package org.wildfly.security.auth.realm.ldap;

import java.io.IOException;
import java.security.Provider;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Collection;
import java.util.function.Supplier;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.NoSuchAttributeException;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.password.Password;
import org.wildfly.security.util.LdapUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron-realm-ldap/1.10.4.Final/wildfly-elytron-realm-ldap-1.10.4.Final.jar:org/wildfly/security/auth/realm/ldap/UserPasswordCredentialLoader.class */
public class UserPasswordCredentialLoader implements CredentialPersister {
    static final String DEFAULT_USER_PASSWORD_ATTRIBUTE_NAME = "userPassword";
    private final String userPasswordAttributeName;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:m2repo/org/wildfly/security/wildfly-elytron-realm-ldap/1.10.4.Final/wildfly-elytron-realm-ldap-1.10.4.Final.jar:org/wildfly/security/auth/realm/ldap/UserPasswordCredentialLoader$ForIdentityLoader.class */
    public class ForIdentityLoader implements IdentityCredentialPersister, IdentityEvidenceVerifier {
        private final DirContext context;
        private final String distinguishedName;
        private final Attributes attributes;

        public ForIdentityLoader(DirContext dirContext, String str, Attributes attributes) {
            this.context = dirContext;
            this.distinguishedName = str;
            this.attributes = attributes;
        }

        @Override // org.wildfly.security.auth.realm.ldap.IdentityCredentialLoader
        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec, Supplier<Provider[]> supplier) {
            return getCredential(cls, str, algorithmParameterSpec, supplier) != null ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
        }

        @Override // org.wildfly.security.auth.realm.ldap.IdentityEvidenceVerifier
        public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str, Supplier<Provider[]> supplier) throws RealmUnavailableException {
            return !PasswordCredential.canVerifyEvidence(cls, str) ? SupportLevel.UNSUPPORTED : getCredentialAcquireSupport(PasswordCredential.class, null, null, supplier);
        }

        @Override // org.wildfly.security.auth.realm.ldap.IdentityCredentialLoader
        public <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec, Supplier<Provider[]> supplier) {
            if (cls != PasswordCredential.class) {
                return null;
            }
            try {
                Attribute binaryAttribute = LdapUtil.getBinaryAttribute(this.attributes, UserPasswordCredentialLoader.this.userPasswordAttributeName);
                if (binaryAttribute != null) {
                    int size = binaryAttribute.size();
                    for (int i = 0; i < size; i++) {
                        Password parseUserPassword = UserPasswordPasswordUtil.parseUserPassword((byte[]) binaryAttribute.get(i));
                        if (cls.isAssignableFrom(PasswordCredential.class) && (str == null || str.equals(parseUserPassword.getAlgorithm()))) {
                            return cls.cast(new PasswordCredential(parseUserPassword));
                        }
                    }
                }
                return null;
            } catch (NamingException | InvalidKeySpecException e) {
                if (!ElytronMessages.log.isTraceEnabled()) {
                    return null;
                }
                ElytronMessages.log.trace("Getting user-password credential " + cls.getName() + " failed. dn=" + this.distinguishedName, e);
                return null;
            }
        }

        @Override // org.wildfly.security.auth.realm.ldap.IdentityEvidenceVerifier
        public boolean verifyEvidence(Evidence evidence, Supplier<Provider[]> supplier) throws RealmUnavailableException {
            PasswordCredential passwordCredential = (PasswordCredential) getCredential(PasswordCredential.class, null, null, supplier);
            if (passwordCredential == null) {
                return false;
            }
            return passwordCredential.verify(supplier, evidence);
        }

        @Override // org.wildfly.security.auth.realm.ldap.IdentityCredentialPersister
        public boolean getCredentialPersistSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) {
            return cls == PasswordCredential.class && (str == null || UserPasswordPasswordUtil.isAlgorithmSupported(str));
        }

        @Override // org.wildfly.security.auth.realm.ldap.IdentityCredentialPersister
        public void persistCredential(Credential credential) throws RealmUnavailableException {
            try {
                byte[] composeUserPassword = UserPasswordPasswordUtil.composeUserPassword((Password) credential.castAndApply(PasswordCredential.class, (v0) -> {
                    return v0.getPassword();
                }));
                Assert.assertNotNull(composeUserPassword);
                BasicAttributes basicAttributes = new BasicAttributes();
                basicAttributes.put(UserPasswordCredentialLoader.this.userPasswordAttributeName, composeUserPassword);
                this.context.modifyAttributes(this.distinguishedName, 2, basicAttributes);
            } catch (NamingException | IOException e) {
                throw ElytronMessages.log.ldapRealmCredentialPersistingFailed(credential.toString(), this.distinguishedName, e);
            }
        }

        @Override // org.wildfly.security.auth.realm.ldap.IdentityCredentialPersister
        public void clearCredentials() throws RealmUnavailableException {
            try {
                BasicAttributes basicAttributes = new BasicAttributes();
                basicAttributes.put(new BasicAttribute(UserPasswordCredentialLoader.this.userPasswordAttributeName));
                this.context.modifyAttributes(this.distinguishedName, 3, basicAttributes);
            } catch (NamingException e) {
                throw ElytronMessages.log.ldapRealmCredentialClearingFailed(this.distinguishedName, e);
            } catch (NoSuchAttributeException e2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserPasswordCredentialLoader(String str) {
        Assert.checkNotNullParam("userPasswordAttributeName", str);
        this.userPasswordAttributeName = str;
    }

    @Override // org.wildfly.security.auth.realm.ldap.CredentialLoader
    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
        if (cls == PasswordCredential.class) {
            if (str == null) {
                return SupportLevel.SUPPORTED;
            }
            if (UserPasswordPasswordUtil.isAlgorithmSupported(str)) {
                return SupportLevel.POSSIBLY_SUPPORTED;
            }
        }
        return SupportLevel.UNSUPPORTED;
    }

    @Override // org.wildfly.security.auth.realm.ldap.CredentialPersister, org.wildfly.security.auth.realm.ldap.CredentialLoader
    public IdentityCredentialPersister forIdentity(DirContext dirContext, String str, Attributes attributes) {
        return new ForIdentityLoader(dirContext, str, attributes);
    }

    @Override // org.wildfly.security.auth.realm.ldap.CredentialLoader
    public void addRequiredIdentityAttributes(Collection<String> collection) {
        collection.add(this.userPasswordAttributeName);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EvidenceVerifier toEvidenceVerifier() {
        return new EvidenceVerifier() { // from class: org.wildfly.security.auth.realm.ldap.UserPasswordCredentialLoader.1
            @Override // org.wildfly.security.auth.realm.ldap.EvidenceVerifier
            public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
                return !PasswordCredential.canVerifyEvidence(cls, str) ? SupportLevel.UNSUPPORTED : UserPasswordCredentialLoader.this.getCredentialAcquireSupport(PasswordCredential.class, str, null);
            }

            @Override // org.wildfly.security.auth.realm.ldap.EvidenceVerifier
            public IdentityEvidenceVerifier forIdentity(DirContext dirContext, String str, String str2, Attributes attributes) throws RealmUnavailableException {
                return new ForIdentityLoader(dirContext, str, attributes);
            }

            @Override // org.wildfly.security.auth.realm.ldap.EvidenceVerifier
            public void addRequiredIdentityAttributes(Collection<String> collection) {
                collection.add(UserPasswordCredentialLoader.this.userPasswordAttributeName);
            }
        };
    }
}
