }
            if (!realmIdentity.verifyEvidence(evidence)) {
                realmIdentity.dispose();
                return false;
            }
            if (stateRef.compareAndSet(this, new NameAssignedState(getSourceIdentity(), realmInfo, realmIdentity, realmIdentityPrincipal, this.mechanismConfiguration, mechanismRealmConfiguration, this.privateCredentials, this.publicCredentials))) {
                return true;
            }
            realmIdentity.dispose();
            return stateRef.get().verifyEvidence(evidence);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        void setPrincipal(Principal principal, boolean z) throws RealmUnavailableException {
            Assert.checkNotNullParam("principal", principal);
            AtomicReference<State> stateRef = ServerAuthenticationContext.this.getStateRef();
            State assignName = ServerAuthenticationContext.this.assignName(this.capturedIdentity, this.mechanismConfiguration, getMechanismRealmConfiguration(), principal, null, this.privateCredentials, this.publicCredentials, z);
            if (stateRef.compareAndSet(this, assignName)) {
                return;
            }
            if (assignName.isNameAssigned()) {
                ((NameAssignedState) assignName).realmIdentity.dispose();
            }
            stateRef.get().setPrincipal(principal, z);
        }

        @Override // org.wildfly.security.auth.server.ServerAuthenticationContext.State
        MechanismConfiguration getMechanismConfiguration() {
            return this.mechanismConfiguration;
        }

        IdentityCredentials getPrivateCredentials() {
            return this.privateCredentials;
        }

        IdentityCredentials getPublicCredentials() {
            return this.publicCredentials;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerAuthenticationContext(SecurityDomain securityDomain, MechanismConfigurationSelector mechanismConfigurationSelector) {
        this(securityDomain.getCurrentSecurityIdentity(), mechanismConfigurationSelector);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServerAuthenticationContext(SecurityIdentity securityIdentity, MechanismConfigurationSelector mechanismConfigurationSelector) {
        this.stateRef = new AtomicReference<>(new InactiveState(this, securityIdentity, mechanismConfigurationSelector, IdentityCredentials.NONE, IdentityCredentials.NONE));
    }

    public void setMechanismInformation(MechanismInformation mechanismInformation) throws IllegalStateException {
        this.stateRef.get().setMechanismInformation(mechanismInformation);
    }

    public SecurityIdentity getAuthorizedIdentity() throws IllegalStateException {
        return this.stateRef.get().getAuthorizedIdentity();
    }

    public boolean authorizeAnonymous() throws IllegalStateException {
        return authorizeAnonymous(true);
    }

    public boolean authorizeAnonymous(boolean z) throws IllegalStateException {
        return this.stateRef.get().authorizeAnonymous(z);
    }

    public void setAuthenticationName(String str) throws IllegalArgumentException, RealmUnavailableException, IllegalStateException {
        setAuthenticationName(str, false);
    }

    public void setAuthenticationName(String str, boolean z) throws IllegalArgumentException, RealmUnavailableException, IllegalStateException {
        Assert.checkNotNullParam("name", str);
        setAuthenticationPrincipal(new NamePrincipal(str), z);
    }

    public void setAuthenticationPrincipal(Principal principal) throws IllegalArgumentException, RealmUnavailableException, IllegalStateException {
        setAuthenticationPrincipal(principal, false);
    }

    public void setAuthenticationPrincipal(Principal principal, boolean z) throws IllegalArgumentException, RealmUnavailableException, IllegalStateException {
        Assert.checkNotNullParam("principal", principal);
        this.stateRef.get().setPrincipal(principal, z);
    }

    public boolean isSameName(String str) throws IllegalArgumentException, RealmUnavailableException, IllegalStateException {
        Assert.checkNotNullParam("name", str);
        return isSamePrincipal(new NamePrincipal(str));
    }

    public boolean isSamePrincipal(Principal principal) throws IllegalArgumentException, RealmUnavailableException, IllegalStateException {
        Assert.checkNotNullParam("principal", principal);
        return this.stateRef.get().isSamePrincipal(principal);
    }

    public boolean exists() throws RealmUnavailableException, IllegalStateException {
        return this.stateRef.get().getRealmIdentity().exists();
    }

