package org.wildfly.security.auth.provider;

import java.io.IOException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.callback.CallbackUtil;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.spi.AuthenticatedRealmIdentity;
import org.wildfly.security.auth.spi.CredentialSupport;
import org.wildfly.security.auth.spi.RealmIdentity;
import org.wildfly.security.auth.spi.RealmUnavailableException;
import org.wildfly.security.auth.spi.SecurityRealm;
import org.wildfly.security.manager.WildFlySecurityManager;
import org.wildfly.security.password.interfaces.ClearPassword;

/* loaded from: input_file:org/wildfly/security/auth/provider/JAASSecurityRealm.class */
public class JAASSecurityRealm implements SecurityRealm {
    private final String loginConfiguration;
    private CallbackHandler handler;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/security/auth/provider/JAASSecurityRealm$CreateLoginContextAction.class */
    public class CreateLoginContextAction implements PrivilegedExceptionAction<LoginContext> {
        private final String loginConfig;
        private final Subject subject;
        private final CallbackHandler handler;

        private CreateLoginContextAction(String str, Subject subject, CallbackHandler callbackHandler) {
            this.loginConfig = str;
            this.subject = subject;
            this.handler = callbackHandler;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedExceptionAction
        public LoginContext run() throws Exception {
            return new LoginContext(this.loginConfig, this.subject, this.handler);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/security/auth/provider/JAASSecurityRealm$DefaultCallbackHandler.class */
    public class DefaultCallbackHandler implements CallbackHandler {
        private final Principal principal;
        private final Object credential;

        private DefaultCallbackHandler(Principal principal, Object obj) {
            this.principal = principal;
            this.credential = obj;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            if (callbackArr == null) {
                throw ElytronMessages.log.invalidNullCallbackArray();
            }
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    NameCallback nameCallback = (NameCallback) callback;
                    if (this.principal != null) {
                        nameCallback.setName(this.principal.getName());
                    }
                } else if (callback instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callback;
                    if (this.credential instanceof char[]) {
                        passwordCallback.setPassword((char[]) this.credential);
                    } else if (this.credential instanceof String) {
                        passwordCallback.setPassword(((String) this.credential).toCharArray());
                    } else {
                        if (!(this.credential instanceof ClearPassword)) {
                            throw ElytronMessages.log.failedToConvertCredentialToPassword(callback);
                        }
                        passwordCallback.setPassword(((ClearPassword) this.credential).getPassword());
                    }
                } else {
                    CallbackUtil.unsupported(callback);
                }
            }
        }
    }

    /* loaded from: input_file:org/wildfly/security/auth/provider/JAASSecurityRealm$JAASAuthenticatedRealmIdentity.class */
    private class JAASAuthenticatedRealmIdentity implements AuthenticatedRealmIdentity {
        private final Principal principal;
        private final Subject subject;

        private JAASAuthenticatedRealmIdentity(Principal principal, Subject subject) {
            this.principal = principal;
            this.subject = subject;
        }

        @Override // org.wildfly.security.auth.spi.AuthenticatedRealmIdentity
        public void dispose() {
        }

        @Override // org.wildfly.security.auth.spi.AuthenticatedRealmIdentity
        public Principal getPrincipal() {
            return this.principal;
        }
    }

    /* loaded from: input_file:org/wildfly/security/auth/provider/JAASSecurityRealm$JAASRealmIdentity.class */
    private class JAASRealmIdentity implements RealmIdentity {
        private final Principal principal;
        private Subject subject;

        private JAASRealmIdentity(Principal principal) {
            this.principal = principal;
        }

        @Override // org.wildfly.security.auth.spi.RealmIdentity
        public Principal getPrincipal() throws RealmUnavailableException {
            return this.principal;
        }

