package org.wildfly.extension.elytron;

import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.ObjectTypeAttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.ResourceDefinition;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleListAttributeDefinition;
import org.jboss.as.controller.SimpleOperationDefinition;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.descriptions.ResourceDescriptionResolver;
import org.jboss.as.controller.logging.ControllerLogger;
import org.jboss.as.controller.operations.validation.AllowedValuesValidator;
import org.jboss.as.controller.operations.validation.ModelTypeValidator;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.dmr.Property;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.ServiceRegistry;
import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
import org.wildfly.security.auth.server.ModifiableRealmIdentity;
import org.wildfly.security.auth.server.ModifiableSecurityRealm;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.auth.server.ServerAuthenticationContext;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.evidence.Evidence;
import org.wildfly.security.evidence.PasswordGuessEvidence;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.interfaces.BCryptPassword;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.password.interfaces.DigestPassword;
import org.wildfly.security.password.interfaces.SaltedSimpleDigestPassword;
import org.wildfly.security.password.interfaces.SimpleDigestPassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.password.spec.DigestPasswordAlgorithmSpec;
import org.wildfly.security.password.spec.EncryptablePasswordSpec;
import org.wildfly.security.password.spec.IteratedSaltedPasswordAlgorithmSpec;
import org.wildfly.security.password.spec.SaltedPasswordAlgorithmSpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/extension/elytron/IdentityResourceDefinition.class */
public class IdentityResourceDefinition extends SimpleResourceDefinition {
    private static final OperationStepHandler ADD = new IdentityAddHandler();
    private static final OperationStepHandler REMOVE = new IdentityRemoveHandler();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/extension/elytron/IdentityResourceDefinition$AttributeAddHandler.class */
    public static class AttributeAddHandler implements OperationStepHandler {
        public static final SimpleAttributeDefinition NAME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.NAME, ModelType.STRING, false).setAllowExpression(false).build();
        static final SimpleAttributeDefinition VALUE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.VALUE, ModelType.STRING, false).setAllowExpression(false).build();
        static final SimpleListAttributeDefinition VALUES = new SimpleListAttributeDefinition.Builder(ElytronDescriptionConstants.VALUE, VALUE).setMinSize(1).setAllowExpression(false).build();

        AttributeAddHandler() {
        }

        public static void register(ManagementResourceRegistration managementResourceRegistration, ResourceDescriptionResolver resourceDescriptionResolver) {
            managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinition(ElytronDescriptionConstants.ADD_ATTRIBUTE, resourceDescriptionResolver, new AttributeDefinition[]{NAME, VALUES}), new AttributeAddHandler());
        }

        public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            operationContext.addStep(modelNode, (operationContext2, modelNode2) -> {
                ModifiableRealmIdentity realmIdentity = IdentityResourceDefinition.getRealmIdentity(operationContext);
                try {
                    try {
                        MapAttributes mapAttributes = new MapAttributes(realmIdentity.getAuthorizationIdentity().getAttributes());
                        String asString = NAME.resolveModelAttribute(operationContext, modelNode).asString();
                        VALUES.resolveModelAttribute(operationContext2, modelNode2).asList().forEach(modelNode2 -> {
                            mapAttributes.addLast(asString, modelNode2.asString());
                        });
                        realmIdentity.setAttributes(mapAttributes);
                        operationContext2.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
                    } catch (RealmUnavailableException e) {
                        throw ElytronSubsystemMessages.ROOT_LOGGER.couldNotAddAttribute(e);
                    }
                } catch (RealmUnavailableException e2) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.couldNotObtainAuthorizationIdentity(e2);
                }
            }, OperationContext.Stage.RUNTIME);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/extension/elytron/IdentityResourceDefinition$AttributeRemoveHandler.class */
    public static class AttributeRemoveHandler implements OperationStepHandler {
        public static final SimpleAttributeDefinition NAME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.NAME, ModelType.STRING, false).setAllowExpression(false).build();
        static final SimpleAttributeDefinition VALUE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.VALUE, ModelType.STRING, false).setAllowExpression(false).build();
        static final SimpleListAttributeDefinition VALUES = new SimpleListAttributeDefinition.Builder(ElytronDescriptionConstants.VALUE, VALUE).setAllowNull(true).setMinSize(0).setAllowExpression(false).build();

