package org.jboss.resteasy.skeleton.key.idm.service;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicLong;
import javax.ws.rs.Consumes;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Providers;
import org.codehaus.jackson.util.MinimalPrettyPrinter;
import org.jboss.resteasy.jose.Base64Url;
import org.jboss.resteasy.jose.jws.JWSBuilder;
import org.jboss.resteasy.jose.jws.JWSInput;
import org.jboss.resteasy.jose.jws.crypto.RSAProvider;
import org.jboss.resteasy.jwt.JsonSerialization;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.skeleton.key.idm.IdentityManager;
import org.jboss.resteasy.skeleton.key.idm.model.data.Realm;
import org.jboss.resteasy.skeleton.key.idm.model.data.RequiredCredential;
import org.jboss.resteasy.skeleton.key.idm.model.data.Resource;
import org.jboss.resteasy.skeleton.key.idm.model.data.RoleMapping;
import org.jboss.resteasy.skeleton.key.idm.model.data.ScopeMapping;
import org.jboss.resteasy.skeleton.key.idm.model.data.User;
import org.jboss.resteasy.skeleton.key.idm.model.data.UserCredential;
import org.jboss.resteasy.skeleton.key.representations.AccessTokenResponse;
import org.jboss.resteasy.skeleton.key.representations.SkeletonKeyScope;
import org.jboss.resteasy.skeleton.key.representations.SkeletonKeyToken;
import org.jboss.resteasy.spi.NotImplementedYetException;
import org.jboss.resteasy.util.Base64;

@Path("/realms")
/* loaded from: input_file:WEB-INF/lib/skeleton-key-idp-3.0.0.Final.jar:org/jboss/resteasy/skeleton/key/idm/service/TokenManagement.class */
public class TokenManagement {
    protected IdentityManager identityManager;
    protected Logger logger = Logger.getLogger(TokenManagement.class);
    protected Map<String, AccessCode> accessCodeMap = new HashMap();

    @Context
    protected UriInfo uriInfo;

    @Context
    protected Providers providers;

    @Context
    protected SecurityContext securityContext;

    @Context
    protected HttpHeaders headers;
    private static AtomicLong counter = new AtomicLong(1);

    /* loaded from: input_file:WEB-INF/lib/skeleton-key-idp-3.0.0.Final.jar:org/jboss/resteasy/skeleton/key/idm/service/TokenManagement$AccessCode.class */
    public static class AccessCode {
        protected String id = UUID.randomUUID().toString() + System.currentTimeMillis();
        protected long expiration;
        protected SkeletonKeyToken token;
        protected User client;

        public boolean isExpired() {
            return this.expiration != 0 && System.currentTimeMillis() / 1000 > this.expiration;
        }

        public String getId() {
            return this.id;
        }

        public long getExpiration() {
            return this.expiration;
        }

        public void setExpiration(long j) {
            this.expiration = j;
        }

        public SkeletonKeyToken getToken() {
            return this.token;
        }

        public void setToken(SkeletonKeyToken skeletonKeyToken) {
            this.token = skeletonKeyToken;
        }

        public User getClient() {
            return this.client;
        }

        public void setClient(User user) {
            this.client = user;
        }
    }

    public TokenManagement(IdentityManager identityManager) {
        this.identityManager = identityManager;
    }

    private static String generateId() {
        return counter.getAndIncrement() + "." + UUID.randomUUID().toString();
    }

