package org.jboss.as.controller.security;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.StringTokenizer;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.AttributeMarshaller;
import org.jboss.as.controller.AttributeParser;
import org.jboss.as.controller.CapabilityReferenceRecorder;
import org.jboss.as.controller.ObjectTypeAttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.access.management.SensitiveTargetAccessConstraintDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
import org.jboss.as.controller.logging.ControllerLogger;
import org.jboss.as.controller.operations.validation.ParameterValidator;
import org.jboss.as.controller.registry.Resource;
import org.jboss.as.controller.transform.TransformationContext;
import org.jboss.as.controller.transform.description.RejectAttributeChecker;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.ServiceRegistry;
import org.wildfly.common.function.ExceptionFunction;
import org.wildfly.common.function.ExceptionSupplier;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.credential.source.impl.CommandCredentialSource;
import org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource;
import org.wildfly.security.credential.store.CredentialStore;
import org.wildfly.security.credential.store.CredentialStoreException;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.util.PasswordBasedEncryptionUtil;

/* loaded from: input_file:org/jboss/as/controller/security/CredentialReference.class */
public final class CredentialReference {
    public static final String CREDENTIAL_STORE_CAPABILITY = "org.wildfly.security.credential-store";
    public static final String CREDENTIAL_REFERENCE = "credential-reference";
    public static final String STORE = "store";
    public static final String ALIAS = "alias";
    public static final String TYPE = "type";
    public static final String CLEAR_TEXT = "clear-text";
    public static final String CREDENTIAL_STORE_UPDATE = "credential-store-update";
    public static final String STATUS = "status";
    public static final String NEW_ENTRY_ADDED = "new-entry-added";
    public static final String EXISTING_ENTRY_UPDATED = "existing-entry-updated";
    public static final String NEW_ALIAS = "new-alias";
    public static final String UPDATE_ROLLED_BACK = "update-rolled-back";
    public static final String KEY_DELIMITER = ".";
    private static final OperationContext.AttachmentKey<Map<String, CredentialStoreUpdateInfo>> CREDENTIAL_STORE_UPDATE_INFO;
    private static final SimpleAttributeDefinition credentialStoreAttribute;
    private static final SimpleAttributeDefinition credentialAliasAttribute;
    private static final SimpleAttributeDefinition credentialTypeAttribute;
    private static final SimpleAttributeDefinition clearTextAttribute;
    private static final SimpleAttributeDefinition credentialStoreAttributeWithCapabilityReference;
    private static final ObjectTypeAttributeDefinition credentialReferenceAD;
    private static final ObjectTypeAttributeDefinition credentialReferenceADWithCapabilityReference;
    private static final String CREDENTIAL_STORE_API_CAPABILITY = "org.wildfly.security.credential-store-api";
    private static final SecureRandom RANDOM;
    private static final String CHARS = "abcdefghijklmnopqrstuvwxyz0123456789";
    public static final RejectAttributeChecker REJECT_CREDENTIAL_REFERENCE_WITH_BOTH_STORE_AND_CLEAR_TEXT;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/jboss/as/controller/security/CredentialReference$ClearTextCredentialSource.class */
    public static class ClearTextCredentialSource implements CredentialSource {
        private final String secret;

        ClearTextCredentialSource(String str) {
            this.secret = str;
        }

        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
            return cls == PasswordCredential.class ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
        }

        public <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
            return cls.cast(new PasswordCredential(ClearPassword.createRaw("clear", this.secret.toCharArray())));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jboss/as/controller/security/CredentialReference$CredentialReferenceValidator.class */
    public static class CredentialReferenceValidator implements ParameterValidator {
        private CredentialReferenceValidator() {
        }

