package org.wildfly.security.authz.jacc;

import java.util.Iterator;
import java.util.Objects;
import javax.security.auth.Subject;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.server.IdentityCredentials;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.KeyPairCredential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.PublicKeyCredential;
import org.wildfly.security.credential.SecretKeyCredential;
import org.wildfly.security.credential.X509CertificateChainPrivateCredential;
import org.wildfly.security.credential.X509CertificateChainPublicCredential;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/wildfly-elytron-jacc-1.15.5.Final.jar:org/wildfly/security/authz/jacc/SubjectUtil.class
 */
/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.15.5.Final.jar:org/wildfly/security/authz/jacc/SubjectUtil.class */
final class SubjectUtil {
    private static final boolean CONVERT_ROLES_TO_GROUP;

    SubjectUtil() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Subject fromSecurityIdentity(SecurityIdentity securityIdentity) {
        Assert.checkNotNullParam("securityIdentity", securityIdentity);
        Subject subject = new Subject();
        subject.getPrincipals().add(securityIdentity.getPrincipal());
        if (CONVERT_ROLES_TO_GROUP) {
            subject.getPrincipals().addAll(RoleToGroupMapper.convert(securityIdentity.getPrincipal(), securityIdentity.getRoles()));
        }
        Iterator<Credential> it = securityIdentity.getPublicCredentials().iterator();
        while (it.hasNext()) {
            Credential next = it.next();
            if (next instanceof PublicKeyCredential) {
                subject.getPublicCredentials().add(((PublicKeyCredential) next.castAs(PublicKeyCredential.class)).getPublicKey());
            } else if (next instanceof X509CertificateChainPublicCredential) {
                subject.getPublicCredentials().add(((X509CertificateChainPublicCredential) next.castAs(X509CertificateChainPublicCredential.class)).getCertificateChain());
            } else {
                subject.getPublicCredentials().add(next);
            }
        }
        Objects.requireNonNull(securityIdentity);
        Iterator<Credential> it2 = ((IdentityCredentials) SecurityActions.doPrivileged(securityIdentity::getPrivateCredentials)).iterator();
        while (it2.hasNext()) {
            Credential next2 = it2.next();
            if (next2 instanceof PasswordCredential) {
                addPrivateCredential(subject, ((PasswordCredential) next2.castAs(PasswordCredential.class)).getPassword());
            } else if (next2 instanceof SecretKeyCredential) {
                addPrivateCredential(subject, ((SecretKeyCredential) next2.castAs(SecretKeyCredential.class)).getSecretKey());
            } else if (next2 instanceof KeyPairCredential) {
                addPrivateCredential(subject, ((KeyPairCredential) next2.castAs(KeyPairCredential.class)).getKeyPair());
            } else if (next2 instanceof X509CertificateChainPrivateCredential) {
                addPrivateCredential(subject, ((X509CertificateChainPrivateCredential) next2.castAs(X509CertificateChainPrivateCredential.class)).getCertificateChain());
            } else {
                addPrivateCredential(subject, next2);
            }
        }
        addPrivateCredential(subject, securityIdentity);
        return subject;
    }

    static void addPrivateCredential(Subject subject, Object obj) {
        SecurityActions.doPrivileged(() -> {
            subject.getPrivateCredentials().add(obj);
            return null;
        });
    }

    static {
        boolean z = false;
        try {
            Class.forName("java.security.acl.Group");
            z = true;
        } catch (ClassNotFoundException e) {
            ElytronMessages.log.trace("Class 'java.security.acl.Group' is not available, role to group mapping disabled.");
        }
        CONVERT_ROLES_TO_GROUP = z;
    }
}
