package org.jboss.as.webservices.util;

import java.security.AccessController;
import java.security.KeyPair;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.acl.Group;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import javax.crypto.SecretKey;
import javax.security.auth.Subject;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.server.IdentityCredentials;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.authz.Roles;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.KeyPairCredential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.PublicKeyCredential;
import org.wildfly.security.credential.SecretKeyCredential;
import org.wildfly.security.credential.X509CertificateChainPrivateCredential;
import org.wildfly.security.credential.X509CertificateChainPublicCredential;
import org.wildfly.security.manager.WildFlySecurityManager;
import org.wildfly.security.password.Password;

/* loaded from: input_file:org/jboss/as/webservices/util/SubjectUtil.class */
public final class SubjectUtil {
    public static Subject fromSecurityIdentity(SecurityIdentity securityIdentity) {
        return fromSecurityIdentity(securityIdentity, new Subject());
    }

    public static Subject fromSecurityIdentity(SecurityIdentity securityIdentity, Subject subject) {
        if (subject == null) {
            subject = new Subject();
        }
        subject.getPrincipals().add(securityIdentity.getPrincipal());
        SimpleGroup simpleGroup = new SimpleGroup("Roles");
        Iterator it = securityIdentity.getRoles().iterator();
        while (it.hasNext()) {
            simpleGroup.addMember(new NamePrincipal((String) it.next()));
        }
        subject.getPrincipals().add(simpleGroup);
        SimpleGroup simpleGroup2 = new SimpleGroup("CallerPrincipal");
        simpleGroup2.addMember(securityIdentity.getPrincipal());
        subject.getPrincipals().add(simpleGroup2);
        Iterator it2 = securityIdentity.getPublicCredentials().iterator();
        while (it2.hasNext()) {
            Credential credential = (Credential) it2.next();
            if (credential instanceof PublicKeyCredential) {
                subject.getPublicCredentials().add(credential.castAs(PublicKeyCredential.class).getPublicKey());
            } else if (credential instanceof X509CertificateChainPublicCredential) {
                subject.getPublicCredentials().add(credential.castAs(X509CertificateChainPublicCredential.class).getCertificateChain());
            } else {
                subject.getPublicCredentials().add(credential);
            }
        }
        Iterator it3 = securityIdentity.getPrivateCredentials().iterator();
        while (it3.hasNext()) {
            Credential credential2 = (Credential) it3.next();
            if (credential2 instanceof PasswordCredential) {
                addPrivateCredential(subject, credential2.castAs(PasswordCredential.class).getPassword());
            } else if (credential2 instanceof SecretKeyCredential) {
                addPrivateCredential(subject, credential2.castAs(SecretKeyCredential.class).getSecretKey());
            } else if (credential2 instanceof KeyPairCredential) {
                addPrivateCredential(subject, credential2.castAs(KeyPairCredential.class).getKeyPair());
            } else if (credential2 instanceof X509CertificateChainPrivateCredential) {
                addPrivateCredential(subject, credential2.castAs(X509CertificateChainPrivateCredential.class).getCertificateChain());
            } else {
                addPrivateCredential(subject, credential2);
            }
        }
        addPrivateCredential(subject, securityIdentity);
        return subject;
    }

    private static void addPrivateCredential(Subject subject, Object obj) {
        if (WildFlySecurityManager.isChecking()) {
            AccessController.doPrivileged(() -> {
                subject.getPrivateCredentials().add(obj);
                return null;
            });
        } else {
            subject.getPrivateCredentials().add(obj);
        }
    }

    public static SecurityIdentity convertToSecurityIdentity(Subject subject, Principal principal, SecurityDomain securityDomain, String str) {
        SecurityIdentity securityIdentity = null;
        Iterator<Object> it = subject.getPrivateCredentials().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Object next = it.next();
            if (next instanceof SecurityIdentity) {
                securityIdentity = (SecurityIdentity) next;
                break;
            }
        }
        if (securityIdentity == null) {
            securityIdentity = securityDomain.createAdHocIdentity(principal);
        }
        HashSet hashSet = new HashSet();
        for (Principal principal2 : subject.getPrincipals()) {
            if ((principal2 instanceof Group) && "Roles".equalsIgnoreCase(principal2.getName())) {
                Enumeration<? extends Principal> members = ((Group) principal2).members();
                while (members.hasMoreElements()) {
                    hashSet.add(members.nextElement().getName());
                }
            }
        }
        if (!hashSet.isEmpty()) {
            securityIdentity = securityIdentity.withRoleMapper(str, roles -> {
                return Roles.fromSet(hashSet);
            });
        }
        IdentityCredentials identityCredentials = IdentityCredentials.NONE;
        for (Object obj : subject.getPublicCredentials()) {
            if (obj instanceof PublicKey) {
                identityCredentials = identityCredentials.withCredential(new PublicKeyCredential((PublicKey) obj));
            } else if (obj instanceof X509Certificate) {
                identityCredentials = identityCredentials.withCredential(new X509CertificateChainPublicCredential(new X509Certificate[]{(X509Certificate) obj}));
            } else if (obj instanceof Credential) {
                identityCredentials = identityCredentials.withCredential((Credential) obj);
            }
        }
        if (!identityCredentials.equals(IdentityCredentials.NONE)) {
            securityIdentity = securityIdentity.withPublicCredentials(identityCredentials);
        }
        IdentityCredentials identityCredentials2 = IdentityCredentials.NONE;
        for (Object obj2 : subject.getPrivateCredentials()) {
            if (obj2 instanceof Password) {
                identityCredentials2 = identityCredentials2.withCredential(new PasswordCredential((Password) obj2));
            } else if (obj2 instanceof SecretKey) {
                identityCredentials2 = identityCredentials2.withCredential(new SecretKeyCredential((SecretKey) obj2));
            } else if (obj2 instanceof KeyPair) {
                identityCredentials2 = identityCredentials2.withCredential(new KeyPairCredential((KeyPair) obj2));
            } else if (obj2 instanceof PrivateKey) {
                identityCredentials2 = identityCredentials2.withCredential(new X509CertificateChainPrivateCredential((PrivateKey) obj2, new X509Certificate[0]));
            } else if (obj2 instanceof Credential) {
                identityCredentials2 = identityCredentials2.withCredential((Credential) obj2);
            }
        }
        if (!identityCredentials2.equals(IdentityCredentials.NONE)) {
            securityIdentity = securityIdentity.withPrivateCredentials(identityCredentials2);
        }
        return securityIdentity;
    }
}
