package org.wildfly.security.sasl.gs2;

import java.io.IOException;
import java.util.Collections;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslClientFactory;
import javax.security.sasl.SaslException;
import org.apache.commons.lang3.BooleanUtils;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.callback.ChannelBindingCallback;
import org.wildfly.security.mechanism._private.ElytronMessages;
import org.wildfly.security.sasl.WildFlySasl;

/* loaded from: input_file:org/wildfly/security/sasl/gs2/Gs2SaslClientFactory.class */
public final class Gs2SaslClientFactory implements SaslClientFactory {
    private final GSSManager gssManager;

    public Gs2SaslClientFactory(GSSManager gSSManager) {
        this.gssManager = gSSManager;
    }

    public Gs2SaslClientFactory() {
        this(GSSManager.getInstance());
    }

    public SaslClient createSaslClient(String[] strArr, String str, String str2, String str3, Map<String, ?> map, CallbackHandler callbackHandler) throws SaslException {
        Assert.checkNotNullParam("cbh", callbackHandler);
        if (map == null) {
            map = Collections.emptyMap();
        }
        GSSManager gSSManager = this.gssManager;
        try {
            String[] supportedSaslNamesForMechanisms = Gs2Util.getSupportedSaslNamesForMechanisms(gSSManager.getMechs());
            String str4 = null;
            boolean z = false;
            String str5 = null;
            byte[] bArr = null;
            boolean z2 = false;
            boolean equals = BooleanUtils.TRUE.equals(map.get(WildFlySasl.CHANNEL_BINDING_REQUIRED));
            boolean z3 = false;
            for (String str6 : strArr) {
                if (Gs2Util.isIncluded(str6, supportedSaslNamesForMechanisms)) {
                    if (!z3) {
                        ChannelBindingCallback channelBindingCallback = new ChannelBindingCallback();
                        try {
                            callbackHandler.handle(new Callback[]{channelBindingCallback});
                        } catch (UnsupportedCallbackException e) {
                        } catch (SaslException e2) {
                            throw e2;
                        } catch (IOException e3) {
                            throw ElytronMessages.saslGs2.mechFailedToDetermineChannelBindingStatus(e3).toSaslException();
                        }
                        str5 = channelBindingCallback.getBindingType();
                        bArr = channelBindingCallback.getBindingData();
                        z2 = (str5 == null || bArr == null) ? false : true;
                        z3 = true;
                    }
                    if (str6.endsWith(Gs2.PLUS_SUFFIX)) {
                        if (z2) {
                            z = true;
                        } else {
                            continue;
                        }
                    }
                    if (!equals || z) {
                        str4 = str6;
                        break;
                    }
                }
            }
            if (str4 == null) {
                return null;
            }
            Gs2SaslClient gs2SaslClient = new Gs2SaslClient(str4, str2, str3, callbackHandler, str, map, gSSManager, z, str5, bArr);
            gs2SaslClient.init();
            return gs2SaslClient;
        } catch (GSSException e4) {
            throw ElytronMessages.saslGs2.mechGettingSupportedMechanismsFailed(e4).toSaslException();
        }
    }

    public String[] getMechanismNames(Map<String, ?> map) {
        try {
            String[] supportedSaslNamesForMechanisms = Gs2Util.getSupportedSaslNamesForMechanisms(this.gssManager.getMechs());
            return (map == null || BooleanUtils.TRUE.equals(map.get(WildFlySasl.MECHANISM_QUERY_ALL)) || !BooleanUtils.TRUE.equals(map.get(WildFlySasl.CHANNEL_BINDING_REQUIRED))) ? supportedSaslNamesForMechanisms : Gs2Util.getPlusMechanisms(supportedSaslNamesForMechanisms);
        } catch (GSSException e) {
            return WildFlySasl.NO_NAMES;
        }
    }
}