    protected SkeletonKeyToken createAccessToken(User user, Realm realm) {
        List<Resource> resources = this.identityManager.getResources(realm);
        SkeletonKeyToken skeletonKeyToken = new SkeletonKeyToken();
        skeletonKeyToken.id(generateId());
        skeletonKeyToken.principal(user.getUsername());
        skeletonKeyToken.audience(realm.getName());
        if (realm.getTokenLifespan() > 0) {
            skeletonKeyToken.expiration((System.currentTimeMillis() / 1000) + realm.getTokenLifespan());
        }
        RoleMapping roleMapping = this.identityManager.getRoleMapping(realm, user);
        if (roleMapping != null && roleMapping.getRoles().size() > 0) {
            SkeletonKeyToken.Access access = new SkeletonKeyToken.Access();
            Iterator<String> it = roleMapping.getRoles().iterator();
            while (it.hasNext()) {
                access.addRole(it.next());
            }
            skeletonKeyToken.setRealmAccess(access);
        }
        for (Resource resource : resources) {
            RoleMapping roleMapping2 = this.identityManager.getRoleMapping(realm, resource, user);
            if (roleMapping2 != null) {
                SkeletonKeyToken.Access verifyCaller = skeletonKeyToken.addAccess(resource.getName()).verifyCaller(Boolean.valueOf(resource.isSurrogateAuthRequired()));
                Iterator<String> it2 = roleMapping2.getRoles().iterator();
                while (it2.hasNext()) {
                    verifyCaller.addRole(it2.next());
                }
            }
        }
        if (skeletonKeyToken.getResourceAccess() == null || skeletonKeyToken.getResourceAccess().size() == 0) {
            return null;
        }
        return skeletonKeyToken;
    }

    @POST
    @Path("{realm}/auth/request/login")
    @Consumes({"application/x-www-form-urlencoded"})
    public Response login(@PathParam("realm") String str, MultivaluedMap<String, String> multivaluedMap) {
        String str2 = (String) multivaluedMap.getFirst("client_id");
        String str3 = (String) multivaluedMap.getFirst("scope");
        String str4 = (String) multivaluedMap.getFirst("state");
        String str5 = (String) multivaluedMap.getFirst("redirect_uri");
        Realm realm = this.identityManager.getRealm(str);
        if (realm == null) {
            this.logger.debug("realm not found");
            throw new NotFoundException();
        }
        if (!realm.isEnabled()) {
            return Response.ok("Realm not enabled").type("text/html").build();
        }
        User user = this.identityManager.getUser(realm, str2);
        if (user == null) {
            this.logger.debug("client not found");
            throw new ForbiddenException();
        }
        if (!user.isEnabled()) {
            return Response.ok("Requester not enabled").type("text/html").build();
        }
        User user2 = this.identityManager.getUser(realm, (String) multivaluedMap.getFirst("username"));
        if (user2 == null) {
            this.logger.debug("user not found");
            return loginForm("Not valid user", str5, str2, str3, str4, realm, user);
        }
        if (!user2.isEnabled()) {
            return Response.ok("Your account is not enabled").type("text/html").build();
        }
        if (!authenticate(realm, user2, multivaluedMap)) {
            return loginForm("Unable to authenticate, try again", str5, str2, str3, str4, realm, user);
        }
        SkeletonKeyToken createToken = createToken(str3, realm, user, user2);
        AccessCode accessCode = new AccessCode();
        accessCode.setExpiration((System.currentTimeMillis() / 1000) + realm.getAccessCodeLifespan());
        accessCode.setToken(createToken);
        accessCode.setClient(user);
        synchronized (this.accessCodeMap) {
            this.accessCodeMap.put(accessCode.getId(), accessCode);
        }
        try {
            UriBuilder queryParam = UriBuilder.fromUri(str5).queryParam("code", new Object[]{new JWSBuilder().content(accessCode.getId().getBytes("UTF-8")).rsa256(realm.getPrivateKey())});
            if (str4 != null) {
                queryParam.queryParam("state", new Object[]{str4});
            }
            return Response.status(302).location(queryParam.build(new Object[0])).build();
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    protected SkeletonKeyToken createToken(String str, Realm realm, User user, User user2) {
        SkeletonKeyToken createAccessToken;
        if (str != null) {
            createAccessToken = new SkeletonKeyToken();
            createAccessToken.id(generateId());
            createAccessToken.principal(user2.getUsername());
            createAccessToken.audience(realm.getName());
            if (realm.getTokenLifespan() > 0) {
                createAccessToken.expiration((System.currentTimeMillis() / 1000) + realm.getTokenLifespan());
            }
            try {
                SkeletonKeyScope skeletonKeyScope = (SkeletonKeyScope) JsonSerialization.fromBytes(SkeletonKeyScope.class, Base64Url.decode(str));
                for (String str2 : skeletonKeyScope.keySet()) {
                    Resource resource = this.identityManager.getResource(realm, str2);
                    ScopeMapping scopeMapping = this.identityManager.getScopeMapping(realm, resource, user);
                    RoleMapping roleMapping = this.identityManager.getRoleMapping(realm, resource, user2);
                    SkeletonKeyToken.Access addAccess = createAccessToken.addAccess(resource.getName());
                    for (String str3 : skeletonKeyScope.get(str2)) {
                        if (!scopeMapping.getRoles().contains(str3)) {
                            throw new ForbiddenException(Response.status(403).entity("<h1>Security Alert</h1><p>Known client not authorized for the requested scope.</p>").type("text/html").build());
                        }
                        if (!roleMapping.getRoles().contains(str3)) {
                            throw new ForbiddenException(Response.status(403).entity("<h1>Security Alert</h1><p>You are not authorized for the requested scope.</p>").type("text/html").build());
                        }
                        addAccess.addRole(str3);
                        if (roleMapping.getSurrogateIds() != null && roleMapping.getSurrogateIds().size() > 0) {
                            throw new NotImplementedYetException();
                        }
                    }
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        } else {
            ScopeMapping scopeMapping2 = this.identityManager.getScopeMapping(realm, user);
            if (scopeMapping2 == null || !scopeMapping2.getRoles().contains("login")) {
                throw new ForbiddenException(Response.status(403).entity("<h1>Security Alert</h1><p>Known client not authorized to request a user login.</p>").type("text/html").build());
            }
            createAccessToken = createAccessToken(user2, realm);
        }
        return createAccessToken;
    }

