package org.wildfly.security.sasl.test;

import java.io.Closeable;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.security.Permissions;
import java.security.Provider;
import java.security.spec.KeySpec;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.concurrent.ScheduledExecutorService;
import java.util.function.Supplier;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
import org.junit.Assert;
import org.wildfly.security.auth.permission.LoginPermission;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.realm.FileSystemSecurityRealm;
import org.wildfly.security.auth.realm.SimpleMapBackedSecurityRealm;
import org.wildfly.security.auth.realm.SimpleRealmEntry;
import org.wildfly.security.auth.server.MechanismConfiguration;
import org.wildfly.security.auth.server.MechanismConfigurationSelector;
import org.wildfly.security.auth.server.MechanismRealmConfiguration;
import org.wildfly.security.auth.server.ModifiableRealmIdentity;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.auth.server.sasl.SaslAuthenticationFactory;
import org.wildfly.security.authz.Attributes;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.permission.PermissionVerifier;
import org.wildfly.security.sasl.util.AvailableRealmsSaslServerFactory;
import org.wildfly.security.sasl.util.ChannelBindingSaslServerFactory;
import org.wildfly.security.sasl.util.CredentialSaslServerFactory;
import org.wildfly.security.sasl.util.KeyManagerCredentialSaslServerFactory;
import org.wildfly.security.sasl.util.PropertiesSaslServerFactory;
import org.wildfly.security.sasl.util.ProtocolSaslServerFactory;
import org.wildfly.security.sasl.util.SecurityProviderSaslServerFactory;
import org.wildfly.security.sasl.util.ServerNameSaslServerFactory;
import org.wildfly.security.sasl.util.TrustManagerSaslServerFactory;

/* loaded from: input_file:org/wildfly/security/sasl/test/SaslServerBuilder.class */
public class SaslServerBuilder {
    public static final String DEFAULT_REALM_NAME = "mainRealm";
    private final Class<? extends SaslServerFactory> serverFactoryClass;
    private final String mechanismName;
    private String username;
    private boolean modifiableRealm;
    private Map<String, SimpleRealmEntry> passwordMap;
    private Map<String, Object> properties;
    private Tuple<String, byte[]> bindingTypeAndData;
    private String protocol;
    private String serverName;
    private X509TrustManager trustManager;
    private X509KeyManager keyManager;
    private Credential credential;
    private boolean dontAssertBuiltServer;
    private SecurityDomain securityDomain;
    private BuilderReference<Closeable> closeableReference;
    private BuilderReference<SecurityDomain> securityDomainReference;
    private ScheduledExecutorService scheduledExecutorService;
    private Supplier<Provider[]> providerSupplier;
    private static Password NULL_PASSWORD = new Password() { // from class: org.wildfly.security.sasl.test.SaslServerBuilder.2
        public String getAlgorithm() {
            return null;
        }

        public String getFormat() {
            return null;
        }

        public byte[] getEncoded() {
            return new byte[0];
        }

        /* renamed from: clone, reason: merged with bridge method [inline-methods] */
        public Password m47clone() {
            return this;
        }
    };
    private Password password = NULL_PASSWORD;
    private String realmName = DEFAULT_REALM_NAME;
    private String defaultRealmName = this.realmName;
    private Map<String, Permissions> permissionsMap = null;
    private Map<String, SecurityRealm> realms = new HashMap();
    private Map<String, MechanismRealmConfiguration> mechanismRealms = new LinkedHashMap();

    /* loaded from: input_file:org/wildfly/security/sasl/test/SaslServerBuilder$BuilderReference.class */
    public static class BuilderReference<T> {
        private T ref;