        @Override // org.jboss.as.controller.operations.validation.ParameterValidator
        public void validateParameter(String str, ModelNode modelNode) throws OperationFailedException {
            if (modelNode.isDefined()) {
                String str2 = null;
                String str3 = null;
                String str4 = null;
                if (modelNode.hasDefined(CredentialReference.STORE)) {
                    str2 = modelNode.get(CredentialReference.STORE).asString();
                }
                if (modelNode.hasDefined(CredentialReference.CLEAR_TEXT)) {
                    str3 = modelNode.get(CredentialReference.CLEAR_TEXT).asString();
                }
                if (modelNode.hasDefined("alias")) {
                    str4 = modelNode.get("alias").asString();
                }
                boolean z = false;
                if (str3 != null && str2 == null && str4 == null) {
                    z = true;
                } else if (str2 != null && (str3 != null || str4 != null)) {
                    z = true;
                }
                if (!z) {
                    throw ControllerLogger.ROOT_LOGGER.invalidCredentialReferenceValue(str, CredentialReference.CLEAR_TEXT, CredentialReference.STORE, CredentialReference.CLEAR_TEXT, "alias");
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/jboss/as/controller/security/CredentialReference$MaskCredentialSource.class */
    public static class MaskCredentialSource implements CredentialSource {
        private final String secret;

        MaskCredentialSource(String str) {
            this.secret = str;
        }

        public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
            return cls == PasswordCredential.class ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
        }

        public <C extends Credential> C getCredential(Class<C> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
            String[] split = this.secret.substring(5).split(";");
            if (split.length != 3) {
                throw ControllerLogger.ROOT_LOGGER.wrongMaskedPasswordFormat();
            }
            String str2 = split[1];
            try {
                try {
                    return cls.cast(new PasswordCredential(ClearPassword.createRaw("clear", new PasswordBasedEncryptionUtil.Builder().picketBoxCompatibility().salt(str2).iteration(Integer.parseInt(split[2])).decryptMode().build().decodeAndDecrypt(split[0]))));
                } catch (GeneralSecurityException e) {
                    throw new IOException(e);
                }
            } catch (NumberFormatException e2) {
                throw ControllerLogger.ROOT_LOGGER.wrongMaskedPasswordFormat();
            }
        }
    }

    private CredentialReference() {
    }

    public static ObjectTypeAttributeDefinition getAttributeDefinition() {
        return credentialReferenceAD;
    }

    public static ObjectTypeAttributeDefinition getAttributeDefinition(boolean z) {
        return z ? credentialReferenceADWithCapabilityReference : credentialReferenceAD;
    }

    public static ObjectTypeAttributeDefinition.Builder getAttributeBuilder(boolean z, boolean z2) {
        return getAttributeBuilder(CREDENTIAL_REFERENCE, CREDENTIAL_REFERENCE, z, z2 ? credentialStoreAttributeWithCapabilityReference : credentialStoreAttribute);
    }

    public static ObjectTypeAttributeDefinition.Builder getAttributeBuilder(String str, String str2, boolean z) {
        return getAttributeBuilder(str, str2, z, false);
    }

    public static ObjectTypeAttributeDefinition.Builder getAttributeBuilder(String str, String str2, boolean z, boolean z2) {
        return getAttributeBuilder(str, str2, z, z2 ? credentialStoreAttributeWithCapabilityReference : credentialStoreAttribute);
    }

    public static ObjectTypeAttributeDefinition.Builder getAttributeBuilder(String str, String str2, boolean z, CapabilityReferenceRecorder capabilityReferenceRecorder) {
        if (capabilityReferenceRecorder == null) {
            return getAttributeBuilder(str, str2, z, false);
        }
        if ($assertionsDisabled || CREDENTIAL_STORE_CAPABILITY.equals(capabilityReferenceRecorder.getBaseRequirementName())) {
            return getAttributeBuilder(str, str2, z, new SimpleAttributeDefinitionBuilder(credentialStoreAttribute).setCapabilityReference(capabilityReferenceRecorder).build());
        }
        throw new AssertionError();
    }

    private static ObjectTypeAttributeDefinition.Builder getAttributeBuilder(String str, String str2, boolean z, AttributeDefinition attributeDefinition) {
        return new ObjectTypeAttributeDefinition.Builder(str, attributeDefinition, credentialAliasAttribute, credentialTypeAttribute, clearTextAttribute).setXmlName(str2).setAttributeMarshaller(AttributeMarshaller.ATTRIBUTE_OBJECT).setAttributeParser(AttributeParser.OBJECT_PARSER).setRequired(!z).setAccessConstraints(SensitiveTargetAccessConstraintDefinition.CREDENTIAL).setValidator(new CredentialReferenceValidator());
    }

