package org.jboss.as.domain.management.security;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import org.jboss.as.domain.management.AuthMechanism;
import org.jboss.as.domain.management.RealmConfigurationConstants;
import org.jboss.as.domain.management.SecurityRealm;
import org.jboss.as.domain.management.logging.DomainManagementLogger;
import org.jboss.msc.service.Service;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.sasl.callback.DigestHashCallback;
import org.jboss.sasl.callback.VerifyPasswordCallback;
import org.jboss.sasl.util.UsernamePasswordHashUtil;

/* loaded from: input_file:org/jboss/as/domain/management/security/PropertiesCallbackHandler.class */
public class PropertiesCallbackHandler extends UserPropertiesFileLoader implements Service<CallbackHandlerService>, CallbackHandlerService, CallbackHandler {
    private static final String SERVICE_SUFFIX = "properties_authentication";
    private static UsernamePasswordHashUtil hashUtil = null;
    private final String realm;
    private final boolean plainText;

    /* loaded from: input_file:org/jboss/as/domain/management/security/PropertiesCallbackHandler$ServiceUtil.class */
    public static final class ServiceUtil {
        private ServiceUtil() {
        }

        public static ServiceName createServiceName(String str) {
            return SecurityRealm.ServiceUtil.createServiceName(str).append(new String[]{PropertiesCallbackHandler.SERVICE_SUFFIX});
        }
    }

    public PropertiesCallbackHandler(String str, String str2, String str3, boolean z) {
        super(str2, str3);
        this.realm = str;
        this.plainText = z;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public AuthMechanism getPreferredMechanism() {
        return AuthMechanism.DIGEST;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public Set<AuthMechanism> getSupplementaryMechanisms() {
        return Collections.singleton(AuthMechanism.PLAIN);
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public Map<String, String> getConfigurationOptions() {
        HashMap hashMap = new HashMap(2);
        hashMap.put(RealmConfigurationConstants.DIGEST_PLAIN_TEXT, Boolean.toString(this.plainText));
        hashMap.put(RealmConfigurationConstants.VERIFY_PASSWORD_CALLBACK_SUPPORTED, Boolean.TRUE.toString());
        return hashMap;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public boolean isReadyForHttpChallenge() {
        try {
            return getProperties().size() > 0;
        } catch (IOException e) {
            return false;
        }
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public CallbackHandler getCallbackHandler(Map<String, Object> map) {
        return this;
    }

    @Override // org.jboss.as.domain.management.security.PropertiesFileLoader
    protected void verifyProperties(Properties properties) throws IOException {
        if (properties.contains("admin") && "admin".equals(properties.get("admin"))) {
            DomainManagementLogger.ROOT_LOGGER.userAndPasswordWarning();
        }
    }

    @Override // org.jboss.as.domain.management.security.PropertiesFileLoader
    public void start(StartContext startContext) throws StartException {
        super.start(startContext);
        try {
            String realmName = getRealmName();
            if (realmName != null && !this.realm.equals(getRealmName())) {
                DomainManagementLogger.ROOT_LOGGER.realmMisMatch(this.realm, realmName);
            }
        } catch (IOException e) {
            throw DomainManagementLogger.ROOT_LOGGER.unableToLoadProperties(e);
        }
    }

    /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
    public CallbackHandlerService m114getValue() throws IllegalStateException, IllegalArgumentException {
        return this;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        String generateHashedHexURP;
        LinkedList<VerifyPasswordCallback> linkedList = new LinkedList();
        String str = null;
        boolean z = false;
        Properties properties = getProperties();
        for (Callback callback : callbackArr) {
            if (callback instanceof AuthorizeCallback) {
                linkedList.add(callback);
            } else if (callback instanceof NameCallback) {
                str = ((NameCallback) callback).getDefaultName();
                z = properties.containsKey(str);
            } else if ((callback instanceof PasswordCallback) && this.plainText) {
                linkedList.add(callback);
            } else if ((callback instanceof DigestHashCallback) && !this.plainText) {
                linkedList.add(callback);
            } else if (callback instanceof VerifyPasswordCallback) {
                linkedList.add(callback);
            } else {
                if (!(callback instanceof RealmCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                String defaultText = ((RealmCallback) callback).getDefaultText();
                if (!this.realm.equals(defaultText)) {
                    throw DomainManagementLogger.ROOT_LOGGER.invalidRealm(defaultText, this.realm);
                }
            }
        }
        for (VerifyPasswordCallback verifyPasswordCallback : linkedList) {
            if (verifyPasswordCallback instanceof AuthorizeCallback) {
                AuthorizeCallback authorizeCallback = (AuthorizeCallback) verifyPasswordCallback;
                boolean equals = authorizeCallback.getAuthenticationID().equals(authorizeCallback.getAuthorizationID());
                if (!equals) {
                    DomainManagementLogger.SECURITY_LOGGER.tracef("Checking 'AuthorizeCallback', authorized=false, authenticationID=%s, authorizationID=%s.", authorizeCallback.getAuthenticationID(), authorizeCallback.getAuthorizationID());
                }
                authorizeCallback.setAuthorized(equals);
            } else if (verifyPasswordCallback instanceof PasswordCallback) {
                if (!z) {
                    DomainManagementLogger.SECURITY_LOGGER.tracef("User '%s' not found in properties file.", str);
                    throw new UserNotFoundException(str);
                }
                ((PasswordCallback) verifyPasswordCallback).setPassword(properties.get(str).toString().toCharArray());
            } else if (verifyPasswordCallback instanceof DigestHashCallback) {
                if (!z) {
                    DomainManagementLogger.SECURITY_LOGGER.tracef("User '%s' not found in properties file.", str);
                    throw new UserNotFoundException(str);
                }
                ((DigestHashCallback) verifyPasswordCallback).setHexHash(properties.get(str).toString());
            } else if (!(verifyPasswordCallback instanceof VerifyPasswordCallback)) {
                continue;
            } else {
                if (!z) {
                    DomainManagementLogger.SECURITY_LOGGER.tracef("User '%s' not found in properties file.", str);
                    throw new UserNotFoundException(str);
                }
                VerifyPasswordCallback verifyPasswordCallback2 = verifyPasswordCallback;
                if (this.plainText) {
                    boolean equals2 = properties.get(str).toString().equals(verifyPasswordCallback2.getPassword());
                    if (!equals2) {
                        DomainManagementLogger.SECURITY_LOGGER.tracef("Password verification failed for user '%s'", str);
                    }
                    verifyPasswordCallback2.setVerified(equals2);
                } else {
                    UsernamePasswordHashUtil hashUtil2 = getHashUtil();
                    synchronized (hashUtil2) {
                        generateHashedHexURP = hashUtil2.generateHashedHexURP(str, this.realm, verifyPasswordCallback2.getPassword().toCharArray());
                    }
                    boolean equals3 = properties.get(str).toString().equals(generateHashedHexURP);
                    if (!equals3) {
                        DomainManagementLogger.SECURITY_LOGGER.tracef("Digest verification failed for user '%s'", str);
                    }
                    verifyPasswordCallback2.setVerified(equals3);
                }
            }
        }
    }

    private static UsernamePasswordHashUtil getHashUtil() {
        if (hashUtil == null) {
            try {
                hashUtil = new UsernamePasswordHashUtil();
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException(e);
            }
        }
        return hashUtil;
    }
}
