package org.wildfly.security.auth.server;

import java.security.PermissionCollection;
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.SSLServerSocketFactory;
import javax.security.sasl.SaslServerFactory;
import org.jboss.as.domain.management.ModelDescriptionConstants;
import org.wildfly.common.Assert;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.principal.AnonymousPrincipal;
import org.wildfly.security.authz.Attributes;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.authz.PermissionMapper;
import org.wildfly.security.authz.RoleDecoder;
import org.wildfly.security.authz.RoleMapper;
import org.wildfly.security.permission.ElytronPermission;
import org.wildfly.security.sasl.WildFlySasl;
import org.wildfly.security.util._private.UnmodifiableArrayList;

/* loaded from: input_file:org/wildfly/security/auth/server/SecurityDomain.class */
public final class SecurityDomain {
    static final ElytronPermission CREATE_SECURITY_DOMAIN;
    private final Map<String, RealmInfo> realmMap;
    private final String defaultRealmName;
    private final NameRewriter preRealmRewriter;
    private final RealmMapper realmMapper;
    private final NameRewriter postRealmRewriter;
    private final RoleMapper roleMapper;
    private final PrincipalDecoder principalDecoder;
    private final PermissionMapper permissionMapper;
    static final /* synthetic */ boolean $assertionsDisabled;
    private final boolean anonymousAllowed = false;
    private final SecurityIdentity anonymousIdentity = new SecurityIdentity(this, AnonymousPrincipal.getInstance(), new RealmInfo(SecurityRealm.EMPTY_REALM, "default", RoleMapper.IDENTITY_ROLE_MAPPER, NameRewriter.IDENTITY_REWRITER, RoleDecoder.DEFAULT), AuthorizationIdentity.EMPTY);
    private final ThreadLocal<SecurityIdentity> currentSecurityIdentity = ThreadLocal.withInitial(() -> {
        return this.anonymousIdentity;
    });

    /* loaded from: input_file:org/wildfly/security/auth/server/SecurityDomain$Builder.class */
    public static final class Builder {
        private String defaultRealmName;
        private boolean built = false;
        private final HashMap<String, RealmBuilder> realms = new HashMap<>();
        private NameRewriter preRealmRewriter = NameRewriter.IDENTITY_REWRITER;
        private NameRewriter postRealmRewriter = NameRewriter.IDENTITY_REWRITER;
        private RealmMapper realmMapper = RealmMapper.DEFAULT_REALM_MAPPER;
        private RoleMapper roleMapper = RoleMapper.IDENTITY_ROLE_MAPPER;
        private PermissionMapper permissionMapper = PermissionMapper.EMPTY_PERMISSION_MAPPER;
        private PrincipalDecoder principalDecoder = PrincipalDecoder.DEFAULT;

        Builder() {
        }

        public Builder setPreRealmRewriter(NameRewriter nameRewriter) {
            Assert.checkNotNullParam("rewriter", nameRewriter);
            assertNotBuilt();
            this.preRealmRewriter = nameRewriter;
            return this;
        }

        public Builder setPostRealmRewriter(NameRewriter nameRewriter) {
            Assert.checkNotNullParam("rewriter", nameRewriter);
            assertNotBuilt();
            this.postRealmRewriter = nameRewriter;
            return this;
        }

        public Builder setRealmMapper(RealmMapper realmMapper) {
            Assert.checkNotNullParam("realmMapper", realmMapper);
            assertNotBuilt();
            this.realmMapper = realmMapper;
            return this;
        }

        public Builder setRoleMapper(RoleMapper roleMapper) {
            Assert.checkNotNullParam("roleMapper", roleMapper);
            assertNotBuilt();
            this.roleMapper = roleMapper;
            return this;
        }

        public Builder setPermissionMapper(PermissionMapper permissionMapper) {
            Assert.checkNotNullParam("permissionMapper", permissionMapper);
            assertNotBuilt();
            this.permissionMapper = permissionMapper;
            return this;
        }

        public Builder setPrincipalDecoder(PrincipalDecoder principalDecoder) {
            Assert.checkNotNullParam("principalDecoder", principalDecoder);
            assertNotBuilt();
            this.principalDecoder = principalDecoder;
            return this;
        }

        public RealmBuilder addRealm(String str, SecurityRealm securityRealm) {
            Assert.checkNotNullParam("name", str);
            Assert.checkNotNullParam("realm", securityRealm);
            assertNotBuilt();
            RealmBuilder realmBuilder = new RealmBuilder(str, securityRealm);
            this.realms.put(str, realmBuilder);
            return realmBuilder;
        }

        public String getDefaultRealmName() {
            return this.defaultRealmName;
        }

        public Builder setDefaultRealmName(String str) {
            Assert.checkNotNullParam("defaultRealmName", str);
            assertNotBuilt();
            this.defaultRealmName = str;
            return this;
        }