    public static String credentialReferencePartAsStringIfDefined(ModelNode modelNode, String str) throws OperationFailedException {
        if (!$assertionsDisabled && !modelNode.isDefined()) {
            throw new AssertionError(modelNode);
        }
        if (!modelNode.hasDefined(str)) {
            return null;
        }
        ModelNode modelNode2 = modelNode.get(str);
        if (modelNode2.isDefined()) {
            return modelNode2.asString();
        }
        return null;
    }

    public static ExceptionSupplier<CredentialSource, Exception> getCredentialSourceSupplier(OperationContext operationContext, ObjectTypeAttributeDefinition objectTypeAttributeDefinition, ModelNode modelNode, ServiceBuilder<?> serviceBuilder) throws OperationFailedException {
        return getCredentialSourceSupplier(operationContext, objectTypeAttributeDefinition, modelNode, serviceBuilder, null);
    }

    public static ExceptionSupplier<CredentialSource, Exception> getCredentialSourceSupplier(OperationContext operationContext, ObjectTypeAttributeDefinition objectTypeAttributeDefinition, ModelNode modelNode, ServiceBuilder<?> serviceBuilder, String str) throws OperationFailedException {
        String str2;
        String str3;
        String str4;
        String str5;
        ServiceName serviceName;
        ServiceRegistry serviceRegistry;
        ModelNode resolveModelAttribute = objectTypeAttributeDefinition.resolveModelAttribute(operationContext, modelNode);
        if (serviceBuilder == null) {
            handleCredentialReferenceUpdate(operationContext, resolveModelAttribute, objectTypeAttributeDefinition.getName());
        }
        String attachmentMapKey = getAttachmentMapKey(operationContext, str, objectTypeAttributeDefinition.getName());
        CredentialStoreUpdateInfo credentialStoreUpdateInfo = null;
        if (resolveModelAttribute.isDefined()) {
            str2 = credentialReferencePartAsStringIfDefined(resolveModelAttribute, STORE);
            str3 = credentialReferencePartAsStringIfDefined(resolveModelAttribute, "alias");
            str4 = credentialReferencePartAsStringIfDefined(resolveModelAttribute, "type");
            if (resolveModelAttribute.hasDefined(CLEAR_TEXT)) {
                str5 = resolveModelAttribute.get(CLEAR_TEXT).asString();
            } else {
                Map map = (Map) operationContext.getAttachment(CREDENTIAL_STORE_UPDATE_INFO);
                if (map == null) {
                    str5 = null;
                } else {
                    credentialStoreUpdateInfo = (CredentialStoreUpdateInfo) map.get(attachmentMapKey);
                    str5 = credentialStoreUpdateInfo.getClearText();
                }
            }
        } else {
            str2 = null;
            str3 = null;
            str4 = null;
            str5 = null;
        }
        if (str3 != null) {
            String buildDynamicCapabilityName = RuntimeCapability.buildDynamicCapabilityName(CREDENTIAL_STORE_CAPABILITY, str2);
            serviceName = operationContext.getCapabilityServiceName(buildDynamicCapabilityName, CredentialStore.class);
            serviceRegistry = operationContext.getServiceRegistry(true);
            if (serviceBuilder != null) {
                serviceBuilder.requires(serviceName);
                if (str5 != null) {
                    ServiceName createServiceName = CredentialStoreUpdateService.createServiceName(attachmentMapKey, str2);
                    CredentialStoreUpdateService credentialStoreUpdateService = new CredentialStoreUpdateService(str3, str5, operationContext.getResult(), credentialStoreUpdateInfo);
                    ServiceBuilder initialMode = operationContext.getServiceTarget().addService(createServiceName, credentialStoreUpdateService).setInitialMode(ServiceController.Mode.ACTIVE);
                    initialMode.addDependency(operationContext.getCapabilityServiceName(buildDynamicCapabilityName, CredentialStore.class), CredentialStore.class, credentialStoreUpdateService.getCredentialStoreInjector());
                    initialMode.install();
                    serviceBuilder.requires(createServiceName);
                }
            } else if (str3 != null && str5 != null) {
                try {
                    updateCredentialStore(getCredentialStore(serviceRegistry, serviceName), str3, str5, operationContext.getResult(), credentialStoreUpdateInfo);
                } catch (CredentialStoreException e) {
                    throw new OperationFailedException((Throwable) e);
                }
            }
        } else {
            serviceName = null;
            serviceRegistry = null;
        }
        final String str6 = str3;
        final ServiceRegistry serviceRegistry2 = serviceRegistry;
        final ServiceName serviceName2 = serviceName;
        final String str7 = str4;
        final String str8 = str5;
        return new ExceptionSupplier<CredentialSource, Exception>() { // from class: org.jboss.as.controller.security.CredentialReference.1
            /* renamed from: get, reason: merged with bridge method [inline-methods] */
            public CredentialSource m341get() throws Exception {
                if (str6 != null) {
                    ServiceRegistry serviceRegistry3 = serviceRegistry2;
                    ServiceName serviceName3 = serviceName2;
                    return new CredentialStoreCredentialSource(() -> {
                        ServiceController service = serviceRegistry3.getService(serviceName3);
                        if (service != null) {
                            return (CredentialStore) service.getService().getValue();
                        }
                        return null;
                    }, str6);
                }
                if (str7 == null || !str7.equalsIgnoreCase("COMMAND")) {
                    if (str8 != null && str8.startsWith("MASK-")) {
                        return new MaskCredentialSource(str8);
                    }
                    if (str8 != null) {
                        return new ClearTextCredentialSource(str8);
                    }
                    return null;
                }
                CommandCredentialSource.Builder builder = CommandCredentialSource.builder();
                String trim = str8.trim();
                for (String str9 : trim.startsWith("{EXT") ? CredentialReference.parseCommand(CredentialReference.stripType(trim), " ") : trim.startsWith("{CMD") ? CredentialReference.parseCommand(CredentialReference.stripType(trim), ",") : CredentialReference.parseCommand(trim, " ")) {
                    builder.addCommand(str9);
                }
                return builder.build();
            }
        };
    }

