package io.streamthoughts.azkarra.http.security;

import io.streamthoughts.azkarra.http.security.auth.Authentication;
import io.streamthoughts.azkarra.http.security.auth.AuthenticationContext;
import io.streamthoughts.azkarra.http.security.auth.AuthenticationContextHolder;
import io.streamthoughts.azkarra.http.security.auth.Authenticator;
import io.streamthoughts.azkarra.http.security.auth.BasicUserPrincipal;
import io.streamthoughts.azkarra.http.security.auth.Credentials;
import io.streamthoughts.azkarra.http.security.auth.PlainPasswordCredentials;
import io.streamthoughts.azkarra.http.security.auth.X509CertificateCredentials;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import io.undertow.security.idm.IdentityManager;
import io.undertow.security.idm.PasswordCredential;
import io.undertow.security.idm.X509CertificateCredential;
import java.security.Principal;
import java.security.cert.X509Certificate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/streamthoughts/azkarra/http/security/AzkarraIdentityManager.class */
public class AzkarraIdentityManager implements IdentityManager {
    private static final Logger LOG = LoggerFactory.getLogger(AzkarraIdentityManager.class);
    private final Authenticator authenticator;

    public AzkarraIdentityManager(Authenticator authenticator) {
        this.authenticator = authenticator;
    }

    public Account verify(Account account) {
        return account;
    }

    public Account verify(String str, Credential credential) {
        return verifyCredential(str, credential);
    }

    public Account verify(Credential credential) {
        return verifyCredential(null, credential);
    }

    private Account verifyCredential(String str, Credential credential) {
        AuthenticationContext authenticationContext = AuthenticationContextHolder.getAuthenticationContext();
        if (isPasswordCredential(credential)) {
            return authenticate(authenticationContext, new BasicUserPrincipal(str), new PlainPasswordCredentials(String.valueOf(((PasswordCredential) credential).getPassword())));
        }
        if (isX509CertificateCredential(credential)) {
            X509Certificate certificate = ((X509CertificateCredential) credential).getCertificate();
            return authenticate(authenticationContext, certificate.getSubjectX500Principal(), new X509CertificateCredentials(certificate));
        }
        LOG.error("Cannot verify authentication for credential type '" + credential.getClass().getName() + "'");
        return null;
    }

    private Account authenticate(AuthenticationContext authenticationContext, Principal principal, Credentials credentials) {
        Authentication authenticate = this.authenticator.authenticate(principal, credentials);
        authenticationContext.setAuthentication(authenticate);
        if (authenticate.isAuthenticated()) {
            return new AzkarraAccount(authenticate.getPrincipal(), authenticate.getCredentials(), authenticate.getUserDetails());
        }
        return null;
    }

    private static boolean isX509CertificateCredential(Credential credential) {
        return credential instanceof X509CertificateCredential;
    }

    private static boolean isPasswordCredential(Credential credential) {
        return credential instanceof PasswordCredential;
    }
}