    public void fail() throws IllegalStateException {
        this.stateRef.get().fail(true);
    }

    public boolean authorize() throws RealmUnavailableException, IllegalStateException {
        return authorize(true);
    }

    boolean authorize(boolean z) throws RealmUnavailableException, IllegalStateException {
        return this.stateRef.get().authorize(z);
    }

    public boolean authorize(String str) throws IllegalArgumentException, RealmUnavailableException, IllegalStateException {
        Assert.checkNotNullParam("name", str);
        return authorize(new NamePrincipal(str), true);
    }

    public boolean authorize(Principal principal) throws IllegalArgumentException, RealmUnavailableException, IllegalStateException {
        return authorize(principal, true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean authorize(Principal principal, boolean z) throws IllegalArgumentException, RealmUnavailableException, IllegalStateException {
        Assert.checkNotNullParam("principal", principal);
        return this.stateRef.get().authorize(principal, z);
    }

    public void succeed() throws IllegalStateException, RealmUnavailableException {
        this.stateRef.get().succeed();
    }

    public boolean isDone() {
        return this.stateRef.get().isDone();
    }

    public Principal getAuthenticationPrincipal() {
        return this.stateRef.get().getAuthenticationPrincipal();
    }

    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
        Assert.checkNotNullParam("credentialType", cls);
        return this.stateRef.get().getCredentialAcquireSupport(cls, str, algorithmParameterSpec);
    }

    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str) throws RealmUnavailableException {
        return getCredentialAcquireSupport(cls, str, null);
    }

    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls) throws RealmUnavailableException {
        Assert.checkNotNullParam("credentialType", cls);
        return getCredentialAcquireSupport(cls, null);
    }

    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
        Assert.checkNotNullParam("evidenceType", cls);
        return this.stateRef.get().getEvidenceVerifySupport(cls, str);
    }

    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls) throws RealmUnavailableException {
        Assert.checkNotNullParam("evidenceType", cls);
        return getEvidenceVerifySupport(cls, null);
    }

    public <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
        Assert.checkNotNullParam("credentialType", cls);
        return (C) this.stateRef.get().getCredential(cls, str, algorithmParameterSpec);
    }

    public <C extends Credential> C getCredential(Class<C> cls, String str) throws RealmUnavailableException {
        Assert.checkNotNullParam("credentialType", cls);
        return (C) this.stateRef.get().getCredential(cls, str, null);
    }

    public <C extends Credential> C getCredential(Class<C> cls) throws RealmUnavailableException {
        Assert.checkNotNullParam("credentialType", cls);
        return (C) this.stateRef.get().getCredential(cls, null, null);
    }

    public <C extends Credential, R> R applyToCredential(Class<C> cls, Function<C, R> function) throws RealmUnavailableException {
        Credential credential = getCredential(cls);
        if (credential == null) {
            return null;
        }
        return (R) credential.castAndApply(cls, function);
    }

    public <C extends Credential, R> R applyToCredential(Class<C> cls, String str, Function<C, R> function) throws RealmUnavailableException {
        Credential credential = getCredential(cls, str);
        if (credential == null) {
            return null;
        }
        return (R) credential.castAndApply(cls, str, function);
    }

    public <C extends Credential, R> R applyToCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec, Function<C, R> function) throws RealmUnavailableException {
        Credential credential = getCredential(cls, str, algorithmParameterSpec);
        if (credential == null) {
            return null;
        }
        return (R) credential.castAndApply(cls, str, algorithmParameterSpec, function);
    }

    public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
        Assert.checkNotNullParam("evidence", evidence);
        return this.stateRef.get().verifyEvidence(evidence);
    }

    public void addPublicCredential(Credential credential) {
        Assert.checkNotNullParam(ElytronDescriptionConstants.CREDENTIAL, credential);
        this.stateRef.get().addPublicCredential(credential);
    }

    public void addPrivateCredential(Credential credential) {
        Assert.checkNotNullParam(ElytronDescriptionConstants.CREDENTIAL, credential);
        this.stateRef.get().addPrivateCredential(credential);
    }

    public boolean importIdentity(SecurityIdentity securityIdentity) throws RealmUnavailableException {
        Assert.checkNotNullParam("identity", securityIdentity);
        return this.stateRef.get().importIdentity(securityIdentity);
    }

    public void setMechanismRealmName(String str) throws IllegalStateException, IllegalArgumentException {
        Assert.checkNotNullParam("realmName", str);
        this.stateRef.get().setMechanismRealmName(str);
    }

    public void updateCredential(Credential credential) throws RealmUnavailableException {
        Assert.checkNotNullParam(ElytronDescriptionConstants.CREDENTIAL, credential);
        this.stateRef.get().updateCredential(credential);
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        this.stateRef.get().fail(false);
    }

