package org.jboss.as.domain.management.security;

import java.io.IOException;
import java.security.Principal;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.function.Consumer;
import java.util.function.Supplier;
import javax.security.auth.Subject;
import org.jboss.as.controller.services.path.PathManager;
import org.jboss.as.core.security.RealmGroup;
import org.jboss.as.core.security.RealmUser;
import org.jboss.as.domain.management.SecurityRealm;
import org.jboss.as.domain.management.logging.DomainManagementLogger;
import org.jboss.msc.Service;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.evidence.Evidence;

/* loaded from: input_file:WEB-INF/lib/wildfly-domain-management-10.0.3.Final.jar:org/jboss/as/domain/management/security/PropertiesSubjectSupplemental.class */
public class PropertiesSubjectSupplemental extends PropertiesFileLoader implements Service, SubjectSupplementalService, SubjectSupplemental {
    private static final String SERVICE_SUFFIX = "properties_authorization";
    private static final String COMMA = ",";
    private final Consumer<SubjectSupplementalService> subjectSupplementalServiceConsumer;
    private final String realmName;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/wildfly-domain-management-10.0.3.Final.jar:org/jboss/as/domain/management/security/PropertiesSubjectSupplemental$SecurityRealmImpl.class */
    public class SecurityRealmImpl implements SecurityRealm {

        /* loaded from: input_file:WEB-INF/lib/wildfly-domain-management-10.0.3.Final.jar:org/jboss/as/domain/management/security/PropertiesSubjectSupplemental$SecurityRealmImpl$RealmIdentityImpl.class */
        private class RealmIdentityImpl implements RealmIdentity {
            private final Principal principal;
            private final String groups;

            private RealmIdentityImpl(Principal principal, String str) {
                this.principal = principal;
                this.groups = str;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public Principal getRealmIdentityPrincipal() {
                return this.principal;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str) throws RealmUnavailableException {
                return SupportLevel.UNSUPPORTED;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
                return SupportLevel.UNSUPPORTED;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public <C extends Credential> C getCredential(Class<C> cls) throws RealmUnavailableException {
                return null;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
                return SupportLevel.UNSUPPORTED;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
                return false;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public boolean exists() throws RealmUnavailableException {
                return true;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
                if (this.groups.length() <= 0) {
                    DomainManagementLogger.SECURITY_LOGGER.tracef("No groups found for identity '%s' in properties file.", this.principal.getName());
                    return AuthorizationIdentity.EMPTY;
                }
                String[] split = this.groups.split(",");
                HashSet hashSet = new HashSet(split.length);
                for (String str : split) {
                    String trim = str.trim();
                    if (trim.length() > 0) {
                        DomainManagementLogger.SECURITY_LOGGER.tracef("Adding group '%s' for identity '%s'.", trim, this.principal.getName());
                        hashSet.add(trim);
                    }
                }
                HashMap hashMap = new HashMap();
                hashMap.put("GROUPS", Collections.unmodifiableSet(hashSet));
                return AuthorizationIdentity.basicIdentity(new MapAttributes((Map<String, ? extends Collection<String>>) Collections.unmodifiableMap(hashMap)));
            }
        }

        private SecurityRealmImpl() {
        }

        @Override // org.wildfly.security.auth.server.SecurityRealm
        public RealmIdentity getRealmIdentity(Principal principal) throws RealmUnavailableException {
            try {
                return new RealmIdentityImpl(principal, PropertiesSubjectSupplemental.this.getProperties().getProperty(principal.getName(), "").trim());
            } catch (IOException e) {
                throw new RealmUnavailableException(e);
            }
        }

        @Override // org.wildfly.security.auth.server.SecurityRealm
        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str) throws RealmUnavailableException {
            return SupportLevel.UNSUPPORTED;
        }

        @Override // org.wildfly.security.auth.server.SecurityRealm
        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
            return SupportLevel.UNSUPPORTED;
        }

        @Override // org.wildfly.security.auth.server.SecurityRealm
        public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
            return SupportLevel.UNSUPPORTED;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/wildfly-domain-management-10.0.3.Final.jar:org/jboss/as/domain/management/security/PropertiesSubjectSupplemental$ServiceUtil.class */
    public static final class ServiceUtil {
        private ServiceUtil() {
        }

        public static ServiceName createServiceName(String str) {
            return SecurityRealm.ServiceUtil.createServiceName(str).append(PropertiesSubjectSupplemental.SERVICE_SUFFIX);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PropertiesSubjectSupplemental(Consumer<SubjectSupplementalService> consumer, Supplier<PathManager> supplier, String str, String str2, String str3) {
        super(supplier, str2, str3);
        this.subjectSupplementalServiceConsumer = consumer;
        this.realmName = str;
    }

    @Override // org.jboss.as.domain.management.security.PropertiesFileLoader, org.jboss.msc.Service
    public void start(StartContext startContext) throws StartException {
        super.start(startContext);
        this.subjectSupplementalServiceConsumer.accept(this);
    }

    @Override // org.jboss.as.domain.management.security.PropertiesFileLoader, org.jboss.msc.Service
    public void stop(StopContext stopContext) {
        this.subjectSupplementalServiceConsumer.accept(null);
        super.stop(stopContext);
    }

    @Override // org.jboss.as.domain.management.security.SubjectSupplementalService
    public SubjectSupplemental getSubjectSupplemental(Map<String, Object> map) {
        return this;
    }

    @Override // org.jboss.as.domain.management.security.SubjectSupplementalService
    public org.wildfly.security.auth.server.SecurityRealm getElytronSecurityRealm() {
        return new SecurityRealmImpl();
    }

    @Override // org.jboss.as.domain.management.security.SubjectSupplemental
    public void supplementSubject(Subject subject) throws IOException {
        Set principals = subject.getPrincipals(RealmUser.class);
        Set<Principal> principals2 = subject.getPrincipals();
        Properties properties = getProperties();
        Iterator it = principals.iterator();
        while (it.hasNext()) {
            principals2.addAll(loadGroups(properties, (RealmUser) it.next()));
        }
    }

    private Set<RealmGroup> loadGroups(Properties properties, RealmUser realmUser) {
        Set<RealmGroup> emptySet;
        String trim = properties.getProperty(realmUser.getName(), "").trim();
        if (trim.length() > 0) {
            String[] split = trim.split(",");
            emptySet = new HashSet(split.length);
            for (String str : split) {
                String trim2 = str.trim();
                if (trim2.length() > 0) {
                    RealmGroup realmGroup = new RealmGroup(this.realmName, trim2);
                    DomainManagementLogger.SECURITY_LOGGER.tracef("Adding group '%s' for user '%s'.", realmGroup, realmUser);
                    emptySet.add(realmGroup);
                }
            }
        } else {
            DomainManagementLogger.SECURITY_LOGGER.tracef("No groups found for user '%s' in properties file.", realmUser);
            emptySet = Collections.emptySet();
        }
        return emptySet;
    }
}
