package io.quarkus.security.jpa.common.runtime;

import io.quarkus.elytron.security.common.BcryptUtil;
import io.quarkus.security.AuthenticationFailedException;
import io.quarkus.security.identity.request.TrustedAuthenticationRequest;
import io.quarkus.security.identity.request.UsernamePasswordAuthenticationRequest;
import io.quarkus.security.jpa.PasswordType;
import io.quarkus.security.runtime.QuarkusPrincipal;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import java.security.spec.InvalidKeySpecException;
import java.util.List;
import java.util.UUID;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.evidence.PasswordGuessEvidence;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.password.util.ModularCrypt;
import org.wildfly.security.provider.util.ProviderUtil;

/* loaded from: input_file:io/quarkus/security/jpa/common/runtime/JpaIdentityProviderUtil.class */
public class JpaIdentityProviderUtil {
    private JpaIdentityProviderUtil() {
    }

    public static QuarkusSecurityIdentity.Builder checkPassword(Password password, UsernamePasswordAuthenticationRequest usernamePasswordAuthenticationRequest) {
        if (!new PasswordCredential(password).verify(ProviderUtil.INSTALLED_PROVIDERS, new PasswordGuessEvidence(usernamePasswordAuthenticationRequest.getPassword().getPassword()))) {
            throw new AuthenticationFailedException();
        }
        QuarkusSecurityIdentity.Builder builder = QuarkusSecurityIdentity.builder();
        builder.setPrincipal(new QuarkusPrincipal(usernamePasswordAuthenticationRequest.getUsername()));
        builder.addCredential(usernamePasswordAuthenticationRequest.getPassword());
        return builder;
    }

    public static QuarkusSecurityIdentity.Builder trusted(TrustedAuthenticationRequest trustedAuthenticationRequest) {
        QuarkusSecurityIdentity.Builder builder = QuarkusSecurityIdentity.builder();
        builder.setPrincipal(new QuarkusPrincipal(trustedAuthenticationRequest.getPrincipal()));
        return builder;
    }

    public static void addRoles(QuarkusSecurityIdentity.Builder builder, String str) {
        if (str.indexOf(44) == -1) {
            builder.addRole(str.trim());
            return;
        }
        for (String str2 : str.split(",")) {
            builder.addRole(str2.trim());
        }
    }

    public static <T> T getSingleUser(List<T> list) {
        if (list.isEmpty()) {
            return null;
        }
        if (list.size() > 1) {
            throw new AuthenticationFailedException();
        }
        return list.get(0);
    }

    public static Password getClearPassword(String str) {
        return ClearPassword.createRaw("clear", str.toCharArray());
    }

    public static Password getMcfPassword(String str) {
        try {
            return ModularCrypt.decode(str);
        } catch (InvalidKeySpecException e) {
            throw new RuntimeException(e);
        }
    }

    public static void passwordAction(PasswordType passwordType) {
        String uuid = UUID.randomUUID().toString();
        if (passwordType == PasswordType.CLEAR) {
            ClearPassword.createRaw("clear", uuid.toCharArray());
        } else {
            BcryptUtil.bcryptHash(uuid);
        }
    }
}