    static String[] parseCommand(String str, String str2) {
        String[] split = str.split("(?<!\\\\)" + str2);
        for (int i = 0; i < split.length; i++) {
            if (split[i].indexOf(92) != -1) {
                split[i] = split[i].replaceAll("\\\\" + str2, str2);
            }
        }
        return split;
    }

    static String stripType(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, "{}");
        stringTokenizer.nextToken();
        return stringTokenizer.nextToken();
    }

    public static CredentialSource getCredentialSource(OperationContext operationContext, ObjectTypeAttributeDefinition objectTypeAttributeDefinition, ModelNode modelNode) throws OperationFailedException {
        ModelNode resolveModelAttribute = objectTypeAttributeDefinition.resolveModelAttribute(operationContext, modelNode);
        String credentialReferencePartAsStringIfDefined = resolveModelAttribute.isDefined() ? credentialReferencePartAsStringIfDefined(resolveModelAttribute, STORE) : null;
        String credentialReferencePartAsStringIfDefined2 = resolveModelAttribute.isDefined() ? credentialReferencePartAsStringIfDefined(resolveModelAttribute, "alias") : null;
        String credentialReferencePartAsStringIfDefined3 = resolveModelAttribute.isDefined() ? credentialReferencePartAsStringIfDefined(resolveModelAttribute, "type") : null;
        String asString = (resolveModelAttribute.isDefined() && resolveModelAttribute.hasDefined(CLEAR_TEXT)) ? resolveModelAttribute.get(CLEAR_TEXT).asString() : null;
        if (asString == null) {
            if (credentialReferencePartAsStringIfDefined == null || credentialReferencePartAsStringIfDefined2 == null) {
                return null;
            }
            CredentialStore credentialStore = (CredentialStore) ((ExceptionFunction) operationContext.getCapabilityRuntimeAPI(CREDENTIAL_STORE_API_CAPABILITY, credentialReferencePartAsStringIfDefined, ExceptionFunction.class)).apply(operationContext);
            return new CredentialStoreCredentialSource(() -> {
                return credentialStore;
            }, credentialReferencePartAsStringIfDefined2);
        }
        if (!"COMMAND".equals(credentialReferencePartAsStringIfDefined3)) {
            return asString.startsWith("MASK-") ? new MaskCredentialSource(asString) : new ClearTextCredentialSource(asString);
        }
        CommandCredentialSource.Builder builder = CommandCredentialSource.builder();
        String trim = asString.trim();
        for (String str : trim.startsWith("{EXT") ? parseCommand(stripType(trim), " ") : trim.startsWith("{CMD") ? parseCommand(stripType(trim), ",") : parseCommand(trim, " ")) {
            builder.addCommand(str);
        }
        try {
            return builder.build();
        } catch (GeneralSecurityException e) {
            throw ControllerLogger.MGMT_OP_LOGGER.unableToBuildCommandCredentialSource(e);
        }
    }