    @POST
    @Produces({"application/json"})
    @Path("{realm}/access/codes")
    public Response accessRequest(@PathParam("realm") String str, MultivaluedMap<String, String> multivaluedMap) {
        AccessCode remove;
        Realm realm = this.identityManager.getRealm(str);
        if (realm == null) {
            throw new NotFoundException();
        }
        String str2 = (String) multivaluedMap.getFirst("code");
        if (str2 == null) {
            this.logger.debug("code not specified");
            HashMap hashMap = new HashMap();
            hashMap.put("error", "invalid_request");
            hashMap.put("error_description", "code not specified");
            return Response.status(Response.Status.BAD_REQUEST).entity(hashMap).type("application/json").build();
        }
        String str3 = (String) multivaluedMap.getFirst("client_id");
        if (str3 == null) {
            this.logger.debug("client_id not specified");
            HashMap hashMap2 = new HashMap();
            hashMap2.put("error", "invalid_request");
            hashMap2.put("error_description", "client_id not specified");
            return Response.status(Response.Status.BAD_REQUEST).entity(hashMap2).type("application/json").build();
        }
        User user = this.identityManager.getUser(realm, str3);
        if (user == null) {
            this.logger.debug("Could not find user");
            HashMap hashMap3 = new HashMap();
            hashMap3.put("error", "invalid_client");
            hashMap3.put("error_description", "Could not find user");
            return Response.status(Response.Status.BAD_REQUEST).entity(hashMap3).type("application/json").build();
        }
        if (!user.isEnabled()) {
            this.logger.debug("user is not enabled");
            HashMap hashMap4 = new HashMap();
            hashMap4.put("error", "invalid_client");
            hashMap4.put("error_description", "User is not enabled");
            return Response.status(Response.Status.BAD_REQUEST).entity(hashMap4).type("application/json").build();
        }
        if (!authenticate(realm, user, multivaluedMap)) {
            HashMap hashMap5 = new HashMap();
            hashMap5.put("error", "unauthorized_client");
            return Response.status(Response.Status.BAD_REQUEST).entity(hashMap5).type("application/json").build();
        }
        JWSInput jWSInput = new JWSInput(str2, this.providers);
        boolean z = false;
        try {
            z = RSAProvider.verify(jWSInput, realm.getPublicKey());
        } catch (Exception e) {
            this.logger.debug("Failed to verify signature", e);
        }
        if (!z) {
            HashMap hashMap6 = new HashMap();
            hashMap6.put("error", "invalid_grant");
            hashMap6.put("error_description", "Unable to verify code signature");
            return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(hashMap6).build();
        }
        String str4 = (String) jWSInput.readContent(String.class);
        synchronized (this.accessCodeMap) {
            remove = this.accessCodeMap.remove(str4);
        }
        if (remove == null) {
            HashMap hashMap7 = new HashMap();
            hashMap7.put("error", "invalid_grant");
            hashMap7.put("error_description", "Code not found");
            return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(hashMap7).build();
        }
        if (remove.isExpired()) {
            HashMap hashMap8 = new HashMap();
            hashMap8.put("error", "invalid_grant");
            hashMap8.put("error_description", "Code is expired");
            return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(hashMap8).build();
        }
        if (!remove.getToken().isActive()) {
            HashMap hashMap9 = new HashMap();
            hashMap9.put("error", "invalid_grant");
            hashMap9.put("error_description", "Token expired");
            return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(hashMap9).build();
        }
        if (user.getId().equals(remove.getClient().getId())) {
            return Response.ok(accessTokenResponse(realm.getPrivateKey(), remove.getToken())).build();
        }
        HashMap hashMap10 = new HashMap();
        hashMap10.put("error", "invalid_grant");
        hashMap10.put("error_description", "Auth error");
        return Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(hashMap10).build();
    }

