package org.wildfly.security.auth.client;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.Set;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.wildfly.security.OneTimeSecurityFactory;
import org.wildfly.security.SecurityFactory;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.callback.CredentialCallback;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.SecretKeyCredential;
import org.wildfly.security.credential.X509CertificateChainPrivateCredential;
import org.wildfly.security.credential.X509CertificateChainPublicCredential;
import org.wildfly.security.keystore.PasswordEntry;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.sasl.util.SaslMechanismInformation;
import org.wildfly.security.x500.X500;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/security/auth/client/SetKeyStoreCredentialAuthenticationConfiguration.class */
public class SetKeyStoreCredentialAuthenticationConfiguration extends AuthenticationConfiguration {
    private final SecurityFactory<KeyStore.Entry> entryFactory;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SetKeyStoreCredentialAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration, KeyStore keyStore, String str, KeyStore.ProtectionParameter protectionParameter) {
        this(authenticationConfiguration, new OneTimeSecurityFactory(new KeyStoreEntrySecurityFactory(keyStore, str, protectionParameter)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SetKeyStoreCredentialAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration, SecurityFactory<KeyStore.Entry> securityFactory) {
        super(authenticationConfiguration.without(SetCredentialsConfiguration.class).without(SetCallbackHandlerAuthenticationConfiguration.class).without(SetGSSCredentialAuthenticationConfiguration.class).without(SetKeyManagerCredentialAuthenticationConfiguration.class).without(SetCertificateCredentialAuthenticationConfiguration.class));
        this.entryFactory = securityFactory;
    }

    @Override // org.wildfly.security.auth.client.AuthenticationConfiguration
    AuthenticationConfiguration reparent(AuthenticationConfiguration authenticationConfiguration) {
        return new SetKeyStoreCredentialAuthenticationConfiguration(authenticationConfiguration, this.entryFactory);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.wildfly.security.auth.client.AuthenticationConfiguration
    public void handleCallback(Callback[] callbackArr, int i) throws IOException, UnsupportedCallbackException {
        Callback callback = callbackArr[i];
        if (callback instanceof CredentialCallback) {
            CredentialCallback credentialCallback = (CredentialCallback) callback;
            try {
                KeyStore.Entry create = this.entryFactory.create();
                if (create instanceof PasswordEntry) {
                    credentialCallback.setCredential(new PasswordCredential(((PasswordEntry) create).getPassword()));
                    return;
                }
                if (create instanceof KeyStore.PrivateKeyEntry) {
                    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) create;
                    Certificate[] certificateChain = privateKeyEntry.getCertificateChain();
                    PrivateKey privateKey = privateKeyEntry.getPrivateKey();
                    if (certificateChain != null && certificateChain.length != 0 && credentialCallback.isCredentialTypeSupported(X509CertificateChainPrivateCredential.class, privateKey.getAlgorithm())) {
                        try {
                            credentialCallback.setCredential(new X509CertificateChainPrivateCredential(privateKey, X500.asX509CertificateArray(certificateChain)));
                            return;
                        } catch (ArrayStoreException e) {
                        }
                    }
                } else if (create instanceof KeyStore.TrustedCertificateEntry) {
                    Certificate trustedCertificate = ((KeyStore.TrustedCertificateEntry) create).getTrustedCertificate();
                    if (trustedCertificate instanceof X509Certificate) {
                        credentialCallback.setCredential(new X509CertificateChainPublicCredential((X509Certificate) trustedCertificate));
                        return;
                    }
                } else if (create instanceof KeyStore.SecretKeyEntry) {
                    credentialCallback.setCredential(new SecretKeyCredential(((KeyStore.SecretKeyEntry) create).getSecretKey()));
                    return;
                }
            } catch (GeneralSecurityException e2) {
                throw ElytronMessages.log.unableToReadCredential(e2);
            }
        } else if (callback instanceof PasswordCallback) {
            try {
                KeyStore.Entry create2 = this.entryFactory.create();
                if (create2 instanceof PasswordEntry) {
                    Password password = ((PasswordEntry) create2).getPassword();
                    try {
                        PasswordFactory passwordFactory = PasswordFactory.getInstance(password.getAlgorithm());
                        try {
                            try {
                                ((PasswordCallback) callback).setPassword(((ClearPasswordSpec) passwordFactory.getKeySpec(passwordFactory.translate(password), ClearPasswordSpec.class)).getEncodedPassword());
                                return;
                            } catch (InvalidKeySpecException e3) {
                                throw ElytronMessages.log.unableToReadCredential(e3);
                            }
                        } catch (InvalidKeyException e4) {
                            throw ElytronMessages.log.unableToReadCredential(e4);
                        }
                    } catch (NoSuchAlgorithmException e5) {
                        throw ElytronMessages.log.unableToReadCredential(e5);
                    }
                }
            } catch (GeneralSecurityException e6) {
                throw ElytronMessages.log.unableToReadCredential(e6);
            }
        }
        super.handleCallback(callbackArr, i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.wildfly.security.auth.client.AuthenticationConfiguration
    public boolean filterOneSaslMechanism(String str) {
        try {
            KeyStore.Entry create = this.entryFactory.create();
            Set<Class<? extends Credential>> supportedClientCredentialTypes = SaslMechanismInformation.getSupportedClientCredentialTypes(str);
            if (supportedClientCredentialTypes == null) {
                return super.filterOneSaslMechanism(str);
            }
            if (create instanceof PasswordEntry) {
                Set<String> supportedClientCredentialAlgorithms = SaslMechanismInformation.getSupportedClientCredentialAlgorithms(str, PasswordCredential.class);
                return (supportedClientCredentialTypes.contains(PasswordCredential.class) && (supportedClientCredentialAlgorithms.isEmpty() || supportedClientCredentialAlgorithms.contains(((PasswordEntry) create).getPassword().getAlgorithm()))) || super.filterOneSaslMechanism(str);
            }
            if (!(create instanceof KeyStore.PrivateKeyEntry)) {
                return super.filterOneSaslMechanism(str);
            }
            Set<String> supportedClientCredentialAlgorithms2 = SaslMechanismInformation.getSupportedClientCredentialAlgorithms(str, X509CertificateChainPrivateCredential.class);
            return (supportedClientCredentialTypes.contains(X509CertificateChainPrivateCredential.class) && (supportedClientCredentialAlgorithms2.isEmpty() || supportedClientCredentialAlgorithms2.contains(((KeyStore.PrivateKeyEntry) create).getPrivateKey().getAlgorithm()))) || super.filterOneSaslMechanism(str);
        } catch (GeneralSecurityException e) {
            return super.filterOneSaslMechanism(str);
        }
    }
}
