package org.wildfly.security.auth.realm;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.Provider;
import java.security.Security;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Supplier;
import org.fusesource.jansi.AnsiRenderer;
import org.wildfly.common.Assert;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.PasswordGuessEvidence;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.password.interfaces.DigestPassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.password.spec.DigestPasswordAlgorithmSpec;
import org.wildfly.security.password.spec.DigestPasswordSpec;
import org.wildfly.security.password.spec.EncryptablePasswordSpec;
import org.wildfly.security.util.ByteIterator;
import org.wildfly.security.util.CodePointIterator;
import org.wildfly.security.util.DecodeException;

/* loaded from: input_file:org/wildfly/security/auth/realm/LegacyPropertiesSecurityRealm.class */
public class LegacyPropertiesSecurityRealm implements SecurityRealm {
    private static final String COMMENT_PREFIX1 = "#";
    private static final String COMMENT_PREFIX2 = "!";
    private static final String REALM_COMMENT_PREFIX = "$REALM_NAME=";
    private static final String REALM_COMMENT_SUFFIX = "$";
    private final Supplier<Provider[]> providers;
    private final String defaultRealm;
    private final boolean plainText;
    private final String groupsAttribute;
    private final AtomicReference<LoadedState> loadedState;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/security/auth/realm/LegacyPropertiesSecurityRealm$AccountEntry.class */
    public class AccountEntry {
        private final String name;
        private final String passwordRepresentation;
        private final Set<String> groups;

        private AccountEntry(String str, String str2, String str3) {
            this.name = str;
            this.passwordRepresentation = str2;
            this.groups = convertGroups(str3);
        }

        private Set<String> convertGroups(String str) {
            if (str == null) {
                return Collections.emptySet();
            }
            String[] split = str.split(AnsiRenderer.CODE_LIST_SEPARATOR);
            HashSet hashSet = new HashSet(split.length);
            for (String str2 : split) {
                String trim = str2.trim();
                if (trim.length() > 0) {
                    hashSet.add(trim);
                }
            }
            return Collections.unmodifiableSet(hashSet);
        }

        public String getName() {
            return this.name;
        }

        public String getPasswordRepresentation() {
            return this.passwordRepresentation;
        }

        public Set<String> getGroups() {
            return this.groups;
        }
    }

    /* loaded from: input_file:org/wildfly/security/auth/realm/LegacyPropertiesSecurityRealm$Builder.class */
    public static class Builder {
        private InputStream usersStream;
        private InputStream groupsStream;
        private boolean plainText;
        private Supplier<Provider[]> providers = Security::getProviders;
        private String defaultRealm = null;
        private String groupsAttribute = "groups";

        Builder() {
        }

        public Builder setProviders(Supplier<Provider[]> supplier) {
            this.providers = supplier;
            return this;
        }

        public Builder setUsersStream(InputStream inputStream) {
            this.usersStream = inputStream;
            return this;
        }

        public Builder setGroupsStream(InputStream inputStream) {
            this.groupsStream = inputStream;
            return this;
        }

        public Builder setGroupsAttribute(String str) {
            this.groupsAttribute = str;
            return this;
        }

        public Builder setDefaultRealm(String str) {
            this.defaultRealm = str;
            return this;
        }

        public Builder setPlainText(boolean z) {
            this.plainText = z;
            return this;
        }

        public LegacyPropertiesSecurityRealm build() throws IOException {
            LegacyPropertiesSecurityRealm legacyPropertiesSecurityRealm = new LegacyPropertiesSecurityRealm(this);
            legacyPropertiesSecurityRealm.load(this.usersStream, this.groupsStream);
            return legacyPropertiesSecurityRealm;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/security/auth/realm/LegacyPropertiesSecurityRealm$LoadedState.class */
    public static class LoadedState {
        private final Map<String, AccountEntry> accounts;
        private final String realmName;
        private final long loadTime;

        private LoadedState(Map<String, AccountEntry> map, String str, long j) {
            this.accounts = map;
            this.realmName = str;
            this.loadTime = j;
        }

        public Map<String, AccountEntry> getAccounts() {
            return this.accounts;
        }