    protected AccessTokenResponse accessTokenResponse(PrivateKey privateKey, SkeletonKeyToken skeletonKeyToken) {
        try {
            String rsa256 = new JWSBuilder().content(JsonSerialization.toByteArray((Object) skeletonKeyToken, false)).rsa256(privateKey);
            AccessTokenResponse accessTokenResponse = new AccessTokenResponse();
            accessTokenResponse.setToken(rsa256);
            accessTokenResponse.setTokenType("bearer");
            if (skeletonKeyToken.getExpiration() != 0) {
                accessTokenResponse.setExpiresIn(skeletonKeyToken.getExpiration() - (System.currentTimeMillis() / 1000));
            }
            return accessTokenResponse;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @GET
    @Path("{realm}/auth/request")
    public Response requestAccessCode(@PathParam("realm") String str, @QueryParam("response_type") String str2, @QueryParam("redirect_uri") String str3, @QueryParam("client_id") String str4, @QueryParam("scope") String str5, @QueryParam("state") String str6) {
        Realm realm = this.identityManager.getRealm(str);
        if (realm == null) {
            throw new NotFoundException();
        }
        User user = this.identityManager.getUser(realm, str4);
        return user == null ? Response.ok("<h1>Security Alert</h1><p>Unknown client trying to get access to your account.</p>").type("text/html").build() : loginForm(null, str3, str4, str5, str6, realm, user);
    }

