package org.jboss.as.domain.management.security;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import org.jboss.as.domain.management.AuthMechanism;
import org.jboss.as.domain.management.DomainManagementLogger;
import org.jboss.as.domain.management.DomainManagementMessages;
import org.jboss.as.domain.management.RealmConfigurationConstants;
import org.jboss.as.domain.management.SecurityRealm;
import org.jboss.as.domain.management.plugin.AuthenticationPlugIn;
import org.jboss.as.domain.management.plugin.Credential;
import org.jboss.as.domain.management.plugin.DigestCredential;
import org.jboss.as.domain.management.plugin.Identity;
import org.jboss.as.domain.management.plugin.PlugInConfigurationSupport;
import org.jboss.as.domain.management.plugin.ValidatePasswordCredential;
import org.jboss.msc.service.Service;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.jboss.msc.value.InjectedValue;
import org.jboss.sasl.callback.DigestHashCallback;
import org.jboss.sasl.callback.VerifyPasswordCallback;
import org.jboss.sasl.util.UsernamePasswordHashUtil;

/* loaded from: input_file:org/jboss/as/domain/management/security/PlugInAuthenticationCallbackHandler.class */
public class PlugInAuthenticationCallbackHandler extends AbstractPlugInService implements Service<CallbackHandlerService>, CallbackHandlerService {
    private static final String SERVICE_SUFFIX = "plug-in-authentication";
    private static UsernamePasswordHashUtil hashUtil = null;
    private final AuthMechanism mechanism;

    /* loaded from: input_file:org/jboss/as/domain/management/security/PlugInAuthenticationCallbackHandler$ServiceUtil.class */
    public static final class ServiceUtil {
        private ServiceUtil() {
        }

        public static ServiceName createServiceName(String str) {
            return SecurityRealm.ServiceUtil.createServiceName(str).append(new String[]{PlugInAuthenticationCallbackHandler.SERVICE_SUFFIX});
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PlugInAuthenticationCallbackHandler(String str, String str2, Map<String, String> map, AuthMechanism authMechanism) {
        super(str, str2, map);
        this.mechanism = authMechanism;
    }

    /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
    public CallbackHandlerService m85getValue() throws IllegalStateException, IllegalArgumentException {
        return this;
    }

    private static UsernamePasswordHashUtil getHashUtil() {
        if (hashUtil == null) {
            try {
                hashUtil = new UsernamePasswordHashUtil();
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalStateException(e);
            }
        }
        return hashUtil;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public AuthMechanism getPreferredMechanism() {
        return this.mechanism;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public Set<AuthMechanism> getSupplementaryMechanisms() {
        return Collections.emptySet();
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public Map<String, String> getConfigurationOptions() {
        return this.mechanism == AuthMechanism.DIGEST ? Collections.singletonMap(RealmConfigurationConstants.DIGEST_PLAIN_TEXT, Boolean.FALSE.toString()) : Collections.singletonMap(RealmConfigurationConstants.VERIFY_PASSWORD_CALLBACK_SUPPORTED, Boolean.TRUE.toString());
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public boolean isReady() {
        return true;
    }

