package org.jboss.as.domain.management.security;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.function.Consumer;
import java.util.function.Function;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.jboss.as.core.security.RealmUser;
import org.jboss.as.domain.management.AuthMechanism;
import org.jboss.as.domain.management.RealmConfigurationConstants;
import org.jboss.as.domain.management.SecurityRealm;
import org.jboss.as.domain.management.logging.DomainManagementLogger;
import org.jboss.as.remoting.CommonAttributes;
import org.jboss.msc.Service;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.ServiceTarget;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.jgroups.protocols.INJECT_VIEW;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.PasswordGuessEvidence;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.password.interfaces.DigestPassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.password.spec.DigestPasswordAlgorithmSpec;
import org.wildfly.security.password.spec.EncryptablePasswordSpec;

/* loaded from: input_file:org/jboss/as/domain/management/security/DomainManagedServerCallbackHandler.class */
public class DomainManagedServerCallbackHandler implements Service, CallbackHandlerService, CallbackHandler {
    public static final ServiceName SERVICE_NAME = ServiceName.JBOSS.append("domain", "management", CommonAttributes.SECURITY, CommonAttributes.SERVER_AUTH);
    public static final String DOMAIN_SERVER_AUTH_REALM = System.getProperty("org.jboss.as.domain.management.security.domain-auth-realm-name", "internal-domain-server-auth-realm");
    public static final String DOMAIN_SERVER_AUTH_PREFIX = System.getProperty("org.jboss.as.domain.management.security.domain-auth-server-prefix", INJECT_VIEW.VIEW_SEPARATOR);
    private static final String SERVICE_SUFFIX = "internal-domain-server-authentication";
    private final Consumer<CallbackHandlerService> callbackHandlerServiceConsumer;
    private volatile CallbackHandler serverCallbackHandler;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jboss/as/domain/management/security/DomainManagedServerCallbackHandler$SecurityRealmImpl.class */
    public class SecurityRealmImpl implements SecurityRealm {

        /* loaded from: input_file:org/jboss/as/domain/management/security/DomainManagedServerCallbackHandler$SecurityRealmImpl$RealmIdentityImpl.class */
        private class RealmIdentityImpl implements RealmIdentity {
            private final Principal principal;
            private final String serverName;

            private RealmIdentityImpl(Principal principal, String str) {
                this.principal = principal;
                this.serverName = str;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public Principal getRealmIdentityPrincipal() {
                return this.principal;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
                return SecurityRealmImpl.this.getCredentialAcquireSupport(cls, str, algorithmParameterSpec);
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public <C extends Credential> C getCredential(Class<C> cls) throws RealmUnavailableException {
                return (C) getCredential(cls, null);
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public <C extends Credential> C getCredential(Class<C> cls, String str) throws RealmUnavailableException {
                return (C) getCredential(cls, str, null);
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
                if (this.serverName == null || !org.wildfly.security.credential.PasswordCredential.class.isAssignableFrom(cls)) {
                    return null;
                }
                try {
                    char[] fetchCredential = DomainManagedServerCallbackHandler.this.fetchCredential(this.serverName);
                    if (fetchCredential == null) {
                        return null;
                    }
                    if (str == null || ClearPassword.ALGORITHM_CLEAR.equals(str)) {
                        try {
                            return cls.cast(new org.wildfly.security.credential.PasswordCredential(DomainManagedServerCallbackHandler.getPasswordFactory(ClearPassword.ALGORITHM_CLEAR).generatePassword(new ClearPasswordSpec(fetchCredential))));
                        } catch (InvalidKeySpecException e) {
                            throw new IllegalStateException(e);
                        }
                    }
                    if (!DigestPassword.ALGORITHM_DIGEST_MD5.equals(str)) {
                        throw DomainManagementLogger.ROOT_LOGGER.unableToObtainCredential(this.serverName);
                    }
                    try {
                        return cls.cast(new org.wildfly.security.credential.PasswordCredential(PasswordFactory.getInstance(DigestPassword.ALGORITHM_DIGEST_MD5).generatePassword(new EncryptablePasswordSpec(fetchCredential, new DigestPasswordAlgorithmSpec(this.serverName, DomainManagedServerCallbackHandler.DOMAIN_SERVER_AUTH_REALM)))));
                    } catch (Exception e2) {
                        throw new RealmUnavailableException(e2);
                    }
                } catch (Exception e3) {
                    throw new RealmUnavailableException(e3);
                }
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
                return SecurityRealmImpl.this.getEvidenceVerifySupport(cls, str);
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
                if (this.serverName == null || !(evidence instanceof PasswordGuessEvidence)) {
                    return false;
                }
                char[] guess = ((PasswordGuessEvidence) evidence).getGuess();
                try {
                    char[] fetchCredential = DomainManagedServerCallbackHandler.this.fetchCredential(this.serverName);
                    if (fetchCredential == null) {
                        return false;
                    }
                    PasswordFactory passwordFactory = DomainManagedServerCallbackHandler.getPasswordFactory(ClearPassword.ALGORITHM_CLEAR);
                    try {
                        return passwordFactory.verify(passwordFactory.generatePassword(new ClearPasswordSpec(fetchCredential)), guess);
                    } catch (IllegalStateException | InvalidKeyException | InvalidKeySpecException e) {
                        throw new IllegalStateException(e);
                    }
                } catch (Exception e2) {
                    throw new RealmUnavailableException(e2);
                }
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public boolean exists() throws RealmUnavailableException {
                return this.serverName != null;
            }
        }

