package org.wildfly.extension.elytron.oidc;

import java.io.ByteArrayInputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AbstractRemoveStepHandler;
import org.jboss.as.controller.AbstractWriteAttributeHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.ResourceRegistration;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.operations.validation.IntRangeValidator;
import org.jboss.as.controller.operations.validation.StringLengthValidator;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.OperationEntry;
import org.jboss.as.controller.registry.Resource;
import org.jboss.as.server.security.AdvancedSecurityMetaData;
import org.jboss.as.server.security.SecurityMetaData;
import org.jboss.as.server.security.VirtualDomainMarkerUtility;
import org.jboss.as.version.Stability;
import org.jboss.as.web.common.VirtualHttpServerMechanismFactoryMarkerUtility;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.Service;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.ServiceTarget;
import org.wildfly.extension.elytron.oidc._private.ElytronOidcLogger;
import org.wildfly.security.auth.permission.LoginPermission;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.http.oidc.OidcClientConfigurationBuilder;
import org.wildfly.security.http.oidc.OidcClientContext;
import org.wildfly.security.http.oidc.OidcMechanismFactory;
import org.wildfly.security.http.oidc.OidcSecurityRealm;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/extension/elytron/oidc/SecureDeploymentDefinition.class */
public class SecureDeploymentDefinition extends SimpleResourceDefinition {
    static final ResourceRegistration PATH = ResourceRegistration.of(PathElement.pathElement(ElytronOidcDescriptionConstants.SECURE_DEPLOYMENT), Stability.DEFAULT);
    protected static List<SimpleAttributeDefinition> NON_DEFAULT_ATTRIBUTES = new ArrayList();
    protected static final SimpleAttributeDefinition REALM = new SimpleAttributeDefinitionBuilder(ElytronOidcDescriptionConstants.REALM, ModelType.STRING, true).setAllowExpression(true).setValidator(new StringLengthValidator(1, Integer.MAX_VALUE, true, true)).build();
    protected static final SimpleAttributeDefinition PROVIDER = new SimpleAttributeDefinitionBuilder(ElytronOidcDescriptionConstants.PROVIDER, ModelType.STRING, true).setAllowExpression(true).setValidator(new StringLengthValidator(1, Integer.MAX_VALUE, true, true)).build();
    protected static final SimpleAttributeDefinition RESOURCE = new SimpleAttributeDefinitionBuilder(ElytronOidcDescriptionConstants.RESOURCE, ModelType.STRING, true).setAllowExpression(true).setValidator(new StringLengthValidator(1, Integer.MAX_VALUE, true, true)).setAlternatives(new String[]{ElytronOidcDescriptionConstants.CLIENT_ID}).build();
    protected static final SimpleAttributeDefinition CLIENT_ID = new SimpleAttributeDefinitionBuilder(ElytronOidcDescriptionConstants.CLIENT_ID, ModelType.STRING, true).setAllowExpression(true).setValidator(new StringLengthValidator(1, Integer.MAX_VALUE, true, true)).setAlternatives(new String[]{ElytronOidcDescriptionConstants.RESOURCE}).build();
    protected static final SimpleAttributeDefinition SCOPE = new SimpleAttributeDefinitionBuilder(ElytronOidcDescriptionConstants.SCOPE, ModelType.STRING, true).setAllowExpression(true).setValidator(new StringLengthValidator(1, Integer.MAX_VALUE, true, true)).setStability(Stability.PREVIEW).build();
    protected static final SimpleAttributeDefinition USE_RESOURCE_ROLE_MAPPINGS = new SimpleAttributeDefinitionBuilder(ElytronOidcDescriptionConstants.USE_RESOURCE_ROLE_MAPPINGS, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(ModelNode.FALSE).build();
    protected static final SimpleAttributeDefinition BEARER_ONLY = new SimpleAttributeDefinitionBuilder(ElytronOidcDescriptionConstants.BEARER_ONLY, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(ModelNode.FALSE).build();
    protected static final SimpleAttributeDefinition ENABLE_BASIC_AUTH = new SimpleAttributeDefinitionBuilder(ElytronOidcDescriptionConstants.ENABLE_BASIC_AUTH, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(ModelNode.FALSE).build();
    protected static final SimpleAttributeDefinition PUBLIC_CLIENT = new SimpleAttributeDefinitionBuilder(ElytronOidcDescriptionConstants.PUBLIC_CLIENT, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(ModelNode.FALSE).build();
    protected static final SimpleAttributeDefinition TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN = new SimpleAttributeDefinitionBuilder(ElytronOidcDescriptionConstants.TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(ModelNode.FALSE).build();
    protected static final SimpleAttributeDefinition TOKEN_MINIMUM_TIME_TO_LIVE = new SimpleAttributeDefinitionBuilder(ElytronOidcDescriptionConstants.TOKEN_MINIMUM_TIME_TO_LIVE, ModelType.INT, true).setValidator(new IntRangeValidator(-1, true)).setAllowExpression(true).build();
    protected static final SimpleAttributeDefinition MIN_TIME_BETWEEN_JWKS_REQUESTS = new SimpleAttributeDefinitionBuilder(ElytronOidcDescriptionConstants.MIN_TIME_BETWEEN_JWKS_REQUESTS, ModelType.INT, true).setValidator(new IntRangeValidator(-1, true)).setAllowExpression(true).build();
    protected static final SimpleAttributeDefinition PUBLIC_KEY_CACHE_TTL = new SimpleAttributeDefinitionBuilder(ElytronOidcDescriptionConstants.PUBLIC_KEY_CACHE_TTL, ModelType.INT, true).setAllowExpression(true).setValidator(new IntRangeValidator(-1, true)).build();
    protected static final SimpleAttributeDefinition ADAPTER_STATE_COOKIE_PATH = new SimpleAttributeDefinitionBuilder(ElytronOidcDescriptionConstants.ADAPTER_STATE_COOKIE_PATH, ModelType.STRING, true).setAllowExpression(true).setValidator(new StringLengthValidator(1, Integer.MAX_VALUE, true, true)).build();
    static final List<SimpleAttributeDefinition> ALL_ATTRIBUTES = new ArrayList();
    private static final String WAR_FILE_EXTENSION = ".war";

