package org.wildfly.security.mechanism.digest;

import java.security.MessageDigest;
import java.security.Provider;
import java.util.Arrays;
import java.util.function.Supplier;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.RealmChoiceCallback;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.callback.CredentialCallback;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.mechanism.AuthenticationMechanismException;
import org.wildfly.security.mechanism._private.ElytronMessages;
import org.wildfly.security.password.TwoWayPassword;
import org.wildfly.security.password.interfaces.DigestPassword;
import org.wildfly.security.password.spec.DigestPasswordAlgorithmSpec;

/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.15.3.Final.jar:org/wildfly/security/mechanism/digest/PasswordDigestObtainer.class */
public class PasswordDigestObtainer {
    private final CallbackHandler callbackHandler;
    private final ElytronMessages log;
    private final String credentialAlgorithm;
    private final MessageDigest messageDigest;
    private final Supplier<Provider[]> passwordFactoryProviders;
    private final String[] realms;
    private final boolean readOnlyRealmUsername;
    private final boolean skipRealmCallbacks;
    private String username;
    private String realm;
    private RealmChoiceCallback realmChoiceCallBack;
    private RealmCallback realmCallback;
    private NameCallback nameCallback;

    public PasswordDigestObtainer(CallbackHandler callbackHandler, String str, String str2, ElytronMessages elytronMessages, String str3, MessageDigest messageDigest, Supplier<Provider[]> supplier, String[] strArr, boolean z, boolean z2) {
        this.callbackHandler = (CallbackHandler) Assert.checkNotNullParam("callbackHandler", callbackHandler);
        this.username = str;
        this.realm = str2;
        this.log = elytronMessages;
        this.credentialAlgorithm = (String) Assert.checkNotNullParam("credentialAlgorithm", str3);
        this.messageDigest = (MessageDigest) Assert.checkNotNullParam("messageDigest", messageDigest);
        this.passwordFactoryProviders = (Supplier) Assert.checkNotNullParam("passwordFactoryProviders", supplier);
        this.realms = strArr;
        this.readOnlyRealmUsername = z;
        this.skipRealmCallbacks = z2;
    }

    public String getUsername() {
        return this.username;
    }

    public String getRealm() {
        return this.realm;
    }

    public byte[] handleUserRealmPasswordCallbacks() throws AuthenticationMechanismException {
        this.realmChoiceCallBack = (this.skipRealmCallbacks || this.realms == null || this.realms.length <= 1) ? null : new RealmChoiceCallback("User realm: ", this.realms, 0, false);
        this.realmCallback = this.skipRealmCallbacks ? null : this.realm != null ? new RealmCallback("User realm: ", this.realm) : new RealmCallback("User realm: ");
        this.nameCallback = (this.username == null || this.username.isEmpty()) ? new NameCallback("User name: ") : new NameCallback("User name: ", this.username);
        byte[] predigestedSaltedPassword = getPredigestedSaltedPassword();
        if (predigestedSaltedPassword != null) {
            return predigestedSaltedPassword;
        }
        byte[] saltedPasswordFromTwoWay = getSaltedPasswordFromTwoWay();
        if (saltedPasswordFromTwoWay != null) {
            return saltedPasswordFromTwoWay;
        }
        byte[] saltedPasswordFromPasswordCallback = getSaltedPasswordFromPasswordCallback();
        if (saltedPasswordFromPasswordCallback != null) {
            return saltedPasswordFromPasswordCallback;
        }
        throw this.log.mechCallbackHandlerDoesNotSupportCredentialAcquisition(null);
    }