    private Response loginForm(String str, String str2, String str3, String str4, String str5, Realm realm, User user) {
        StringBuffer stringBuffer = new StringBuffer();
        if (str4 != null) {
            stringBuffer.append("<h1>Grant Request For ").append(realm.getName()).append(" Realm</h1>");
            if (str != null) {
                try {
                    Thread.sleep(1000L);
                    stringBuffer.append("<p/><p><b>").append(str).append("</b></p>");
                } catch (InterruptedException e) {
                    throw new RuntimeException(e);
                }
            }
            stringBuffer.append("<p>A Third Party is requesting access to the following resources</p>");
            stringBuffer.append("<table>");
            try {
                SkeletonKeyScope skeletonKeyScope = (SkeletonKeyScope) JsonSerialization.fromBytes(SkeletonKeyScope.class, Base64Url.decode(str4));
                for (String str6 : skeletonKeyScope.keySet()) {
                    Resource resource = this.identityManager.getResource(realm, str6);
                    stringBuffer.append("<tr><td><b>Resource: </b>").append(resource.getName()).append("</td><td><b>Roles:</b>");
                    ScopeMapping scopeMapping = this.identityManager.getScopeMapping(realm, resource, user);
                    for (String str7 : skeletonKeyScope.get(str6)) {
                        stringBuffer.append(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR).append(str7);
                        if (!scopeMapping.getRoles().contains(str7)) {
                            return Response.ok("<h1>Security Alert</h1><p>Known client not authorized for the requested scope.</p>").type("text/html").build();
                        }
                    }
                    stringBuffer.append("</td></tr>");
                }
                stringBuffer.append("</table><p>To Authorize, please login below</p>");
            } catch (IOException e2) {
                throw new RuntimeException(e2);
            }
        } else {
            ScopeMapping scopeMapping2 = this.identityManager.getScopeMapping(realm, user);
            if (scopeMapping2 == null || !scopeMapping2.getRoles().contains("login")) {
                stringBuffer.append("<h1>Grant Request For ").append(realm.getName()).append(" Realm</h1>");
                if (str != null) {
                    try {
                        Thread.sleep(1000L);
                        stringBuffer.append("<p/><p><b>").append(str).append("</b></p>");
                    } catch (InterruptedException e3) {
                        throw new RuntimeException(e3);
                    }
                }
                SkeletonKeyScope skeletonKeyScope2 = new SkeletonKeyScope();
                boolean z = false;
                for (Resource resource2 : this.identityManager.getResources(realm)) {
                    ScopeMapping scopeMapping3 = this.identityManager.getScopeMapping(realm, resource2, user);
                    if (scopeMapping3 != null && scopeMapping3.getRoles().size() != 0) {
                        if (!z) {
                            z = true;
                            stringBuffer.append("<p>A Third Party is requesting access to the following resources</p>");
                            stringBuffer.append("<table>");
                        }
                        stringBuffer.append("<tr><td><b>Resource: </b>").append(resource2.getName()).append("</td><td><b>Roles:</b>");
                        for (String str8 : scopeMapping3.getRoles()) {
                            stringBuffer.append(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR).append(str8);
                            skeletonKeyScope2.add(resource2.getName(), str8);
                        }
                    }
                }
                if (!z) {
                    return Response.ok("<h1>Security Alert</h1><p>Known client not authorized to access this realm.</p>").type("text/html").build();
                }
                stringBuffer.append("</table>");
                try {
                    str4 = Base64Url.encode(JsonSerialization.toString((Object) skeletonKeyScope2, false).getBytes("UTF-8"));
                } catch (Exception e4) {
                    throw new RuntimeException(e4);
                }
            } else {
                stringBuffer.append("<h1>Login For ").append(realm.getName()).append(" Realm</h1>");
                if (str != null) {
                    try {
                        Thread.sleep(1000L);
                        stringBuffer.append("<p/><p><b>").append(str).append("</b></p>");
                    } catch (InterruptedException e5) {
                        throw new RuntimeException(e5);
                    }
                }
            }
        }
        stringBuffer.append("<form action=\"").append(this.uriInfo.getBaseUriBuilder().path(TokenManagement.class).path(TokenManagement.class, "login").build(new Object[]{realm.getId()}).toString()).append("\" method=\"POST\">");
        stringBuffer.append("Username: <input type=\"text\" name=\"username\" size=\"20\"><br>");
        for (RequiredCredential requiredCredential : this.identityManager.getRequiredCredentials(realm)) {
            if (requiredCredential.isInput()) {
                stringBuffer.append(requiredCredential.getType()).append(": ");
                if (requiredCredential.isSecret()) {
                    stringBuffer.append("<input type=\"password\" name=\"").append(requiredCredential.getType()).append("\"  size=\"20\"><br>");
                } else {
                    stringBuffer.append("<input type=\"text\" name=\"").append(requiredCredential.getType()).append("\"  size=\"20\"><br>");
                }
            }
        }
        stringBuffer.append("<input type=\"hidden\" name=\"client_id\" value=\"").append(str3).append("\">");
        if (str4 != null) {
            stringBuffer.append("<input type=\"hidden\" name=\"scope\" value=\"").append(str4).append("\">");
        }
        if (str5 != null) {
            stringBuffer.append("<input type=\"hidden\" name=\"state\" value=\"").append(str5).append("\">");
        }
        stringBuffer.append("<input type=\"hidden\" name=\"redirect_uri\" value=\"").append(str2).append("\">");
        stringBuffer.append("<input type=\"submit\" value=\"");
        if (str4 == null) {
            stringBuffer.append("Login");
        } else {
            stringBuffer.append("Grant Access");
        }
        stringBuffer.append("\">");
        stringBuffer.append("</form>");
        return Response.ok(stringBuffer.toString()).type("text/html").build();
    }

