package org.infinispan.server.configuration.security;

import java.security.Principal;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.List;
import java.util.Properties;
import java.util.function.UnaryOperator;
import javax.security.auth.x500.X500Principal;
import org.infinispan.commons.configuration.attributes.AttributeDefinition;
import org.infinispan.commons.configuration.attributes.AttributeSet;
import org.infinispan.commons.configuration.attributes.ConfigurationElement;
import org.infinispan.server.Server;
import org.infinispan.server.configuration.Attribute;
import org.infinispan.server.configuration.Element;
import org.infinispan.server.security.ServerSecurityRealm;
import org.wildfly.security.auth.principal.NamePrincipal;
import org.wildfly.security.auth.realm.AggregateSecurityRealm;
import org.wildfly.security.auth.server.NameRewriter;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityRealm;

/* loaded from: input_file:org/infinispan/server/configuration/security/AggregateRealmConfiguration.class */
public class AggregateRealmConfiguration extends ConfigurationElement<AggregateRealmConfiguration> implements RealmProvider {
    static final AttributeDefinition<String> NAME = AttributeDefinition.builder(Attribute.NAME, "aggregate", String.class).immutable().build();
    static final AttributeDefinition<String> AUTHN_REALM = AttributeDefinition.builder(Attribute.AUTHENTICATION_REALM, (Object) null, String.class).immutable().build();
    static final AttributeDefinition<List<String>> AUTHZ_REALMS = AttributeDefinition.builder(Attribute.AUTHORIZATION_REALMS, (Object) null, List.class).initializer(ArrayList::new).immutable().build();
    static final AttributeDefinition<NameRewriter> NAME_REWRITER = AttributeDefinition.builder(Element.NAME_REWRITER, NameRewriter.IDENTITY_REWRITER, NameRewriter.class).autoPersist(false).immutable().build();
    private EnumSet<ServerSecurityRealm.Feature> authenticationFeatures;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AttributeSet attributeDefinitionSet() {
        return new AttributeSet(AggregateRealmConfiguration.class, new AttributeDefinition[]{NAME, AUTHN_REALM, AUTHZ_REALMS, NAME_REWRITER});
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AggregateRealmConfiguration(AttributeSet attributeSet) {
        super(Element.AGGREGATE_REALM, attributeSet, new ConfigurationElement[0]);
    }

    @Override // org.infinispan.server.configuration.security.RealmProvider
    public SecurityRealm build(SecurityConfiguration securityConfiguration, RealmConfiguration realmConfiguration, SecurityDomain.Builder builder, Properties properties) {
        SecurityRealm[] securityRealmArr;
        builder.setDefaultRealmName(name());
        String authenticationRealm = authenticationRealm();
        SecurityRealm securityRealm = realmConfiguration.realms.get(authenticationRealm);
        if (securityRealm == null) {
            throw Server.log.unknownRealm(authenticationRealm);
        }
        this.authenticationFeatures = EnumSet.noneOf(ServerSecurityRealm.Feature.class);
        for (RealmProvider realmProvider : realmConfiguration.realmProviders()) {
            if (realmProvider.name().equals(authenticationRealm)) {
                realmProvider.applyFeatures(this.authenticationFeatures);
            }
        }
        List<String> authorizationRealms = authorizationRealms();
        if (authorizationRealms.isEmpty()) {
            securityRealmArr = (SecurityRealm[]) realmConfiguration.realms.values().toArray(i -> {
                return new SecurityRealm[i];
            });
        } else {
            securityRealmArr = new SecurityRealm[authorizationRealms.size()];
            for (int i2 = 0; i2 < authorizationRealms.size(); i2++) {
                SecurityRealm securityRealm2 = realmConfiguration.realms.get(authorizationRealms.get(i2));
                if (securityRealm2 == null) {
                    throw Server.log.unknownRealm(authorizationRealms.get(i2));
                }
                securityRealmArr[i2] = securityRealm2;
            }
        }
        return new AggregateSecurityRealm(securityRealm, asPrincipalRewriter(nameRewriter()), securityRealmArr);
    }

    @Override // org.infinispan.server.configuration.security.RealmProvider
    public void applyFeatures(EnumSet<ServerSecurityRealm.Feature> enumSet) {
        enumSet.retainAll(EnumSet.of(ServerSecurityRealm.Feature.ENCRYPT));
        enumSet.addAll(this.authenticationFeatures);
    }

    static UnaryOperator<Principal> asPrincipalRewriter(NameRewriter nameRewriter) {
        return principal -> {
            if (principal == null) {
                return null;
            }
            if (!(principal instanceof NamePrincipal) && !(principal instanceof X500Principal)) {
                return principal;
            }
            String rewriteName = nameRewriter.rewriteName(principal.getName());
            if (rewriteName == null) {
                return null;
            }
            return new NamePrincipal(rewriteName);
        };
    }

    @Override // org.infinispan.server.configuration.security.RealmProvider
    public String name() {
        return (String) this.attributes.attribute(NAME).get();
    }

    public String authenticationRealm() {
        return (String) this.attributes.attribute(AUTHN_REALM).get();
    }

    public List<String> authorizationRealms() {
        return (List) this.attributes.attribute(AUTHZ_REALMS).get();
    }

    public NameRewriter nameRewriter() {
        return (NameRewriter) this.attributes.attribute(NAME_REWRITER).get();
    }
}