    private byte[] getPredigestedSaltedPassword() throws AuthenticationMechanismException {
        if (this.realmChoiceCallBack != null) {
            try {
                this.callbackHandler.handle(new Callback[]{this.realmChoiceCallBack});
                int[] selectedIndexes = this.realmChoiceCallBack.getSelectedIndexes();
                if (selectedIndexes == null || selectedIndexes.length == 0) {
                    throw this.log.mechNotChosenRealm();
                }
                this.realm = this.realms[selectedIndexes[0]];
            } catch (UnsupportedCallbackException e) {
                this.realmChoiceCallBack = null;
            } catch (AuthenticationMechanismException e2) {
                throw e2;
            } catch (Throwable th) {
                throw this.log.mechCallbackHandlerFailedForUnknownReason(th);
            }
        }
        if (this.realmChoiceCallBack == null && this.realmCallback != null) {
            try {
                this.callbackHandler.handle(new Callback[]{this.realmCallback});
                if (this.realmCallback.getText() != null) {
                    this.realm = this.realmCallback.getText();
                }
            } catch (UnsupportedCallbackException e3) {
                this.realmCallback = null;
            } catch (Throwable th2) {
                throw this.log.mechCallbackHandlerFailedForUnknownReason(th2);
            }
        }
        try {
            this.callbackHandler.handle(new Callback[]{this.nameCallback});
            if (!this.readOnlyRealmUsername) {
                this.username = this.nameCallback.getName();
                if (this.username == null) {
                    throw this.log.mechNotProvidedUserName();
                }
            }
            CredentialCallback credentialCallback = new CredentialCallback(PasswordCredential.class, this.credentialAlgorithm, (this.username == null || this.realm == null) ? null : new DigestPasswordAlgorithmSpec(this.username, this.realm));
            this.callbackHandler.handle(new Callback[]{credentialCallback});
            return (byte[]) credentialCallback.applyToCredential(PasswordCredential.class, passwordCredential -> {
                return (byte[]) passwordCredential.getPassword().castAndApply(DigestPassword.class, (v0) -> {
                    return v0.getDigest();
                });
            });
        } catch (UnsupportedCallbackException e4) {
            if (e4.getCallback() == this.nameCallback) {
                throw this.log.mechCallbackHandlerDoesNotSupportUserName(e4);
            }
            if (0 == 0 || e4.getCallback() != null) {
                throw this.log.mechCallbackHandlerFailedForUnknownReason(e4);
            }
            return null;
        } catch (AuthenticationMechanismException e5) {
            throw e5;
        } catch (Throwable th3) {
            throw this.log.mechCallbackHandlerFailedForUnknownReason(th3);
        }
    }

    private byte[] getSaltedPasswordFromTwoWay() throws AuthenticationMechanismException {
        if (this.realmChoiceCallBack != null) {
            try {
                this.callbackHandler.handle(new Callback[]{this.realmChoiceCallBack});
                int[] selectedIndexes = this.realmChoiceCallBack.getSelectedIndexes();
                if (selectedIndexes == null || selectedIndexes.length == 0) {
                    throw this.log.mechNotChosenRealm();
                }
                this.realm = this.realms[selectedIndexes[0]];
            } catch (UnsupportedCallbackException e) {
                this.realmChoiceCallBack = null;
            } catch (Throwable th) {
                throw this.log.mechCallbackHandlerFailedForUnknownReason(th);
            }
        }
        if (this.realmChoiceCallBack == null && this.realmCallback != null) {
            try {
                this.callbackHandler.handle(new Callback[]{this.realmCallback});
                if (this.realmCallback.getText() != null) {
                    this.realm = this.realmCallback.getText();
                }
            } catch (UnsupportedCallbackException e2) {
                this.realmCallback = null;
            } catch (Throwable th2) {
                throw this.log.mechCallbackHandlerFailedForUnknownReason(th2);
            }
        }
        CredentialCallback credentialCallback = new CredentialCallback(PasswordCredential.class, "clear");
        TwoWayPassword twoWayPassword = null;
        try {
            try {
                try {
                    this.callbackHandler.handle(new Callback[]{this.nameCallback, credentialCallback});
                    if (!this.readOnlyRealmUsername) {
                        this.username = this.nameCallback.getName();
                        if (this.username == null) {
                            throw this.log.mechNotProvidedUserName();
                        }
                    }
                    TwoWayPassword twoWayPassword2 = (TwoWayPassword) credentialCallback.applyToCredential(PasswordCredential.class, passwordCredential -> {
                        return (TwoWayPassword) passwordCredential.getPassword().castAs(TwoWayPassword.class);
                    });
                    if (twoWayPassword2 == null) {
                        if (twoWayPassword2 != null) {
                            try {
                                twoWayPassword2.destroy();
                            } catch (DestroyFailedException e3) {
                                this.log.credentialDestroyingFailed(e3);
                            }
                        }
                        if (0 == 0) {
                            return null;
                        }
                        Arrays.fill((char[]) null, (char) 0);
                        return null;
                    }
                    char[] twoWayPasswordChars = DigestUtil.getTwoWayPasswordChars(twoWayPassword2, this.passwordFactoryProviders, this.log);
                    byte[] userRealmPasswordDigest = DigestUtil.userRealmPasswordDigest(this.messageDigest, this.username, this.realm, twoWayPasswordChars);
                    if (twoWayPassword2 != null) {
                        try {
                            twoWayPassword2.destroy();
                        } catch (DestroyFailedException e4) {
                            this.log.credentialDestroyingFailed(e4);
                        }
                    }
                    if (twoWayPasswordChars != null) {
                        Arrays.fill(twoWayPasswordChars, (char) 0);
                    }
                    return userRealmPasswordDigest;
                } catch (Throwable th3) {
                    if (0 != 0) {
                        try {
                            twoWayPassword.destroy();
                        } catch (DestroyFailedException e5) {
                            this.log.credentialDestroyingFailed(e5);
                        }
                    }
                    if (0 != 0) {
                        Arrays.fill((char[]) null, (char) 0);
                    }
                    throw th3;
                }
            } catch (UnsupportedCallbackException e6) {
                if (e6.getCallback() == this.nameCallback) {
                    throw this.log.mechCallbackHandlerDoesNotSupportUserName(e6);
                }
                if (e6.getCallback() != credentialCallback) {
                    throw this.log.mechCallbackHandlerFailedForUnknownReason(e6);
                }
                if (0 != 0) {
                    try {
                        twoWayPassword.destroy();
                    } catch (DestroyFailedException e7) {
                        this.log.credentialDestroyingFailed(e7);
                    }
                }
                if (0 == 0) {
                    return null;
                }
                Arrays.fill((char[]) null, (char) 0);
                return null;
            }
        } catch (AuthenticationMechanismException e8) {
            throw e8;
        } catch (Throwable th4) {
            throw this.log.mechCallbackHandlerFailedForUnknownReason(th4);
        }
    }

