package org.keycloak.adapters.elytron;

import java.io.IOException;
import java.security.Principal;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import org.keycloak.KeycloakPrincipal;
import org.wildfly.security.auth.callback.AuthenticationCompleteCallback;
import org.wildfly.security.auth.callback.EvidenceVerifyCallback;
import org.wildfly.security.auth.callback.IdentityCredentialCallback;
import org.wildfly.security.auth.callback.SecurityIdentityCallback;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.credential.BearerTokenCredential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.http.HttpAuthenticationException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/keycloak/adapters/elytron/SecurityIdentityUtil.class */
public final class SecurityIdentityUtil {
    SecurityIdentityUtil() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final SecurityIdentity authorize(CallbackHandler callbackHandler, final Principal principal) {
        try {
            EvidenceVerifyCallback evidenceVerifyCallback = new EvidenceVerifyCallback(new Evidence() { // from class: org.keycloak.adapters.elytron.SecurityIdentityUtil.1
                public Principal getPrincipal() {
                    return principal;
                }
            });
            callbackHandler.handle(new Callback[]{evidenceVerifyCallback});
            if (!evidenceVerifyCallback.isVerified()) {
                return null;
            }
            AuthorizeCallback authorizeCallback = new AuthorizeCallback((String) null, (String) null);
            try {
                callbackHandler.handle(new Callback[]{authorizeCallback});
                authorizeCallback.isAuthorized();
                SecurityIdentityCallback securityIdentityCallback = new SecurityIdentityCallback();
                callbackHandler.handle(new Callback[]{new IdentityCredentialCallback(new BearerTokenCredential(((KeycloakPrincipal) KeycloakPrincipal.class.cast(principal)).getKeycloakSecurityContext().getTokenString()), true), AuthenticationCompleteCallback.SUCCEEDED, securityIdentityCallback});
                return securityIdentityCallback.getSecurityIdentity();
            } catch (Exception e) {
                throw new HttpAuthenticationException(e);
            }
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        } catch (UnsupportedCallbackException e3) {
            throw new RuntimeException(e3);
        }
    }
}