    AtomicReference<State> getStateRef() {
        return this.stateRef;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CallbackHandler createCallbackHandler() {
        return new CallbackHandler() { // from class: org.wildfly.security.auth.server.ServerAuthenticationContext.1
            private SSLConnection sslConnection;
            private X509Certificate[] peerCerts;

            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                handleOne(callbackArr, 0);
            }

            private void handleOne(Callback[] callbackArr, int i) throws IOException, UnsupportedCallbackException {
                Credential credential;
                Password password;
                if (i == callbackArr.length) {
                    return;
                }
                AtomicReference<State> stateRef = ServerAuthenticationContext.this.getStateRef();
                Callback callback = callbackArr[i];
                if (callback instanceof AnonymousAuthorizationCallback) {
                    boolean authorizeAnonymous = ServerAuthenticationContext.this.authorizeAnonymous();
                    ElytronMessages.log.tracef("Handling AnonymousAuthorizationCallback: authorized = %b", Boolean.valueOf(authorizeAnonymous));
                    ((AnonymousAuthorizationCallback) callback).setAuthorized(authorizeAnonymous);
                    handleOne(callbackArr, i + 1);
                    return;
                }
                if (callback instanceof AuthorizeCallback) {
                    AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
                    String authenticationID = authorizeCallback.getAuthenticationID();
                    if (authenticationID != null) {
                        ServerAuthenticationContext.this.setAuthenticationName(authenticationID);
                    } else if (stateRef.get().canVerifyEvidence() && this.peerCerts != null) {
                        ElytronMessages.log.tracef("Authentication ID is null but SSL peer certificates are available. Trying to authenticate peer", new Object[0]);
                        ServerAuthenticationContext.this.verifyEvidence(new X509PeerCertificateChainEvidence(this.peerCerts));
                    }
                    String authorizationID = authorizeCallback.getAuthorizationID();
                    boolean authorize = authorizationID != null ? ServerAuthenticationContext.this.authorize(authorizationID) : ServerAuthenticationContext.this.authorize();
                    ElytronMessages.log.tracef("Handling AuthorizeCallback: authenticationID = %s  authorizationID = %s  authorized = %b", authenticationID, authorizationID, Boolean.valueOf(authorize));
                    authorizeCallback.setAuthorized(authorize);
                    handleOne(callbackArr, i + 1);
                    return;
                }
                if (callback instanceof ExclusiveNameCallback) {
                    ExclusiveNameCallback exclusiveNameCallback = (ExclusiveNameCallback) callback;
                    String defaultName = exclusiveNameCallback.getDefaultName();
                    try {
                        boolean needsExclusiveAccess = exclusiveNameCallback.needsExclusiveAccess();
                        ElytronMessages.log.tracef("Handling ExclusiveNameCallback: authenticationName = %s  needsExclusiveAccess = %b", defaultName, Boolean.valueOf(needsExclusiveAccess));
                        if (needsExclusiveAccess) {
                            ServerAuthenticationContext.this.setAuthenticationName(defaultName, true);
                            exclusiveNameCallback.setExclusiveAccess(true);
                        } else {
                            ServerAuthenticationContext.this.setAuthenticationName(defaultName);
                        }
                        handleOne(callbackArr, i + 1);
                        return;
                    } catch (Exception e) {
                        throw new IOException(e);
                    }
                }
                if (callback instanceof NameCallback) {
                    String defaultName2 = ((NameCallback) callback).getDefaultName();
                    try {
                        ElytronMessages.log.tracef("Handling NameCallback: authenticationName = %s", defaultName2);
                        ServerAuthenticationContext.this.setAuthenticationName(defaultName2);
                        handleOne(callbackArr, i + 1);
                        return;
                    } catch (Exception e2) {
                        throw new IOException(e2);
                    }
                }
                if (callback instanceof PeerPrincipalCallback) {
                    Principal principal = ((PeerPrincipalCallback) callback).getPrincipal();
                    try {