    @Override // org.jboss.as.domain.management.security.CallbackHandlerService
    public CallbackHandler getCallbackHandler(Map<String, Object> map) {
        String plugInName = getPlugInName();
        final AuthenticationPlugIn<Credential> loadAuthenticationPlugIn = getPlugInLoader().loadAuthenticationPlugIn(plugInName);
        if (loadAuthenticationPlugIn instanceof PlugInConfigurationSupport) {
            try {
                ((PlugInConfigurationSupport) loadAuthenticationPlugIn).init(getConfiguration(), map);
            } catch (IOException e) {
                throw DomainManagementMessages.MESSAGES.unableToInitialisePlugIn(plugInName, e.getMessage());
            }
        }
        return new CallbackHandler() { // from class: org.jboss.as.domain.management.security.PlugInAuthenticationCallbackHandler.1
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                String generateHashedHexURP;
                String generateHashedHexURP2;
                String realmName = PlugInAuthenticationCallbackHandler.this.getRealmName();
                LinkedList<VerifyPasswordCallback> linkedList = new LinkedList();
                String str = null;
                Object obj = null;
                for (Callback callback : callbackArr) {
                    if (callback instanceof AuthorizeCallback) {
                        linkedList.add(callback);
                    } else if (callback instanceof NameCallback) {
                        str = ((NameCallback) callback).getDefaultName();
                        Identity loadIdentity = loadAuthenticationPlugIn.loadIdentity(str, realmName);
                        if (loadIdentity != null) {
                            obj = loadIdentity.getCredential();
                        }
                    } else if (callback instanceof PasswordCallback) {
                        linkedList.add(callback);
                    } else if (callback instanceof DigestHashCallback) {
                        linkedList.add(callback);
                    } else if (callback instanceof VerifyPasswordCallback) {
                        linkedList.add(callback);
                    } else {
                        if (!(callback instanceof RealmCallback)) {
                            throw new UnsupportedCallbackException(callback);
                        }
                        String defaultText = ((RealmCallback) callback).getDefaultText();
                        if (!realmName.equals(defaultText)) {
                            throw DomainManagementMessages.MESSAGES.invalidRealm(defaultText, realmName);
                        }
                    }
                }
                for (VerifyPasswordCallback verifyPasswordCallback : linkedList) {
                    if (verifyPasswordCallback instanceof AuthorizeCallback) {
                        AuthorizeCallback authorizeCallback = (AuthorizeCallback) verifyPasswordCallback;
                        boolean equals = authorizeCallback.getAuthenticationID().equals(authorizeCallback.getAuthorizationID());
                        if (!equals) {
                            DomainManagementLogger.SECURITY_LOGGER.tracef("Checking 'AuthorizeCallback', authorized=false, authenticationID=%s, authorizationID=%s.", authorizeCallback.getAuthenticationID(), authorizeCallback.getAuthorizationID());
                        }
                        authorizeCallback.setAuthorized(equals);
                    } else if (verifyPasswordCallback instanceof PasswordCallback) {
                        if (obj == null) {
                            DomainManagementLogger.SECURITY_LOGGER.tracef("User '%s' not found.", str);
                            throw new UserNotFoundException(str);
                        }
                        if (!(obj instanceof org.jboss.as.domain.management.plugin.PasswordCredential)) {
                            throw new UnsupportedCallbackException(verifyPasswordCallback);
                        }
                        ((PasswordCallback) verifyPasswordCallback).setPassword(((org.jboss.as.domain.management.plugin.PasswordCredential) obj).getPassword());
                    } else if (verifyPasswordCallback instanceof DigestHashCallback) {
                        if (obj == null) {
                            DomainManagementLogger.SECURITY_LOGGER.tracef("User '%s' not found.", str);
                            throw new UserNotFoundException(str);
                        }
                        if (obj instanceof DigestCredential) {
                            ((DigestHashCallback) verifyPasswordCallback).setHexHash(((DigestCredential) obj).getHash());
                        } else {
                            if (!(obj instanceof org.jboss.as.domain.management.plugin.PasswordCredential)) {
                                throw new UnsupportedCallbackException(verifyPasswordCallback);
                            }
                            UsernamePasswordHashUtil access$000 = PlugInAuthenticationCallbackHandler.access$000();
                            synchronized (access$000) {
                                generateHashedHexURP = access$000.generateHashedHexURP(str, realmName, ((org.jboss.as.domain.management.plugin.PasswordCredential) obj).getPassword());
                            }
                            ((DigestHashCallback) verifyPasswordCallback).setHexHash(generateHashedHexURP);
                        }
                    } else if (!(verifyPasswordCallback instanceof VerifyPasswordCallback)) {
                        continue;
                    } else {
                        if (obj == null) {
                            DomainManagementLogger.SECURITY_LOGGER.tracef("User '%s' not found.", str);
                            throw new UserNotFoundException(str);
                        }
                        VerifyPasswordCallback verifyPasswordCallback2 = verifyPasswordCallback;
                        if (obj instanceof org.jboss.as.domain.management.plugin.PasswordCredential) {
                            boolean equals2 = Arrays.equals(((org.jboss.as.domain.management.plugin.PasswordCredential) obj).getPassword(), verifyPasswordCallback2.getPassword().toCharArray());
                            if (!equals2) {
                                DomainManagementLogger.SECURITY_LOGGER.tracef("Password verification failed for user '%s'", str);
                            }
                            verifyPasswordCallback2.setVerified(equals2);
                        } else if (obj instanceof DigestCredential) {
                            UsernamePasswordHashUtil access$0002 = PlugInAuthenticationCallbackHandler.access$000();
                            synchronized (access$0002) {
                                generateHashedHexURP2 = access$0002.generateHashedHexURP(str, realmName, verifyPasswordCallback2.getPassword().toCharArray());
                            }
                            boolean equals3 = ((DigestCredential) obj).getHash().equals(generateHashedHexURP2);
                            if (!equals3) {
                                DomainManagementLogger.SECURITY_LOGGER.tracef("Digest verification failed for user '%s'", str);
                            }
                            verifyPasswordCallback2.setVerified(equals3);
                        } else if (obj instanceof ValidatePasswordCredential) {
                            boolean validatePassword = ((ValidatePasswordCredential) obj).validatePassword(verifyPasswordCallback2.getPassword().toCharArray());
                            if (!validatePassword) {
                                DomainManagementLogger.SECURITY_LOGGER.tracef("Delegated verification failed for user '%s'", str);
                            }
                            verifyPasswordCallback2.setVerified(validatePassword);
                        }
                    }
                }
            }
        };
    }

    @Override // org.jboss.as.domain.management.security.AbstractPlugInService
    public /* bridge */ /* synthetic */ void stop(StopContext stopContext) {
        super.stop(stopContext);
    }

    @Override // org.jboss.as.domain.management.security.AbstractPlugInService
    public /* bridge */ /* synthetic */ void start(StartContext startContext) throws StartException {
        super.start(startContext);
    }

    @Override // org.jboss.as.domain.management.security.AbstractPlugInService
    public /* bridge */ /* synthetic */ InjectedValue getPlugInLoaderServiceValue() {
        return super.getPlugInLoaderServiceValue();
    }

    static /* synthetic */ UsernamePasswordHashUtil access$000() {
        return getHashUtil();
    }
}