        AttributeRemoveHandler() {
        }

        public static void register(ManagementResourceRegistration managementResourceRegistration, ResourceDescriptionResolver resourceDescriptionResolver) {
            managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinition(ElytronDescriptionConstants.REMOVE_ATTRIBUTE, resourceDescriptionResolver, new AttributeDefinition[]{NAME, VALUES}), new AttributeRemoveHandler());
        }

        public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            operationContext.addStep(modelNode, (operationContext2, modelNode2) -> {
                ModifiableRealmIdentity realmIdentity = IdentityResourceDefinition.getRealmIdentity(operationContext);
                try {
                    try {
                        MapAttributes mapAttributes = new MapAttributes(realmIdentity.getAuthorizationIdentity().getAttributes());
                        String asString = NAME.resolveModelAttribute(operationContext, modelNode).asString();
                        ModelNode resolveModelAttribute = VALUES.resolveModelAttribute(operationContext2, modelNode2);
                        if (resolveModelAttribute.isDefined()) {
                            Iterator it = resolveModelAttribute.asList().iterator();
                            while (it.hasNext()) {
                                mapAttributes.removeAll(asString, ((ModelNode) it.next()).asString());
                            }
                        } else {
                            mapAttributes.remove(asString);
                        }
                        realmIdentity.setAttributes(mapAttributes);
                        operationContext2.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
                    } catch (RealmUnavailableException e) {
                        throw ElytronSubsystemMessages.ROOT_LOGGER.couldNotRemoveAttribute(e);
                    }
                } catch (RealmUnavailableException e2) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.couldNotObtainAuthorizationIdentity(e2);
                }
            }, OperationContext.Stage.RUNTIME);
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/IdentityResourceDefinition$AuthenticatorOperationHandler.class */
    static class AuthenticatorOperationHandler implements OperationStepHandler {
        private static final String OPERATION_NAME = "authenticate";
        private static final String PARAMETER_PASSWORD = "password";
        private static final ServiceUtil<SecurityDomain> DOMAIN_SERVICE_UTIL = ServiceUtil.newInstance(Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY, ElytronDescriptionConstants.SECURITY_DOMAIN, SecurityDomain.class);
        private static final String PARAMETER_USERNAME = "username";
        public static final SimpleAttributeDefinition USER_NAME = new SimpleAttributeDefinitionBuilder(PARAMETER_USERNAME, ModelType.STRING, false).setAllowExpression(false).build();
        public static final SimpleAttributeDefinition PASSWORD = new SimpleAttributeDefinitionBuilder("password", ModelType.STRING, false).setAllowExpression(false).build();

        static String getOperationName() {
            return OPERATION_NAME;
        }

        static AttributeDefinition[] getParameterDefinitions() {
            return new AttributeDefinition[]{USER_NAME, PASSWORD};
        }

        public static void register(ManagementResourceRegistration managementResourceRegistration, ResourceDescriptionResolver resourceDescriptionResolver) {
            managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinition(getOperationName(), resourceDescriptionResolver, getParameterDefinitions()), new AuthenticatorOperationHandler());
        }

