package org.ops4j.pax.web.service.undertow.internal.security;

import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import io.undertow.security.idm.IdentityManager;
import io.undertow.security.idm.PasswordCredential;
import io.undertow.security.idm.X509CertificateCredential;
import java.security.Principal;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:org/ops4j/pax/web/service/undertow/internal/security/JaasIdentityManager.class */
public class JaasIdentityManager implements IdentityManager {
    private final String realm;
    private final String userPrincipalClassName;
    private final Set<String> rolePrincipalClassNames;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/ops4j/pax/web/service/undertow/internal/security/JaasIdentityManager$AccountImpl.class */
    public static class AccountImpl implements Account {
        private final Subject subject;
        private final Principal principal;
        private final Set<String> roles;
        private final Credential credential;

        AccountImpl(Subject subject, Principal principal, Set<String> set, Credential credential) {
            this.subject = subject;
            this.principal = principal;
            this.roles = set;
            this.credential = credential;
        }

        public Subject getSubject() {
            return this.subject;
        }

        public Principal getPrincipal() {
            return this.principal;
        }

        public Set<String> getRoles() {
            return this.roles;
        }

        public Credential getCredential() {
            return this.credential;
        }
    }

    public JaasIdentityManager(Map<String, String> map) {
        this.realm = map.get("realm");
        this.userPrincipalClassName = map.get("userPrincipalClassName");
        this.rolePrincipalClassNames = Collections.singleton(map.get("rolePrincipalClassNames"));
    }

    public JaasIdentityManager(String str, String str2, Set<String> set) {
        this.realm = str;
        this.userPrincipalClassName = str2;
        this.rolePrincipalClassNames = set;
    }

    public Account verify(Account account) {
        if (!(account instanceof AccountImpl)) {
            return null;
        }
        AccountImpl accountImpl = (AccountImpl) account;
        return verify(accountImpl.getPrincipal().getName(), accountImpl.getCredential());
    }

    public Account verify(Credential credential) {
        if (credential instanceof X509CertificateCredential) {
            return verify(((X509CertificateCredential) credential).getCertificate().getSubjectX500Principal().getName(), credential);
        }
        throw new IllegalArgumentException("Parameter must be a X509CertificateCredential");
    }

    public Account verify(String str, Credential credential) {
        try {
            if (!(credential instanceof PasswordCredential)) {
                return null;
            }
            char[] password = ((PasswordCredential) credential).getPassword();
            Subject subject = new Subject();
            new LoginContext(this.realm, subject, callbackArr -> {
                for (Callback callback : callbackArr) {
                    if (callback instanceof NameCallback) {
                        ((NameCallback) callback).setName(str);
                    } else {
                        if (!(callback instanceof PasswordCallback)) {
                            throw new UnsupportedCallbackException(callback);
                        }
                        ((PasswordCallback) callback).setPassword(password);
                    }
                }
            }).login();
            Principal principal = null;
            HashSet hashSet = new HashSet();
            for (Principal principal2 : subject.getPrincipals()) {
                String name = principal2.getClass().getName();
                if (this.userPrincipalClassName.equals(name)) {
                    principal = principal2;
                } else if (this.rolePrincipalClassNames.contains(name)) {
                    hashSet.add(principal2.getName());
                }
            }
            return new AccountImpl(subject, principal, hashSet, credential);
        } catch (LoginException e) {
            return null;
        }
    }
}