    static CredentialStore getCredentialStore(ServiceRegistry serviceRegistry, ServiceName serviceName) {
        return (CredentialStore) serviceRegistry.getRequiredService(serviceName).getService().getValue();
    }

    private static void storeSecret(CredentialStore credentialStore, String str, String str2) throws CredentialStoreException {
        if (str == null || str2 == null) {
            return;
        }
        credentialStore.store(str, new PasswordCredential(ClearPassword.createRaw("clear", str2.toCharArray())));
        try {
            credentialStore.flush();
        } catch (CredentialStoreException e) {
            credentialStore.remove(str, PasswordCredential.class);
            throw e;
        }
    }

    private static void removeSecret(CredentialStore credentialStore, String str, String str2) throws CredentialStoreException {
        if (str != null) {
            credentialStore.remove(str, PasswordCredential.class);
            try {
                credentialStore.flush();
            } catch (CredentialStoreException e) {
                credentialStore.store(str, new PasswordCredential(ClearPassword.createRaw("clear", str2.toCharArray())));
                throw e;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void updateCredentialStore(CredentialStore credentialStore, String str, String str2, ModelNode modelNode, CredentialStoreUpdateInfo credentialStoreUpdateInfo) throws CredentialStoreException {
        boolean exists = credentialStore.exists(str, PasswordCredential.class);
        if (exists) {
            credentialStoreUpdateInfo.setPreviousClearText(String.valueOf(credentialStore.retrieve(str, PasswordCredential.class).getPassword(ClearPassword.class).getPassword()));
            credentialStoreUpdateInfo.setPreviousAlias(str);
        } else {
            credentialStoreUpdateInfo.setPreviousClearText(null);
            credentialStoreUpdateInfo.setPreviousAlias(null);
        }
        storeSecret(credentialStore, str, str2);
        ModelNode modelNode2 = modelNode.get(CREDENTIAL_STORE_UPDATE);
        if (exists) {
            modelNode2.get("status").set(EXISTING_ENTRY_UPDATED);
        } else {
            modelNode2.get("status").set(NEW_ENTRY_ADDED);
            modelNode2.get(NEW_ALIAS).set(str);
        }
    }

    public static void handleCredentialReferenceUpdate(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        handleCredentialReferenceUpdate(operationContext, modelNode.get(CREDENTIAL_REFERENCE), CREDENTIAL_REFERENCE);
    }

    public static void rollbackCredentialStoreUpdate(AttributeDefinition attributeDefinition, OperationContext operationContext, Resource resource) {
        try {
            ModelNode resolveModelAttribute = attributeDefinition.resolveModelAttribute(operationContext, resource.getModel());
            if (resolveModelAttribute.isDefined()) {
                rollbackCredentialStoreUpdate(attributeDefinition, operationContext, credentialReferencePartAsStringIfDefined(resolveModelAttribute, STORE), credentialReferencePartAsStringIfDefined(resolveModelAttribute, "alias"));
            }
        } catch (OperationFailedException e) {
            throw new RuntimeException(e);
        }
    }

    public static void rollbackCredentialStoreUpdate(AttributeDefinition attributeDefinition, OperationContext operationContext, ModelNode modelNode) {
        if (modelNode.isDefined()) {
            try {
                rollbackCredentialStoreUpdate(attributeDefinition, operationContext, credentialReferencePartAsStringIfDefined(modelNode, STORE), credentialReferencePartAsStringIfDefined(modelNode, "alias"));
            } catch (OperationFailedException e) {
                throw new RuntimeException(e);
            }
        }
    }

