package org.infinispan.server.configuration.security;

import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.ietf.jgss.Oid;
import org.infinispan.commons.CacheConfigurationException;
import org.infinispan.commons.configuration.Builder;
import org.infinispan.commons.configuration.attributes.AttributeSet;
import org.infinispan.configuration.parsing.ParseUtils;
import org.wildfly.common.Assert;
import org.wildfly.security.SecurityFactory;
import org.wildfly.security.asn1.OidsUtil;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.server._private.ElytronMessages;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.mechanism.gssapi.GSSCredentialSecurityFactory;

/* loaded from: input_file:org/infinispan/server/configuration/security/KerberosSecurityFactoryConfigurationBuilder.class */
public class KerberosSecurityFactoryConfigurationBuilder implements Builder<KerberosSecurityFactoryConfiguration> {
    private final AttributeSet attributes = KerberosSecurityFactoryConfiguration.attributeDefinitionSet();
    private final RealmConfigurationBuilder realmBuilder;
    private CredentialSource credentialSource;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KerberosSecurityFactoryConfigurationBuilder(RealmConfigurationBuilder realmConfigurationBuilder) {
        this.realmBuilder = realmConfigurationBuilder;
    }

    public KerberosSecurityFactoryConfigurationBuilder principal(String str) {
        this.attributes.attribute(KerberosSecurityFactoryConfiguration.PRINCIPAL).set(str);
        return this;
    }

    public KerberosSecurityFactoryConfigurationBuilder keyTabPath(String str) {
        this.attributes.attribute(KerberosSecurityFactoryConfiguration.KEYTAB_PATH).set(str);
        return this;
    }

    public KerberosSecurityFactoryConfigurationBuilder relativeTo(String str) {
        this.attributes.attribute(FileSystemRealmConfiguration.RELATIVE_TO).set(str);
        return this;
    }

    public KerberosSecurityFactoryConfigurationBuilder addOption(String str, String str2) {
        ((Map) this.attributes.attribute(KerberosSecurityFactoryConfiguration.OPTIONS).get()).put(str, str2);
        return this;
    }

    public KerberosSecurityFactoryConfigurationBuilder failCache(long j) {
        this.attributes.attribute(KerberosSecurityFactoryConfiguration.FAIL_CACHE).set(Long.valueOf(j));
        return this;
    }

    public KerberosSecurityFactoryConfigurationBuilder minimumRemainingLifetime(int i) {
        this.attributes.attribute(KerberosSecurityFactoryConfiguration.MINIMUM_REMAINING_LIFETIME).set(Integer.valueOf(i));
        return this;
    }

    public KerberosSecurityFactoryConfigurationBuilder requestLifetime(int i) {
        this.attributes.attribute(KerberosSecurityFactoryConfiguration.REQUEST_LIFETIME).set(Integer.valueOf(i));
        return this;
    }

    public KerberosSecurityFactoryConfigurationBuilder server(boolean z) {
        this.attributes.attribute(KerberosSecurityFactoryConfiguration.SERVER).set(Boolean.valueOf(z));
        return this;
    }

    public KerberosSecurityFactoryConfigurationBuilder checkKeyTab(boolean z) {
        this.attributes.attribute(KerberosSecurityFactoryConfiguration.REQUIRED).set(Boolean.valueOf(z));
        return this;
    }

    public KerberosSecurityFactoryConfigurationBuilder obtainKerberosTicket(boolean z) {
        this.attributes.attribute(KerberosSecurityFactoryConfiguration.OBTAIN_KERBEROS_TICKET).set(Boolean.valueOf(z));
        return this;
    }

    public KerberosSecurityFactoryConfigurationBuilder debug(boolean z) {
        this.attributes.attribute(KerberosSecurityFactoryConfiguration.DEBUG).set(Boolean.valueOf(z));
        return this;
    }

    public KerberosSecurityFactoryConfigurationBuilder wrapGssCredential(boolean z) {
        this.attributes.attribute(KerberosSecurityFactoryConfiguration.WRAP_GSS_CREDENTIAL).set(Boolean.valueOf(z));
        return this;
    }

    public KerberosSecurityFactoryConfigurationBuilder addMechanismName(String str) {
        ((Set) this.attributes.attribute(KerberosSecurityFactoryConfiguration.MECHANISM_NAMES).get()).add(str);
        return this;
    }

