package org.jboss.as.domain.management.security;

import java.io.IOException;
import java.security.Principal;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import javax.net.ssl.SSLContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import org.jboss.as.core.security.RealmGroup;
import org.jboss.as.core.security.RealmRole;
import org.jboss.as.core.security.RealmSubjectUserInfo;
import org.jboss.as.core.security.RealmUser;
import org.jboss.as.core.security.SubjectUserInfo;
import org.jboss.as.domain.management.AuthMechanism;
import org.jboss.as.domain.management.AuthorizingCallbackHandler;
import org.jboss.as.domain.management.CallbackHandlerFactory;
import org.jboss.as.domain.management.RealmConfigurationConstants;
import org.jboss.as.domain.management.SecurityRealm;
import org.jboss.as.domain.management.SubjectIdentity;
import org.jboss.as.domain.management.logging.DomainManagementLogger;
import org.jboss.msc.service.Service;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.jboss.msc.value.InjectedSetValue;
import org.jboss.msc.value.InjectedValue;

/* loaded from: input_file:org/jboss/as/domain/management/security/SecurityRealmService.class */
public class SecurityRealmService implements Service<SecurityRealm>, SecurityRealm {
    public static final String LOADED_USERNAME_KEY = SecurityRealmService.class.getName() + ".LOADED_USERNAME";
    public static final String SKIP_GROUP_LOADING_KEY = SecurityRealmService.class.getName() + ".SKIP_GROUP_LOADING";
    private final String name;
    private final boolean mapGroupsToRoles;
    private final InjectedValue<SubjectSupplementalService> subjectSupplemental = new InjectedValue<>();
    private final InjectedValue<SSLContext> sslContext = new InjectedValue<>();
    private final InjectedValue<CallbackHandlerFactory> secretCallbackFactory = new InjectedValue<>();
    private final InjectedValue<KeytabIdentityFactoryService> keytabFactory = new InjectedValue<>();
    private final InjectedSetValue<CallbackHandlerService> callbackHandlerServices = new InjectedSetValue<>();
    private final Map<AuthMechanism, CallbackHandlerService> registeredServices = new HashMap();

    public SecurityRealmService(String str, boolean z) {
        this.name = str;
        this.mapGroupsToRoles = z;
    }

    public void start(StartContext startContext) throws StartException {
        DomainManagementLogger.ROOT_LOGGER.debugf("Starting '%s' Security Realm Service", this.name);
        for (CallbackHandlerService callbackHandlerService : this.callbackHandlerServices.getValue()) {
            AuthMechanism preferredMechanism = callbackHandlerService.getPreferredMechanism();
            if (this.registeredServices.containsKey(preferredMechanism)) {
                this.registeredServices.clear();
                throw DomainManagementLogger.ROOT_LOGGER.multipleCallbackHandlerForMechanism(preferredMechanism.name());
            }
            this.registeredServices.put(preferredMechanism, callbackHandlerService);
        }
    }

    public void stop(StopContext stopContext) {
        DomainManagementLogger.ROOT_LOGGER.debugf("Stopping '%s' Security Realm Service", this.name);
        this.registeredServices.clear();
    }

    /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
    public SecurityRealmService m137getValue() throws IllegalStateException, IllegalArgumentException {
        return this;
    }

    @Override // org.jboss.as.domain.management.SecurityRealm
    public String getName() {
        return this.name;
    }

    @Override // org.jboss.as.domain.management.SecurityRealm
    public Set<AuthMechanism> getSupportedAuthenticationMechanisms() {
        TreeSet treeSet = new TreeSet();
        treeSet.addAll(this.registeredServices.keySet());
        return treeSet;
    }

    @Override // org.jboss.as.domain.management.SecurityRealm
    public Map<String, String> getMechanismConfig(AuthMechanism authMechanism) {
        return getCallbackHandlerService(authMechanism).getConfigurationOptions();
    }

    @Override // org.jboss.as.domain.management.SecurityRealm
    public boolean isReadyForHttpChallenge() {
        Iterator<CallbackHandlerService> it = this.registeredServices.values().iterator();
        while (it.hasNext()) {
            if (it.next().isReadyForHttpChallenge()) {
                return true;
            }
        }
        return false;
    }

    @Override // org.jboss.as.domain.management.SecurityRealm
    public AuthorizingCallbackHandler getAuthorizingCallbackHandler(AuthMechanism authMechanism) {
        final CallbackHandlerService callbackHandlerService = getCallbackHandlerService(authMechanism);
        final HashMap hashMap = new HashMap();
        return new AuthorizingCallbackHandler() { // from class: org.jboss.as.domain.management.security.SecurityRealmService.1
            CallbackHandler handler;
            Map<String, String> options;
            final boolean subjectCallbackSupported;
            Subject subject;

            {
                this.handler = callbackHandlerService.getCallbackHandler(hashMap);
                this.options = callbackHandlerService.getConfigurationOptions();
                if (this.options.containsKey(RealmConfigurationConstants.SUBJECT_CALLBACK_SUPPORTED)) {
                    this.subjectCallbackSupported = Boolean.parseBoolean(this.options.get(RealmConfigurationConstants.SUBJECT_CALLBACK_SUPPORTED));
                } else {
                    this.subjectCallbackSupported = false;
                }
            }

