package org.wildfly.security.auth.login;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLServerSocketFactory;
import javax.security.sasl.SaslServerFactory;
import org.jboss.as.cli.Util;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.spi.CredentialSupport;
import org.wildfly.security.auth.spi.RealmIdentity;
import org.wildfly.security.auth.spi.RealmUnavailableException;
import org.wildfly.security.auth.spi.SecurityRealm;
import org.wildfly.security.auth.spi.SupportLevel;
import org.wildfly.security.auth.util.NameRewriter;
import org.wildfly.security.auth.util.RealmMapper;
import org.wildfly.security.sasl.WildFlySasl;
import org.wildfly.security.util._private.UnmodifiableArrayList;

/* loaded from: input_file:org/wildfly/security/auth/login/SecurityDomain.class */
public final class SecurityDomain {
    private final Map<String, SecurityRealm> realmMap;
    private final String defaultRealmName;
    private final NameRewriter[] preRealmRewriters;
    private final RealmMapper realmMapper;
    private final NameRewriter[] postRealmRewriters;
    private final boolean anonymousAllowed;
    private final ThreadLocal<SecurityIdentity> currentSecurityIdentity = new ThreadLocal<>();
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:org/wildfly/security/auth/login/SecurityDomain$Builder.class */
    public static final class Builder {
        private static final NameRewriter[] NONE = new NameRewriter[0];
        private String defaultRealmName;
        private boolean built = false;
        private final ArrayList<NameRewriter> preRealmRewriters = new ArrayList<>();
        private final ArrayList<NameRewriter> postRealmRewriters = new ArrayList<>();
        private final HashMap<String, SecurityRealm> realms = new HashMap<>();
        private RealmMapper realmMapper = RealmMapper.DEFAULT_REALM_MAPPER;

        public Builder addPreRealmRewriter(NameRewriter nameRewriter) {
            assertNotBuilt();
            if (nameRewriter != null) {
                this.preRealmRewriters.add(nameRewriter);
            }
            return this;
        }

        public Builder addPostRealmRewriter(NameRewriter nameRewriter) {
            assertNotBuilt();
            if (nameRewriter != null) {
                this.postRealmRewriters.add(nameRewriter);
            }
            return this;
        }

        public Builder setRealmMapper(RealmMapper realmMapper) {
            assertNotBuilt();
            this.realmMapper = realmMapper == null ? RealmMapper.DEFAULT_REALM_MAPPER : realmMapper;
            return this;
        }

        public Builder addRealm(String str, SecurityRealm securityRealm) {
            assertNotBuilt();
            if (str == null) {
                throw ElytronMessages.log.nullParameter("name");
            }
            if (securityRealm == null) {
                throw ElytronMessages.log.nullParameter("realm");
            }
            this.realms.put(str, securityRealm);
            return this;
        }

        public String getDefaultRealmName() {
            return this.defaultRealmName;
        }

        public Builder setDefaultRealmName(String str) {
            assertNotBuilt();
            if (str == null) {
                throw ElytronMessages.log.nullParameter("defaultRealmName");
            }
            this.defaultRealmName = str;
            return this;
        }

        public SecurityDomain build() {
            String str = this.defaultRealmName;
            if (str == null) {
                throw ElytronMessages.log.nullParameter("defaultRealmName");
            }
            HashMap hashMap = new HashMap(this.realms);
            if (!hashMap.containsKey(str)) {
                throw ElytronMessages.log.realmMapDoesntContainDefault(str);
            }
            assertNotBuilt();
            this.built = true;
            return new SecurityDomain(hashMap, str, this.preRealmRewriters.isEmpty() ? NONE : (NameRewriter[]) this.preRealmRewriters.toArray(new NameRewriter[this.preRealmRewriters.size()]), this.realmMapper, this.postRealmRewriters.isEmpty() ? NONE : (NameRewriter[]) this.postRealmRewriters.toArray(new NameRewriter[this.postRealmRewriters.size()]));
        }

        private void assertNotBuilt() {
            if (this.built) {
                throw ElytronMessages.log.builderAlreadyBuilt();
            }
        }
    }

    SecurityDomain(Map<String, SecurityRealm> map, String str, NameRewriter[] nameRewriterArr, RealmMapper realmMapper, NameRewriter[] nameRewriterArr2) {
        if (!$assertionsDisabled && !map.containsKey(str)) {
            throw new AssertionError();
        }
        this.realmMap = map;
        this.defaultRealmName = str;
        this.preRealmRewriters = nameRewriterArr;
        this.realmMapper = realmMapper;
        this.postRealmRewriters = nameRewriterArr2;
        this.anonymousAllowed = false;
    }

    public static Builder builder() {
        return new Builder();
    }

    public ServerAuthenticationContext createNewAuthenticationContext() {
        return new ServerAuthenticationContext(this);
    }

