package org.wildfly.extension.messaging.activemq;

import java.util.HashSet;
import java.util.Set;
import javax.security.auth.Destroyable;
import org.apache.activemq.artemis.core.security.CheckType;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
import org.wildfly.extension.messaging.activemq.logging.MessagingLogger;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.auth.server.ServerAuthenticationContext;
import org.wildfly.security.evidence.PasswordGuessEvidence;

/* loaded from: input_file:m2repo/org/wildfly/wildfly-messaging-activemq/15.0.1.Final/wildfly-messaging-activemq-15.0.1.Final.jar:org/wildfly/extension/messaging/activemq/ElytronSecurityManager.class */
public class ElytronSecurityManager implements ActiveMQSecurityManager {
    private final SecurityDomain securityDomain;
    private final String defaultUser;
    private final String defaultPassword;

    public ElytronSecurityManager(SecurityDomain securityDomain) {
        if (securityDomain == null) {
            throw MessagingLogger.ROOT_LOGGER.invalidNullSecurityDomain();
        }
        this.securityDomain = securityDomain;
        this.defaultUser = DefaultCredentials.getUsername();
        this.defaultPassword = DefaultCredentials.getPassword();
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager
    public boolean validateUser(String str, String str2) {
        return (this.defaultUser.equals(str) && this.defaultPassword.equals(str2)) || authenticate(str, str2) != null;
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager
    public boolean validateUserAndRole(String str, String str2, Set<Role> set, CheckType checkType) {
        if (this.defaultUser.equals(str) && this.defaultPassword.equals(str2)) {
            return true;
        }
        SecurityIdentity authenticate = authenticate(str, str2);
        HashSet hashSet = new HashSet();
        for (Role role : set) {
            if (checkType.hasRole(role)) {
                hashSet.add(role.getName());
            }
        }
        return authenticate.getRoles().containsAny(hashSet);
    }

    private SecurityIdentity authenticate(String str, String str2) {
        ServerAuthenticationContext createNewAuthenticationContext = this.securityDomain.createNewAuthenticationContext();
        Destroyable destroyable = null;
        try {
            try {
                if (str2 == null) {
                    if (str != null) {
                        createNewAuthenticationContext.fail();
                        if (0 != 0) {
                            destroyable.destroy();
                        }
                        return null;
                    }
                    if (!createNewAuthenticationContext.authorizeAnonymous()) {
                        createNewAuthenticationContext.fail();
                        if (0 != 0) {
                            destroyable.destroy();
                        }
                        return null;
                    }
                    createNewAuthenticationContext.succeed();
                    SecurityIdentity authorizedIdentity = createNewAuthenticationContext.getAuthorizedIdentity();
                    if (0 != 0) {
                        destroyable.destroy();
                    }
                    return authorizedIdentity;
                }
                createNewAuthenticationContext.setAuthenticationName(str);
                PasswordGuessEvidence passwordGuessEvidence = new PasswordGuessEvidence(str2.toCharArray());
                if (!createNewAuthenticationContext.verifyEvidence(passwordGuessEvidence)) {
                    createNewAuthenticationContext.fail();
                    MessagingLogger.ROOT_LOGGER.failedAuthentication(str);
                } else {
                    if (createNewAuthenticationContext.authorize()) {
                        createNewAuthenticationContext.succeed();
                        SecurityIdentity authorizedIdentity2 = createNewAuthenticationContext.getAuthorizedIdentity();
                        if (passwordGuessEvidence != null) {
                            passwordGuessEvidence.destroy();
                        }
                        return authorizedIdentity2;
                    }
                    createNewAuthenticationContext.fail();
                    MessagingLogger.ROOT_LOGGER.failedAuthorization(str);
                }
                if (passwordGuessEvidence == null) {
                    return null;
                }
                passwordGuessEvidence.destroy();
                return null;
            } catch (IllegalArgumentException | IllegalStateException | RealmUnavailableException e) {
                createNewAuthenticationContext.fail();
                MessagingLogger.ROOT_LOGGER.failedAuthenticationWithException(e, str, e.getMessage());
                if (0 == 0) {
                    return null;
                }
                destroyable.destroy();
                return null;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                destroyable.destroy();
            }
            throw th;
        }
    }
}