                        ElytronMessages.log.tracef("Handling PeerPrincipalCallback: principal = %s", principal);
                        ServerAuthenticationContext.this.setAuthenticationPrincipal(principal);
                        handleOne(callbackArr, i + 1);
                        return;
                    } catch (Exception e3) {
                        throw new IOException(e3);
                    }
                }
                if (callback instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callback;
                    if (!ServerAuthenticationContext.this.getCredentialAcquireSupport(PasswordCredential.class).mayBeSupported()) {
                        ElytronMessages.log.tracef("Handling PasswordCallback: PasswordCredential may not be supported", new Object[0]);
                        throw new FastUnsupportedCallbackException(callback);
                    }
                    TwoWayPassword twoWayPassword = (TwoWayPassword) ServerAuthenticationContext.this.applyToCredential(PasswordCredential.class, passwordCredential -> {
                        return (TwoWayPassword) passwordCredential.getPassword(TwoWayPassword.class);
                    });
                    if (twoWayPassword == null) {
                        ElytronMessages.log.tracef("Handling PasswordCallback: failed to obtain PasswordCredential", new Object[0]);
                        throw new FastUnsupportedCallbackException(callback);
                    }
                    try {
                        ClearPasswordSpec clearPasswordSpec = (ClearPasswordSpec) PasswordFactory.getInstance(twoWayPassword.getAlgorithm()).getKeySpec(twoWayPassword, ClearPasswordSpec.class);
                        ElytronMessages.log.tracef("Handling PasswordCallback: obtained successfully", new Object[0]);
                        passwordCallback.setPassword(clearPasswordSpec.getEncodedPassword());
                        handleOne(callbackArr, i + 1);
                        return;
                    } catch (NoSuchAlgorithmException | InvalidKeySpecException e4) {
                        ElytronMessages.log.trace("Unable to get key spec", e4);
                        throw new FastUnsupportedCallbackException(callback);
                    }
                }
                if (callback instanceof CredentialCallback) {
                    CredentialCallback credentialCallback = (CredentialCallback) callback;
                    String realmName = stateRef.get().getMechanismRealmConfiguration().getRealmName();
                    Credential credential2 = ServerAuthenticationContext.this.getCredential(credentialCallback.getCredentialType(), credentialCallback.getAlgorithm(), credentialCallback.getParameterSpec());
                    if (credential2 == null) {
                        ElytronMessages.log.tracef("Handling CredentialCallback: failed to obtain credential", new Object[0]);
                        throw new FastUnsupportedCallbackException(callback);
                    }
                    if ((credential2 instanceof PasswordCredential) && (password = ((PasswordCredential) credential2).getPassword()) != null && (password instanceof DigestPassword)) {
                        String realm = ((DigestPassword) password).getRealm();
                        if (!realm.equals(realmName)) {
                            ElytronMessages.log.tracef("Handling CredentialCallback: credential for realm \"%s\" is not available (\"%s\" provided)", realmName, realm);
                            throw new FastUnsupportedCallbackException(callback);
                        }
                        ElytronMessages.log.tracef("Handling CredentialCallback: obtained credential for correct realm \"%s\"", realm);
                    }
                    ElytronMessages.log.tracef("Handling CredentialCallback: obtained credential: %s", credential2);
                    credentialCallback.setCredential(credential2);
                    handleOne(callbackArr, i + 1);
                    return;
                }
                if (callback instanceof ServerCredentialCallback) {
                    ServerCredentialCallback serverCredentialCallback = (ServerCredentialCallback) callback;
                    CredentialSource serverCredentialSource = stateRef.get().getMechanismConfiguration().getServerCredentialSource();
                    Class<? extends Credential> credentialType = serverCredentialCallback.getCredentialType();
                    String algorithm = serverCredentialCallback.getAlgorithm();
                    AlgorithmParameterSpec parameterSpec = serverCredentialCallback.getParameterSpec();
                    if (!serverCredentialSource.getCredentialAcquireSupport(credentialType, algorithm, parameterSpec).mayBeSupported() || (credential = serverCredentialSource.getCredential(credentialType, algorithm, parameterSpec)) == null) {
