package org.soulwing.jwt.extension.jaas;

import java.security.AccessController;
import java.security.Principal;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.jboss.as.core.security.RealmRole;
import org.jboss.as.core.security.RealmUser;
import org.jboss.as.domain.management.AuthMechanism;
import org.jboss.as.domain.management.AuthorizingCallbackHandler;
import org.jboss.as.domain.management.SecurityRealm;
import org.jboss.as.server.CurrentServiceContainer;
import org.jboss.msc.service.ServiceContainer;
import org.jboss.msc.service.ServiceController;

/* loaded from: input_file:WEB-INF/lib/jwt-subsystem-1.1.0.jar:org/soulwing/jwt/extension/jaas/DelegatingJwtLoginModule.class */
public class DelegatingJwtLoginModule extends JwtLoginModule {
    public static final String REALM = "realm";
    public static final String DEFAULT_REALM = "ApplicationRealm";
    private String realmName;
    private SecurityRealm realm;
    private AuthorizingCallbackHandler authorizingCallbackHandler;

    @Override // org.soulwing.jwt.extension.jaas.JwtLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.realmName = (String) map2.get("realm");
        if (this.realmName == null) {
            this.realmName = DEFAULT_REALM;
        }
        ServiceController<?> service = serviceContainer().getService(SecurityRealm.ServiceUtil.createServiceName(this.realmName));
        if (service != null) {
            this.realm = (SecurityRealm) service.getValue();
        }
        if (this.realm == null) {
            throw new IllegalArgumentException("realm '" + this.realmName + "' not found");
        }
        Set supportedAuthenticationMechanisms = this.realm.getSupportedAuthenticationMechanisms();
        if (supportedAuthenticationMechanisms.isEmpty()) {
            throw new IllegalArgumentException("realm '" + this.realmName + "' does not support any authentication mechanisms");
        }
        AuthMechanism authMechanism = AuthMechanism.PLAIN;
        if (!supportedAuthenticationMechanisms.contains(authMechanism)) {
            authMechanism = (AuthMechanism) supportedAuthenticationMechanisms.iterator().next();
        }
        this.authorizingCallbackHandler = this.realm.getAuthorizingCallbackHandler(authMechanism);
        if (this.authorizingCallbackHandler == null) {
            throw new IllegalArgumentException("realm '" + this.realmName + "' does not provide authorization");
        }
        if (JaasLogger.LOGGER.isDebugEnabled()) {
            JaasLogger.LOGGER.debug("attached to realm '" + this.realmName + "'");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.soulwing.jwt.extension.jaas.JwtLoginModule
    public Set<Principal> getRoles() throws LoginException {
        Set<Principal> roles = super.getRoles();
        try {
            RealmUser realmUser = new RealmUser(this.credential.getPrincipal().getName());
            Set principals = this.authorizingCallbackHandler.createSubjectUserInfo(Collections.singleton(realmUser)).getSubject().getPrincipals(RealmRole.class);
            if (JaasLogger.LOGGER.isDebugEnabled()) {
                JaasLogger.LOGGER.debug("user '" + realmUser + '@' + this.realmName + "' has roles " + principals);
            }
            Iterator it = principals.iterator();
            while (it.hasNext()) {
                roles.add(createRole(((RealmRole) it.next()).getName()));
            }
            return roles;
        } catch (Exception e) {
            JaasLogger.LOGGER.error("error getting realm roles: " + e, e);
            throw new LoginException("error getting realm roles: " + e);
        }
    }

    private static ServiceContainer serviceContainer() {
        return System.getSecurityManager() == null ? CurrentServiceContainer.getServiceContainer() : (ServiceContainer) AccessController.doPrivileged(CurrentServiceContainer.GET_ACTION);
    }
}
