package fish.payara.security.realm.identitystores;

import com.sun.enterprise.security.auth.WebAndEjbToJaasBridge;
import com.sun.enterprise.security.auth.login.LoginContextDriver;
import com.sun.enterprise.security.auth.login.common.LoginException;
import com.sun.enterprise.security.auth.login.common.PasswordCredential;
import com.sun.enterprise.security.common.AppservAccessController;
import fish.payara.security.annotations.RealmIdentityStoreDefinition;
import fish.payara.security.api.CertificateCredential;
import fish.payara.security.realm.config.RealmIdentityStoreConfiguration;
import jakarta.enterprise.inject.Typed;
import jakarta.security.enterprise.CallerPrincipal;
import jakarta.security.enterprise.credential.Credential;
import jakarta.security.enterprise.credential.UsernamePasswordCredential;
import jakarta.security.enterprise.identitystore.CredentialValidationResult;
import jakarta.security.enterprise.identitystore.IdentityStore;
import java.util.Set;
import java.util.stream.Collectors;
import javax.security.auth.Subject;
import org.glassfish.security.common.Group;

@Typed({RealmIdentityStore.class})
/* loaded from: input_file:MICRO-INF/runtime/realm-stores.jar:fish/payara/security/realm/identitystores/RealmIdentityStore.class */
public class RealmIdentityStore implements IdentityStore {
    private RealmIdentityStoreConfiguration configuration;

    public void setConfiguration(RealmIdentityStoreDefinition realmIdentityStoreDefinition) {
        this.configuration = RealmIdentityStoreConfiguration.from(realmIdentityStoreDefinition);
    }

    @Override // jakarta.security.enterprise.identitystore.IdentityStore
    public CredentialValidationResult validate(Credential credential) {
        return credential instanceof UsernamePasswordCredential ? validate((UsernamePasswordCredential) credential, this.configuration.getName()) : credential instanceof CertificateCredential ? CertificateRealmIdentityStore.validate((CertificateCredential) credential, this.configuration.getName()) : CredentialValidationResult.NOT_VALIDATED_RESULT;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CredentialValidationResult validate(UsernamePasswordCredential usernamePasswordCredential, String str) {
        try {
            Set set = (Set) login(usernamePasswordCredential, str).getPrincipals(Group.class).stream().map(group -> {
                return group.getName();
            }).collect(Collectors.toSet());
            return !set.isEmpty() ? new CredentialValidationResult(new CallerPrincipal(usernamePasswordCredential.getCaller()), (Set<String>) set) : CredentialValidationResult.INVALID_RESULT;
        } catch (LoginException e) {
            return CredentialValidationResult.INVALID_RESULT;
        }
    }

    protected Subject login(UsernamePasswordCredential usernamePasswordCredential, String str) {
        String caller = usernamePasswordCredential.getCaller();
        char[] value = usernamePasswordCredential.getPassword().getValue();
        Subject subject = new Subject();
        AppservAccessController.privileged(() -> {
            return Boolean.valueOf(subject.getPrivateCredentials().add(new PasswordCredential(caller, value, LoginContextDriver.getValidRealm(str))));
        });
        WebAndEjbToJaasBridge.login(subject, PasswordCredential.class);
        return subject;
    }
}