        public String getRealmName() {
            return this.realmName;
        }

        public long getLoadTime() {
            return this.loadTime;
        }
    }

    private LegacyPropertiesSecurityRealm(Builder builder) throws IOException {
        this.loadedState = new AtomicReference<>();
        this.plainText = builder.plainText;
        this.groupsAttribute = builder.groupsAttribute;
        this.providers = builder.providers;
        this.defaultRealm = builder.defaultRealm;
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public RealmIdentity getRealmIdentity(final Principal principal) throws RealmUnavailableException {
        if (!(principal instanceof NamePrincipal)) {
            return RealmIdentity.NON_EXISTENT;
        }
        final LoadedState loadedState = this.loadedState.get();
        final AccountEntry accountEntry = loadedState.getAccounts().get(principal.getName());
        return new RealmIdentity() { // from class: org.wildfly.security.auth.realm.LegacyPropertiesSecurityRealm.1
            @Override // org.wildfly.security.auth.server.RealmIdentity
            public Principal getRealmIdentityPrincipal() {
                return principal;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
                return accountEntry != null ? LegacyPropertiesSecurityRealm.this.getCredentialAcquireSupport(cls, str, algorithmParameterSpec) : SupportLevel.UNSUPPORTED;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
                return accountEntry != null ? LegacyPropertiesSecurityRealm.this.getEvidenceVerifySupport(cls, str) : SupportLevel.UNSUPPORTED;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public <C extends Credential> C getCredential(Class<C> cls) throws RealmUnavailableException {
                return (C) getCredential(cls, null);
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public <C extends Credential> C getCredential(Class<C> cls, String str) throws RealmUnavailableException {
                boolean z;
                PasswordFactory passwordFactory;
                KeySpec digestPasswordSpec;
                if (accountEntry == null || accountEntry.getPasswordRepresentation() == null || !PasswordCredential.class.isAssignableFrom(cls)) {
                    return null;
                }
                if (str == null) {
                    z = LegacyPropertiesSecurityRealm.this.plainText;
                } else if (ClearPassword.ALGORITHM_CLEAR.equals(str)) {
                    z = true;
                } else {
                    if (!DigestPassword.ALGORITHM_DIGEST_MD5.equals(str)) {
                        return null;
                    }
                    z = false;
                }
                if (z) {
                    passwordFactory = LegacyPropertiesSecurityRealm.this.getPasswordFactory(ClearPassword.ALGORITHM_CLEAR);
                    digestPasswordSpec = new ClearPasswordSpec(accountEntry.getPasswordRepresentation().toCharArray());
                } else {
                    passwordFactory = LegacyPropertiesSecurityRealm.this.getPasswordFactory(DigestPassword.ALGORITHM_DIGEST_MD5);
                    if (LegacyPropertiesSecurityRealm.this.plainText) {
                        digestPasswordSpec = new EncryptablePasswordSpec(accountEntry.getPasswordRepresentation().toCharArray(), new DigestPasswordAlgorithmSpec(accountEntry.getName(), loadedState.getRealmName()));
                    } else {
                        digestPasswordSpec = new DigestPasswordSpec(accountEntry.getName(), loadedState.getRealmName(), ByteIterator.ofBytes(accountEntry.getPasswordRepresentation().getBytes(StandardCharsets.UTF_8)).hexDecode().drain());
                    }
                }
                try {
                    return cls.cast(new PasswordCredential(passwordFactory.generatePassword(digestPasswordSpec)));
                } catch (InvalidKeySpecException e) {
                    throw new IllegalStateException(e);
                }
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
                PasswordFactory passwordFactory;
                KeySpec digestPasswordSpec;
                if (accountEntry == null || accountEntry.getPasswordRepresentation() == null || !(evidence instanceof PasswordGuessEvidence)) {
                    return false;
                }
                char[] guess = ((PasswordGuessEvidence) evidence).getGuess();
                if (LegacyPropertiesSecurityRealm.this.plainText) {
                    passwordFactory = LegacyPropertiesSecurityRealm.this.getPasswordFactory(ClearPassword.ALGORITHM_CLEAR);
                    digestPasswordSpec = new ClearPasswordSpec(accountEntry.getPasswordRepresentation().toCharArray());
                } else {
                    passwordFactory = LegacyPropertiesSecurityRealm.this.getPasswordFactory(DigestPassword.ALGORITHM_DIGEST_MD5);
                    try {
                        digestPasswordSpec = new DigestPasswordSpec(accountEntry.getName(), loadedState.getRealmName(), ByteIterator.ofBytes(accountEntry.getPasswordRepresentation().getBytes(StandardCharsets.UTF_8)).hexDecode().drain());
                    } catch (DecodeException e) {
                        throw ElytronMessages.log.decodingHashedPasswordFromPropertiesRealmFailed(e);
                    }
                }
                try {
                    ElytronMessages.log.tracef("Attempting to authenticate account %s using LegacyPropertiesSecurityRealm.", accountEntry.getName());
                    return passwordFactory.verify(passwordFactory.generatePassword(digestPasswordSpec), guess);
                } catch (IllegalStateException | InvalidKeyException | InvalidKeySpecException e2) {
                    throw new IllegalStateException(e2);
                }
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public boolean exists() throws RealmUnavailableException {
                return accountEntry != null;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
                return accountEntry == null ? AuthorizationIdentity.EMPTY : AuthorizationIdentity.basicIdentity(new MapAttributes((Map<String, ? extends Collection<String>>) Collections.singletonMap(LegacyPropertiesSecurityRealm.this.groupsAttribute, accountEntry.getGroups())));
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public PasswordFactory getPasswordFactory(String str) {
        try {
            return PasswordFactory.getInstance(str, this.providers);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        }
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
        Assert.checkNotNullParam("credentialType", cls);
        return (PasswordCredential.class.isAssignableFrom(cls) && (str == null || ((str.equals(ClearPassword.ALGORITHM_CLEAR) && this.plainText) || str.equals(DigestPassword.ALGORITHM_DIGEST_MD5))) && algorithmParameterSpec == null) ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
        return PasswordGuessEvidence.class.isAssignableFrom(cls) ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
    }

