package org.uberfire.ext.security.management.keycloak.elytron;

import java.security.Principal;
import java.util.Collection;
import java.util.HashMap;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.enterprise.inject.Alternative;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginException;
import org.jboss.errai.security.shared.api.RoleImpl;
import org.jboss.errai.security.shared.api.identity.User;
import org.jboss.errai.security.shared.api.identity.UserImpl;
import org.jboss.errai.security.shared.exception.FailedAuthenticationException;
import org.keycloak.adapters.jaas.DirectAccessGrantsLoginModule;
import org.keycloak.adapters.jaas.RolePrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.uberfire.backend.server.security.elytron.ElytronIdentityHelper;

@Alternative
/* loaded from: input_file:WEB-INF/lib/uberfire-security-management-keycloak-7.68.0.Final.jar:org/uberfire/ext/security/management/keycloak/elytron/KeyCloakElytronIdentityHelper.class */
public class KeyCloakElytronIdentityHelper implements ElytronIdentityHelper {
    public static final String KEYCLOAK_CONFIG_FILE_KEY = "keycloak-config-file";
    public static final String KIE_GIT_FILE_SYSTEM_PROP = "org.uberfire.ext.security.keycloak.keycloak-config-file";
    public static final String DEFAULT_KIE_GIT_FILE_PATH = System.getProperty("jboss.home.dir") + "/kie-git.json";
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) KeyCloakElytronIdentityHelper.class);
    private final String configFile;
    private final DirectAccessGrantsLoginModule keycloakDelegate;

    /* loaded from: input_file:WEB-INF/lib/uberfire-security-management-keycloak-7.68.0.Final.jar:org/uberfire/ext/security/management/keycloak/elytron/KeyCloakElytronIdentityHelper$ElytronHelperCallbackHandler.class */
    static class ElytronHelperCallbackHandler implements CallbackHandler {
        private final String userName;
        private final String password;

        public ElytronHelperCallbackHandler(String str, String str2) {
            this.userName = str;
            this.password = str2;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) {
            Stream.of((Object[]) callbackArr).forEach(callback -> {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(this.userName);
                } else if (callback instanceof PasswordCallback) {
                    ((PasswordCallback) callback).setPassword(this.password.toCharArray());
                } else {
                    KeyCloakElytronIdentityHelper.logger.debug("Unrecognized Callback {}", callback);
                }
            });
        }
    }

    public KeyCloakElytronIdentityHelper() {
        this(new DirectAccessGrantsLoginModule());
    }

    KeyCloakElytronIdentityHelper(DirectAccessGrantsLoginModule directAccessGrantsLoginModule) {
        this.keycloakDelegate = directAccessGrantsLoginModule;
        this.configFile = System.getProperty(KIE_GIT_FILE_SYSTEM_PROP, DEFAULT_KIE_GIT_FILE_PATH);
    }

    @Override // org.uberfire.backend.server.security.elytron.ElytronIdentityHelper
    public User getIdentity(final String str, String str2) {
        Subject subject = new Subject();
        subject.getPrincipals().add(new Principal() { // from class: org.uberfire.ext.security.management.keycloak.elytron.KeyCloakElytronIdentityHelper.1
            private final String name;

            {
                this.name = str;
            }

            @Override // java.security.Principal
            public String getName() {
                return this.name;
            }
        });
        subject.getPublicCredentials().add(str2);
        HashMap hashMap = new HashMap();
        hashMap.put("keycloak-config-file", this.configFile);
        this.keycloakDelegate.initialize(subject, new ElytronHelperCallbackHandler(str, str2), new HashMap(), hashMap);
        try {
            try {
            } catch (Exception e) {
                logger.debug("Identity provided for '{}' not valid", str);
                try {
                    this.keycloakDelegate.logout();
                } catch (LoginException e2) {
                    logger.debug("Error logging out user '{}'", str);
                }
            }
            if (!this.keycloakDelegate.login()) {
                try {
                    this.keycloakDelegate.logout();
                } catch (LoginException e3) {
                    logger.debug("Error logging out user '{}'", str);
                }
                throw new FailedAuthenticationException();
            }
            this.keycloakDelegate.commit();
            UserImpl userImpl = new UserImpl(str, (Collection) subject.getPrincipals(RolePrincipal.class).stream().map(rolePrincipal -> {
                return new RoleImpl(rolePrincipal.getName());
            }).collect(Collectors.toList()));
            try {
                this.keycloakDelegate.logout();
            } catch (LoginException e4) {
                logger.debug("Error logging out user '{}'", str);
            }
            return userImpl;
        } catch (Throwable th) {
            try {
                this.keycloakDelegate.logout();
            } catch (LoginException e5) {
                logger.debug("Error logging out user '{}'", str);
            }
            throw th;
        }
    }
}
