package org.wildfly.security.auth.login;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
import org.wildfly.security.auth.AuthenticationConfiguration;
import org.wildfly.security.auth.AuthenticationContext;
import org.wildfly.security.auth.MatchRule;
import org.wildfly.security.auth.callback.AuthenticationCompleteCallback;
import org.wildfly.security.auth.callback.CallbackUtil;
import org.wildfly.security.auth.callback.CredentialCallback;
import org.wildfly.security.auth.callback.CredentialParameterCallback;
import org.wildfly.security.auth.callback.FastUnsupportedCallbackException;
import org.wildfly.security.auth.callback.PeerPrincipalCallback;
import org.wildfly.security.auth.callback.SecurityLayerDisposedCallback;
import org.wildfly.security.auth.callback.SocketAddressCallback;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.spi.RealmIdentity;
import org.wildfly.security.auth.spi.RealmUnavailableException;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.TwoWayPassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.sasl.util.AbstractDelegatingSaslServer;
import org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/security/auth/login/SecurityDomainSaslServerFactory.class */
public class SecurityDomainSaslServerFactory extends AbstractDelegatingSaslServerFactory {
    private final SecurityDomain domain;

    /* loaded from: input_file:org/wildfly/security/auth/login/SecurityDomainSaslServerFactory$DomainCallbackHandler.class */
    class DomainCallbackHandler implements CallbackHandler {
        RealmIdentity identity;
        AuthenticationContext context;

        DomainCallbackHandler() {
        }

        public RealmIdentity getIdentity() {
            return this.identity;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            try {
                innerHandle(callbackArr);
            } catch (RealmUnavailableException e) {
                throw new IOException(e);
            }
        }

        private void innerHandle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException, RealmUnavailableException {
            Object credential;
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    if (this.identity != null) {
                        throw new SaslException("Mechanism supplied multiple login names");
                    }
                    RealmIdentity mapName = SecurityDomainSaslServerFactory.this.domain.mapName(((NameCallback) callback).getName());
                    if (mapName == null) {
                        throw new SaslException("Unknown user name");
                    }
                    this.identity = mapName;
                } else if (callback instanceof PeerPrincipalCallback) {
                    if (this.identity != null) {
                        throw new SaslException("Mechanism supplied multiple login names");
                    }
                    RealmIdentity mapName2 = SecurityDomainSaslServerFactory.this.domain.mapName(((PeerPrincipalCallback) callback).getPrincipal().getName());
                    if (mapName2 == null) {
                        throw new SaslException("Unknown user name");
                    }
                    this.identity = mapName2;
                } else if (callback instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callback;
                    if (this.identity == null) {
                        throw new SaslException("No user identity loaded for credential verification");
                    }
                    TwoWayPassword twoWayPassword = (TwoWayPassword) this.identity.getCredential(TwoWayPassword.class);
                    if (twoWayPassword == null) {
                        throw new FastUnsupportedCallbackException(callback);
                    }
                    try {
                        passwordCallback.setPassword(((ClearPasswordSpec) PasswordFactory.getInstance(twoWayPassword.getAlgorithm()).getKeySpec(twoWayPassword, ClearPasswordSpec.class)).getEncodedPassword());
                    } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                        throw new FastUnsupportedCallbackException(callback);
                    }
                } else if (callback instanceof CredentialCallback) {
                    CredentialCallback credentialCallback = (CredentialCallback) callback;
                    if (this.identity == null) {
                        throw new SaslException("No user identity loaded for credential verification");
                    }
                    Iterator<Class<?>> it = credentialCallback.getAllowedTypes().iterator();
                    while (true) {
                        if (it.hasNext()) {
                            Class<?> next = it.next();
                            if (this.identity.getCredentialSupport(next).mayBeObtainable() && (credential = this.identity.getCredential(next)) != null) {
                                credentialCallback.setCredential(credential);
                                break;
                            }
                        }
                    }
                } else if (!(callback instanceof CredentialParameterCallback)) {
                    if (callback instanceof AuthenticationCompleteCallback) {
                        if (this.identity != null) {
                            this.context = AuthenticationContext.empty().with(MatchRule.ALL.matchLocalSecurityDomain("TODO: security domain name"), AuthenticationConfiguration.EMPTY.usePrincipal((NamePrincipal) this.identity.getPrincipal()));
                        }
                        this.identity = null;
                    } else if (callback instanceof SecurityLayerDisposedCallback) {
                        this.context = null;
                    } else if (!(callback instanceof SocketAddressCallback)) {
                        CallbackUtil.unsupported(callback);
                    } else if (((SocketAddressCallback) callback).getKind() == SocketAddressCallback.Kind.PEER) {
                    }
                }
            }
        }
    }

    SecurityDomainSaslServerFactory(SaslServerFactory saslServerFactory, SecurityDomain securityDomain) {
        super(saslServerFactory);
        this.domain = securityDomain;
    }

    @Override // org.wildfly.security.sasl.util.AbstractDelegatingSaslServerFactory
    public SaslServer createSaslServer(String str, String str2, String str3, Map<String, ?> map, CallbackHandler callbackHandler) throws SaslException {
        final DomainCallbackHandler domainCallbackHandler = new DomainCallbackHandler();
        SaslServer createSaslServer = this.delegate.createSaslServer(str, str2, str3, map, domainCallbackHandler);
        if (createSaslServer == null) {
            return null;
        }
        return new AbstractDelegatingSaslServer(createSaslServer) { // from class: org.wildfly.security.auth.login.SecurityDomainSaslServerFactory.1
            @Override // org.wildfly.security.sasl.util.AbstractDelegatingSaslServer
            public Object getNegotiatedProperty(String str4) {
                boolean z = -1;
                switch (str4.hashCode()) {
                    case -1214206805:
                        if (str4.equals("org.wildfly.realm-identity")) {
                            z = true;
                            break;
                        }
                        break;
                    case -296435527:
                        if (str4.equals("org.wildfly.auth-context")) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        return domainCallbackHandler.context;
                    case true:
                        return domainCallbackHandler.identity;
                    default:
                        return this.delegate.getNegotiatedProperty(str4);
                }
            }
        };
    }
}