    public static void rollbackCredentialStoreUpdate(AttributeDefinition attributeDefinition, OperationContext operationContext, String str, String str2) {
        try {
            Map map = (Map) operationContext.getAttachment(CREDENTIAL_STORE_UPDATE_INFO);
            CredentialStoreUpdateInfo credentialStoreUpdateInfo = map != null ? (CredentialStoreUpdateInfo) map.get(getAttachmentMapKey(operationContext, attributeDefinition.getName())) : null;
            if (str != null && credentialStoreUpdateInfo != null && credentialStoreUpdateInfo.getClearText() != null) {
                CredentialStore credentialStore = getCredentialStore(operationContext.getServiceRegistry(true), operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName(CREDENTIAL_STORE_CAPABILITY, str), CredentialStore.class));
                ModelNode modelNode = operationContext.getResult().get(CREDENTIAL_STORE_UPDATE);
                if (credentialStoreUpdateInfo.getPreviousAlias() == null) {
                    removeSecret(credentialStore, str2, credentialStoreUpdateInfo.getClearText());
                    modelNode.remove(NEW_ALIAS);
                } else {
                    storeSecret(credentialStore, str2, credentialStoreUpdateInfo.getPreviousClearText());
                }
                modelNode.get("status").set(UPDATE_ROLLED_BACK);
            }
        } catch (CredentialStoreException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public static void handleCredentialReferenceUpdate(OperationContext operationContext, ModelNode modelNode, String str) throws OperationFailedException {
        String str2;
        String str3;
        String str4;
        String str5;
        if (modelNode.isDefined()) {
            str2 = credentialReferencePartAsStringIfDefined(modelNode, STORE);
            str3 = credentialReferencePartAsStringIfDefined(modelNode, "alias");
            str4 = credentialReferencePartAsStringIfDefined(modelNode, "type");
            str5 = credentialReferencePartAsStringIfDefined(modelNode, CLEAR_TEXT);
        } else {
            str2 = null;
            str3 = null;
            str4 = null;
            str5 = null;
        }
        boolean z = false;
        if (str2 == null || str5 == null) {
            return;
        }
        if (str3 != null) {
            z = true;
        } else if ((str4 == null || !str4.equalsIgnoreCase("COMMAND")) && !str5.startsWith("MASK-")) {
            modelNode.get("alias").set(generateAlias());
            z = true;
        }
        if (z) {
            Map map = (Map) operationContext.getAttachment(CREDENTIAL_STORE_UPDATE_INFO);
            if (map == null) {
                map = Collections.synchronizedMap(new HashMap());
                operationContext.attach(CREDENTIAL_STORE_UPDATE_INFO, map);
            }
            map.put(getAttachmentMapKey(operationContext, str), new CredentialStoreUpdateInfo(str5));
            modelNode.get(CLEAR_TEXT).set(new ModelNode());
        }
    }

    public static boolean applyCredentialReferenceUpdateToRuntime(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2, ModelNode modelNode3, String str) throws OperationFailedException {
        if (modelNode2.isDefined()) {
            String credentialReferencePartAsStringIfDefined = credentialReferencePartAsStringIfDefined(modelNode2, STORE);
            String credentialReferencePartAsStringIfDefined2 = credentialReferencePartAsStringIfDefined(modelNode2, "alias");
            String credentialReferencePartAsStringIfDefined3 = credentialReferencePartAsStringIfDefined(modelNode.get(ModelDescriptionConstants.VALUE), CLEAR_TEXT);
            if (credentialReferencePartAsStringIfDefined2 != null && credentialReferencePartAsStringIfDefined3 != null) {
                try {
                    updateCredentialStore(getCredentialStore(operationContext.getServiceRegistry(true), operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName(CREDENTIAL_STORE_CAPABILITY, credentialReferencePartAsStringIfDefined), CredentialStore.class)), credentialReferencePartAsStringIfDefined2, credentialReferencePartAsStringIfDefined3, operationContext.getResult(), (CredentialStoreUpdateInfo) ((Map) operationContext.getAttachment(CREDENTIAL_STORE_UPDATE_INFO)).get(getAttachmentMapKey(operationContext, str)));
                } catch (CredentialStoreException e) {
                    throw new OperationFailedException((Throwable) e);
                }
            }
        }
        return !modelNode.get(ModelDescriptionConstants.VALUE).equals(modelNode3);
    }

