package org.jboss.as.server.security.sasl;

import java.io.IOException;
import java.util.NoSuchElementException;
import java.util.function.Predicate;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.jboss.as.server.logging.ServerLogger;
import org.jboss.as.server.security.DomainServerCredential;
import org.jboss.as.server.security.DomainServerEvidence;
import org.wildfly.common.iteration.CodePointIterator;
import org.wildfly.security.auth.callback.CachedIdentityAuthorizeCallback;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.authz.RoleMapper;
import org.wildfly.security.authz.Roles;
import org.wildfly.security.cache.CachedIdentity;
import org.wildfly.security.cache.IdentityCache;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.sasl.util.SaslWrapper;

/* loaded from: input_file:org/jboss/as/server/security/sasl/DomainServerSaslServer.class */
final class DomainServerSaslServer implements SaslServer, SaslWrapper {
    private final SecurityDomain securityDomain;
    private final Predicate<Evidence> evidenceVerifier;
    private final CallbackHandler callbackHandler;
    private boolean complete;
    private String authorizedId;

    public DomainServerSaslServer(SecurityDomain securityDomain, Predicate<Evidence> predicate, CallbackHandler callbackHandler) {
        this.securityDomain = securityDomain;
        this.evidenceVerifier = predicate;
        this.callbackHandler = callbackHandler;
    }

    public String getAuthorizationID() {
        if (isComplete()) {
            return this.authorizedId;
        }
        throw ServerLogger.AS_ROOT_LOGGER.mechAuthenticationNotComplete();
    }

    public String getMechanismName() {
        return Constants.JBOSS_DOMAIN_SERVER;
    }

    public boolean isComplete() {
        return this.complete;
    }

    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        if (this.complete) {
            throw ServerLogger.AS_ROOT_LOGGER.mechMessageAfterComplete().toSaslException();
        }
        this.complete = true;
        if (bArr.length >= 65536) {
            throw ServerLogger.AS_ROOT_LOGGER.mechMessageTooLong().toSaslException();
        }
        CodePointIterator ofUtf8Bytes = CodePointIterator.ofUtf8Bytes(bArr);
        try {
            CodePointIterator delimitedBy = ofUtf8Bytes.delimitedBy(new int[]{0});
            String drainToString = delimitedBy.drainToString();
            ofUtf8Bytes.next();
            String drainToString2 = delimitedBy.drainToString();
            NamePrincipal namePrincipal = new NamePrincipal(drainToString);
            if (!this.evidenceVerifier.test(new DomainServerEvidence(namePrincipal, drainToString2))) {
                throw ServerLogger.AS_ROOT_LOGGER.mechTokenNotVerified().toSaslException();
            }
            final CachedIdentity cachedIdentity = new CachedIdentity(Constants.JBOSS_DOMAIN_SERVER, false, this.securityDomain.createAdHocIdentity(namePrincipal).withPrivateCredential(new DomainServerCredential(drainToString2)).withDefaultRoleMapper(RoleMapper.constant(Roles.of(Constants.JBOSS_DOMAIN_SERVER))));
            Callback cachedIdentityAuthorizeCallback = new CachedIdentityAuthorizeCallback(new IdentityCache() { // from class: org.jboss.as.server.security.sasl.DomainServerSaslServer.1
                public CachedIdentity remove() {
                    return cachedIdentity;
                }

                public void put(SecurityIdentity securityIdentity) {
                }

                public CachedIdentity get() {
                    return cachedIdentity;
                }
            });
            try {
                this.callbackHandler.handle(new Callback[]{cachedIdentityAuthorizeCallback});
                if (!cachedIdentityAuthorizeCallback.isAuthorized()) {
                    throw ServerLogger.AS_ROOT_LOGGER.mechAuthorizationFailed(drainToString, namePrincipal.getName()).toSaslException();
                }
                this.authorizedId = namePrincipal.getName();
                return null;
            } catch (SaslException e) {
                throw e;
            } catch (IOException | UnsupportedCallbackException e2) {
                throw ServerLogger.AS_ROOT_LOGGER.mechServerSideAuthenticationFailed(e2).toSaslException();
            }
        } catch (NoSuchElementException e3) {
            throw ServerLogger.AS_ROOT_LOGGER.mechInvalidMessageReceived().toSaslException();
        }
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        if (this.complete) {
            throw ServerLogger.AS_ROOT_LOGGER.mechNoSecurityLayer();
        }
        throw ServerLogger.AS_ROOT_LOGGER.mechAuthenticationNotComplete();
    }

    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        if (this.complete) {
            throw ServerLogger.AS_ROOT_LOGGER.mechNoSecurityLayer();
        }
        throw ServerLogger.AS_ROOT_LOGGER.mechAuthenticationNotComplete();
    }

    public Object getNegotiatedProperty(String str) {
        if (this.complete) {
            return null;
        }
        throw ServerLogger.AS_ROOT_LOGGER.mechAuthenticationNotComplete();
    }

    public void dispose() throws SaslException {
    }
}
