package org.picketlink.identity.federation.bindings.wildfly;

import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.AuthenticationMechanismFactory;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.IdentityManager;
import io.undertow.security.idm.PasswordCredential;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.form.FormParserFactory;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Map;
import java.util.UUID;
import javax.security.auth.Subject;
import org.picketlink.common.PicketLinkLogger;
import org.picketlink.common.PicketLinkLoggerFactory;
import org.picketlink.identity.federation.bindings.tomcat.SubjectSecurityInteraction;

/* loaded from: input_file:eap7/api-jars/picketlink-wildfly8-2.5.5.SP1.jar:org/picketlink/identity/federation/bindings/wildfly/PicketLinkAuthenticator.class */
public class PicketLinkAuthenticator implements AuthenticationMechanism {
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
    static final String AUTH_METHOD_NAME = "SECURITY_DOMAIN";
    private final boolean needSubjectPrincipalSubstitution;
    private final String subjectInteractionClassName;
    private final IdentityManager identityManager;
    private final String securityDomain;
    private SubjectSecurityInteraction subjectInteraction = null;

    /* loaded from: input_file:eap7/api-jars/picketlink-wildfly8-2.5.5.SP1.jar:org/picketlink/identity/federation/bindings/wildfly/PicketLinkAuthenticator$Factory.class */
    public static class Factory implements AuthenticationMechanismFactory {
        private final IdentityManager identityManager;

        public Factory(IdentityManager identityManager) {
            this.identityManager = identityManager;
        }

        @Override // io.undertow.security.api.AuthenticationMechanismFactory
        public AuthenticationMechanism create(String str, FormParserFactory formParserFactory, Map<String, String> map) {
            return new PicketLinkAuthenticator(this.identityManager, Boolean.valueOf(map.getOrDefault("need-subject-principal-substitution", "true")), map.getOrDefault("subject-interaction-class-name", "org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkJBossSubjectInteraction"), map.get("security-domain"));
        }
    }

    public PicketLinkAuthenticator(IdentityManager identityManager, Boolean bool, String str, String str2) {
        this.identityManager = identityManager;
        this.needSubjectPrincipalSubstitution = bool.booleanValue();
        this.subjectInteractionClassName = str;
        this.securityDomain = str2;
    }

    @Override // io.undertow.security.api.AuthenticationMechanism
    public AuthenticationMechanism.AuthenticationMechanismOutcome authenticate(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        return performAuthentication(securityContext) ? AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED : AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
    }

    @Override // io.undertow.security.api.AuthenticationMechanism
    public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        return null;
    }

    protected boolean performAuthentication(SecurityContext securityContext) {
        logger.trace("Authenticating user");
        Account authenticatedAccount = securityContext.getAuthenticatedAccount();
        if (authenticatedAccount != null) {
            logger.trace("Already authenticated '" + authenticatedAccount.getPrincipal().getName() + "'");
            return true;
        }
        String uuid = UUID.randomUUID().toString();
        Account verify = this.identityManager.verify(uuid, new PasswordCredential(uuid.toCharArray()));
        if (verify == null) {
            return false;
        }
        if (this.needSubjectPrincipalSubstitution) {
            Principal subjectPrincipal = getSubjectPrincipal();
            if (subjectPrincipal == null) {
                throw new RuntimeException("Principal from subject is null");
            }
            verify = this.identityManager.verify(subjectPrincipal.getName(), new PasswordCredential(uuid.toCharArray()));
        }
        securityContext.authenticationComplete(verify, AUTH_METHOD_NAME, false);
        if (verify == null || !this.needSubjectPrincipalSubstitution) {
            return true;
        }
        this.subjectInteraction.cleanup(verify.getPrincipal());
        return true;
    }

    protected Principal getSubjectPrincipal() {
        if (this.subjectInteraction == null) {
            try {
                this.subjectInteraction = (SubjectSecurityInteraction) loadClass(getClass(), this.subjectInteractionClassName).newInstance();
                this.subjectInteraction.setSecurityDomain(this.securityDomain);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        Subject subject = this.subjectInteraction.get();
        if (subject == null || subject.getPrincipals().isEmpty()) {
            return null;
        }
        return subject.getPrincipals().iterator().next();
    }

    Class<?> loadClass(final Class<?> cls, final String str) {
        return (Class) AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { // from class: org.picketlink.identity.federation.bindings.wildfly.PicketLinkAuthenticator.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Class<?> run() {
                Class<?> loadClass = PicketLinkAuthenticator.this.loadClass(cls.getClassLoader(), str);
                if (loadClass == null) {
                    loadClass = PicketLinkAuthenticator.this.loadClass(Thread.currentThread().getContextClassLoader(), str);
                }
                return loadClass;
            }
        });
    }

    Class<?> loadClass(final ClassLoader classLoader, final String str) {
        return (Class) AccessController.doPrivileged(new PrivilegedAction<Class<?>>() { // from class: org.picketlink.identity.federation.bindings.wildfly.PicketLinkAuthenticator.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Class<?> run() {
                try {
                    return classLoader.loadClass(str);
                } catch (ClassNotFoundException e) {
                    return null;
                }
            }
        });
    }
}