    public RealmIdentity mapName(String str) throws RealmUnavailableException {
        for (NameRewriter nameRewriter : this.preRealmRewriters) {
            str = nameRewriter.rewriteName(str);
        }
        String realmMapping = this.realmMapper.getRealmMapping(str);
        if (realmMapping == null) {
            realmMapping = this.defaultRealmName;
        }
        SecurityRealm securityRealm = this.realmMap.get(realmMapping);
        if (securityRealm == null) {
            securityRealm = this.realmMap.get(this.defaultRealmName);
        }
        if (!$assertionsDisabled && securityRealm == null) {
            throw new AssertionError();
        }
        for (NameRewriter nameRewriter2 : this.postRealmRewriters) {
            str = nameRewriter2.rewriteName(str);
        }
        return securityRealm.createRealmIdentity(str);
    }

    public SSLServerSocketFactory getSslServerSocketFactory() {
        throw new UnsupportedOperationException();
    }

    public List<String> getSaslServerMechanismNames(SaslServerFactory saslServerFactory) {
        String[] mechanismNames = saslServerFactory.getMechanismNames(Collections.singletonMap(WildFlySasl.MECHANISM_QUERY_ALL, Util.TRUE));
        return (mechanismNames == null || mechanismNames.length == 0) ? Collections.emptyList() : mechanismNames.length == 1 ? Collections.singletonList(mechanismNames[0]) : new UnmodifiableArrayList(mechanismNames);
    }

    public boolean isAnonymousAllowed() {
        return this.anonymousAllowed;
    }

    SecurityRealm getRealm(String str) {
        SecurityRealm securityRealm = this.realmMap.get(str);
        if (securityRealm == null) {
            securityRealm = this.realmMap.get(this.defaultRealmName);
        }
        return securityRealm;
    }

    CredentialSupport getCredentialSupport(Class<?> cls) {
        SupportLevel supportLevel = null;
        SupportLevel supportLevel2 = null;
        SupportLevel supportLevel3 = null;
        SupportLevel supportLevel4 = null;
        Iterator<SecurityRealm> it = this.realmMap.values().iterator();
        if (!it.hasNext()) {
            return CredentialSupport.UNSUPPORTED;
        }
        while (it.hasNext()) {
            try {
                CredentialSupport credentialSupport = it.next().getCredentialSupport(cls);
                SupportLevel obtainableSupportLevel = credentialSupport.obtainableSupportLevel();
                SupportLevel verificationSupportLevel = credentialSupport.verificationSupportLevel();
                if (supportLevel4 == null || supportLevel3 == null || supportLevel2 == null || supportLevel == null) {
                    supportLevel3 = obtainableSupportLevel;
                    supportLevel4 = obtainableSupportLevel;
                    supportLevel = verificationSupportLevel;
                    supportLevel2 = verificationSupportLevel;
                } else {
                    if (obtainableSupportLevel.compareTo(supportLevel4) < 0) {
                        supportLevel4 = obtainableSupportLevel;
                    }
                    if (obtainableSupportLevel.compareTo(supportLevel3) > 0) {
                        supportLevel3 = obtainableSupportLevel;
                    }
                    if (verificationSupportLevel.compareTo(supportLevel2) < 0) {
                        supportLevel2 = verificationSupportLevel;
                    }
                    if (verificationSupportLevel.compareTo(supportLevel) > 0) {
                        supportLevel = verificationSupportLevel;
                    }
                }
            } catch (RealmUnavailableException e) {
            }
        }
        return (supportLevel4 == null || supportLevel3 == null || supportLevel2 == null || supportLevel == null) ? CredentialSupport.UNSUPPORTED : CredentialSupport.getCredentialSupport(minMax(supportLevel4, supportLevel3), minMax(supportLevel2, supportLevel));
    }

    private SupportLevel minMax(SupportLevel supportLevel, SupportLevel supportLevel2) {
        return supportLevel == supportLevel2 ? supportLevel : supportLevel2 == SupportLevel.UNSUPPORTED ? SupportLevel.UNSUPPORTED : supportLevel == SupportLevel.SUPPORTED ? SupportLevel.SUPPORTED : SupportLevel.POSSIBLY_SUPPORTED;
    }

    CredentialSupport getCredentialSupport(String str, Class<?> cls) {
        try {
            return getRealm(str).getCredentialSupport(cls);
        } catch (RealmUnavailableException e) {
            return CredentialSupport.UNSUPPORTED;
        }
    }

    SecurityIdentity getCurrentSecurityIdentity() {
        return this.currentSecurityIdentity.get();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityIdentity getAndSetCurrentSecurityIdentity(SecurityIdentity securityIdentity) {
        try {
            return this.currentSecurityIdentity.get();
        } finally {
            this.currentSecurityIdentity.set(securityIdentity);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCurrentSecurityIdentity(SecurityIdentity securityIdentity) {
        this.currentSecurityIdentity.set(securityIdentity);
    }

    static {
        $assertionsDisabled = !SecurityDomain.class.desiredAssertionStatus();
    }
}