    /* loaded from: input_file:org/wildfly/extension/elytron/oidc/SecureDeploymentDefinition$SecureDeploymentAddHandler.class */
    static class SecureDeploymentAddHandler extends AbstractAddStepHandler {
        public static SecureDeploymentAddHandler INSTANCE = new SecureDeploymentAddHandler();

        private SecureDeploymentAddHandler() {
            super(SecureDeploymentDefinition.ALL_ATTRIBUTES);
        }

        protected void populateModel(OperationContext operationContext, ModelNode modelNode, Resource resource) throws OperationFailedException {
            super.populateModel(operationContext, modelNode, resource);
            if (SecureDeploymentDefinition.isWarDeployment(operationContext)) {
                return;
            }
            VirtualDomainMarkerUtility.virtualDomainRequired(operationContext);
            AdvancedSecurityMetaData advancedSecurityMetaData = new AdvancedSecurityMetaData();
            advancedSecurityMetaData.setHttpServerAuthenticationMechanismFactory(VirtualHttpServerMechanismFactoryMarkerUtility.virtualMechanismFactoryName(operationContext));
            advancedSecurityMetaData.setSecurityDomain(VirtualDomainMarkerUtility.virtualDomainName(operationContext));
            operationContext.attach(SecurityMetaData.OPERATION_CONTEXT_ATTACHMENT_KEY, advancedSecurityMetaData);
        }