    public void load(InputStream inputStream, InputStream inputStream2) throws IOException {
        HashMap hashMap = new HashMap();
        Properties properties = new Properties();
        if (inputStream2 != null) {
            InputStreamReader inputStreamReader = new InputStreamReader(inputStream2, StandardCharsets.UTF_8);
            Throwable th = null;
            try {
                try {
                    properties.load(inputStreamReader);
                    if (inputStreamReader != null) {
                        if (0 != 0) {
                            try {
                                inputStreamReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            inputStreamReader.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (inputStreamReader != null) {
                    if (th != null) {
                        try {
                            inputStreamReader.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        inputStreamReader.close();
                    }
                }
                throw th3;
            }
        }
        String str = null;
        if (inputStream != null) {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8));
            Throwable th5 = null;
            while (true) {
                try {
                    try {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        String trim = readLine.trim();
                        if (trim.startsWith(COMMENT_PREFIX1) && trim.contains(REALM_COMMENT_PREFIX)) {
                            int indexOf = trim.indexOf(REALM_COMMENT_PREFIX) + REALM_COMMENT_PREFIX.length();
                            int indexOf2 = trim.indexOf(REALM_COMMENT_SUFFIX, indexOf);
                            if (indexOf2 > -1) {
                                str = trim.substring(indexOf, indexOf2);
                            }
                        } else if (!trim.startsWith(COMMENT_PREFIX1) && !trim.startsWith(COMMENT_PREFIX2)) {
                            String str2 = null;
                            StringBuilder sb = new StringBuilder();
                            CodePointIterator ofString = CodePointIterator.ofString(trim);
                            while (ofString.hasNext()) {
                                int next = ofString.next();
                                if (next == 92 && ofString.hasNext()) {
                                    int next2 = ofString.next();
                                    if (next2 != 117) {
                                        sb.appendCodePoint(next2);
                                    } else {
                                        StringBuilder sb2 = new StringBuilder();
                                        try {
                                            sb2.appendCodePoint(ofString.next());
                                            sb2.appendCodePoint(ofString.next());
                                            sb2.appendCodePoint(ofString.next());
                                            sb2.appendCodePoint(ofString.next());
                                            sb.appendCodePoint((char) Integer.parseInt(sb2.toString(), 16));
                                        } catch (NoSuchElementException e) {
                                            throw ElytronMessages.log.invalidUnicodeSequence(sb2.toString(), e);
                                        }
                                    }
                                } else if (str2 == null && (next == 61 || next == 58)) {
                                    str2 = sb.toString().trim();
                                    sb = new StringBuilder();
                                } else {
                                    sb.appendCodePoint(next);
                                }
                            }
                            if (str2 != null) {
                                hashMap.put(str2, new AccountEntry(str2, sb.toString().trim(), properties.getProperty(str2)));
                            }
                        }
                    } finally {
                    }
                } catch (Throwable th6) {
                    if (bufferedReader != null) {
                        if (th5 != null) {
                            try {
                                bufferedReader.close();
                            } catch (Throwable th7) {
                                th5.addSuppressed(th7);
                            }
                        } else {
                            bufferedReader.close();
                        }
                    }
                    throw th6;
                }
            }
            if (bufferedReader != null) {
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (Throwable th8) {
                        th5.addSuppressed(th8);
                    }
                } else {
                    bufferedReader.close();
                }
            }
            if (str == null) {
                if (this.defaultRealm == null) {
                    throw ElytronMessages.log.noRealmFoundInProperties();
                }
                str = this.defaultRealm;
            }
        }
        properties.stringPropertyNames().stream().filter(str3 -> {
            return !hashMap.containsKey(str3);
        }).forEach(str4 -> {
            hashMap.put(str4, new AccountEntry(str4, null, properties.getProperty(str4)));
        });
        this.loadedState.set(new LoadedState(hashMap, str, System.currentTimeMillis()));
    }

    public long getLoadTime() {
        return this.loadedState.get().getLoadTime();
    }

    public static Builder builder() {
        return new Builder();
    }
}
