package org.wildfly.security.auth.provider;

import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500PrivateCredential;
import org.wildfly.security.auth.server.CredentialSupport;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.keystore.PasswordEntry;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;

/* loaded from: input_file:org/wildfly/security/auth/provider/KeyStoreBackedSecurityRealm.class */
public class KeyStoreBackedSecurityRealm implements SecurityRealm {
    private final KeyStore keyStore;

    /* loaded from: input_file:org/wildfly/security/auth/provider/KeyStoreBackedSecurityRealm$KeyStoreRealmIdentity.class */
    private class KeyStoreRealmIdentity implements RealmIdentity {
        private final String name;

        private KeyStoreRealmIdentity(String str) {
            this.name = str;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public String getName() {
            return this.name;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public CredentialSupport getCredentialSupport(Class<?> cls, String str) {
            KeyStore.Entry entry = KeyStoreBackedSecurityRealm.this.getEntry(this.name);
            if (entry == null) {
                return CredentialSupport.UNSUPPORTED;
            }
            if (entry instanceof PasswordEntry) {
                return cls.isInstance(((PasswordEntry) entry).getPassword()) ? CredentialSupport.FULLY_SUPPORTED : CredentialSupport.UNSUPPORTED;
            }
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
                PrivateKey privateKey = privateKeyEntry.getPrivateKey();
                Certificate certificate = privateKeyEntry.getCertificate();
                return (cls.isInstance(privateKey) || cls.isInstance(certificate) || ((certificate instanceof X509Certificate) && X500PrivateCredential.class.isAssignableFrom(cls))) ? CredentialSupport.FULLY_SUPPORTED : CredentialSupport.UNSUPPORTED;
            }
            if (entry instanceof KeyStore.TrustedCertificateEntry) {
                return cls.isInstance(((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate()) ? CredentialSupport.FULLY_SUPPORTED : CredentialSupport.UNSUPPORTED;
            }
            if ((entry instanceof KeyStore.SecretKeyEntry) && cls.isInstance(((KeyStore.SecretKeyEntry) entry).getSecretKey())) {
                return CredentialSupport.FULLY_SUPPORTED;
            }
            return CredentialSupport.UNSUPPORTED;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C> C getCredential(Class<C> cls, String str) {
            KeyStore.Entry entry = KeyStoreBackedSecurityRealm.this.getEntry(this.name);
            if (entry == null) {
                return null;
            }
            if (entry instanceof PasswordEntry) {
                Password password = ((PasswordEntry) entry).getPassword();
                if (cls.isInstance(password)) {
                    return cls.cast(password);
                }
                return null;
            }
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
                PrivateKey privateKey = privateKeyEntry.getPrivateKey();
                Certificate certificate = privateKeyEntry.getCertificate();
                if (cls.isInstance(privateKey)) {
                    return cls.cast(privateKey);
                }
                if (cls.isInstance(certificate)) {
                    return cls.cast(certificate);
                }
                if (cls.isAssignableFrom(X500PrivateCredential.class) && (certificate instanceof X509Certificate)) {
                    return cls.cast(new X500PrivateCredential((X509Certificate) certificate, privateKey, this.name));
                }
                return null;
            }
            if (entry instanceof KeyStore.TrustedCertificateEntry) {
                Certificate trustedCertificate = ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate();
                if (cls.isInstance(trustedCertificate)) {
                    return cls.cast(trustedCertificate);
                }
                return null;
            }
            if (!(entry instanceof KeyStore.SecretKeyEntry)) {
                return null;
            }
            SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
            if (cls.isInstance(secretKey)) {
                return cls.cast(secretKey);
            }
            return null;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public AuthorizationIdentity getAuthorizationIdentity() {
            return new AuthorizationIdentity() { // from class: org.wildfly.security.auth.provider.KeyStoreBackedSecurityRealm.KeyStoreRealmIdentity.1
            };
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean verifyCredential(Object obj) throws RealmUnavailableException {
            KeyStore.Entry entry = KeyStoreBackedSecurityRealm.this.getEntry(this.name);
            if (entry == null || !(entry instanceof PasswordEntry)) {
                return false;
            }
            Password password = ((PasswordEntry) entry).getPassword();
            if (!(obj instanceof char[])) {
                return false;
            }
            try {
                PasswordFactory passwordFactory = PasswordFactory.getInstance(password.getAlgorithm());
                return passwordFactory.verify(passwordFactory.translate(password), (char[]) obj);
            } catch (InvalidKeyException | NoSuchAlgorithmException e) {
                throw new RealmUnavailableException(e);
            }
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean exists() throws RealmUnavailableException {
            return true;
        }
    }

    public KeyStoreBackedSecurityRealm(KeyStore keyStore) {
        this.keyStore = keyStore;
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public RealmIdentity createRealmIdentity(String str) throws RealmUnavailableException {
        return new KeyStoreRealmIdentity(str);
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public CredentialSupport getCredentialSupport(Class<?> cls, String str) {
        return (cls.isAssignableFrom(SecretKey.class) || cls.isAssignableFrom(Password.class) || cls.isAssignableFrom(X500PrivateCredential.class)) ? CredentialSupport.UNKNOWN : CredentialSupport.UNSUPPORTED;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public KeyStore.Entry getEntry(String str) {
        try {
            return this.keyStore.getEntry(str, null);
        } catch (KeyStoreException e) {
            return null;
        } catch (NoSuchAlgorithmException e2) {
            return null;
        } catch (UnrecoverableEntryException e3) {
            return null;
        }
    }
}