        protected void performRuntime(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
            super.performRuntime(operationContext, modelNode, modelNode2);
            String asStringOrNull = SecureDeploymentDefinition.CLIENT_ID.resolveModelAttribute(operationContext, modelNode2).asStringOrNull();
            String asStringOrNull2 = SecureDeploymentDefinition.RESOURCE.resolveModelAttribute(operationContext, modelNode2).asStringOrNull();
            if (asStringOrNull == null && asStringOrNull2 == null) {
                throw ElytronOidcLogger.ROOT_LOGGER.resourceOrClientIdMustBeConfigured();
            }
            if (ProviderAttributeDefinitions.DISABLE_TRUST_MANAGER.resolveModelAttribute(operationContext, modelNode2).asBoolean()) {
                ElytronOidcLogger.ROOT_LOGGER.disableTrustManagerSetToTrue();
            }
            String currentAddressValue = operationContext.getCurrentAddressValue();
            OidcConfigService oidcConfigService = OidcConfigService.getInstance();
            oidcConfigService.addSecureDeployment(currentAddressValue, operationContext.resolveExpressions(modelNode2));
            if (SecureDeploymentDefinition.isWarDeployment(operationContext)) {
                return;
            }
            ServiceTarget serviceTarget = operationContext.getServiceTarget();
            ServiceName virtualMechanismFactoryName = VirtualHttpServerMechanismFactoryMarkerUtility.virtualMechanismFactoryName(operationContext);
            ServiceBuilder addService = serviceTarget.addService(virtualMechanismFactoryName);
            addService.setInstance(Service.newInstance(addService.provides(new ServiceName[]{virtualMechanismFactoryName}), new OidcMechanismFactory(new OidcClientContext(OidcClientConfigurationBuilder.build(new ByteArrayInputStream(oidcConfigService.getJSON(currentAddressValue).getBytes()))))));
            addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
            addService.install();
            ServiceName virtualDomainName = VirtualDomainMarkerUtility.virtualDomainName(operationContext);
            ServiceBuilder addService2 = serviceTarget.addService(virtualDomainName);
            addService2.setInstance(Service.newInstance(addService2.provides(new ServiceName[]{virtualDomainName}), SecurityDomain.builder().addRealm("virtual", new OidcSecurityRealm()).build().setDefaultRealmName("virtual").setPermissionMapper((permissionMappable, roles) -> {
                return LoginPermission.getInstance();
            }).build()));
            addService2.setInitialMode(ServiceController.Mode.ON_DEMAND);
            addService2.install();
            if (operationContext.isBooting()) {
                return;
            }
            operationContext.reloadRequired();
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/oidc/SecureDeploymentDefinition$SecureDeploymentRemoveHandler.class */
    static class SecureDeploymentRemoveHandler extends AbstractRemoveStepHandler {
        public static SecureDeploymentRemoveHandler INSTANCE = new SecureDeploymentRemoveHandler();

        SecureDeploymentRemoveHandler() {
        }

        protected void performRuntime(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
            OidcConfigService.getInstance().removeSecureDeployment(operationContext.getCurrentAddressValue());
            if (SecureDeploymentDefinition.isWarDeployment(operationContext)) {
                return;
            }
            operationContext.reloadRequired();
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/oidc/SecureDeploymentDefinition$SecureDeploymentWriteAttributeHandler.class */
    static class SecureDeploymentWriteAttributeHandler extends AbstractWriteAttributeHandler<OidcConfigService> {
        public static final SecureDeploymentWriteAttributeHandler INSTANCE = new SecureDeploymentWriteAttributeHandler();

