package org.jboss.as.domain.http.server.security;

import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import io.undertow.security.idm.DigestCredential;
import io.undertow.security.idm.IdentityManager;
import io.undertow.security.idm.PasswordCredential;
import io.undertow.security.idm.X509CertificateCredential;
import io.undertow.util.HexConverter;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.Collections;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.sasl.RealmCallback;
import org.jboss.as.core.security.SimplePrincipal;
import org.jboss.as.domain.http.server.HttpServerLogger;
import org.jboss.as.domain.http.server.HttpServerMessages;
import org.jboss.as.domain.management.AuthMechanism;
import org.jboss.as.domain.management.AuthorizingCallbackHandler;
import org.jboss.as.domain.management.SecurityRealm;
import org.jboss.sasl.callback.DigestHashCallback;
import org.jboss.sasl.callback.VerifyPasswordCallback;

/* loaded from: input_file:org/jboss/as/domain/http/server/security/RealmIdentityManager.class */
public class RealmIdentityManager implements IdentityManager {
    private static final Charset UTF_8 = Charset.forName("UTF-8");
    private static final ThreadLocal<AuthMechanism> currentMechanism = new ThreadLocal<>();
    private final SecurityRealm securityRealm;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setAuthenticationMechanism(AuthMechanism authMechanism) {
        currentMechanism.set(authMechanism);
    }

    public RealmIdentityManager(SecurityRealm securityRealm) {
        this.securityRealm = securityRealm;
    }

    public Account verify(Account account) {
        return account;
    }

    private boolean plainTextDigest() {
        Map mechanismConfig = this.securityRealm.getMechanismConfig(AuthMechanism.DIGEST);
        boolean z = true;
        if (mechanismConfig.containsKey("org.jboss.as.domain.management.digest.plain_text")) {
            z = Boolean.parseBoolean((String) mechanismConfig.get("org.jboss.as.domain.management.digest.plain_text"));
        }
        return z;
    }

    public Account verify(String str, Credential credential) {
        if (credential instanceof PasswordCredential) {
            return verify(str, (PasswordCredential) credential);
        }
        if (credential instanceof DigestCredential) {
            return verify(str, (DigestCredential) credential);
        }
        throw HttpServerMessages.MESSAGES.invalidCredentialType(credential.getClass().getName());
    }

    private Account verify(String str, PasswordCredential passwordCredential) {
        assertMechanism(AuthMechanism.PLAIN);
        if (!(passwordCredential instanceof PasswordCredential)) {
            return null;
        }
        AuthorizingCallbackHandler authorizingCallbackHandler = this.securityRealm.getAuthorizingCallbackHandler(AuthMechanism.PLAIN);
        VerifyPasswordCallback[] verifyPasswordCallbackArr = {new RealmCallback("Realm", this.securityRealm.getName()), new NameCallback("Username", str), new VerifyPasswordCallback(new String(passwordCredential.getPassword()))};
        try {
            authorizingCallbackHandler.handle(verifyPasswordCallbackArr);
            if (!verifyPasswordCallbackArr[2].isVerified()) {
                return null;
            }
            SimplePrincipal simplePrincipal = new SimplePrincipal(str);
            try {
                return new RealmIdentityAccount(authorizingCallbackHandler.createSubjectUserInfo(Collections.singleton(simplePrincipal)).getSubject(), simplePrincipal);
            } catch (IOException e) {
                return null;
            }
        } catch (Exception e2) {
            HttpServerLogger.ROOT_LOGGER.debug("Failure handling Callback(s) for BASIC authentication.", e2);
            return null;
        }
    }

    private Account verify(String str, DigestCredential digestCredential) {
        byte[] bytes;
        assertMechanism(AuthMechanism.DIGEST);
        AuthorizingCallbackHandler authorizingCallbackHandler = this.securityRealm.getAuthorizingCallbackHandler(AuthMechanism.DIGEST);
        DigestHashCallback[] digestHashCallbackArr = new Callback[3];
        digestHashCallbackArr[0] = new RealmCallback("Realm", digestCredential.getRealm());
        digestHashCallbackArr[1] = new NameCallback("Username", str);
        boolean plainTextDigest = plainTextDigest();
        if (plainTextDigest) {
            digestHashCallbackArr[2] = new PasswordCallback("Password", false);
        } else {
            digestHashCallbackArr[2] = new DigestHashCallback("Digest");
        }
        try {
            authorizingCallbackHandler.handle(digestHashCallbackArr);
            if (plainTextDigest) {
                MessageDigest messageDigest = null;
                try {
                    try {
                        messageDigest = digestCredential.getAlgorithm().getMessageDigest();
                        messageDigest.update(str.getBytes(UTF_8));
                        messageDigest.update((byte) 58);
                        messageDigest.update(digestCredential.getRealm().getBytes(UTF_8));
                        messageDigest.update((byte) 58);
                        messageDigest.update(new String(((PasswordCallback) digestHashCallbackArr[2]).getPassword()).getBytes(UTF_8));
                        bytes = HexConverter.convertToHexBytes(messageDigest.digest());
                        messageDigest.reset();
                    } catch (NoSuchAlgorithmException e) {
                        HttpServerLogger.ROOT_LOGGER.debug("Unexpected authentication failure", e);
                        messageDigest.reset();
                        return null;
                    }
                } catch (Throwable th) {
                    messageDigest.reset();
                    throw th;
                }
            } else {
                bytes = digestHashCallbackArr[2].getHexHash().getBytes(UTF_8);
            }
            try {
                if (!digestCredential.verifyHA1(bytes)) {
                    return null;
                }
                SimplePrincipal simplePrincipal = new SimplePrincipal(str);
                return new RealmIdentityAccount(authorizingCallbackHandler.createSubjectUserInfo(Collections.singleton(simplePrincipal)).getSubject(), simplePrincipal);
            } catch (IOException e2) {
                HttpServerLogger.ROOT_LOGGER.debug("Unexpected authentication failure", e2);
                return null;
            }
        } catch (Exception e3) {
            HttpServerLogger.ROOT_LOGGER.debug("Failure handling Callback(s) for BASIC authentication.", e3);
            return null;
        }
    }

    public Account verify(Credential credential) {
        assertMechanism(AuthMechanism.CLIENT_CERT);
        if (!(credential instanceof X509CertificateCredential)) {
            return null;
        }
        AuthorizingCallbackHandler authorizingCallbackHandler = this.securityRealm.getAuthorizingCallbackHandler(AuthMechanism.CLIENT_CERT);
        Principal subjectDN = ((X509CertificateCredential) credential).getCertificate().getSubjectDN();
        try {
            return new RealmIdentityAccount(authorizingCallbackHandler.createSubjectUserInfo(Collections.singleton(subjectDN)).getSubject(), subjectDN);
        } catch (IOException e) {
            return null;
        }
    }

    private static void assertMechanism(AuthMechanism authMechanism) {
        if (authMechanism != currentMechanism.get()) {
            throw new IllegalStateException("Unexpected authentication mechanism executing.");
        }
    }
}