        public SecurityDomain build() {
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                securityManager.checkPermission(SecurityDomain.CREATE_SECURITY_DOMAIN);
            }
            String str = this.defaultRealmName;
            Assert.checkNotNullParam("defaultRealmName", str);
            HashMap hashMap = new HashMap(this.realms.size());
            for (RealmBuilder realmBuilder : this.realms.values()) {
                hashMap.put(realmBuilder.getName(), new RealmInfo(realmBuilder));
            }
            if (!hashMap.containsKey(str)) {
                throw ElytronMessages.log.realmMapDoesNotContainDefault(str);
            }
            assertNotBuilt();
            this.built = true;
            return new SecurityDomain(this, hashMap);
        }

        private void assertNotBuilt() {
            if (this.built) {
                throw ElytronMessages.log.builderAlreadyBuilt();
            }
        }
    }

    /* loaded from: input_file:org/wildfly/security/auth/server/SecurityDomain$RealmBuilder.class */
    public static class RealmBuilder {
        private final String name;
        private final SecurityRealm realm;
        private RoleMapper roleMapper = RoleMapper.IDENTITY_ROLE_MAPPER;
        private NameRewriter nameRewriter = NameRewriter.IDENTITY_REWRITER;
        private RoleDecoder roleDecoder = RoleDecoder.DEFAULT;

        RealmBuilder(String str, SecurityRealm securityRealm) {
            this.name = str;
            this.realm = securityRealm;
        }

        public String getName() {
            return this.name;
        }

        public SecurityRealm getRealm() {
            return this.realm;
        }

        public RoleMapper getRoleMapper() {
            return this.roleMapper;
        }

        public void setRoleMapper(RoleMapper roleMapper) {
            Assert.checkNotNullParam("roleMapper", roleMapper);
            this.roleMapper = roleMapper;
        }

        public NameRewriter getNameRewriter() {
            return this.nameRewriter;
        }

        public void setNameRewriter(NameRewriter nameRewriter) {
            Assert.checkNotNullParam("nameRewriter", nameRewriter);
            this.nameRewriter = nameRewriter;
        }

        public RoleDecoder getRoleDecoder() {
            return this.roleDecoder;
        }

        public void setRoleDecoder(RoleDecoder roleDecoder) {
            this.roleDecoder = roleDecoder;
        }
    }

    SecurityDomain(Builder builder, HashMap<String, RealmInfo> hashMap) {
        this.realmMap = hashMap;
        this.defaultRealmName = builder.defaultRealmName;
        this.preRealmRewriter = builder.preRealmRewriter;
        this.realmMapper = builder.realmMapper;
        this.roleMapper = builder.roleMapper;
        this.permissionMapper = builder.permissionMapper;
        this.postRealmRewriter = builder.postRealmRewriter;
        this.principalDecoder = builder.principalDecoder;
    }

    public static Builder builder() {
        return new Builder();
    }

    public ServerAuthenticationContext createNewAuthenticationContext() {
        return new ServerAuthenticationContext(this);
    }

    public RealmIdentity mapName(String str) throws RealmUnavailableException {
        Assert.checkNotNullParam("name", str);
        String rewriteName = this.preRealmRewriter.rewriteName(str);
        if (rewriteName == null) {
            throw ElytronMessages.log.invalidName();
        }
        SecurityRealm realm = getRealm(mapRealmName(rewriteName));
        if (!$assertionsDisabled && realm == null) {
            throw new AssertionError();
        }
        String rewriteName2 = this.postRealmRewriter.rewriteName(rewriteName);
        if (rewriteName2 == null) {
            throw ElytronMessages.log.invalidName();
        }
        return realm.createRealmIdentity(rewriteName2);
    }

    public RealmIdentity mapPrincipal(Principal principal) throws RealmUnavailableException, IllegalArgumentException {
        Assert.checkNotNullParam(ModelDescriptionConstants.PRINCIPAL, principal);
        String name = this.principalDecoder.getName(principal);
        if (name == null) {
            throw ElytronMessages.log.unrecognizedPrincipalType(principal);
        }
        return mapName(name);
    }

    public SSLServerSocketFactory getSslServerSocketFactory() {
        throw new UnsupportedOperationException();
    }

    public List<String> getSaslServerMechanismNames(SaslServerFactory saslServerFactory) {
        String[] mechanismNames = saslServerFactory.getMechanismNames(Collections.singletonMap(WildFlySasl.MECHANISM_QUERY_ALL, "true"));
        return (mechanismNames == null || mechanismNames.length == 0) ? Collections.emptyList() : mechanismNames.length == 1 ? Collections.singletonList(mechanismNames[0]) : new UnmodifiableArrayList(mechanismNames);
    }

    public boolean isAnonymousAllowed() {
        return this.anonymousAllowed;
    }