        SecureDeploymentWriteAttributeHandler() {
            super((AttributeDefinition[]) SecureDeploymentDefinition.ALL_ATTRIBUTES.toArray(new SimpleAttributeDefinition[SecureDeploymentDefinition.ALL_ATTRIBUTES.size()]));
        }

        protected boolean applyUpdateToRuntime(OperationContext operationContext, ModelNode modelNode, String str, ModelNode modelNode2, ModelNode modelNode3, AbstractWriteAttributeHandler.HandbackHolder<OidcConfigService> handbackHolder) throws OperationFailedException {
            OidcConfigService oidcConfigService = OidcConfigService.getInstance();
            oidcConfigService.updateSecureDeployment(operationContext.getCurrentAddressValue(), str, modelNode2);
            handbackHolder.setHandback(oidcConfigService);
            return !SecureDeploymentDefinition.isWarDeployment(operationContext);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public void revertUpdateToRuntime(OperationContext operationContext, ModelNode modelNode, String str, ModelNode modelNode2, ModelNode modelNode3, OidcConfigService oidcConfigService) throws OperationFailedException {
            oidcConfigService.updateSecureDeployment(operationContext.getCurrentAddressValue(), str, modelNode2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecureDeploymentDefinition() {
        super(new SimpleResourceDefinition.Parameters(PATH, ElytronOidcExtension.getResourceDescriptionResolver(ElytronOidcDescriptionConstants.SECURE_DEPLOYMENT)).setAddHandler(SecureDeploymentAddHandler.INSTANCE).setRemoveHandler(SecureDeploymentRemoveHandler.INSTANCE).setAddRestartLevel(OperationEntry.Flag.RESTART_RESOURCE_SERVICES).setRemoveRestartLevel(OperationEntry.Flag.RESTART_RESOURCE_SERVICES));
        NON_DEFAULT_ATTRIBUTES.add(SCOPE);
    }

    public void registerAttributes(ManagementResourceRegistration managementResourceRegistration) {
        super.registerAttributes(managementResourceRegistration);
        Iterator<SimpleAttributeDefinition> it = ALL_ATTRIBUTES.iterator();
        while (it.hasNext()) {
            managementResourceRegistration.registerReadWriteAttribute(it.next(), (OperationStepHandler) null, SecureDeploymentWriteAttributeHandler.INSTANCE);
        }
    }

    public void registerChildren(ManagementResourceRegistration managementResourceRegistration) {
        managementResourceRegistration.registerSubModel(new CredentialDefinition());
        managementResourceRegistration.registerSubModel(new RedirectRewriteRuleDefinition());
    }

    static boolean isWarDeployment(OperationContext operationContext) {
        return operationContext.getCurrentAddressValue().endsWith(WAR_FILE_EXTENSION);
    }

    static {
        ALL_ATTRIBUTES.add(REALM);
        ALL_ATTRIBUTES.add(PROVIDER);
        ALL_ATTRIBUTES.add(RESOURCE);
        ALL_ATTRIBUTES.add(CLIENT_ID);
        ALL_ATTRIBUTES.add(USE_RESOURCE_ROLE_MAPPINGS);
        ALL_ATTRIBUTES.add(BEARER_ONLY);
        ALL_ATTRIBUTES.add(ENABLE_BASIC_AUTH);
        ALL_ATTRIBUTES.add(PUBLIC_CLIENT);
        ALL_ATTRIBUTES.add(TURN_OFF_CHANGE_SESSION_ID_ON_LOGIN);
        ALL_ATTRIBUTES.add(TOKEN_MINIMUM_TIME_TO_LIVE);
        ALL_ATTRIBUTES.add(MIN_TIME_BETWEEN_JWKS_REQUESTS);
        ALL_ATTRIBUTES.add(PUBLIC_KEY_CACHE_TTL);
        ALL_ATTRIBUTES.add(ADAPTER_STATE_COOKIE_PATH);
        ALL_ATTRIBUTES.add(CredentialDefinition.CREDENTIAL);
        ALL_ATTRIBUTES.add(SCOPE);
        ALL_ATTRIBUTES.add(RedirectRewriteRuleDefinition.REDIRECT_REWRITE_RULE);
        for (SimpleAttributeDefinition simpleAttributeDefinition : ProviderAttributeDefinitions.ATTRIBUTES) {
            ALL_ATTRIBUTES.add(simpleAttributeDefinition);
        }
    }
}
