package org.wildfly.security.auth.realm;

import java.security.Principal;
import java.security.spec.AlgorithmParameterSpec;
import org.wildfly.common.Assert;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.server.IdentityCredentials;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.auth.server.event.RealmEvent;
import org.wildfly.security.authz.Attributes;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.cache.RealmIdentityCache;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.PasswordGuessEvidence;
import org.wildfly.security.password.interfaces.ClearPassword;

/* loaded from: input_file:org/wildfly/security/auth/realm/CachingSecurityRealm.class */
public class CachingSecurityRealm implements SecurityRealm {
    private final CacheableSecurityRealm realm;
    private final RealmIdentityCache cache;

    public CachingSecurityRealm(CacheableSecurityRealm cacheableSecurityRealm, RealmIdentityCache realmIdentityCache) {
        this.realm = (CacheableSecurityRealm) Assert.checkNotNullParam("realm", cacheableSecurityRealm);
        this.cache = (RealmIdentityCache) Assert.checkNotNullParam("cache", realmIdentityCache);
        if (!(cacheableSecurityRealm instanceof CacheableSecurityRealm)) {
            throw ElytronMessages.log.realmCacheUnexpectedType(cacheableSecurityRealm, CacheableSecurityRealm.class);
        }
        ((CacheableSecurityRealm) CacheableSecurityRealm.class.cast(cacheableSecurityRealm)).registerIdentityChangeListener(this::removeFromCache);
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public RealmIdentity getRealmIdentity(Principal principal) throws RealmUnavailableException {
        RealmIdentity realmIdentity = this.cache.get(principal);
        if (realmIdentity != null) {
            return realmIdentity;
        }
        final RealmIdentity realmIdentity2 = getCacheableRealm().getRealmIdentity(principal);
        if (!realmIdentity2.exists()) {
            return realmIdentity2;
        }
        RealmIdentity realmIdentity3 = new RealmIdentity() { // from class: org.wildfly.security.auth.realm.CachingSecurityRealm.1
            final RealmIdentity identity;
            AuthorizationIdentity authorizationIdentity = null;
            Attributes attributes = null;
            IdentityCredentials credentials = IdentityCredentials.NONE;

            {
                this.identity = realmIdentity2;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public Principal getRealmIdentityPrincipal() {
                return this.identity.getRealmIdentityPrincipal();
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
                if (this.credentials.contains(cls, str, algorithmParameterSpec)) {
                    return this.credentials.getCredentialAcquireSupport(cls, str, algorithmParameterSpec);
                }
                Credential credential = this.identity.getCredential(cls, str, algorithmParameterSpec);
                if (credential != null) {
                    this.credentials = this.credentials.withCredential(credential);
                }
                return this.credentials.getCredentialAcquireSupport(cls, str, algorithmParameterSpec);
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public <C extends Credential> C getCredential(Class<C> cls) throws RealmUnavailableException {
                if (this.credentials.contains(cls)) {
                    return (C) this.credentials.getCredential(cls);
                }
                Credential credential = this.identity.getCredential(cls);
                if (credential != null) {
                    this.credentials = this.credentials.withCredential(credential);
                }
                return (C) this.credentials.getCredential(cls);
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public <C extends Credential> C getCredential(Class<C> cls, String str) throws RealmUnavailableException {
                if (this.credentials.contains(cls, str)) {
                    return (C) this.credentials.getCredential(cls, str);
                }
                Credential credential = this.identity.getCredential(cls, str);
                if (credential != null) {
                    this.credentials = this.credentials.withCredential(credential);
                }
                return (C) this.credentials.getCredential(cls, str);
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
                if (this.credentials.contains(cls, str, algorithmParameterSpec)) {
                    return (C) this.credentials.getCredential(cls, str, algorithmParameterSpec);
                }
                Credential credential = this.identity.getCredential(cls, str, algorithmParameterSpec);
                if (credential != null) {
                    this.credentials = this.credentials.withCredential(credential);
                }
                return (C) this.credentials.getCredential(cls, str, algorithmParameterSpec);
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public void updateCredential(Credential credential) throws RealmUnavailableException {
                try {
                    this.identity.updateCredential(credential);
                } finally {
                    CachingSecurityRealm.this.removeFromCache(this.identity.getRealmIdentityPrincipal());
                }
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
                if (PasswordGuessEvidence.class.isAssignableFrom(cls)) {
                    if (this.credentials.canVerify(cls, str)) {
                        return SupportLevel.SUPPORTED;
                    }
                    Credential credential = this.identity.getCredential(PasswordCredential.class);
                    if (credential != null) {
                        this.credentials = this.credentials.withCredential(credential);
                        if (credential.canVerify(cls, str)) {
                            return SupportLevel.SUPPORTED;
                        }
                    }
                }
                return this.identity.getEvidenceVerifySupport(cls, str);
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
                if (!(evidence instanceof PasswordGuessEvidence)) {
                    return this.identity.verifyEvidence(evidence);
                }
                if (this.credentials.canVerify(evidence)) {
                    return this.credentials.verify(evidence);
                }
                Credential credential = this.identity.getCredential(PasswordCredential.class);
                if (credential != null) {
                    this.credentials = this.credentials.withCredential(credential);
                    if (credential.canVerify(evidence)) {
                        return credential.verify(evidence);
                    }
                }
                ClearPassword createRaw = ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, ((PasswordGuessEvidence) evidence).getGuess());
                if (!this.identity.verifyEvidence(evidence)) {
                    return false;
                }
                this.credentials = this.credentials.withCredential(new PasswordCredential(createRaw));
                return true;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public boolean exists() throws RealmUnavailableException {
                return true;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
                if (this.authorizationIdentity == null) {
                    this.authorizationIdentity = this.identity.getAuthorizationIdentity();
                }
                return this.authorizationIdentity;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public Attributes getAttributes() throws RealmUnavailableException {
                if (this.attributes == null) {
                    this.attributes = this.identity.getAttributes();
                }
                return this.attributes;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public void dispose() {
                this.identity.dispose();
            }
        };
        this.cache.put(principal, realmIdentity3);
        return realmIdentity3;
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
        return getCacheableRealm().getCredentialAcquireSupport(cls, str, algorithmParameterSpec);
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
        return getCacheableRealm().getEvidenceVerifySupport(cls, str);
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public void handleRealmEvent(RealmEvent realmEvent) {
        getCacheableRealm().handleRealmEvent(realmEvent);
    }

    public void removeFromCache(Principal principal) {
        this.cache.remove(principal);
    }

    public void removeAllFromCache() {
        this.cache.clear();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CacheableSecurityRealm getCacheableRealm() {
        return this.realm;
    }
}
