package org.jboss.as.webservices.security;

import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Set;
import java.util.concurrent.Callable;
import javax.security.auth.Subject;
import org.jboss.as.webservices.logging.WSLogger;
import org.jboss.as.webservices.util.SubjectUtil;
import org.jboss.wsf.spi.security.SecurityDomainContext;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.auth.server.ServerAuthenticationContext;
import org.wildfly.security.evidence.PasswordGuessEvidence;

/* loaded from: input_file:org/jboss/as/webservices/security/ElytronSecurityDomainContextImpl.class */
public class ElytronSecurityDomainContextImpl implements SecurityDomainContext {
    private final SecurityDomain securityDomain;
    private final ThreadLocal<SecurityIdentity> currentIdentity = new ThreadLocal<>();

    public ElytronSecurityDomainContextImpl(SecurityDomain securityDomain) {
        this.securityDomain = securityDomain;
    }

    public boolean doesUserHaveRole(Principal principal, Set<Principal> set) {
        return true;
    }

    public String getSecurityDomain() {
        return this.securityDomain.toString();
    }

    public Set<Principal> getUserRoles(Principal principal) {
        return null;
    }

    public boolean isValid(Principal principal, Object obj, Subject subject) {
        if (subject == null) {
            subject = new Subject();
        }
        String name = principal.getName();
        if (!(obj instanceof String)) {
            throw new IllegalArgumentException("only string password accepted");
        }
        SecurityIdentity authenticate = authenticate(name, (String) obj);
        if (authenticate == null) {
            return false;
        }
        this.currentIdentity.set(authenticate);
        SubjectUtil.fromSecurityIdentity(authenticate, subject);
        return true;
    }

    public void runAs(Callable<Void> callable) throws Exception {
        SecurityIdentity securityIdentity = this.currentIdentity.get();
        if (securityIdentity == null) {
            callable.call();
            return;
        }
        try {
            securityIdentity.runAs(callable);
        } finally {
            this.currentIdentity.remove();
        }
    }

    public void pushSubjectContext(final Subject subject, final Principal principal, final Object obj) {
        AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: org.jboss.as.webservices.security.ElytronSecurityDomainContextImpl.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                if (obj != null) {
                    subject.getPrivateCredentials().add(obj);
                }
                ElytronSecurityDomainContextImpl.this.currentIdentity.set(SubjectUtil.convertToSecurityIdentity(subject, principal, ElytronSecurityDomainContextImpl.this.securityDomain, "ejb"));
                return null;
            }
        });
    }

    private SecurityIdentity authenticate(String str, String str2) {
        ServerAuthenticationContext createNewAuthenticationContext = this.securityDomain.createNewAuthenticationContext();
        PasswordGuessEvidence passwordGuessEvidence = new PasswordGuessEvidence(str2 != null ? str2.toCharArray() : null);
        try {
            try {
                createNewAuthenticationContext.setAuthenticationName(str);
                if (!createNewAuthenticationContext.verifyEvidence(passwordGuessEvidence)) {
                    createNewAuthenticationContext.fail();
                    WSLogger.ROOT_LOGGER.failedAuthentication(str);
                } else {
                    if (createNewAuthenticationContext.authorize()) {
                        createNewAuthenticationContext.succeed();
                        SecurityIdentity authorizedIdentity = createNewAuthenticationContext.getAuthorizedIdentity();
                        if (!createNewAuthenticationContext.isDone()) {
                            createNewAuthenticationContext.fail();
                        }
                        passwordGuessEvidence.destroy();
                        return authorizedIdentity;
                    }
                    createNewAuthenticationContext.fail();
                    WSLogger.ROOT_LOGGER.failedAuthorization(str);
                }
                if (!createNewAuthenticationContext.isDone()) {
                    createNewAuthenticationContext.fail();
                }
                passwordGuessEvidence.destroy();
                return null;
            } catch (IllegalArgumentException | IllegalStateException | RealmUnavailableException e) {
                createNewAuthenticationContext.fail();
                WSLogger.ROOT_LOGGER.failedAuthenticationWithException(e, str, e.getMessage());
                if (!createNewAuthenticationContext.isDone()) {
                    createNewAuthenticationContext.fail();
                }
                passwordGuessEvidence.destroy();
                return null;
            }
        } catch (Throwable th) {
            if (!createNewAuthenticationContext.isDone()) {
                createNewAuthenticationContext.fail();
            }
            passwordGuessEvidence.destroy();
            throw th;
        }
    }

    public void cleanupSubjectContext() {
        this.currentIdentity.remove();
    }
}
