package org.wildfly.security.auth.realm.token;

import java.security.Principal;
import org.wildfly.common.Assert;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.authz.Attributes;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.evidence.BearerTokenEvidence;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.http.HttpConstants;

/* loaded from: input_file:org/wildfly/security/auth/realm/token/TokenSecurityRealm.class */
public final class TokenSecurityRealm implements SecurityRealm {
    private final TokenValidator strategy;
    private final String principalClaimName;

    /* loaded from: input_file:org/wildfly/security/auth/realm/token/TokenSecurityRealm$Builder.class */
    public static class Builder {
        private String principalClaimName;
        private TokenValidator strategy;

        private Builder() {
            this.principalClaimName = HttpConstants.USERNAME;
        }

        public Builder principalClaimName(String str) {
            this.principalClaimName = str;
            return this;
        }

        public Builder validator(TokenValidator tokenValidator) {
            this.strategy = tokenValidator;
            return this;
        }

        public TokenSecurityRealm build() {
            return new TokenSecurityRealm(this);
        }
    }

    /* loaded from: input_file:org/wildfly/security/auth/realm/token/TokenSecurityRealm$TokenRealmIdentity.class */
    final class TokenRealmIdentity implements RealmIdentity {
        private final BearerTokenEvidence evidence;
        private Attributes claims;

        TokenRealmIdentity(Evidence evidence) {
            if (evidence == null || !TokenSecurityRealm.this.isBearerTokenEvidence(evidence.getClass())) {
                this.evidence = null;
            } else {
                this.evidence = (BearerTokenEvidence) evidence;
            }
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public Principal getRealmIdentityPrincipal() {
            try {
                if (!exists()) {
                    return null;
                }
                if (this.claims.containsKey(TokenSecurityRealm.this.principalClaimName)) {
                    return new NamePrincipal(this.claims.getFirst(TokenSecurityRealm.this.principalClaimName));
                }
                throw ElytronMessages.log.tokenRealmFailedToObtainPrincipalWithClaim(TokenSecurityRealm.this.principalClaimName);
            } catch (Exception e) {
                throw ElytronMessages.log.tokenRealmFailedToObtainPrincipal(e);
            }
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
            return TokenSecurityRealm.this.isBearerTokenEvidence(evidence.getClass()) && TokenSecurityRealm.this.strategy.validate((BearerTokenEvidence) evidence) != null;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public boolean exists() throws RealmUnavailableException {
            return getClaims() != null;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
            if (exists()) {
                return new AuthorizationIdentity() { // from class: org.wildfly.security.auth.realm.token.TokenSecurityRealm.TokenRealmIdentity.1
                    @Override // org.wildfly.security.authz.AuthorizationIdentity
                    public Attributes getAttributes() {
                        return TokenRealmIdentity.this.claims;
                    }
                };
            }
            return null;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str) throws RealmUnavailableException {
            return SupportLevel.UNSUPPORTED;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public <C extends Credential> C getCredential(Class<C> cls) throws RealmUnavailableException {
            return null;
        }

        @Override // org.wildfly.security.auth.server.RealmIdentity
        public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            return (exists() && TokenSecurityRealm.this.isBearerTokenEvidence(cls)) ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
        }

        private Attributes getClaims() throws RealmUnavailableException {
            if (this.claims == null && this.evidence != null) {
                this.claims = TokenSecurityRealm.this.strategy.validate(this.evidence);
            }
            return this.claims;
        }
    }

    public static Builder builder() {
        return new Builder();
    }

    TokenSecurityRealm(Builder builder) {
        Assert.checkNotNullParam("configuration", builder);
        if (builder.principalClaimName == null) {
            this.principalClaimName = HttpConstants.USERNAME;
        } else {
            this.principalClaimName = builder.principalClaimName;
        }
        this.strategy = (TokenValidator) Assert.checkNotNullParam("tokenValidationStrategy", builder.strategy);
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public RealmIdentity getRealmIdentity(Evidence evidence) {
        return new TokenRealmIdentity(evidence);
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str) throws RealmUnavailableException {
        return SupportLevel.UNSUPPORTED;
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
        return isBearerTokenEvidence(cls) ? SupportLevel.POSSIBLY_SUPPORTED : SupportLevel.UNSUPPORTED;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isBearerTokenEvidence(Class<?> cls) {
        return cls != null && cls.equals(BearerTokenEvidence.class);
    }
}
