package org.infinispan.server.core.security.simple;

import java.io.IOException;
import java.security.Principal;
import java.security.Provider;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.x500.X500Principal;
import javax.security.sasl.AuthenticationException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.RealmChoiceCallback;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.security.sasl.SaslServerFactory;
import org.infinispan.commons.util.SaslUtils;
import org.infinispan.server.core.security.SubjectUserInfo;
import org.infinispan.server.core.security.external.ExternalSaslServerFactory;
import org.infinispan.server.core.security.sasl.AuthorizingCallbackHandler;
import org.infinispan.server.core.security.sasl.SaslAuthenticator;
import org.infinispan.server.core.security.sasl.SubjectSaslServer;

/* loaded from: input_file:org/infinispan/server/core/security/simple/SimpleSaslAuthenticator.class */
public final class SimpleSaslAuthenticator implements SaslAuthenticator {
    private final Map<String, Map<String, Entry>> map = new HashMap();

    /* loaded from: input_file:org/infinispan/server/core/security/simple/SimpleSaslAuthenticator$Entry.class */
    private static final class Entry {
        private final String userName;
        private final String userRealm;
        private final char[] password;
        private final String[] groups;

        private Entry(String str, String str2, char[] cArr, String[] strArr) {
            this.userName = str;
            this.userRealm = str2;
            this.password = cArr;
            this.groups = strArr;
        }

        String getUserName() {
            return this.userName;
        }

        String getUserRealm() {
            return this.userRealm;
        }

        char[] getPassword() {
            return this.password;
        }

        String[] getGroups() {
            return this.groups;
        }
    }

    public SaslServer createSaslServer(String str, List<Principal> list, String str2, String str3, Map<String, String> map) throws SaslException {
        SaslServer createSaslServer;
        AuthorizingCallbackHandler callbackHandler = getCallbackHandler();
        if ("EXTERNAL".equals(str)) {
            for (Principal principal : list) {
                if (principal instanceof X500Principal) {
                    return new SubjectSaslServer(new ExternalSaslServerFactory((X500Principal) principal).createSaslServer(str, str2, str3, map, callbackHandler), list, callbackHandler);
                }
            }
            throw new IllegalStateException("EXTERNAL mech requires X500Principal");
        }
        for (SaslServerFactory saslServerFactory : SaslUtils.getSaslServerFactories(getClass().getClassLoader(), (Provider[]) null, true)) {
            if (saslServerFactory != null && (createSaslServer = saslServerFactory.createSaslServer(str, str2, str3, map, callbackHandler)) != null) {
                return new SubjectSaslServer(createSaslServer, list, callbackHandler);
            }
        }
        return null;
    }

    private AuthorizingCallbackHandler getCallbackHandler() {
        return new AuthorizingCallbackHandler() { // from class: org.infinispan.server.core.security.simple.SimpleSaslAuthenticator.1
            final Subject subject = new Subject();
            Principal userPrincipal;

            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                String str = null;
                String str2 = null;
                for (Callback callback : callbackArr) {
                    if (callback instanceof NameCallback) {
                        NameCallback nameCallback = (NameCallback) callback;
                        str = nameCallback.getDefaultName().toLowerCase().trim();
                        nameCallback.setName(str);
                        this.userPrincipal = new SimpleUserPrincipal(str);
                        this.subject.getPrincipals().add(this.userPrincipal);
                    } else if (callback instanceof RealmCallback) {
                        RealmCallback realmCallback = (RealmCallback) callback;
                        String defaultText = realmCallback.getDefaultText();
                        if (defaultText != null) {
                            str2 = defaultText.toLowerCase().trim();
                            realmCallback.setText(str2);
                        }
                    } else if (callback instanceof RealmChoiceCallback) {
                        RealmChoiceCallback realmChoiceCallback = (RealmChoiceCallback) callback;
                        realmChoiceCallback.setSelectedIndex(realmChoiceCallback.getDefaultChoice());
                    } else if (callback instanceof PasswordCallback) {
                        PasswordCallback passwordCallback = (PasswordCallback) callback;
                        if (str2 == null) {
                            synchronized (SimpleSaslAuthenticator.this.map) {
                                Iterator<Map<String, Entry>> it = SimpleSaslAuthenticator.this.map.values().iterator();
                                while (true) {
                                    if (!it.hasNext()) {
                                        break;
                                    }
                                    Map<String, Entry> next = it.next();
                                    if (next.containsKey(str)) {
                                        r14 = next.get(str);
                                        break;
                                    }
                                }
                            }
                        } else {
                            synchronized (SimpleSaslAuthenticator.this.map) {
                                Map<String, Entry> map = SimpleSaslAuthenticator.this.map.get(str2);
                                r14 = map != null ? map.get(str) : null;
                            }
                        }
                        if (r14 == null) {
                            throw new AuthenticationException("No matching user found");
                        }
                        for (String str3 : r14.getGroups()) {
                            this.subject.getPrincipals().add(new SimpleGroupPrincipal(str3));
                        }
                        passwordCallback.setPassword(r14.getPassword());
                    } else {
                        if (!(callback instanceof AuthorizeCallback)) {
                            throw new UnsupportedCallbackException(callback, "Callback not supported: " + String.valueOf(callback));
                        }
                        AuthorizeCallback authorizeCallback = (AuthorizeCallback) callback;
                        authorizeCallback.setAuthorized(authorizeCallback.getAuthenticationID().equals(authorizeCallback.getAuthorizationID()));
                    }
                }
            }

            public SubjectUserInfo getSubjectUserInfo(Collection<Principal> collection) {
                if (collection != null) {
                    this.subject.getPrincipals().addAll(collection);
                }
                return this.userPrincipal != null ? new SimpleSubjectUserInfo(this.userPrincipal.getName(), this.subject) : new SimpleSubjectUserInfo(this.subject);
            }
        };
    }

    public void addUser(String str, String str2, char[] cArr, String... strArr) {
        if (str == null) {
            throw new IllegalArgumentException("userName is null");
        }
        if (str2 == null) {
            throw new IllegalArgumentException("userRealm is null");
        }
        if (cArr == null) {
            throw new IllegalArgumentException("password is null");
        }
        String trim = str2.toLowerCase().trim();
        String trim2 = str.toLowerCase().trim();
        synchronized (this.map) {
            this.map.computeIfAbsent(trim, str3 -> {
                return new HashMap();
            }).put(trim2, new Entry(trim2, trim, cArr, strArr != null ? strArr : new String[0]));
        }
    }
}
