package org.jboss.as.controller.remote;

import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
import java.net.InetAddress;
import java.security.Principal;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import org.jboss.as.controller.logging.ControllerLogger;
import org.jboss.as.core.security.RealmUser;
import org.jboss.as.core.security.api.RealmPrincipal;
import org.jboss.as.protocol.mgmt.ProtocolUtils;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.permission.LoginPermission;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.auth.server.ServerAuthenticationContext;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.authz.RoleDecoder;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.evidence.Evidence;

/* loaded from: input_file:WEB-INF/lib/wildfly-controller-10.0.3.Final.jar:org/jboss/as/controller/remote/IdentityAddressProtocolUtil.class */
class IdentityAddressProtocolUtil {
    private static final SecurityDomain INFLOW_SECURITY_DOMAIN = createSecurityDomain();
    private static final byte USER = 1;
    private static final byte GROUP = 2;
    private static final byte ROLE = 3;
    private static final byte INET_ADDRESS = 4;
    private static final byte ITEMS_PARAM = 5;
    private static final byte REALM_PARAM = 6;
    private static final byte NAME_PARAM = 7;
    private static final byte HOST_PARAM = 8;
    private static final byte ADDR_PARAM = 9;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/wildfly-controller-10.0.3.Final.jar:org/jboss/as/controller/remote/IdentityAddressProtocolUtil$EvidenceWithRoles.class */
    public static final class EvidenceWithRoles implements Evidence {
        final Principal principal;
        final Set<String> roles;

        EvidenceWithRoles(Principal principal, Set<String> set) {
            this.principal = principal;
            this.roles = set;
        }

        @Override // org.wildfly.security.evidence.Evidence
        public Principal getPrincipal() {
            return this.principal;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/wildfly-controller-10.0.3.Final.jar:org/jboss/as/controller/remote/IdentityAddressProtocolUtil$PropagatedIdentity.class */
    public static final class PropagatedIdentity {
        final SecurityIdentity securityIdentity;
        final InetAddress inetAddress;

        public PropagatedIdentity(SecurityIdentity securityIdentity, InetAddress inetAddress) {
            this.securityIdentity = securityIdentity;
            this.inetAddress = inetAddress;
        }
    }

    IdentityAddressProtocolUtil() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void write(DataOutput dataOutput, SecurityIdentity securityIdentity, InetAddress inetAddress) throws IOException {
        Principal principal;
        String str;
        Set<String> emptySet;
        if (securityIdentity != null) {
            principal = securityIdentity.getPrincipal();
            str = principal instanceof RealmPrincipal ? ((RealmPrincipal) principal).getRealm() : null;
            emptySet = (Set) StreamSupport.stream(securityIdentity.getRoles().spliterator(), false).collect(Collectors.toSet());
        } else {
            principal = null;
            str = null;
            emptySet = Collections.emptySet();
        }
        int size = (principal != null ? 1 : 0) + emptySet.size() + (inetAddress != null ? 1 : 0);
        dataOutput.writeByte(80);
        if (size == 0) {
            dataOutput.writeInt(0);
            return;
        }
        dataOutput.writeInt(1);
        dataOutput.write(5);
        dataOutput.writeInt(size);
        if (principal != null) {
            dataOutput.write(1);
            if (str != null) {
                dataOutput.write(6);
                dataOutput.writeUTF(str);
            }
            dataOutput.write(7);
            dataOutput.writeUTF(principal.getName());
        }
        for (String str2 : emptySet) {
            dataOutput.write(2);
            if (str != null) {
                dataOutput.write(6);
                dataOutput.writeUTF(str);
            }
            dataOutput.write(7);
            dataOutput.writeUTF(str2);
        }
        if (inetAddress != null) {
            dataOutput.write(4);
            String hostName = inetAddress.getHostName();
            byte[] address = inetAddress.getAddress();
            dataOutput.write(8);
            dataOutput.writeUTF(hostName);
            dataOutput.write(9);
            dataOutput.writeInt(address.length);
            dataOutput.write(address);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PropagatedIdentity read(DataInput dataInput) throws IOException {
        ProtocolUtils.expectHeader(dataInput, 80);
        if (dataInput.readInt() == 0) {
            return null;
        }
        ProtocolUtils.expectHeader(dataInput, 5);
        int readInt = dataInput.readInt();
        Principal principal = null;
        HashSet hashSet = new HashSet(Math.max(readInt - 2, 0));
        InetAddress inetAddress = null;
        for (int i = 0; i < readInt; i++) {
            byte readByte = dataInput.readByte();
            switch (readByte) {
                case 1:
                    byte readByte2 = dataInput.readByte();
                    String str = null;
                    if (readByte2 == 6) {
                        str = dataInput.readUTF();
                        readByte2 = dataInput.readByte();
                    }
                    if (readByte2 != 7) {
                        throw ControllerLogger.ROOT_LOGGER.unsupportedIdentityParameter(readByte2, (byte) 1);
                    }
                    String readUTF = dataInput.readUTF();
                    principal = str != null ? new RealmUser(str, readUTF) : new NamePrincipal(readUTF);
                    break;
                case 2:
                case 3:
                    byte readByte3 = dataInput.readByte();
                    if (readByte3 == 6) {
                        dataInput.readUTF();
                        readByte3 = dataInput.readByte();
                    }
                    if (readByte3 != 7) {
                        throw ControllerLogger.ROOT_LOGGER.unsupportedIdentityParameter(readByte3, (byte) 2);
                    }
                    hashSet.add(dataInput.readUTF());
                    break;
                case 4:
                    byte readByte4 = dataInput.readByte();
                    if (readByte4 != 8) {
                        throw ControllerLogger.ROOT_LOGGER.unsupportedIdentityParameter(readByte4, (byte) 4);
                    }
                    String readUTF2 = dataInput.readUTF();
                    byte readByte5 = dataInput.readByte();
                    if (readByte5 != 9) {
                        throw ControllerLogger.ROOT_LOGGER.unsupportedIdentityParameter(readByte5, (byte) 4);
                    }
                    byte[] bArr = new byte[dataInput.readInt()];
                    dataInput.readFully(bArr);
                    inetAddress = InetAddress.getByAddress(readUTF2, bArr);
                    break;
                default:
                    throw ControllerLogger.ROOT_LOGGER.unsupportedIdentityType(readByte);
            }
        }
        if (principal == null && inetAddress == null) {
            return null;
        }
        return new PropagatedIdentity(principal != null ? createSecurityIdentity(principal, hashSet) : null, inetAddress);
    }

