package org.wildfly.security.auth.server;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.wildfly.common.Assert;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.credential.AlgorithmCredential;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.X509CertificateChainCredential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.PasswordGuessEvidence;
import org.wildfly.security.evidence.X509PeerCertificateEvidence;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;

/* loaded from: input_file:org/wildfly/security/auth/server/RealmIdentity.class */
public interface RealmIdentity {
    public static final RealmIdentity ANONYMOUS = new RealmIdentity() { // from class: org.wildfly.security.auth.server.RealmIdentity.1
        @Override // org.wildfly.security.auth.server.RealmIdentity
        public SupportLevel getCredentialAcquireSupport(String str) throws RealmUnavailableException {
            return SupportLevel.UNSUPPORTED;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public Credential getCredential(String str) {
            return null;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean exists() throws RealmUnavailableException {
            return true;
        }
    };
    public static final RealmIdentity NON_EXISTENT = new RealmIdentity() { // from class: org.wildfly.security.auth.server.RealmIdentity.2
        @Override // org.wildfly.security.auth.server.RealmIdentity
        public SupportLevel getCredentialAcquireSupport(String str) throws RealmUnavailableException {
            return SupportLevel.UNSUPPORTED;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public Credential getCredential(String str) {
            return null;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean exists() throws RealmUnavailableException {
            return false;
        }
    };

    SupportLevel getCredentialAcquireSupport(String str) throws RealmUnavailableException;

    Credential getCredential(String str) throws RealmUnavailableException;

    default <C extends Credential> C getCredential(String str, Class<C> cls) throws RealmUnavailableException {
        Credential credential = getCredential((String) Assert.checkNotNullParam("credentialName", str));
        if (((Class) Assert.checkNotNullParam("credentialType", cls)).isInstance(credential)) {
            return cls.cast(credential);
        }
        return null;
    }

    default <C extends Credential> C getCredential(String str, Class<C> cls, Set<String> set) throws RealmUnavailableException {
        Assert.checkNotNullParam("supportedAlgorithms", set);
        AlgorithmCredential algorithmCredential = (C) getCredential(str, cls);
        if (algorithmCredential == null) {
            return null;
        }
        if (!(algorithmCredential instanceof AlgorithmCredential) || set.contains(algorithmCredential.getAlgorithm())) {
            return algorithmCredential;
        }
        return null;
    }

    default Credential getCredential(List<String> list, Map<Class<? extends Credential>, Set<String>> map) throws RealmUnavailableException {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            Credential credential = getCredential(it.next());
            if (credential != null) {
                for (Map.Entry<Class<? extends Credential>, Set<String>> entry : map.entrySet()) {
                    if (entry.getKey().isInstance(credential) && (!(credential instanceof AlgorithmCredential) || entry.getValue().isEmpty() || entry.getValue().contains(((AlgorithmCredential) credential).getAlgorithm()))) {
                        return credential;
                    }
                }
            }
        }
        return null;
    }

    default SupportLevel getEvidenceVerifySupport(String str) throws RealmUnavailableException {
        return getCredentialAcquireSupport(str) != SupportLevel.UNSUPPORTED ? SupportLevel.POSSIBLY_SUPPORTED : SupportLevel.UNSUPPORTED;
    }

    default boolean verifyEvidence(String str, Evidence evidence) throws RealmUnavailableException {
        if (evidence instanceof PasswordGuessEvidence) {
            char[] guess = ((PasswordGuessEvidence) evidence).getGuess();
            PasswordCredential passwordCredential = (PasswordCredential) getCredential(str, PasswordCredential.class);
            if (passwordCredential == null) {
                return false;
            }
            try {
                Password password = passwordCredential.getPassword();
                PasswordFactory passwordFactory = PasswordFactory.getInstance(password.getAlgorithm());
                return passwordFactory.verify(passwordFactory.translate(password), guess);
            } catch (InvalidKeyException | NoSuchAlgorithmException e) {
                return false;
            }
        }
        if (!(evidence instanceof X509PeerCertificateEvidence)) {
            return false;
        }
        X509Certificate peerCertificate = ((X509PeerCertificateEvidence) evidence).getPeerCertificate();
        X509CertificateChainCredential x509CertificateChainCredential = (X509CertificateChainCredential) getCredential(str, X509CertificateChainCredential.class);
        if (x509CertificateChainCredential == null) {
            return false;
        }
        X509Certificate[] certificateChain = x509CertificateChainCredential.getCertificateChain();
        if (certificateChain.length > 0) {
            return certificateChain[0].equals(peerCertificate);
        }
        return false;
    }

    boolean exists() throws RealmUnavailableException;

    default void dispose() {
    }

    default AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
        if (exists()) {
            return AuthorizationIdentity.EMPTY;
        }
        throw ElytronMessages.log.userDoesNotExist();
    }
}
