package org.wildfly.security.auth.realm;

import java.security.Principal;
import java.security.Provider;
import java.security.Security;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.function.Supplier;
import org.wildfly.common.Assert;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.server.NameRewriter;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.authz.Attributes;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.password.Password;

/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.1.0.Final.jar:org/wildfly/security/auth/realm/SimpleMapBackedSecurityRealm.class */
public class SimpleMapBackedSecurityRealm implements SecurityRealm {
    private final Supplier<Provider[]> providers;
    private final NameRewriter rewriter;
    private volatile Map<String, SimpleRealmEntry> map;

    /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.1.0.Final.jar:org/wildfly/security/auth/realm/SimpleMapBackedSecurityRealm$SimpleMapRealmIdentity.class */
    private class SimpleMapRealmIdentity implements RealmIdentity {
        private final String name;

        SimpleMapRealmIdentity(String str) {
            this.name = str;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public Principal getRealmIdentityPrincipal() {
            return new NamePrincipal(this.name);
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            Assert.checkNotNullParam("credentialType", cls);
            SimpleRealmEntry simpleRealmEntry = (SimpleRealmEntry) SimpleMapBackedSecurityRealm.this.map.get(this.name);
            if (simpleRealmEntry == null) {
                return SupportLevel.UNSUPPORTED;
            }
            Iterator<Credential> it = simpleRealmEntry.getCredentials().iterator();
            while (it.hasNext()) {
                if (it.next().matches(cls, str, algorithmParameterSpec)) {
                    return SupportLevel.SUPPORTED;
                }
            }
            return SupportLevel.UNSUPPORTED;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C extends Credential> C getCredential(Class<C> cls) throws RealmUnavailableException {
            return (C) getCredential(cls, null);
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C extends Credential> C getCredential(Class<C> cls, String str) throws RealmUnavailableException {
            return (C) getCredential(cls, str, null);
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            Assert.checkNotNullParam("credentialType", cls);
            SimpleRealmEntry simpleRealmEntry = (SimpleRealmEntry) SimpleMapBackedSecurityRealm.this.map.get(this.name);
            if (simpleRealmEntry == null) {
                return null;
            }
            for (Credential credential : simpleRealmEntry.getCredentials()) {
                if (credential.matches(cls, str, algorithmParameterSpec)) {
                    return cls.cast(credential.mo14020clone());
                }
            }
            return null;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public AuthorizationIdentity getAuthorizationIdentity() {
            SimpleRealmEntry simpleRealmEntry = (SimpleRealmEntry) SimpleMapBackedSecurityRealm.this.map.get(this.name);
            return simpleRealmEntry == null ? AuthorizationIdentity.EMPTY : AuthorizationIdentity.basicIdentity(simpleRealmEntry.getAttributes());
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            Assert.checkNotNullParam("evidenceType", cls);
            SimpleRealmEntry simpleRealmEntry = (SimpleRealmEntry) SimpleMapBackedSecurityRealm.this.map.get(this.name);
            if (simpleRealmEntry == null) {
                return SupportLevel.UNSUPPORTED;
            }
            Iterator<Credential> it = simpleRealmEntry.getCredentials().iterator();
            while (it.hasNext()) {
                if (it.next().canVerify(cls, str)) {
                    return SupportLevel.SUPPORTED;
                }
            }
            return SupportLevel.UNSUPPORTED;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
            Assert.checkNotNullParam("evidence", evidence);
            SimpleRealmEntry simpleRealmEntry = (SimpleRealmEntry) SimpleMapBackedSecurityRealm.this.map.get(this.name);
            if (simpleRealmEntry == null) {
                return false;
            }
            ElytronMessages.log.tracef("Trying to authenticate %s using SimpleMapBackedSecurityRealm.", this.name);
            for (Credential credential : simpleRealmEntry.getCredentials()) {
                if (credential.canVerify(evidence)) {
                    return credential.verify(SimpleMapBackedSecurityRealm.this.providers, evidence);
                }
            }
            return false;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean exists() throws RealmUnavailableException {
            return SimpleMapBackedSecurityRealm.this.map.containsKey(this.name);
        }
    }

    public SimpleMapBackedSecurityRealm(NameRewriter nameRewriter) {
        this(nameRewriter, Security::getProviders);
    }

    public SimpleMapBackedSecurityRealm(NameRewriter nameRewriter, Supplier<Provider[]> supplier) {
        this.map = Collections.emptyMap();
        this.rewriter = (NameRewriter) Assert.checkNotNullParam("rewriter", nameRewriter);
        this.providers = (Supplier) Assert.checkNotNullParam("provider", supplier);
    }

    public SimpleMapBackedSecurityRealm() {
        this(NameRewriter.IDENTITY_REWRITER);
    }

    public SimpleMapBackedSecurityRealm(Supplier<Provider[]> supplier) {
        this(NameRewriter.IDENTITY_REWRITER, supplier);
    }

    public void setPasswordMap(Map<String, SimpleRealmEntry> map) {
        Assert.checkNotNullParam("map", map);
        this.map = map;
    }

    public void setPasswordMap(String str, Password password, Attributes attributes) {
        Assert.checkNotNullParam("name", str);
        Assert.checkNotNullParam("password", password);
        Assert.checkNotNullParam("attributes", attributes);
        this.map = Collections.singletonMap(str, new SimpleRealmEntry(Collections.singletonList(new PasswordCredential(password)), attributes));
    }

    public void setPasswordMap(String str, Password password) {
        Assert.checkNotNullParam("name", str);
        Assert.checkNotNullParam("password", password);
        this.map = Collections.singletonMap(str, new SimpleRealmEntry(Collections.singletonList(new PasswordCredential(password))));
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public RealmIdentity getRealmIdentity(Principal principal) {
        if (!(principal instanceof NamePrincipal)) {
            return RealmIdentity.NON_EXISTENT;
        }
        String rewriteName = this.rewriter.rewriteName(principal.getName());
        if (rewriteName == null) {
            throw ElytronMessages.log.invalidName();
        }
        return new SimpleMapRealmIdentity(rewriteName);
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
        Assert.checkNotNullParam("credentialType", cls);
        return SupportLevel.POSSIBLY_SUPPORTED;
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
        Assert.checkNotNullParam("evidenceType", cls);
        return SupportLevel.POSSIBLY_SUPPORTED;
    }
}