    private static SecurityIdentity createSecurityIdentity(Principal principal, Set<String> set) {
        ServerAuthenticationContext createNewAuthenticationContext = INFLOW_SECURITY_DOMAIN.createNewAuthenticationContext();
        try {
            createNewAuthenticationContext.verifyEvidence(new EvidenceWithRoles(principal, set));
            createNewAuthenticationContext.authorize();
            return createNewAuthenticationContext.getAuthorizedIdentity();
        } catch (RealmUnavailableException e) {
            throw new IllegalStateException(e);
        }
    }

    private static SecurityDomain createSecurityDomain() {
        return SecurityDomain.builder().setDefaultRealmName("Empty").addRealm("Empty", new SecurityRealm() { // from class: org.jboss.as.controller.remote.IdentityAddressProtocolUtil.1
            @Override // org.wildfly.security.auth.server.SecurityRealm
            public RealmIdentity getRealmIdentity(final Principal principal) throws RealmUnavailableException {
                return new RealmIdentity() { // from class: org.jboss.as.controller.remote.IdentityAddressProtocolUtil.1.1
                    private volatile Set<String> roles = null;

                    @Override // org.wildfly.security.auth.server.RealmIdentity
                    public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
                        this.roles = ((EvidenceWithRoles) evidence).roles;
                        return true;
                    }

                    @Override // org.wildfly.security.auth.server.RealmIdentity
                    public Principal getRealmIdentityPrincipal() {
                        return principal;
                    }

                    @Override // org.wildfly.security.auth.server.RealmIdentity
                    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
                        return SupportLevel.UNSUPPORTED;
                    }

                    @Override // org.wildfly.security.auth.server.RealmIdentity
                    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str) throws RealmUnavailableException {
                        return SupportLevel.UNSUPPORTED;
                    }

                    @Override // org.wildfly.security.auth.server.RealmIdentity
                    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
                        return SupportLevel.UNSUPPORTED;
                    }

                    @Override // org.wildfly.security.auth.server.RealmIdentity
                    public <C extends Credential> C getCredential(Class<C> cls) throws RealmUnavailableException {
                        return null;
                    }

                    @Override // org.wildfly.security.auth.server.RealmIdentity
                    public boolean exists() throws RealmUnavailableException {
                        return true;
                    }

                    @Override // org.wildfly.security.auth.server.RealmIdentity
                    public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
                        MapAttributes mapAttributes = new MapAttributes();
                        mapAttributes.addAll("GROUPS", this.roles);
                        return AuthorizationIdentity.basicIdentity(mapAttributes);
                    }
                };
            }

            @Override // org.wildfly.security.auth.server.SecurityRealm
            public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
                return SupportLevel.UNSUPPORTED;
            }

            @Override // org.wildfly.security.auth.server.SecurityRealm
            public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str) throws RealmUnavailableException {
                return SupportLevel.UNSUPPORTED;
            }

            @Override // org.wildfly.security.auth.server.SecurityRealm
            public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
                return SupportLevel.UNSUPPORTED;
            }
        }).setRoleDecoder(RoleDecoder.simple("GROUPS")).build().setPermissionMapper((permissionMappable, roles) -> {
            return LoginPermission.getInstance();
        }).build();
    }
}