            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                if (!this.subjectCallbackSupported || !notAuthorizeCallback(callbackArr)) {
                    this.handler.handle(callbackArr);
                    return;
                }
                Callback[] callbackArr2 = new Callback[callbackArr.length + 1];
                System.arraycopy(callbackArr, 0, callbackArr2, 0, callbackArr.length);
                SubjectCallback subjectCallback = new SubjectCallback();
                callbackArr2[callbackArr2.length - 1] = subjectCallback;
                this.handler.handle(callbackArr2);
                this.subject = subjectCallback.getSubject();
            }

            private boolean notAuthorizeCallback(Callback[] callbackArr) {
                return !(callbackArr.length == 1 && (callbackArr[0] instanceof AuthorizeCallback));
            }

            @Override // org.jboss.as.domain.management.AuthorizingCallbackHandler
            public SubjectUserInfo createSubjectUserInfo(Collection<Principal> collection) throws IOException {
                Subject subject = this.subject == null ? new Subject() : this.subject;
                Set<Principal> principals = subject.getPrincipals();
                RealmUser realmUser = null;
                if (!hashMap.containsKey(SecurityRealmService.LOADED_USERNAME_KEY)) {
                    Iterator<Principal> it = collection.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        RealmUser realmUser2 = (Principal) it.next();
                        if (realmUser2 instanceof RealmUser) {
                            realmUser = realmUser2;
                            break;
                        }
                    }
                } else {
                    realmUser = new RealmUser(SecurityRealmService.this.getName(), (String) hashMap.get(SecurityRealmService.LOADED_USERNAME_KEY));
                }
                for (Principal principal : collection) {
                    if (!(principal instanceof RealmUser)) {
                        principals.add(principal);
                        if (realmUser == null) {
                            realmUser = new RealmUser(SecurityRealmService.this.name, principal.getName());
                        }
                    }
                }
                if (realmUser != null) {
                    principals.add(realmUser);
                }
                Object obj = hashMap.get(SecurityRealmService.SKIP_GROUP_LOADING_KEY);
                if (obj == null || !Boolean.parseBoolean(obj.toString())) {
                    SubjectSupplementalService subjectSupplementalService = (SubjectSupplementalService) SecurityRealmService.this.subjectSupplemental.getOptionalValue();
                    if (subjectSupplementalService != null) {
                        subjectSupplementalService.getSubjectSupplemental(hashMap).supplementSubject(subject);
                    }
                    if (SecurityRealmService.this.mapGroupsToRoles) {
                        Set principals2 = subject.getPrincipals(RealmGroup.class);
                        HashSet hashSet = new HashSet(principals2.size());
                        Iterator it2 = principals2.iterator();
                        while (it2.hasNext()) {
                            hashSet.add(new RealmRole(((RealmGroup) it2.next()).getName()));
                        }
                        subject.getPrincipals().addAll(hashSet);
                    }
                }
                return new RealmSubjectUserInfo(subject);
            }
        };
    }

    private CallbackHandlerService getCallbackHandlerService(AuthMechanism authMechanism) {
        if (this.registeredServices.containsKey(authMechanism)) {
            return this.registeredServices.get(authMechanism);
        }
        for (CallbackHandlerService callbackHandlerService : this.registeredServices.values()) {
            if (callbackHandlerService.getSupplementaryMechanisms().contains(authMechanism)) {
                return callbackHandlerService;
            }
        }
        throw DomainManagementLogger.ROOT_LOGGER.noCallbackHandlerForMechanism(authMechanism.toString(), this.name);
    }

    @Override // org.jboss.as.domain.management.SecurityRealm
    public SubjectIdentity getSubjectIdentity(String str, String str2) {
        KeytabIdentityFactoryService keytabIdentityFactoryService = (KeytabIdentityFactoryService) this.keytabFactory.getOptionalValue();
        if (keytabIdentityFactoryService != null) {
            return keytabIdentityFactoryService.getSubjectIdentity(str, str2);
        }
        return null;
    }

    public InjectedValue<SubjectSupplementalService> getSubjectSupplementalInjector() {
        return this.subjectSupplemental;
    }

    public InjectedValue<SSLContext> getSSLContextInjector() {
        return this.sslContext;
    }

    public InjectedValue<CallbackHandlerFactory> getSecretCallbackFactory() {
        return this.secretCallbackFactory;
    }

    public InjectedValue<KeytabIdentityFactoryService> getKeytabIdentityFactoryInjector() {
        return this.keytabFactory;
    }

    public InjectedSetValue<CallbackHandlerService> getCallbackHandlerService() {
        return this.callbackHandlerServices;
    }

    @Override // org.jboss.as.domain.management.SecurityRealm
    public SSLContext getSSLContext() {
        return (SSLContext) this.sslContext.getOptionalValue();
    }

    @Override // org.jboss.as.domain.management.SecurityRealm
    public CallbackHandlerFactory getSecretCallbackHandlerFactory() {
        return (CallbackHandlerFactory) this.secretCallbackFactory.getOptionalValue();
    }
}