        private SecurityRealmImpl() {
        }

        @Override // org.wildfly.security.auth.server.SecurityRealm
        public RealmIdentity getRealmIdentity(Principal principal) throws RealmUnavailableException {
            return new RealmIdentityImpl(principal, principal.getName());
        }

        @Override // org.wildfly.security.auth.server.SecurityRealm
        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            Assert.checkNotNullParam("credentialType", cls);
            return (org.wildfly.security.credential.PasswordCredential.class.isAssignableFrom(cls) && (str == null || str.equals(ClearPassword.ALGORITHM_CLEAR) || str.equals(DigestPassword.ALGORITHM_DIGEST_MD5))) ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
        }

        @Override // org.wildfly.security.auth.server.SecurityRealm
        public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            return SupportLevel.SUPPORTED;
        }
    }

    /* loaded from: input_file:org/jboss/as/domain/management/security/DomainManagedServerCallbackHandler$ServiceUtil.class */
    public static final class ServiceUtil {
        private ServiceUtil() {
        }

        public static ServiceName createServiceName(String str) {
            return SecurityRealm.ServiceUtil.createServiceName(str).append(DomainManagedServerCallbackHandler.SERVICE_SUFFIX);
        }
    }

    DomainManagedServerCallbackHandler(Consumer<CallbackHandlerService> consumer) {
        this.callbackHandlerServiceConsumer = consumer;
    }

    public static void install(ServiceTarget serviceTarget) {
        ServiceBuilder<?> addService = serviceTarget.addService(SERVICE_NAME);
        addService.setInstance(new DomainManagedServerCallbackHandler(addService.provides(SERVICE_NAME)));
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService.install();
    }

    public void setServerCallbackHandler(CallbackHandler callbackHandler) {
        if (this.serverCallbackHandler != null) {
            throw new UnsupportedOperationException();
        }
        this.serverCallbackHandler = callbackHandler;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public AuthMechanism getPreferredMechanism() {
        return AuthMechanism.PLAIN;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public Set<AuthMechanism> getSupplementaryMechanisms() {
        return Collections.emptySet();
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public Map<String, String> getConfigurationOptions() {
        return Collections.singletonMap(RealmConfigurationConstants.VERIFY_PASSWORD_CALLBACK_SUPPORTED, Boolean.TRUE.toString());
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public boolean isReadyForHttpChallenge() {
        return true;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public CallbackHandler getCallbackHandler(Map<String, Object> map) {
        return this;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public org.wildfly.security.auth.server.SecurityRealm getElytronSecurityRealm() {
        return new SecurityRealmImpl();
    }

    @Override // org.jboss.msc.Service
    public void start(StartContext startContext) throws StartException {
        this.callbackHandlerServiceConsumer.accept(this);
    }

    @Override // org.jboss.msc.Service
    public void stop(StopContext stopContext) {
        this.callbackHandlerServiceConsumer.accept(null);
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        CallbackHandler callbackHandler = this.serverCallbackHandler;
        if (callbackHandler != null) {
            callbackHandler.handle(callbackArr);
        }
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public Function<Principal, Principal> getPrincipalMapper() {
        return principal -> {
            return principal instanceof RealmUser ? new RealmUser(DOMAIN_SERVER_AUTH_REALM, principal.getName()) : principal;
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public char[] fetchCredential(String str) throws UnsupportedCallbackException, IOException {
        CallbackHandler callbackHandler = this.serverCallbackHandler;
        if (callbackHandler == null) {
            throw DomainManagementLogger.ROOT_LOGGER.callbackHandlerNotInitialized(str);
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(new NameCallback("None", str));
        PasswordCallback passwordCallback = new PasswordCallback("Password: ", false);
        arrayList.add(passwordCallback);
        callbackHandler.handle((Callback[]) arrayList.toArray(new Callback[arrayList.size()]));
        return passwordCallback.getPassword();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static PasswordFactory getPasswordFactory(String str) {
        try {
            return PasswordFactory.getInstance(str);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        }
    }
}