                        ElytronMessages.log.tracef("Handling ServerCredentialCallback: skipping credential type type=%s, algorithm=%s, params=%s", credentialType, algorithm, parameterSpec);
                        handleOne(callbackArr, i + 1);
                        return;
                    } else {
                        ElytronMessages.log.tracef("Handling ServerCredentialCallback: successfully obtained credential type type=%s, algorithm=%s, params=%s", credentialType, algorithm, parameterSpec);
                        serverCredentialCallback.setCredential(credential);
                        handleOne(callbackArr, i + 1);
                        return;
                    }
                }
                if (callback instanceof EvidenceVerifyCallback) {
                    EvidenceVerifyCallback evidenceVerifyCallback = (EvidenceVerifyCallback) callback;
                    evidenceVerifyCallback.setVerified(ServerAuthenticationContext.this.verifyEvidence(evidenceVerifyCallback.getEvidence()));
                    handleOne(callbackArr, i + 1);
                    return;
                }
                if (callback instanceof SSLCallback) {
                    SSLCallback sSLCallback = (SSLCallback) callback;
                    this.sslConnection = sSLCallback.getSslConnection();
                    try {
                        this.peerCerts = X500.asX509CertificateArray(sSLCallback.getSslConnection().getSession().getPeerCertificates());
                    } catch (SSLPeerUnverifiedException e5) {
                        ElytronMessages.log.trace("Peer unverified", e5);
                        this.peerCerts = null;
                    }
                    handleOne(callbackArr, i + 1);
                    return;
                }
                if (callback instanceof ChannelBindingCallback) {
                    SSLConnection sSLConnection = this.sslConnection;
                    if (sSLConnection != null) {
                        sSLConnection.handleChannelBindingCallback((ChannelBindingCallback) callback);
                    }
                    handleOne(callbackArr, i + 1);
                    return;
                }
                if (callback instanceof AuthenticationCompleteCallback) {
                    if (!ServerAuthenticationContext.this.isDone()) {
                        if (((AuthenticationCompleteCallback) callback).succeeded()) {
                            ElytronMessages.log.tracef("Handling AuthenticationCompleteCallback: succeed", new Object[0]);
                            ServerAuthenticationContext.this.succeed();
                        } else {
                            ElytronMessages.log.tracef("Handling AuthenticationCompleteCallback: fail", new Object[0]);
                            ServerAuthenticationContext.this.fail();
                        }
                    }
                    handleOne(callbackArr, i + 1);
                    return;
                }
                if (callback instanceof SocketAddressCallback) {
                    SocketAddressCallback socketAddressCallback = (SocketAddressCallback) callback;
                    ElytronMessages.log.tracef("Handling SocketAddressCallback", new Object[0]);
                    if (socketAddressCallback.getKind() == SocketAddressCallback.Kind.PEER) {
                    }
                    handleOne(callbackArr, i + 1);
                    return;
                }
                if (callback instanceof SecurityIdentityCallback) {
                    SecurityIdentity authorizedIdentity = ServerAuthenticationContext.this.getAuthorizedIdentity();
                    ElytronMessages.log.tracef("Handling SecurityIdentityCallback: identity = %s", authorizedIdentity);
                    ((SecurityIdentityCallback) callback).setSecurityIdentity(authorizedIdentity);
                    handleOne(callbackArr, i + 1);
                    return;
                }
                if (callback instanceof AvailableRealmsCallback) {
                    Collection<String> mechanismRealmNames = stateRef.get().getMechanismConfiguration().getMechanismRealmNames();
                    if (ElytronMessages.log.isTraceEnabled()) {
                        ElytronMessages.log.tracef("Handling AvailableRealmsCallback: realms = [%s]", String.join(", ", mechanismRealmNames));
                    }
                    if (!mechanismRealmNames.isEmpty()) {
                        ((AvailableRealmsCallback) callback).setRealmNames((String[]) mechanismRealmNames.toArray(new String[mechanismRealmNames.size()]));
                    }
                    handleOne(callbackArr, i + 1);
                    return;
                }
                if (callback instanceof RealmCallback) {