        /* JADX INFO: Access modifiers changed from: private */
        public void setReference(T t) {
            this.ref = t;
        }

        public T getReference() {
            return this.ref;
        }
    }

    /* loaded from: input_file:org/wildfly/security/sasl/test/SaslServerBuilder$Tuple.class */
    private static class Tuple<K, V> {
        private final K key;
        private final V value;

        public Tuple(K k, V v) {
            this.key = k;
            this.value = v;
        }
    }

    public SaslServerBuilder(Class<? extends SaslServerFactory> cls, String str) {
        this.serverFactoryClass = cls;
        this.mechanismName = str;
    }

    public SaslServerBuilder copy(boolean z) {
        if (this.securityDomain == null && z) {
            throw new IllegalStateException("Can only copy a built server when keeping domain");
        }
        SaslServerBuilder saslServerBuilder = new SaslServerBuilder(this.serverFactoryClass, this.mechanismName);
        saslServerBuilder.username = this.username;
        saslServerBuilder.password = this.password;
        saslServerBuilder.realmName = this.realmName;
        saslServerBuilder.defaultRealmName = this.defaultRealmName;
        saslServerBuilder.modifiableRealm = this.modifiableRealm;
        if (this.permissionsMap != null) {
            saslServerBuilder.permissionsMap = new HashMap(this.permissionsMap);
        }
        if (this.properties != null) {
            saslServerBuilder.properties = new HashMap(this.properties);
        }
        saslServerBuilder.bindingTypeAndData = this.bindingTypeAndData;
        saslServerBuilder.protocol = this.protocol;
        saslServerBuilder.serverName = this.serverName;
        saslServerBuilder.dontAssertBuiltServer = this.dontAssertBuiltServer;
        if (z) {
            saslServerBuilder.securityDomain = this.securityDomain;
        }
        return saslServerBuilder;
    }

    public SaslServerBuilder setUserName(String str) {
        this.username = str;
        return this;
    }

    public SaslServerBuilder setPassword(char[] cArr) throws Exception {
        Assert.assertNotNull(cArr);
        setPassword("clear", new ClearPasswordSpec(cArr));
        return this;
    }

    public SaslServerBuilder setPassword(String str, KeySpec keySpec) throws Exception {
        Assert.assertNotNull(str);
        Assert.assertNotNull(this.password);
        return setPassword((this.providerSupplier != null ? PasswordFactory.getInstance(str, this.providerSupplier) : PasswordFactory.getInstance(str)).generatePassword(keySpec));
    }

    public SaslServerBuilder setPassword(Password password) {
        Assert.assertNotNull(this.password);
        this.password = password;
        return this;
    }

    public SaslServerBuilder setPasswordInstanceMap(Map<String, Password> map) {
        Assert.assertNotNull(map);
        this.passwordMap = new HashMap(map.size());
        map.forEach((str, password) -> {
            if (password == null) {
                password = NULL_PASSWORD;
            }
            this.passwordMap.put(str, new SimpleRealmEntry(Collections.singletonList(new PasswordCredential(password))));
        });
        return this;
    }

    public SaslServerBuilder setPasswordMap(Map<String, String> map) throws Exception {
        Assert.assertNotNull(map);
        this.passwordMap = new HashMap(map.size());
        map.forEach((str, str2) -> {
            Password generatePassword;
            if (str2 == null) {
                generatePassword = NULL_PASSWORD;
            } else {
                try {
                    generatePassword = PasswordFactory.getInstance("clear").generatePassword(new ClearPasswordSpec(str2.toCharArray()));
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
            Assert.assertNotNull(generatePassword);
            this.passwordMap.put(str, new SimpleRealmEntry(Collections.singletonList(new PasswordCredential(generatePassword))));
        });
        return this;
    }

    public SaslServerBuilder setRealmName(String str) {
        Assert.assertNotNull(str);
        this.realmName = str;
        return this;
    }

    public SaslServerBuilder setDefaultRealmName(String str) {
        this.defaultRealmName = str;
        return this;
    }

    public SaslServerBuilder setModifiableRealm() {
        this.modifiableRealm = true;
        return this;
    }

    public SaslServerBuilder setProperties(Map<String, Object> map) {
        Assert.assertNotNull(map);
        this.properties = map;
        return this;
    }

    public SaslServerBuilder setPermissionsMap(Map<String, Permissions> map) {
        Assert.assertNotNull(map);
        this.permissionsMap = new HashMap(map);
        return this;
    }