    @Path("{realm}/grants")
    @Consumes({"application/x-www-form-urlencoded"})
    @POST
    @Produces({"application/json"})
    public Response accessTokenGrant(@PathParam("realm") String str, MultivaluedMap<String, String> multivaluedMap) {
        Realm realm = this.identityManager.getRealm(str);
        if (realm == null) {
            throw new NotFoundException();
        }
        if (!realm.isEnabled()) {
            this.logger.debug("realm is not enabled");
            throw new NotFoundException();
        }
        User user = this.identityManager.getUser(realm, (String) multivaluedMap.getFirst("client_id"));
        if (user == null) {
            this.logger.debug("Could not find user");
            HashMap hashMap = new HashMap();
            hashMap.put("error", "invalid_client");
            hashMap.put("error_description", "Could not find user");
            return Response.status(Response.Status.BAD_REQUEST).entity(hashMap).type("application/json").build();
        }
        if (!user.isEnabled()) {
            this.logger.debug("user is not enabled");
            HashMap hashMap2 = new HashMap();
            hashMap2.put("error", "invalid_client");
            hashMap2.put("error_description", "User is not enabled");
            return Response.status(Response.Status.BAD_REQUEST).entity(hashMap2).type("application/json").build();
        }
        if (!authenticate(realm, user, multivaluedMap)) {
            HashMap hashMap3 = new HashMap();
            hashMap3.put("error", "unauthorized_client");
            return Response.status(Response.Status.BAD_REQUEST).entity(hashMap3).type("application/json").build();
        }
        SkeletonKeyToken createAccessToken = createAccessToken(user, realm);
        if (createAccessToken != null) {
            return Response.ok(accessTokenResponse(realm.getPrivateKey(), createAccessToken), MediaType.APPLICATION_JSON_TYPE).build();
        }
        HashMap hashMap4 = new HashMap();
        hashMap4.put("error", "unauthorized_client");
        return Response.status(Response.Status.BAD_REQUEST).entity(hashMap4).type("application/json").build();
    }

    protected boolean authenticate(Realm realm, User user, MultivaluedMap<String, String> multivaluedMap) {
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        for (UserCredential userCredential : this.identityManager.getCredentials(user)) {
            multivaluedHashMap.add(userCredential.getType(), userCredential);
        }
        for (RequiredCredential requiredCredential : this.identityManager.getRequiredCredentials(realm)) {
            if (requiredCredential.isInput()) {
                String str = (String) multivaluedMap.getFirst(requiredCredential.getType());
                if (str == null) {
                    return false;
                }
                UserCredential userCredential2 = (UserCredential) multivaluedHashMap.getFirst(requiredCredential.getType());
                if (userCredential2 == null) {
                    this.logger.warn("Missing required user credential");
                    return false;
                }
                if (userCredential2.isHashed()) {
                    str = hash(str);
                }
                if (!str.equals(userCredential2.getValue())) {
                    this.logger.warn("Credential mismatch");
                    return false;
                }
            } else {
                if (!requiredCredential.getType().equals("CALLER_PRINCIPAL")) {
                    throw new NotImplementedYetException();
                }
                List list = (List) multivaluedHashMap.get("CALLER_PRINCIPAL");
                if (list == null) {
                    return false;
                }
                boolean z = false;
                Iterator it = list.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (((UserCredential) it.next()).getValue().equals(this.securityContext.getUserPrincipal().getName())) {
                        z = true;
                        break;
                    }
                }
                if (!z) {
                    this.logger.warn("caller principal not matched");
                    return false;
                }
            }
        }
        return true;
    }

    private String hash(String str) {
        try {
            return Base64.encodeBytes(MessageDigest.getInstance("MD5").digest(str.getBytes()));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
}
