package org.wildfly.security.sasl.util;

import java.security.GeneralSecurityException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
import org.wildfly.security.FixedSecurityFactory;
import org.wildfly.security.SecurityFactory;
import org.wildfly.security.auth.callback.EvidenceDecodePrincipalCallback;
import org.wildfly.security.auth.callback.EvidenceVerifyCallback;
import org.wildfly.security.auth.callback.TrustedAuthoritiesCallback;
import org.wildfly.security.evidence.X509PeerCertificateChainEvidence;
import org.wildfly.security.ssl.SSLUtils;
import org.wildfly.security.x500.TrustedAuthority;

/* loaded from: input_file:BOOT-INF/lib/wildfly-elytron-sasl-1.10.3.Final.jar:org/wildfly/security/sasl/util/TrustManagerSaslServerFactory.class */
public final class TrustManagerSaslServerFactory extends AbstractDelegatingSaslServerFactory {
    private final SecurityFactory<X509TrustManager> trustManagerFactory;

    public TrustManagerSaslServerFactory(SaslServerFactory saslServerFactory, X509TrustManager x509TrustManager) {
        super(saslServerFactory);
        if (x509TrustManager == null) {
            this.trustManagerFactory = SSLUtils.getDefaultX509TrustManagerSecurityFactory();
        } else {
            this.trustManagerFactory = new FixedSecurityFactory(x509TrustManager);
        }
    }

    @Override // org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory
    public SaslServer createSaslServer(String str, String str2, String str3, Map<String, ?> map, CallbackHandler callbackHandler) throws SaslException {
        return this.delegate.createSaslServer(str, str2, str3, map, callbackArr -> {
            ArrayList arrayList = new ArrayList(Arrays.asList(callbackArr));
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                Callback callback = (Callback) it.next();
                if (callback instanceof TrustedAuthoritiesCallback) {
                    ((TrustedAuthoritiesCallback) callback).setTrustedAuthorities(getTrustedAuthorities(getTrustManager().getAcceptedIssuers()));
                    it.remove();
                } else if (callback instanceof EvidenceVerifyCallback) {
                    EvidenceVerifyCallback evidenceVerifyCallback = (EvidenceVerifyCallback) callback;
                    X509PeerCertificateChainEvidence x509PeerCertificateChainEvidence = (X509PeerCertificateChainEvidence) evidenceVerifyCallback.getEvidence(X509PeerCertificateChainEvidence.class);
                    if (x509PeerCertificateChainEvidence != null) {
                        callbackHandler.handle((Callback[]) new ArrayList(Arrays.asList(new EvidenceDecodePrincipalCallback(x509PeerCertificateChainEvidence))).toArray(new Callback[1]));
                        try {
                            getTrustManager().checkClientTrusted(x509PeerCertificateChainEvidence.getPeerCertificateChain(), x509PeerCertificateChainEvidence.getAlgorithm());
                            evidenceVerifyCallback.setVerified(true);
                        } catch (CertificateException e) {
                        }
                        it.remove();
                    }
                }
            }
            if (arrayList.isEmpty()) {
                return;
            }
            callbackHandler.handle((Callback[]) arrayList.toArray(new Callback[arrayList.size()]));
        });
    }

    private List<TrustedAuthority> getTrustedAuthorities(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList(x509CertificateArr.length);
        for (X509Certificate x509Certificate : x509CertificateArr) {
            arrayList.add(new TrustedAuthority.CertificateTrustedAuthority(x509Certificate));
        }
        return arrayList;
    }

    private X509TrustManager getTrustManager() throws SaslException {
        try {
            return this.trustManagerFactory.create();
        } catch (GeneralSecurityException e) {
            throw new SaslException(e.getMessage(), e);
        }
    }
}