    public SaslServerBuilder setChannelBinding(String str, byte[] bArr) {
        Assert.assertNotNull(str);
        Assert.assertNotNull(bArr);
        this.bindingTypeAndData = new Tuple<>(str, bArr);
        return this;
    }

    public SaslServerBuilder setProtocol(String str) {
        this.protocol = str;
        return this;
    }

    public SaslServerBuilder setServerName(String str) {
        this.serverName = str;
        return this;
    }

    public SaslServerBuilder setTrustManager(X509TrustManager x509TrustManager) {
        this.trustManager = x509TrustManager;
        return this;
    }

    public SaslServerBuilder setKeyManager(X509KeyManager x509KeyManager) {
        this.keyManager = x509KeyManager;
        return this;
    }

    public SaslServerBuilder setCredential(Credential credential) {
        this.credential = credential;
        return this;
    }

    public SaslServerBuilder setScheduledExecutorService(ScheduledExecutorService scheduledExecutorService) {
        this.scheduledExecutorService = scheduledExecutorService;
        return this;
    }

    public SaslServerBuilder addRealm(String str, SecurityRealm securityRealm) {
        Assert.assertNotNull(str);
        Assert.assertNotNull(securityRealm);
        this.realms.put(str, securityRealm);
        return this;
    }

    public SaslServerBuilder addMechanismRealm(String str) {
        Assert.assertNotNull("realmName", str);
        MechanismRealmConfiguration.Builder builder = MechanismRealmConfiguration.builder();
        builder.setRealmName(str);
        this.mechanismRealms.put(str, builder.build());
        return this;
    }

    public SaslServerBuilder setDontAssertBuiltServer() {
        this.dontAssertBuiltServer = true;
        return this;
    }

    public SaslServerBuilder registerCloseableReference(BuilderReference<Closeable> builderReference) {
        this.closeableReference = builderReference;
        return this;
    }

    public SaslServerBuilder registerSecurityDomainReference(BuilderReference<SecurityDomain> builderReference) {
        this.securityDomainReference = builderReference;
        return this;
    }

    public SaslServerBuilder setProviderSupplier(Supplier<Provider[]> supplier) {
        Assert.assertNotNull("providerSupplier", supplier);
        this.providerSupplier = supplier;
        return this;
    }

    public SaslServer build() throws IOException {
        if (this.securityDomain == null) {
            this.securityDomain = createSecurityDomain();
        }
        if (this.securityDomainReference != null) {
            this.securityDomainReference.setReference(this.securityDomain);
        }
        SecurityProviderSaslServerFactory obtainSaslServerFactory = SaslTestUtil.obtainSaslServerFactory(this.serverFactoryClass);
        if (obtainSaslServerFactory == null && this.providerSupplier != null) {
            obtainSaslServerFactory = new SecurityProviderSaslServerFactory(this.providerSupplier);
        }
        if (this.properties != null && this.properties.size() > 0) {
            if (this.properties.containsKey("com.sun.security.sasl.digest.realm")) {
                obtainSaslServerFactory = new AvailableRealmsSaslServerFactory(obtainSaslServerFactory);
            }
            obtainSaslServerFactory = new PropertiesSaslServerFactory(obtainSaslServerFactory, this.properties);
        }
        if (this.bindingTypeAndData != null) {
            obtainSaslServerFactory = new ChannelBindingSaslServerFactory(obtainSaslServerFactory, (String) ((Tuple) this.bindingTypeAndData).key, (byte[]) ((Tuple) this.bindingTypeAndData).value);
        }
        if (this.protocol != null) {
            obtainSaslServerFactory = new ProtocolSaslServerFactory(obtainSaslServerFactory, this.protocol);
        }
        if (this.serverName != null) {
            obtainSaslServerFactory = new ServerNameSaslServerFactory(obtainSaslServerFactory, this.serverName);
        }
        if (this.trustManager != null) {
            obtainSaslServerFactory = new TrustManagerSaslServerFactory(obtainSaslServerFactory, this.trustManager);
        }
        if (this.keyManager != null) {
            obtainSaslServerFactory = new KeyManagerCredentialSaslServerFactory(obtainSaslServerFactory, this.keyManager);
        }
        if (this.credential != null) {
            obtainSaslServerFactory = new CredentialSaslServerFactory(obtainSaslServerFactory, this.credential);
        }
        SaslAuthenticationFactory.Builder builder = SaslAuthenticationFactory.builder();
        builder.setFactory(obtainSaslServerFactory);
        builder.setSecurityDomain(this.securityDomain);
        if (this.scheduledExecutorService != null) {
            builder.setScheduledExecutorService(this.scheduledExecutorService);
        }
        MechanismConfiguration.Builder builder2 = MechanismConfiguration.builder();
        Iterator<MechanismRealmConfiguration> it = this.mechanismRealms.values().iterator();
        while (it.hasNext()) {
            builder2.addMechanismRealm(it.next());
        }
        builder.setMechanismConfigurationSelector(MechanismConfigurationSelector.constantSelector(builder2.build()));
        SaslServer saslServer = (SaslServer) builder.build().createMechanism(this.mechanismName);
        if (!this.dontAssertBuiltServer) {
            Assert.assertNotNull(saslServer);
        }
        return saslServer;
    }

