package org.infinispan.server.security;

import java.io.IOException;
import java.util.function.BiPredicate;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.infinispan.server.Server;
import org.infinispan.server.configuration.ServerConfiguration;
import org.infinispan.server.loader.ServerLoginModule;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.evidence.PasswordGuessEvidence;

/* loaded from: input_file:org/infinispan/server/security/ElytronJMXAuthenticator.class */
public class ElytronJMXAuthenticator implements BiPredicate<CallbackHandler, Subject> {
    private final SecurityDomain securityDomain;

    private ElytronJMXAuthenticator(SecurityDomain securityDomain) {
        this.securityDomain = securityDomain;
    }

    public static void init(ServerConfiguration serverConfiguration) {
        BiPredicate biPredicate;
        String securityRealm = serverConfiguration.endpoints().securityRealm();
        if (securityRealm != null) {
            biPredicate = new ElytronJMXAuthenticator(serverConfiguration.security().realms().realms().get(securityRealm).serverSecurityRealm().getSecurityDomain());
        } else {
            Server.log.jmxNoDefaultSecurityRealm();
            biPredicate = (callbackHandler, subject) -> {
                return false;
            };
        }
        ServerLoginModule.setAuthenticator(biPredicate);
    }

    @Override // java.util.function.BiPredicate
    public boolean test(CallbackHandler callbackHandler, Subject subject) {
        Callback nameCallback = new NameCallback("username");
        PasswordCallback passwordCallback = new PasswordCallback("password", false);
        try {
            callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            SecurityIdentity authenticate = this.securityDomain.authenticate(nameCallback.getName(), new PasswordGuessEvidence(passwordCallback.getPassword()));
            subject.getPrincipals().add(authenticate.getPrincipal());
            authenticate.getRoles().forEach(str -> {
                subject.getPrincipals().add(new RolePrincipal(str));
            });
            return true;
        } catch (IOException | UnsupportedCallbackException e) {
            Server.log.jmxAuthenticationError(e);
            return false;
        }
    }
}
