package org.infinispan.server.endpoint.subsystem;

import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import org.infinispan.server.core.security.AuthorizingCallbackHandler;
import org.infinispan.server.core.security.ServerAuthenticationProvider;
import org.infinispan.server.core.security.SubjectUserInfo;
import org.infinispan.server.endpoint.EndpointLogger;
import org.jboss.as.core.security.RealmUser;
import org.jboss.as.domain.management.AuthMechanism;
import org.jboss.as.domain.management.SecurityRealm;
import org.wildfly.security.auth.callback.AvailableRealmsCallback;
import org.wildfly.security.auth.callback.CredentialCallback;

/* loaded from: input_file:org/infinispan/server/endpoint/subsystem/EndpointServerAuthenticationProvider.class */
public class EndpointServerAuthenticationProvider implements ServerAuthenticationProvider {
    private static final String SASL_OPT_PRE_DIGESTED_PROPERTY = "org.wildfly.security.sasl.digest.pre_digested";
    private final SecurityRealm realm;
    private String[] realmList;

    /* loaded from: input_file:org/infinispan/server/endpoint/subsystem/EndpointServerAuthenticationProvider$GSSAPIEndpointAuthorizingCallbackHandler.class */
    public class GSSAPIEndpointAuthorizingCallbackHandler implements AuthorizingCallbackHandler {
        private final org.jboss.as.domain.management.AuthorizingCallbackHandler delegate;
        private RealmUser realmUser;

        GSSAPIEndpointAuthorizingCallbackHandler() {
            this.delegate = EndpointServerAuthenticationProvider.this.realm.getAuthorizingCallbackHandler(AuthMechanism.PLAIN);
        }

        public void handle(Callback[] callbackArr) {
            for (Callback callback : callbackArr) {
                if (callback instanceof AvailableRealmsCallback) {
                    ((AvailableRealmsCallback) callback).setRealmNames(new String[]{EndpointServerAuthenticationProvider.this.realm.getName()});
                } else if (callback instanceof AuthorizeCallback) {
                    AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
                    String authenticationID = authorizeCallback.getAuthenticationID();
                    String authorizationID = authorizeCallback.getAuthorizationID();
                    authorizeCallback.setAuthorized(authenticationID.equals(authorizationID));
                    int indexOf = authorizationID.indexOf(64);
                    this.realmUser = indexOf <= 0 ? new RealmUser(authorizationID) : new RealmUser(authorizationID.substring(indexOf + 1), authorizationID.substring(0, indexOf));
                }
            }
        }

        public SubjectUserInfo getSubjectUserInfo(Collection<Principal> collection) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(this.realmUser);
            try {
                org.jboss.as.core.security.SubjectUserInfo createSubjectUserInfo = this.delegate.createSubjectUserInfo(arrayList);
                createSubjectUserInfo.getPrincipals().addAll(collection);
                return new RealmSubjectUserInfo(createSubjectUserInfo);
            } catch (IOException e) {
                throw EndpointLogger.ROOT_LOGGER.cannotRetrieveAuthorizationInformation(e, this.realmUser.toString());
            }
        }
    }

    /* loaded from: input_file:org/infinispan/server/endpoint/subsystem/EndpointServerAuthenticationProvider$RealmAuthorizingCallbackHandler.class */
    public class RealmAuthorizingCallbackHandler implements AuthorizingCallbackHandler {
        private final org.jboss.as.domain.management.AuthorizingCallbackHandler delegate;

        RealmAuthorizingCallbackHandler(org.jboss.as.domain.management.AuthorizingCallbackHandler authorizingCallbackHandler) {
            this.delegate = authorizingCallbackHandler;
        }

        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            ArrayList arrayList = new ArrayList(Arrays.asList(callbackArr));
            Iterator it = arrayList.iterator();
            CredentialCallback credentialCallback = null;
            while (it.hasNext()) {
                AvailableRealmsCallback availableRealmsCallback = (Callback) it.next();
                if (availableRealmsCallback instanceof AvailableRealmsCallback) {
                    availableRealmsCallback.setRealmNames(EndpointServerAuthenticationProvider.this.realmList);
                    it.remove();
                } else if (availableRealmsCallback instanceof CredentialCallback) {
                    credentialCallback = (CredentialCallback) availableRealmsCallback;
                }
            }
            if (arrayList.isEmpty()) {
                return;
            }
            if (credentialCallback != null && credentialCallback.getAlgorithm().equals("digest-md5")) {
                arrayList.add(new NameCallback("User", credentialCallback.getParameterSpec().getUsername()));
                callbackArr = (Callback[]) arrayList.toArray(new Callback[arrayList.size()]);
            }
            this.delegate.handle(callbackArr);
        }

        public SubjectUserInfo getSubjectUserInfo(Collection<Principal> collection) {
            try {
                org.jboss.as.core.security.SubjectUserInfo createSubjectUserInfo = this.delegate.createSubjectUserInfo(collection);
                return new RealmSubjectUserInfo(createSubjectUserInfo.getUserName(), createSubjectUserInfo.getSubject());
            } catch (IOException e) {
                return null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EndpointServerAuthenticationProvider(SecurityRealm securityRealm) {
        this.realm = securityRealm;
    }

    public AuthorizingCallbackHandler getCallbackHandler(String str, Map<String, String> map) {
        if ("GSSAPI".equals(str)) {
            return new GSSAPIEndpointAuthorizingCallbackHandler();
        }
        if ("PLAIN".equals(str)) {
            return new RealmAuthorizingCallbackHandler(this.realm.getAuthorizingCallbackHandler(AuthMechanism.PLAIN));
        }
        if (!"DIGEST-MD5".equals(str)) {
            if ("EXTERNAL".equals(str)) {
                return new RealmAuthorizingCallbackHandler(this.realm.getAuthorizingCallbackHandler(AuthMechanism.CLIENT_CERT));
            }
            throw new IllegalArgumentException("Unsupported mech " + str);
        }
        String str2 = map.get("com.sun.security.sasl.digest.realm");
        if (str2 == null) {
            this.realmList = new String[]{this.realm.getName()};
            map.put("com.sun.security.sasl.digest.realm", this.realmList[0]);
        } else {
            this.realmList = str2.split(" ");
        }
        Map mechanismConfig = this.realm.getMechanismConfig(AuthMechanism.DIGEST);
        boolean z = true;
        if (mechanismConfig.containsKey("org.jboss.as.domain.management.digest.plain_text")) {
            z = Boolean.parseBoolean((String) mechanismConfig.get("org.jboss.as.domain.management.digest.plain_text"));
        }
        if (!z) {
            map.put(SASL_OPT_PRE_DIGESTED_PROPERTY, "true");
        }
        return new RealmAuthorizingCallbackHandler(this.realm.getAuthorizingCallbackHandler(AuthMechanism.DIGEST));
    }
}
