package org.wildfly.test.security.common.elytron;

import org.jboss.as.arquillian.api.ServerSetupTask;
import org.jboss.as.arquillian.container.ManagementClient;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.operations.common.Util;
import org.jboss.dmr.ModelNode;

/* loaded from: input_file:org/wildfly/test/security/common/elytron/ElytronDomainSetup.class */
public class ElytronDomainSetup implements ServerSetupTask {
    private static final String SUBSYSTEM_NAME = "elytron";
    private static final String DEFAULT_SECURITY_DOMAIN_NAME = "elytron-tests";
    private static final String DEFAULT_PERMISSION_MAPPER_NAME = "default-permission-mapper";
    private PathAddress realmAddress;
    private PathAddress domainAddress;
    private PathAddress permissionMapperAddress;
    private PathAddress roleDecoder1Address;
    private PathAddress roleDecoder2Address;
    private PathAddress aggregateRoleDecoderAddress;
    private final String usersFile;
    private final String groupsFile;
    private final String securityDomainName;
    private final String permissionMapperName;
    private final String ipAddress;

    public ElytronDomainSetup(String str, String str2) {
        this(str, str2, DEFAULT_SECURITY_DOMAIN_NAME, DEFAULT_PERMISSION_MAPPER_NAME, null);
    }

    public ElytronDomainSetup(String str, String str2, String str3) {
        this(str, str2, str3, DEFAULT_PERMISSION_MAPPER_NAME, null);
    }

    public ElytronDomainSetup(String str, String str2, String str3, String str4, String str5) {
        this.usersFile = str;
        this.groupsFile = str2;
        this.securityDomainName = str3;
        this.permissionMapperName = str4;
        this.ipAddress = str5;
    }

    protected String getSecurityDomainName() {
        return this.securityDomainName;
    }

    protected String getSecurityRealmName() {
        return getSecurityDomainName() + "-ejb3-UsersRoles";
    }

    protected String getUndertowDomainName() {
        return getSecurityDomainName();
    }

    protected String getEjbDomainName() {
        return getSecurityDomainName();
    }

    protected String getSaslAuthenticationName() {
        return getSecurityDomainName();
    }

    protected String getRemotingConnectorName() {
        return "http-remoting-connector";
    }

    protected String getHttpAuthenticationName() {
        return getSecurityDomainName();
    }

    protected String getUsersFile() {
        return this.usersFile;
    }

    protected String getGroupsFile() {
        return this.groupsFile;
    }

    protected String getPermissionMapperName() {
        return this.permissionMapperName;
    }

    protected boolean isUsersFilePlain() {
        return true;
    }

    public void setup(ManagementClient managementClient, String str) throws Exception {
        this.realmAddress = PathAddress.pathAddress(new PathElement[0]).append("subsystem", SUBSYSTEM_NAME).append("properties-realm", getSecurityRealmName());
        this.domainAddress = PathAddress.pathAddress(new PathElement[0]).append("subsystem", SUBSYSTEM_NAME).append("security-domain", getSecurityDomainName());
        ModelNode modelNode = new ModelNode();
        modelNode.get("operation").set("composite");
        modelNode.get("address").setEmptyList();
        ModelNode modelNode2 = modelNode.get("steps");
        ModelNode createAddOperation = Util.createAddOperation(this.realmAddress);
        createAddOperation.get("users-properties").get("path").set(getUsersFile());
        createAddOperation.get("users-properties").get("plain-text").set(isUsersFilePlain());
        createAddOperation.get("groups-properties").get("path").set(getGroupsFile());
        modelNode2.add(createAddOperation);
        if (!this.permissionMapperName.equals(DEFAULT_PERMISSION_MAPPER_NAME)) {
            this.permissionMapperAddress = PathAddress.pathAddress(new PathElement[0]).append("subsystem", SUBSYSTEM_NAME).append("simple-permission-mapper", this.permissionMapperName);
            ModelNode createAddOperation2 = Util.createAddOperation(this.permissionMapperAddress);
            ModelNode modelNode3 = new ModelNode();
            modelNode3.get("roles").add("Admin");
            ModelNode modelNode4 = new ModelNode();
            modelNode4.get("permission-set").set("login-permission");
            modelNode3.get("permission-sets").add(modelNode4);
            createAddOperation2.get("permission-mappings").add(modelNode3);
            ModelNode modelNode5 = new ModelNode();
            modelNode5.get("principals").add("user2");
            createAddOperation2.get("permission-mappings").add(modelNode5);
            createAddOperation2.get("mapping-mode").set("and");
            modelNode2.add(createAddOperation2);
            this.roleDecoder1Address = PathAddress.pathAddress(new PathElement[0]).append("subsystem", SUBSYSTEM_NAME).append("source-address-role-decoder", "decoder1");
            ModelNode createAddOperation3 = Util.createAddOperation(this.roleDecoder1Address);
            createAddOperation3.get("source-address").set(this.ipAddress);
            createAddOperation3.get("roles").add("Admin");
            modelNode2.add(createAddOperation3);
            this.roleDecoder2Address = PathAddress.pathAddress(new PathElement[0]).append("subsystem", SUBSYSTEM_NAME).append("source-address-role-decoder", "decoder2");
            ModelNode createAddOperation4 = Util.createAddOperation(this.roleDecoder2Address);
            createAddOperation4.get("source-address").set("99.99.99.99");
            createAddOperation4.get("roles").add("Employee");
            modelNode2.add(createAddOperation4);
            this.aggregateRoleDecoderAddress = PathAddress.pathAddress(new PathElement[0]).append("subsystem", SUBSYSTEM_NAME).append("aggregate-role-decoder", "aggregateRoleDecoder");
            ModelNode createAddOperation5 = Util.createAddOperation(this.aggregateRoleDecoderAddress);
            createAddOperation5.get("role-decoders").add("decoder1");
            createAddOperation5.get("role-decoders").add("decoder2");
            modelNode2.add(createAddOperation5);
        }
        ModelNode createAddOperation6 = Util.createAddOperation(this.domainAddress);
        createAddOperation6.get("permission-mapper").set(this.permissionMapperName);
        if (!this.permissionMapperName.equals(DEFAULT_PERMISSION_MAPPER_NAME)) {
            createAddOperation6.get("role-decoder").set("aggregateRoleDecoder");
        }
        createAddOperation6.get("default-realm").set(getSecurityRealmName());
        createAddOperation6.get("realms").get(0).get("realm").set(getSecurityRealmName());
        createAddOperation6.get("realms").get(0).get("role-decoder").set("groups-to-roles");
        createAddOperation6.get("realms").get(1).get("realm").set("local");
        modelNode2.add(createAddOperation6);
        Utils.applyUpdate(managementClient.getControllerClient(), modelNode, false);
    }

    public void tearDown(ManagementClient managementClient, String str) {
        Utils.applyRemoveAllowReload(managementClient.getControllerClient(), this.domainAddress, false);
        Utils.applyRemoveAllowReload(managementClient.getControllerClient(), this.realmAddress, false);
        if (this.permissionMapperName.equals(DEFAULT_PERMISSION_MAPPER_NAME)) {
            return;
        }
        Utils.applyRemoveAllowReload(managementClient.getControllerClient(), this.permissionMapperAddress, false);
        Utils.applyRemoveAllowReload(managementClient.getControllerClient(), this.aggregateRoleDecoderAddress, false);
        Utils.applyRemoveAllowReload(managementClient.getControllerClient(), this.roleDecoder1Address, false);
        Utils.applyRemoveAllowReload(managementClient.getControllerClient(), this.roleDecoder2Address, false);
    }
}