    private static String generateAlias() {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < 10; i++) {
            int nextDouble = (int) (RANDOM.nextDouble() * CHARS.length());
            sb.append(CHARS.substring(nextDouble, nextDouble + 1));
        }
        return sb.toString();
    }

    private static String getAttachmentMapKey(OperationContext operationContext, String str) {
        return getAttachmentMapKey(operationContext, null, str);
    }

    private static String getAttachmentMapKey(OperationContext operationContext, String str, String str2) {
        StringBuilder sb = new StringBuilder();
        sb.append(operationContext.getCurrentAddress().toPathStyleString().replaceFirst("/", "").replace("/", KEY_DELIMITER));
        if (str != null) {
            sb.append(KEY_DELIMITER).append(str);
        }
        sb.append(KEY_DELIMITER).append(str2);
        return sb.toString();
    }

    static {
        $assertionsDisabled = !CredentialReference.class.desiredAssertionStatus();
        CREDENTIAL_STORE_UPDATE_INFO = OperationContext.AttachmentKey.create(Map.class);
        RANDOM = new SecureRandom();
        credentialStoreAttribute = new SimpleAttributeDefinitionBuilder(STORE, ModelType.STRING, true).setXmlName(STORE).build();
        credentialAliasAttribute = new SimpleAttributeDefinitionBuilder("alias", ModelType.STRING, true).setXmlName("alias").setAllowExpression(true).setRequires(STORE).build();
        credentialTypeAttribute = new SimpleAttributeDefinitionBuilder("type", ModelType.STRING, true).setXmlName("type").setAllowExpression(true).build();
        clearTextAttribute = new SimpleAttributeDefinitionBuilder(CLEAR_TEXT, ModelType.STRING, true).setXmlName(CLEAR_TEXT).setAllowExpression(true).build();
        credentialReferenceAD = getAttributeBuilder(CREDENTIAL_REFERENCE, CREDENTIAL_REFERENCE, false, false).setRestartAllServices().build();
        credentialStoreAttributeWithCapabilityReference = new SimpleAttributeDefinitionBuilder(credentialStoreAttribute).setCapabilityReference(CREDENTIAL_STORE_CAPABILITY).build();
        credentialReferenceADWithCapabilityReference = getAttributeBuilder(CREDENTIAL_REFERENCE, CREDENTIAL_REFERENCE, false, true).setRestartAllServices().build();
        REJECT_CREDENTIAL_REFERENCE_WITH_BOTH_STORE_AND_CLEAR_TEXT = new RejectAttributeChecker.DefaultRejectAttributeChecker() { // from class: org.jboss.as.controller.security.CredentialReference.2
            @Override // org.jboss.as.controller.transform.description.RejectAttributeChecker
            public String getRejectionLogMessage(Map<String, ModelNode> map) {
                return ControllerLogger.ROOT_LOGGER.invalidAttributeValue(CredentialReference.CLEAR_TEXT).getMessage();
            }

            @Override // org.jboss.as.controller.transform.description.RejectAttributeChecker.DefaultRejectAttributeChecker
            protected boolean rejectAttribute(PathAddress pathAddress, String str, ModelNode modelNode, TransformationContext transformationContext) {
                if (!modelNode.isDefined()) {
                    return false;
                }
                String str2 = null;
                String str3 = null;
                if (modelNode.hasDefined(CredentialReference.STORE)) {
                    str2 = modelNode.get(CredentialReference.STORE).asString();
                }
                if (modelNode.hasDefined(CredentialReference.CLEAR_TEXT)) {
                    str3 = modelNode.get(CredentialReference.CLEAR_TEXT).asString();
                }
                return (str2 == null || str3 == null) ? false : true;
            }
        };
    }
}
