package org.infinispan.server.core.security.sasl;

import io.netty.channel.Channel;
import io.netty.handler.ssl.SslHandler;
import java.net.InetSocketAddress;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.security.auth.Subject;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.infinispan.server.core.configuration.SaslConfiguration;
import org.infinispan.server.core.logging.Log;
import org.infinispan.server.core.security.InetAddressPrincipal;

/* loaded from: input_file:org/infinispan/server/core/security/sasl/SaslAuthenticator.class */
public interface SaslAuthenticator {
    default SaslServer createSaslServer(String str, List<Principal> list, String str2, String str3, Map<String, String> map) throws SaslException {
        throw new UnsupportedOperationException();
    }

    static SaslServer createSaslServer(SaslConfiguration saslConfiguration, Channel channel, String str, String str2) throws Throwable {
        return createSaslServer(saslConfiguration.authenticator(), saslConfiguration, channel, str, str2);
    }

    static SaslServer createSaslServer(SaslAuthenticator saslAuthenticator, SaslConfiguration saslConfiguration, Channel channel, String str, String str2) throws Throwable {
        ArrayList arrayList = new ArrayList(2);
        SslHandler sslHandler = channel.pipeline().get(SslHandler.class);
        if (sslHandler != null) {
            try {
                arrayList.add(sslHandler.engine().getSession().getPeerPrincipal());
            } catch (SSLPeerUnverifiedException e) {
                if ("EXTERNAL".equals(str)) {
                    throw Log.SECURITY.externalMechNotAllowedWithoutSSLClientCert();
                }
            }
        }
        arrayList.add(new InetAddressPrincipal(((InetSocketAddress) channel.remoteAddress()).getAddress()));
        if (saslConfiguration == null || saslConfiguration.serverSubject() == null) {
            return saslAuthenticator.createSaslServer(str, arrayList, str2, saslConfiguration != null ? saslConfiguration.serverName() : null, saslConfiguration != null ? saslConfiguration.mechProperties() : null);
        }
        try {
            return (SaslServer) Subject.doAs(saslConfiguration.serverSubject(), () -> {
                return saslAuthenticator.createSaslServer(str, (List<Principal>) arrayList, str2, saslConfiguration.serverName(), saslConfiguration.mechProperties());
            });
        } catch (PrivilegedActionException e2) {
            throw e2.getCause();
        }
    }
}