                    RealmCallback realmCallback = (RealmCallback) callback;
                    String text = realmCallback.getText();
                    if (text == null) {
                        text = realmCallback.getDefaultText();
                    }
                    ElytronMessages.log.tracef("Handling RealmCallback: selected = [%s]", text);
                    ServerAuthenticationContext.this.setMechanismRealmName(text);
                    handleOne(callbackArr, i + 1);
                    return;
                }
                if (callback instanceof MechanismInformationCallback) {
                    try {
                        MechanismInformation mechanismInformation = ((MechanismInformationCallback) callback).getMechanismInformation();
                        if (ElytronMessages.log.isTraceEnabled()) {
                            ElytronMessages.log.tracef("Handling MechanismInformationCallback type='%s' name='%s' host-name='%s' protocol='%s'", mechanismInformation.getMechanismType(), mechanismInformation.getMechanismName(), mechanismInformation.getHostName(), mechanismInformation.getProtocol());
                        }
                        ServerAuthenticationContext.this.setMechanismInformation(mechanismInformation);
                        handleOne(callbackArr, i + 1);
                        return;
                    } catch (Exception e6) {
                        throw new IOException(e6);
                    }
                }
                if (callback instanceof CredentialUpdateCallback) {
                    ElytronMessages.log.tracef("Handling CredentialUpdateCallback", new Object[0]);
                    ServerAuthenticationContext.this.updateCredential(((CredentialUpdateCallback) callback).getCredential());
                    handleOne(callbackArr, i + 1);
                    return;
                }
                if (!(callback instanceof CachedIdentityAuthorizeCallback)) {
                    if (!(callback instanceof IdentityCredentialCallback)) {
                        CallbackUtil.unsupported(callback);
                        handleOne(callbackArr, i + 1);
                        return;
                    }
                    IdentityCredentialCallback identityCredentialCallback = (IdentityCredentialCallback) callback;
                    Credential credential3 = identityCredentialCallback.getCredential();
                    if (identityCredentialCallback.isPrivate()) {
                        ServerAuthenticationContext.this.addPrivateCredential(credential3);
                    } else {
                        ServerAuthenticationContext.this.addPublicCredential(credential3);
                    }
                    handleOne(callbackArr, i + 1);
                    return;
                }
                CachedIdentityAuthorizeCallback cachedIdentityAuthorizeCallback = (CachedIdentityAuthorizeCallback) callback;
                cachedIdentityAuthorizeCallback.setSecurityDomain(stateRef.get().getSecurityDomain());
                SecurityIdentity securityIdentity = null;
                Principal principal2 = null;
                SecurityIdentity identity = cachedIdentityAuthorizeCallback.getIdentity();
                if (identity == null || !ServerAuthenticationContext.this.importIdentity(identity)) {
                    principal2 = cachedIdentityAuthorizeCallback.getPrincipal();
                    if (principal2 == null) {
                        principal2 = cachedIdentityAuthorizeCallback.getAuthorizationPrincipal();
                    }
                    if (principal2 != null) {
                        ServerAuthenticationContext.this.setAuthenticationPrincipal(principal2);
                        if (ServerAuthenticationContext.this.authorize()) {
                            securityIdentity = ServerAuthenticationContext.this.getAuthorizedIdentity();
                        }
                    }
                } else {
                    securityIdentity = ServerAuthenticationContext.this.getAuthorizedIdentity();
                }
                ElytronMessages.log.tracef("Handling CachedIdentityAuthorizeCallback: principal = %s  authorizedIdentity = %s", principal2, securityIdentity);
                cachedIdentityAuthorizeCallback.setAuthorized(securityIdentity);
                handleOne(callbackArr, i + 1);
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Principal rewriteAll(Principal principal, Function<Principal, Principal> function, Function<Principal, Principal> function2, Function<Principal, Principal> function3) {
        Principal apply;
        Principal apply2 = function.apply(principal);
        if (apply2 == null || (apply = function2.apply(apply2)) == null) {
            return null;
        }
        return function3.apply(apply);
    }

