package org.wildfly.extension.camel.security;

import java.io.IOException;
import java.security.acl.Group;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.eclipse.aether.repository.AuthenticationContext;
import org.jboss.gravia.utils.IllegalArgumentAssertion;
import org.jboss.gravia.utils.IllegalStateAssertion;
import org.jboss.modules.ModuleClassLoader;
import org.jboss.security.ClientLoginModule;
import org.jboss.security.SimplePrincipal;
import org.switchyard.ServiceSecurity;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-389.zip:modules/system/layers/fuse/org/wildfly/extension/camel/main/wildfly-camel-subsystem-2.4.0.redhat-630389.jar:org/wildfly/extension/camel/security/LoginContextBuilder.class */
public final class LoginContextBuilder {
    private final Type contextType;
    private final Set<String> roles = new HashSet();
    private String domain;
    private String username;
    private char[] password;

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-389.zip:modules/system/layers/fuse/org/wildfly/extension/camel/main/wildfly-camel-subsystem-2.4.0.redhat-630389.jar:org/wildfly/extension/camel/security/LoginContextBuilder$Type.class */
    public enum Type {
        CLIENT,
        AUTHENTICATION
    }

    public LoginContextBuilder(Type type) {
        IllegalArgumentAssertion.assertNotNull(type, "type");
        this.contextType = type;
    }

    public LoginContextBuilder username(String str) {
        this.username = str;
        return this;
    }

    public LoginContextBuilder password(char[] cArr) {
        this.password = Arrays.copyOf(cArr, cArr.length);
        return this;
    }

    public LoginContextBuilder encryptedPassword(char[] cArr) {
        return encryptedPassword("ApplicationRealm", cArr);
    }

    public LoginContextBuilder encryptedPassword(String str, char[] cArr) {
        IllegalStateAssertion.assertNotNull(this.username, "Username cannot be null");
        this.password = EncodedUsernamePasswordPrincipal.encryptPassword(str, this.username, cArr);
        return this;
    }

    public LoginContextBuilder domain(String str) {
        this.domain = str;
        return this;
    }

    public LoginContextBuilder roles(String... strArr) {
        for (String str : strArr) {
            this.roles.add(str);
        }
        return this;
    }

    public LoginContext build() throws LoginException {
        if (this.contextType == Type.CLIENT) {
            return getClientLoginContext();
        }
        if (this.contextType == Type.AUTHENTICATION) {
            return getAuthenticationLoginContext();
        }
        throw new IllegalStateException("Unsupported type: " + this.contextType);
    }

    private LoginContext getClientLoginContext() throws LoginException {
        return getLoginContext(new Configuration() { // from class: org.wildfly.extension.camel.security.LoginContextBuilder.1
            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                HashMap hashMap = new HashMap();
                hashMap.put("multi-threaded", "true");
                hashMap.put("restore-login-identity", "true");
                return new AppConfigurationEntry[]{new AppConfigurationEntry(ClientLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
            }
        });
    }

    private LoginContext getAuthenticationLoginContext() throws LoginException {
        return getLoginContext(null);
    }

    private LoginContext getLoginContext(Configuration configuration) throws LoginException {
        IllegalStateAssertion.assertNotNull(this.username, AuthenticationContext.USERNAME);
        IllegalStateAssertion.assertNotNull(this.password, "password");
        String str = this.domain != null ? this.domain : ServiceSecurity.DEFAULT_SECURITY_DOMAIN;
        CallbackHandler callbackHandler = new CallbackHandler() { // from class: org.wildfly.extension.camel.security.LoginContextBuilder.2
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                for (Callback callback : callbackArr) {
                    if (callback instanceof NameCallback) {
                        ((NameCallback) callback).setName(LoginContextBuilder.this.username);
                    } else {
                        if (!(callback instanceof PasswordCallback)) {
                            throw new UnsupportedCallbackException(callback);
                        }
                        ((PasswordCallback) callback).setPassword(LoginContextBuilder.this.password);
                    }
                }
            }
        };
        ClassLoader contextClassLoader = SecurityActions.getContextClassLoader();
        try {
            if (!(contextClassLoader instanceof ModuleClassLoader)) {
                SecurityActions.setContextClassLoader(LoginContextBuilder.class.getClassLoader());
            }
            LoginContext loginContext = new LoginContext(str, new Subject(), callbackHandler, configuration) { // from class: org.wildfly.extension.camel.security.LoginContextBuilder.3
                public void login() throws LoginException {
                    super.login();
                    HashSet hashSet = new HashSet(LoginContextBuilder.this.roles);
                    Set<Group> principals = getSubject().getPrincipals(Group.class);
                    if (principals != null) {
                        for (Group group : principals) {
                            if ("Roles".equals(group.getName())) {
                                for (String str2 : LoginContextBuilder.this.roles) {
                                    if (group.isMember(new SimplePrincipal(str2))) {
                                        hashSet.remove(str2);
                                    }
                                }
                            }
                        }
                    }
                    if (!hashSet.isEmpty()) {
                        throw new LoginException("User does not have required roles: " + hashSet);
                    }
                }
            };
            SecurityActions.setContextClassLoader(contextClassLoader);
            return loginContext;
        } catch (Throwable th) {
            SecurityActions.setContextClassLoader(contextClassLoader);
            throw th;
        }
    }
}