    private SecurityDomain createSecurityDomain() throws IOException {
        SecurityDomain.Builder builder = SecurityDomain.builder();
        if (this.modifiableRealm) {
            final Path normalize = Paths.get(".", "target", "test-domains", String.valueOf(System.currentTimeMillis())).normalize();
            Files.createDirectories(normalize, new FileAttribute[0]);
            SecurityRealm fileSystemSecurityRealm = new FileSystemSecurityRealm(normalize);
            this.realms.put(this.realmName, fileSystemSecurityRealm);
            this.realms.forEach((str, securityRealm) -> {
                builder.addRealm(str, securityRealm).build();
            });
            ModifiableRealmIdentity realmIdentityForUpdate = fileSystemSecurityRealm.getRealmIdentityForUpdate(new NamePrincipal(this.username));
            realmIdentityForUpdate.create();
            realmIdentityForUpdate.setCredentials(Collections.singletonList(new PasswordCredential(this.password)));
            realmIdentityForUpdate.dispose();
            if (this.closeableReference != null) {
                this.closeableReference.setReference(new Closeable() { // from class: org.wildfly.security.sasl.test.SaslServerBuilder.1
                    @Override // java.io.Closeable, java.lang.AutoCloseable
                    public void close() throws IOException {
                        delete(normalize.getParent().toFile());
                    }

                    private void delete(File file) {
                        if (file.isDirectory()) {
                            for (File file2 : file.listFiles()) {
                                delete(file2);
                            }
                        }
                        file.delete();
                    }
                });
            }
        } else {
            SimpleMapBackedSecurityRealm simpleMapBackedSecurityRealm = this.providerSupplier != null ? new SimpleMapBackedSecurityRealm(this.providerSupplier) : new SimpleMapBackedSecurityRealm();
            this.realms.put(this.realmName, simpleMapBackedSecurityRealm);
            this.realms.forEach((str2, securityRealm2) -> {
                builder.addRealm(str2, securityRealm2).build();
            });
            if (this.passwordMap != null) {
                simpleMapBackedSecurityRealm.setIdentityMap(this.passwordMap);
            } else if (this.username != null) {
                simpleMapBackedSecurityRealm.setIdentityMap(Collections.singletonMap(this.username, new SimpleRealmEntry(Collections.singletonList(new PasswordCredential(this.password)), Attributes.EMPTY)));
            }
        }
        builder.setDefaultRealmName(this.defaultRealmName);
        if (this.permissionsMap == null) {
            this.permissionsMap = new HashMap();
        }
        builder.setPermissionMapper((permissionMappable, roles) -> {
            PermissionVerifier from = PermissionVerifier.from(new LoginPermission());
            Permissions permissions = this.permissionsMap.get(permissionMappable.getPrincipal().toString());
            return permissions == null ? from : from.or(PermissionVerifier.from(permissions));
        });
        return builder.build();
    }
}