    SecurityRealm getRealm(String str) {
        return getRealmInfo(str).getSecurityRealm();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RealmInfo getRealmInfo(String str) {
        RealmInfo realmInfo = this.realmMap.get(str);
        if (realmInfo == null) {
            realmInfo = this.realmMap.get(this.defaultRealmName);
        }
        return realmInfo;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CredentialSupport getCredentialSupport(Class<?> cls, String str) {
        SupportLevel supportLevel = null;
        SupportLevel supportLevel2 = null;
        SupportLevel supportLevel3 = null;
        SupportLevel supportLevel4 = null;
        Iterator<RealmInfo> it = this.realmMap.values().iterator();
        if (!it.hasNext()) {
            return CredentialSupport.UNSUPPORTED;
        }
        while (it.hasNext()) {
            try {
                CredentialSupport credentialSupport = it.next().getSecurityRealm().getCredentialSupport(cls, str);
                SupportLevel obtainableSupportLevel = credentialSupport.obtainableSupportLevel();
                SupportLevel verificationSupportLevel = credentialSupport.verificationSupportLevel();
                if (supportLevel4 == null || supportLevel3 == null || supportLevel2 == null || supportLevel == null) {
                    supportLevel3 = obtainableSupportLevel;
                    supportLevel4 = obtainableSupportLevel;
                    supportLevel = verificationSupportLevel;
                    supportLevel2 = verificationSupportLevel;
                } else {
                    if (obtainableSupportLevel.compareTo(supportLevel4) < 0) {
                        supportLevel4 = obtainableSupportLevel;
                    }
                    if (obtainableSupportLevel.compareTo(supportLevel3) > 0) {
                        supportLevel3 = obtainableSupportLevel;
                    }
                    if (verificationSupportLevel.compareTo(supportLevel2) < 0) {
                        supportLevel2 = verificationSupportLevel;
                    }
                    if (verificationSupportLevel.compareTo(supportLevel) > 0) {
                        supportLevel = verificationSupportLevel;
                    }
                }
            } catch (RealmUnavailableException e) {
            }
        }
        return (supportLevel4 == null || supportLevel3 == null || supportLevel2 == null || supportLevel == null) ? CredentialSupport.UNSUPPORTED : CredentialSupport.getCredentialSupport(minMax(supportLevel4, supportLevel3), minMax(supportLevel2, supportLevel));
    }

    private SupportLevel minMax(SupportLevel supportLevel, SupportLevel supportLevel2) {
        return supportLevel == supportLevel2 ? supportLevel : supportLevel2 == SupportLevel.UNSUPPORTED ? SupportLevel.UNSUPPORTED : supportLevel == SupportLevel.SUPPORTED ? SupportLevel.SUPPORTED : SupportLevel.POSSIBLY_SUPPORTED;
    }

    public SecurityIdentity getCurrentSecurityIdentity() {
        return this.currentSecurityIdentity.get();
    }

    public SecurityIdentity getAnonymousSecurityIdentity() {
        return this.anonymousIdentity;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityIdentity getAndSetCurrentSecurityIdentity(SecurityIdentity securityIdentity) {
        try {
            return this.currentSecurityIdentity.get();
        } finally {
            this.currentSecurityIdentity.set(securityIdentity);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCurrentSecurityIdentity(SecurityIdentity securityIdentity) {
        this.currentSecurityIdentity.set(securityIdentity);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<String> mapRoles(SecurityIdentity securityIdentity) {
        Assert.checkNotNullParam("securityIdentity", securityIdentity);
        Attributes attributes = securityIdentity.getAuthorizationIdentity().getAttributes();
        RealmInfo realmInfo = securityIdentity.getRealmInfo();
        return this.roleMapper.mapRoles(realmInfo.getRoleMapper().mapRoles(realmInfo.getRoleDecoder().decodeRoles(attributes)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PermissionCollection mapPermissions(SecurityIdentity securityIdentity) {
        Assert.checkNotNullParam("securityIdentity", securityIdentity);
        return this.permissionMapper.mapPermissions(securityIdentity.getPrincipal(), securityIdentity.getRoles());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public NameRewriter getPreRealmRewriter() {
        return this.preRealmRewriter;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String mapRealmName(String str) {
        String realmMapping = this.realmMapper.getRealmMapping(str);
        return realmMapping != null ? realmMapping : this.defaultRealmName;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public NameRewriter getPostRealmRewriter() {
        return this.postRealmRewriter;
    }

    RoleMapper getRoleMapper() {
        return this.roleMapper;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrincipalDecoder getPrincipalDecoder() {
        return this.principalDecoder;
    }

    static {
        $assertionsDisabled = !SecurityDomain.class.desiredAssertionStatus();
        CREATE_SECURITY_DOMAIN = new ElytronPermission("createSecurityDomain");
    }
}