    public KerberosSecurityFactoryConfigurationBuilder addMechanismOid(String str) {
        ((Set) this.attributes.attribute(KerberosSecurityFactoryConfiguration.MECHANISM_OIDS).get()).add(str);
        return this;
    }

    public void validate() {
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public KerberosSecurityFactoryConfiguration m55create() {
        return new KerberosSecurityFactoryConfiguration(this.attributes.protect(), build());
    }

    public KerberosSecurityFactoryConfigurationBuilder read(KerberosSecurityFactoryConfiguration kerberosSecurityFactoryConfiguration) {
        this.attributes.read(kerberosSecurityFactoryConfiguration.attributes());
        return this;
    }

    public CredentialSource build() {
        if (this.credentialSource == null) {
            File file = new File(ParseUtils.resolvePath((String) this.attributes.attribute(KerberosSecurityFactoryConfiguration.KEYTAB_PATH).get(), (String) this.attributes.attribute(FileSystemRealmConfiguration.RELATIVE_TO).get()));
            GSSCredentialSecurityFactory.Builder builder = GSSCredentialSecurityFactory.builder();
            builder.setKeyTab(file).setPrincipal((String) this.attributes.attribute(KerberosSecurityFactoryConfiguration.PRINCIPAL).get()).setCheckKeyTab(((Boolean) this.attributes.attribute(KerberosSecurityFactoryConfiguration.REQUIRED).get()).booleanValue()).setDebug(((Boolean) this.attributes.attribute(KerberosSecurityFactoryConfiguration.DEBUG).get()).booleanValue()).setIsServer(((Boolean) this.attributes.attribute(KerberosSecurityFactoryConfiguration.SERVER).get()).booleanValue()).setObtainKerberosTicket(((Boolean) this.attributes.attribute(KerberosSecurityFactoryConfiguration.OBTAIN_KERBEROS_TICKET).get()).booleanValue()).setWrapGssCredential(((Boolean) this.attributes.attribute(KerberosSecurityFactoryConfiguration.WRAP_GSS_CREDENTIAL).get()).booleanValue()).setOptions((Map) this.attributes.attribute(KerberosSecurityFactoryConfiguration.OPTIONS).get()).setFailCache(((Long) this.attributes.attribute(KerberosSecurityFactoryConfiguration.FAIL_CACHE).get()).longValue()).setRequestLifetime(((Integer) this.attributes.attribute(KerberosSecurityFactoryConfiguration.REQUEST_LIFETIME).get()).intValue()).setMinimumRemainingLifetime(((Integer) this.attributes.attribute(KerberosSecurityFactoryConfiguration.MINIMUM_REMAINING_LIFETIME).get()).intValue());
            try {
                Iterator it = ((Set) this.attributes.attribute(KerberosSecurityFactoryConfiguration.MECHANISM_NAMES).get()).iterator();
                while (it.hasNext()) {
                    builder.addMechanismOid(new Oid(OidsUtil.attributeNameToOid(OidsUtil.Category.GSS, (String) it.next())));
                }
                Iterator it2 = ((Set) this.attributes.attribute(KerberosSecurityFactoryConfiguration.MECHANISM_OIDS).get()).iterator();
                while (it2.hasNext()) {
                    builder.addMechanismOid(new Oid((String) it2.next()));
                }
                this.credentialSource = fromSecurityFactory(builder.build());
            } catch (Exception e) {
                throw new CacheConfigurationException(e);
            }
        }
        return this.credentialSource;
    }

    CredentialSource fromSecurityFactory(final SecurityFactory<? extends Credential> securityFactory) {
        Assert.checkNotNullParam("credentialFactory", securityFactory);
        return new CredentialSource() { // from class: org.infinispan.server.configuration.security.KerberosSecurityFactoryConfigurationBuilder.1
            public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
                return SupportLevel.POSSIBLY_SUPPORTED;
            }

            public <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
                try {
                    Credential credential = (Credential) securityFactory.create();
                    if (credential.matches(cls, str, algorithmParameterSpec)) {
                        return cls.cast(credential);
                    }
                    return null;
                } catch (GeneralSecurityException e) {
                    throw ElytronMessages.log.cannotObtainCredentialFromFactory(e);
                }
            }
        };
    }
}