        @Override // org.wildfly.security.auth.spi.RealmIdentity
        public CredentialSupport getCredentialSupport(Class<?> cls) throws RealmUnavailableException {
            return JAASSecurityRealm.this.handler == null ? (char[].class.isAssignableFrom(cls) || String.class.isAssignableFrom(cls) || ClearPassword.class.isAssignableFrom(cls)) ? CredentialSupport.VERIFIABLE_ONLY : CredentialSupport.UNSUPPORTED : CredentialSupport.POSSIBLY_VERIFIABLE;
        }

        @Override // org.wildfly.security.auth.spi.RealmIdentity
        public <C> C getCredential(Class<C> cls) throws RealmUnavailableException {
            return null;
        }

        @Override // org.wildfly.security.auth.spi.RealmIdentity
        public boolean verifyCredential(Object obj) throws RealmUnavailableException {
            boolean z;
            CallbackHandler createCallbackHandler = createCallbackHandler(obj);
            Subject subject = new Subject();
            try {
                createLoginContext(JAASSecurityRealm.this.loginConfiguration, subject, createCallbackHandler).login();
                z = true;
                this.subject = subject;
            } catch (LoginException e) {
                ElytronMessages.log.debugJAASAuthenticationFailure(this.principal, e);
                z = false;
            }
            return z;
        }

        @Override // org.wildfly.security.auth.spi.RealmIdentity
        public void dispose() {
        }

        @Override // org.wildfly.security.auth.spi.RealmIdentity
        public AuthenticatedRealmIdentity getAuthenticatedRealmIdentity() throws RealmUnavailableException {
            return new JAASAuthenticatedRealmIdentity(this.principal, this.subject);
        }

        private LoginContext createLoginContext(String str, Subject subject, CallbackHandler callbackHandler) throws RealmUnavailableException {
            if (WildFlySecurityManager.isChecking()) {
                try {
                    return (LoginContext) AccessController.doPrivileged(new CreateLoginContextAction(str, subject, callbackHandler));
                } catch (PrivilegedActionException e) {
                    throw ElytronMessages.log.failedToCreateLoginContext(e.getCause());
                }
            }
            try {
                return new LoginContext(str, subject, callbackHandler);
            } catch (LoginException e2) {
                throw ElytronMessages.log.failedToCreateLoginContext(e2);
            }
        }

        private CallbackHandler createCallbackHandler(Object obj) throws RealmUnavailableException {
            if (JAASSecurityRealm.this.handler == null) {
                return new DefaultCallbackHandler(this.principal, obj);
            }
            try {
                CallbackHandler callbackHandler = (CallbackHandler) JAASSecurityRealm.this.handler.getClass().newInstance();
                JAASSecurityRealm.this.handler.getClass().getMethod("setSecurityInfo", Principal.class, Object.class).invoke(callbackHandler, this.principal, obj);
                return callbackHandler;
            } catch (Exception e) {
                throw ElytronMessages.log.failedToInstantiateCustomHandler(e);
            }
        }
    }

    public JAASSecurityRealm(String str) {
        this(str, null);
    }

    public JAASSecurityRealm(String str, CallbackHandler callbackHandler) {
        this.loginConfiguration = str;
        this.handler = callbackHandler;
    }

    @Override // org.wildfly.security.auth.spi.SecurityRealm
    public RealmIdentity createRealmIdentity(Principal principal) throws RealmUnavailableException {
        if (principal instanceof NamePrincipal) {
            return new JAASRealmIdentity(principal);
        }
        throw ElytronMessages.log.invalidPrincipalType(NamePrincipal.class, principal == null ? null : principal.getClass());
    }

    @Override // org.wildfly.security.auth.spi.SecurityRealm
    public CredentialSupport getCredentialSupport(Class<?> cls) throws RealmUnavailableException {
        return this.handler == null ? (char[].class.isAssignableFrom(cls) || String.class.isAssignableFrom(cls) || ClearPassword.class.isAssignableFrom(cls)) ? CredentialSupport.VERIFIABLE_ONLY : CredentialSupport.UNSUPPORTED : CredentialSupport.POSSIBLY_VERIFIABLE;
    }
}
