package org.wildfly.extension.undertow.security;

import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import io.undertow.security.idm.DigestCredential;
import io.undertow.security.idm.IdentityManager;
import io.undertow.security.idm.PasswordCredential;
import io.undertow.security.idm.X509CertificateCredential;
import java.security.Principal;
import java.security.acl.Group;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import org.jboss.as.security.plugins.SecurityDomainContext;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.SecurityContext;
import org.jboss.security.callbacks.SecurityContextCallbackHandler;
import org.jboss.security.identity.Role;
import org.jboss.security.identity.RoleGroup;
import org.wildfly.extension.undertow.UndertowLogger;
import org.wildfly.extension.undertow.UndertowMessages;

/* loaded from: input_file:org/wildfly/extension/undertow/security/JAASIdentityManagerImpl.class */
public class JAASIdentityManagerImpl implements IdentityManager {
    private final SecurityDomainContext securityDomainContext;

    public JAASIdentityManagerImpl(SecurityDomainContext securityDomainContext) {
        this.securityDomainContext = securityDomainContext;
    }

    public Account verify(Account account) {
        if (account instanceof AccountImpl) {
            return verifyCredential(account, ((AccountImpl) account).getCredential());
        }
        UndertowLogger.ROOT_LOGGER.tracef("Account is not an AccountImpl", account);
        return null;
    }

    public Account verify(String str, Credential credential) {
        Account account = getAccount(str);
        if (credential instanceof DigestCredential) {
            return verifyCredential(account, new DigestCredentialImpl((DigestCredential) credential));
        }
        char[] password = ((PasswordCredential) credential).getPassword();
        return verifyCredential(account, Arrays.copyOf(password, password.length));
    }

    public Account verify(Credential credential) {
        if (!(credential instanceof X509CertificateCredential)) {
            throw new IllegalArgumentException("Parameter must be a X509CertificateCredential");
        }
        X509Certificate certificate = ((X509CertificateCredential) credential).getCertificate();
        return verifyCredential(getAccount(certificate.getSubjectDN().getName()), certificate);
    }

    private Account getAccount(String str) {
        return new AccountImpl(str);
    }

    private Account verifyCredential(Account account, Object obj) {
        AuthenticationManager authenticationManager = this.securityDomainContext.getAuthenticationManager();
        AuthorizationManager authorizationManager = this.securityDomainContext.getAuthorizationManager();
        SecurityContext securityContext = SecurityActions.getSecurityContext();
        Principal principal = account.getPrincipal();
        Subject subject = new Subject();
        try {
            if (!authenticationManager.isValid(principal, obj, subject)) {
                return null;
            }
            UndertowLogger.ROOT_LOGGER.tracef("User: %s is authenticated", principal);
            if (securityContext == null) {
                throw UndertowMessages.MESSAGES.noSecurityContext();
            }
            Principal principal2 = getPrincipal(subject);
            securityContext.getUtil().createSubjectInfo(principal, obj, subject);
            RoleGroup subjectRoles = authorizationManager.getSubjectRoles(subject, new SecurityContextCallbackHandler(securityContext));
            HashSet hashSet = new HashSet();
            Iterator it = subjectRoles.getRoles().iterator();
            while (it.hasNext()) {
                hashSet.add(((Role) it.next()).getRoleName());
            }
            return new AccountImpl(principal2, hashSet, obj);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private Principal getPrincipal(Subject subject) {
        Set<Principal> principals;
        Principal principal = null;
        Principal principal2 = null;
        if (subject != null && (principals = subject.getPrincipals()) != null && !principals.isEmpty()) {
            for (Principal principal3 : principals) {
                if (!(principal3 instanceof Group) && principal == null) {
                    principal = principal3;
                }
                if (principal3 instanceof Group) {
                    Group group = (Group) Group.class.cast(principal3);
                    if (group.getName().equals("CallerPrincipal") && principal2 == null) {
                        Enumeration<? extends Principal> members = group.members();
                        if (members.hasMoreElements()) {
                            principal2 = members.nextElement();
                        }
                    }
                }
            }
        }
        return principal2 == null ? principal : principal2;
    }
}