    static String mapAll(Principal principal, RealmMapper realmMapper, RealmMapper realmMapper2, RealmMapper realmMapper3, String str) {
        return realmMapper != null ? mapRealmName(principal, realmMapper, str) : realmMapper2 != null ? mapRealmName(principal, realmMapper2, str) : realmMapper3 != null ? mapRealmName(principal, realmMapper3, str) : str;
    }

    private static String mapRealmName(Principal principal, RealmMapper realmMapper, String str) {
        String realmMapping = realmMapper.getRealmMapping(principal, null);
        return realmMapping != null ? realmMapping : str;
    }

    State assignName(SecurityIdentity securityIdentity, MechanismConfiguration mechanismConfiguration, MechanismRealmConfiguration mechanismRealmConfiguration, Principal principal, Evidence evidence, IdentityCredentials identityCredentials, IdentityCredentials identityCredentials2) throws RealmUnavailableException {
        return assignName(securityIdentity, mechanismConfiguration, mechanismRealmConfiguration, principal, evidence, identityCredentials, identityCredentials2, false);
    }

    State assignName(SecurityIdentity securityIdentity, MechanismConfiguration mechanismConfiguration, MechanismRealmConfiguration mechanismRealmConfiguration, Principal principal, Evidence evidence, IdentityCredentials identityCredentials, IdentityCredentials identityCredentials2, boolean z) throws RealmUnavailableException {
        RealmIdentity realmIdentity;
        SecurityDomain securityDomain = securityIdentity.getSecurityDomain();
        Principal rewriteAll = rewriteAll(principal, mechanismRealmConfiguration.getPreRealmRewriter(), mechanismConfiguration.getPreRealmRewriter(), securityDomain.getPreRealmRewriter());
        if (rewriteAll == null) {
            ElytronMessages.log.tracef("Unable to rewrite principal [%s] by pre-realm rewritters", principal);
            return new InvalidNameState(securityIdentity, mechanismConfiguration, mechanismRealmConfiguration, identityCredentials, identityCredentials2);
        }
        String mapAll = mapAll(rewriteAll, mechanismRealmConfiguration.getRealmMapper(), mechanismConfiguration.getRealmMapper(), securityDomain.getRealmMapper(), securityDomain.getDefaultRealmName());
        RealmInfo realmInfo = securityDomain.getRealmInfo(mapAll);
        Principal rewriteAll2 = rewriteAll(rewriteAll, mechanismRealmConfiguration.getPostRealmRewriter(), mechanismConfiguration.getPostRealmRewriter(), securityDomain.getPostRealmRewriter());
        if (rewriteAll2 == null) {
            ElytronMessages.log.tracef("Unable to rewrite principal [%s] by post-realm rewritters", rewriteAll);
            return new InvalidNameState(securityIdentity, mechanismConfiguration, mechanismRealmConfiguration, identityCredentials, identityCredentials2);
        }
        Principal rewriteAll3 = rewriteAll(rewriteAll2, mechanismRealmConfiguration.getFinalRewriter(), mechanismConfiguration.getFinalRewriter(), realmInfo.getPrincipalRewriter());
        if (rewriteAll3 == null) {
            ElytronMessages.log.tracef("Unable to rewrite principal [%s] by final rewritters", rewriteAll2);
            return new InvalidNameState(securityIdentity, mechanismConfiguration, mechanismRealmConfiguration, identityCredentials, identityCredentials2);
        }
        ElytronMessages.log.tracef("Principal assigning: [%s], pre-realm rewritten: [%s], realm name: [%s], post-realm rewritten: [%s], realm rewritten: [%s]", principal, rewriteAll, mapAll, rewriteAll2, rewriteAll3);
        SecurityRealm securityRealm = realmInfo.getSecurityRealm();
        if (!z) {
            realmIdentity = securityRealm.getRealmIdentity(rewriteAll3);
        } else {
            if (!(securityRealm instanceof ModifiableSecurityRealm)) {
                throw ElytronMessages.log.unableToObtainExclusiveAccess();
            }
            realmIdentity = ((ModifiableSecurityRealm) securityRealm).getRealmIdentityForUpdate(rewriteAll3);
        }
        return new NameAssignedState(securityIdentity, realmInfo, realmIdentity, rewriteAll, mechanismConfiguration, mechanismRealmConfiguration, identityCredentials, identityCredentials2);
    }
}
