package org.wildfly.security.auth.realm;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.UnrecoverableEntryException;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.auth.server.SupportLevel;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.credential.AlgorithmCredential;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.evidence.Evidence;

/* loaded from: input_file:org/wildfly/security/auth/realm/KeyStoreBackedSecurityRealm.class */
public class KeyStoreBackedSecurityRealm implements SecurityRealm {
    private final KeyStore keyStore;

    /* loaded from: input_file:org/wildfly/security/auth/realm/KeyStoreBackedSecurityRealm$KeyStoreRealmIdentity.class */
    private class KeyStoreRealmIdentity implements RealmIdentity {
        private final String name;

        private KeyStoreRealmIdentity(String str) {
            this.name = str;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str) throws RealmUnavailableException {
            KeyStore.Entry entry = KeyStoreBackedSecurityRealm.this.getEntry(this.name);
            if (entry == null) {
                return SupportLevel.UNSUPPORTED;
            }
            Credential fromKeyStoreEntry = Credential.fromKeyStoreEntry(entry);
            return (cls.isInstance(fromKeyStoreEntry) && (str == null || ((fromKeyStoreEntry instanceof AlgorithmCredential) && str.equals(((AlgorithmCredential) fromKeyStoreEntry).getAlgorithm())))) ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C extends Credential> C getCredential(Class<C> cls, String str) throws RealmUnavailableException {
            Assert.checkNotNullParam("credentialType", cls);
            KeyStore.Entry entry = KeyStoreBackedSecurityRealm.this.getEntry(this.name);
            if (entry == null) {
                return null;
            }
            Credential fromKeyStoreEntry = Credential.fromKeyStoreEntry(entry);
            if (!cls.isInstance(fromKeyStoreEntry)) {
                return null;
            }
            if (str == null || ((fromKeyStoreEntry instanceof AlgorithmCredential) && str.equals(((AlgorithmCredential) fromKeyStoreEntry).getAlgorithm()))) {
                return cls.cast(fromKeyStoreEntry);
            }
            return null;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C extends Credential> C getCredential(Class<C> cls) throws RealmUnavailableException {
            return (C) getCredential(cls, null);
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public AuthorizationIdentity getAuthorizationIdentity() {
            return AuthorizationIdentity.EMPTY;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            KeyStore.Entry entry = KeyStoreBackedSecurityRealm.this.getEntry(this.name);
            if (entry == null) {
                return SupportLevel.UNSUPPORTED;
            }
            Credential fromKeyStoreEntry = Credential.fromKeyStoreEntry(entry);
            return (fromKeyStoreEntry == null || !fromKeyStoreEntry.canVerify(cls, str)) ? SupportLevel.UNSUPPORTED : SupportLevel.SUPPORTED;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
            Credential fromKeyStoreEntry;
            KeyStore.Entry entry = KeyStoreBackedSecurityRealm.this.getEntry(this.name);
            return entry != null && (fromKeyStoreEntry = Credential.fromKeyStoreEntry(entry)) != null && fromKeyStoreEntry.canVerify(evidence) && fromKeyStoreEntry.verify(evidence);
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean exists() throws RealmUnavailableException {
            return KeyStoreBackedSecurityRealm.this.getEntry(this.name) != null;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean createdBySecurityRealm(SecurityRealm securityRealm) {
            return KeyStoreBackedSecurityRealm.this == securityRealm;
        }
    }

    public KeyStoreBackedSecurityRealm(KeyStore keyStore) {
        this.keyStore = keyStore;
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public RealmIdentity getRealmIdentity(String str, Principal principal, Evidence evidence) throws RealmUnavailableException {
        return str == null ? RealmIdentity.NON_EXISTENT : new KeyStoreRealmIdentity(str);
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str) throws RealmUnavailableException {
        Assert.checkNotNullParam("credentialType", cls);
        return SupportLevel.POSSIBLY_SUPPORTED;
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
        Assert.checkNotNullParam("evidenceType", cls);
        return SupportLevel.POSSIBLY_SUPPORTED;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public KeyStore.Entry getEntry(String str) {
        try {
            return this.keyStore.getEntry(str, null);
        } catch (KeyStoreException e) {
            return null;
        } catch (NoSuchAlgorithmException e2) {
            return null;
        } catch (UnrecoverableEntryException e3) {
            return null;
        }
    }
}