    private byte[] getSaltedPasswordFromPasswordCallback() throws AuthenticationMechanismException {
        ElytronMessages elytronMessages;
        AuthenticationMechanismException mechCallbackHandlerFailedForUnknownReason;
        PasswordCallback passwordCallback = new PasswordCallback("User password: ", false);
        if (this.realmChoiceCallBack != null) {
            try {
                this.callbackHandler.handle(new Callback[]{this.realmChoiceCallBack, this.nameCallback, passwordCallback});
                int[] selectedIndexes = this.realmChoiceCallBack.getSelectedIndexes();
                if (selectedIndexes == null || selectedIndexes.length == 0) {
                    throw this.log.mechNotChosenRealm();
                }
                this.realm = this.realms[selectedIndexes[0]];
            } catch (UnsupportedCallbackException e) {
                if (e.getCallback() != this.realmChoiceCallBack) {
                    if (e.getCallback() == this.nameCallback) {
                        throw this.log.mechCallbackHandlerDoesNotSupportUserName(e);
                    }
                    if (e.getCallback() == passwordCallback) {
                        throw this.log.mechCallbackHandlerDoesNotSupportCredentialAcquisition(e);
                    }
                    throw elytronMessages.mechCallbackHandlerFailedForUnknownReason(e);
                }
                this.realmChoiceCallBack = null;
            } catch (AuthenticationMechanismException e2) {
                throw e2;
            } catch (Throwable e3) {
                throw elytronMessages.mechCallbackHandlerFailedForUnknownReason(e3);
            }
        }
        if (this.realmChoiceCallBack == null && this.realmCallback != null) {
            try {
                this.callbackHandler.handle(new Callback[]{this.realmCallback, this.nameCallback, passwordCallback});
                if (this.realmCallback.getText() != null) {
                    this.realm = this.realmCallback.getText();
                }
            } catch (UnsupportedCallbackException e32) {
                if (e32.getCallback() != this.realmCallback) {
                    if (e32.getCallback() == this.nameCallback) {
                        throw this.log.mechCallbackHandlerDoesNotSupportUserName(e32);
                    }
                    if (e32.getCallback() == passwordCallback) {
                        throw this.log.mechCallbackHandlerDoesNotSupportCredentialAcquisition(e32);
                    }
                    throw elytronMessages.mechCallbackHandlerFailedForUnknownReason(e32);
                }
                this.realmCallback = null;
            } finally {
            }
        }
        if (this.realmChoiceCallBack == null && this.realmCallback == null) {
            try {
                this.callbackHandler.handle(new Callback[]{this.nameCallback, passwordCallback});
            } catch (UnsupportedCallbackException e322) {
                if (e322.getCallback() == this.nameCallback) {
                    throw this.log.mechCallbackHandlerDoesNotSupportUserName(e322);
                }
                if (e322.getCallback() == passwordCallback) {
                    throw this.log.mechCallbackHandlerDoesNotSupportCredentialAcquisition(e322);
                }
                throw elytronMessages.mechCallbackHandlerFailedForUnknownReason(e322);
            } finally {
            }
        }
        char[] password = passwordCallback.getPassword();
        passwordCallback.clearPassword();
        if (!this.readOnlyRealmUsername) {
            this.username = this.nameCallback.getName();
            if (this.username == null) {
                throw this.log.mechNotProvidedUserName();
            }
        }
        if (password == null) {
            throw this.log.mechNoPasswordGiven();
        }
        byte[] userRealmPasswordDigest = DigestUtil.userRealmPasswordDigest(this.messageDigest, this.username, this.realm, password);
        Arrays.fill(password, (char) 0);
        return userRealmPasswordDigest;
    }
}
