package org.apache.camel.component.elytron;

import io.undertow.security.handlers.AuthenticationCallHandler;
import io.undertow.security.handlers.AuthenticationConstraintHandler;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import java.security.Provider;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.function.BiConsumer;
import java.util.function.Supplier;
import org.apache.camel.RuntimeCamelException;
import org.apache.camel.component.undertow.spi.UndertowSecurityProvider;
import org.wildfly.elytron.web.undertow.server.ElytronContextAssociationHandler;
import org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler;
import org.wildfly.security.WildFlyElytronBaseProvider;
import org.wildfly.security.auth.server.MechanismConfiguration;
import org.wildfly.security.auth.server.MechanismConfigurationSelector;
import org.wildfly.security.auth.server.MechanismRealmConfiguration;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.auth.server.http.HttpAuthenticationFactory;
import org.wildfly.security.authz.Roles;
import org.wildfly.security.http.HttpAuthenticationException;
import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory;
import org.wildfly.security.http.util.FilterServerMechanismFactory;
import org.wildfly.security.http.util.SecurityProviderServerMechanismFactory;

@Deprecated
/* loaded from: input_file:org/apache/camel/component/elytron/ElytronSecurityProvider.class */
public class ElytronSecurityProvider implements UndertowSecurityProvider {
    public static final String SECURITY_IDENTITY_HEADER = "securityIdentity";
    private SecurityDomain securityDomain;
    private WildFlyElytronBaseProvider elytronProvider;
    private String mechanismName;

    @Override // org.apache.camel.component.undertow.spi.UndertowSecurityProvider
    public void addHeader(BiConsumer<String, Object> biConsumer, HttpServerExchange httpServerExchange) throws Exception {
        biConsumer.accept(SECURITY_IDENTITY_HEADER, this.securityDomain.getCurrentSecurityIdentity());
    }

    @Override // org.apache.camel.component.undertow.spi.UndertowSecurityProvider
    public int authenticate(HttpServerExchange httpServerExchange, List<String> list) throws Exception {
        SecurityIdentity currentSecurityIdentity = this.securityDomain.getCurrentSecurityIdentity();
        if (currentSecurityIdentity == null) {
            return 403;
        }
        HashSet hashSet = new HashSet();
        Roles roles = currentSecurityIdentity.getRoles();
        if (roles != null) {
            Iterator<String> it = roles.iterator();
            while (it.hasNext()) {
                hashSet.add(it.next());
            }
        }
        return isAllowed(hashSet, list) ? 200 : 403;
    }

    @Override // org.apache.camel.component.undertow.spi.UndertowSecurityProvider
    public boolean acceptConfiguration(Object obj, String str) throws Exception {
        if (!(obj instanceof ElytronSercurityConfiguration)) {
            return false;
        }
        ElytronSercurityConfiguration elytronSercurityConfiguration = (ElytronSercurityConfiguration) obj;
        this.securityDomain = elytronSercurityConfiguration.getDomainBuilder().build();
        this.mechanismName = elytronSercurityConfiguration.getMechanismName();
        this.elytronProvider = elytronSercurityConfiguration.getElytronProvider();
        return true;
    }

    @Override // org.apache.camel.component.undertow.spi.UndertowSecurityProvider
    public HttpHandler wrapHttpHandler(HttpHandler httpHandler) throws Exception {
        HttpAuthenticationFactory createHttpAuthenticationFactory = createHttpAuthenticationFactory(this.securityDomain);
        return ElytronContextAssociationHandler.builder().setNext(new AuthenticationConstraintHandler(new AuthenticationCallHandler(new ElytronRunAsHandler(httpHandler)))).setMechanismSupplier(() -> {
            try {
                return Collections.singletonList(createHttpAuthenticationFactory.createMechanism(this.mechanismName));
            } catch (HttpAuthenticationException e) {
                throw new RuntimeCamelException(e);
            }
        }).build();
    }

    private HttpAuthenticationFactory createHttpAuthenticationFactory(SecurityDomain securityDomain) {
        return HttpAuthenticationFactory.builder().setSecurityDomain(securityDomain).setMechanismConfigurationSelector(MechanismConfigurationSelector.constantSelector(MechanismConfiguration.builder().addMechanismRealm(MechanismRealmConfiguration.builder().setRealmName("Elytron Realm").build()).build())).setFactory((HttpServerAuthenticationMechanismFactory) new FilterServerMechanismFactory((HttpServerAuthenticationMechanismFactory) new SecurityProviderServerMechanismFactory((Supplier<Provider[]>) () -> {
            return new Provider[]{this.elytronProvider};
        }), true, this.mechanismName)).build();
    }

    public boolean isAllowed(Set<String> set, List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (set.contains(it.next())) {
                return true;
            }
        }
        return false;
    }
}