        public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            operationContext.addStep((operationContext2, modelNode2) -> {
                String asString = USER_NAME.resolveModelAttribute(operationContext, modelNode).asString();
                String asString2 = PASSWORD.resolveModelAttribute(operationContext, modelNode).asString();
                try {
                    try {
                        ServerAuthenticationContext createNewAuthenticationContext = getSecurityDomain(operationContext, modelNode).createNewAuthenticationContext();
                        createNewAuthenticationContext.setAuthenticationName(asString);
                        if (!createNewAuthenticationContext.exists()) {
                            addFailureDescription("Principal [" + asString + "] does not exist.", operationContext);
                            operationContext.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
                            return;
                        }
                        if (createNewAuthenticationContext.verifyEvidence(new PasswordGuessEvidence(asString2.toCharArray()))) {
                            createNewAuthenticationContext.succeed();
                            SecurityIdentity authorizedIdentity = createNewAuthenticationContext.getAuthorizedIdentity();
                            if (authorizedIdentity == null) {
                                addFailureDescription("Principal [" + asString + "] authenticated but no identity could be obtained.", operationContext);
                                operationContext.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
                                return;
                            } else {
                                operationContext.getResult().add("Principal [" + asString + "] successfully authenticated.");
                                operationContext.getResult().add("Roles are " + authorizedIdentity.getRoles() + ".");
                            }
                        } else {
                            createNewAuthenticationContext.fail();
                            addFailureDescription("Invalid credentials for Principal [" + asString + "].", operationContext);
                        }
                        operationContext.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
                    } catch (Exception e) {
                        addFailureDescription(e.getMessage(), operationContext);
                        ElytronSubsystemMessages.ROOT_LOGGER.error(e);
                        operationContext.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
                    }
                } catch (Throwable th) {
                    operationContext.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
                    throw th;
                }
            }, OperationContext.Stage.RUNTIME);
        }

        private void addFailureDescription(String str, OperationContext operationContext) {
            operationContext.getFailureDescription().add(str);
        }

        private SecurityDomain getSecurityDomain(OperationContext operationContext, ModelNode modelNode) {
            return (SecurityDomain) ElytronExtension.getRequiredService(operationContext.getServiceRegistry(false), DOMAIN_SERVICE_UTIL.serviceName(modelNode), SecurityDomain.class).getService().getValue();
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/IdentityResourceDefinition$IdentityAddHandler.class */
    private static class IdentityAddHandler implements OperationStepHandler {
        private IdentityAddHandler() {
        }

        public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            operationContext.addStep(modelNode, (operationContext2, modelNode2) -> {
                ModifiableSecurityRealm modifiableSecurityRealm = IdentityResourceDefinition.getModifiableSecurityRealm(operationContext);
                String value = PathAddress.pathAddress(modelNode.get("address")).getLastElement().getValue();
                try {
                    ModifiableRealmIdentity realmIdentityForUpdate = modifiableSecurityRealm.getRealmIdentityForUpdate(value, (Principal) null, (Evidence) null);
                    if (realmIdentityForUpdate.exists()) {
                        throw ElytronSubsystemMessages.ROOT_LOGGER.identityAlreadyExists(value);
                    }
                    realmIdentityForUpdate.create();
                } catch (RealmUnavailableException e) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.couldNotCreateIdentity(value, e);
                }
            }, OperationContext.Stage.RUNTIME);
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/IdentityResourceDefinition$IdentityRemoveHandler.class */
    private static class IdentityRemoveHandler implements OperationStepHandler {
        private IdentityRemoveHandler() {
        }

        public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            operationContext.addStep(modelNode, (operationContext2, modelNode2) -> {
                ModifiableSecurityRealm modifiableSecurityRealm = IdentityResourceDefinition.getModifiableSecurityRealm(operationContext2);
                String value = PathAddress.pathAddress(modelNode2.get("address")).getLastElement().getValue();
                try {
                    ModifiableRealmIdentity realmIdentityForUpdate = modifiableSecurityRealm.getRealmIdentityForUpdate(value, (Principal) null, (Evidence) null);
                    if (!realmIdentityForUpdate.exists()) {
                        throw new OperationFailedException(ElytronSubsystemMessages.ROOT_LOGGER.identityNotFound(value));
                    }
                    realmIdentityForUpdate.delete();
                } catch (RealmUnavailableException e) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.couldNotCreateIdentity(value, e);
                }
            }, OperationContext.Stage.RUNTIME);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/extension/elytron/IdentityResourceDefinition$PasswordSetHandler.class */
    public static class PasswordSetHandler implements OperationStepHandler {

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:org/wildfly/extension/elytron/IdentityResourceDefinition$PasswordSetHandler$Bcrypt.class */
        public static class Bcrypt {
            static final SimpleAttributeDefinition ALGORITHM = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ALGORITHM, ModelType.STRING, false).setDefaultValue(new ModelNode(ElytronDescriptionConstants.BCRYPT)).setValidator(new StringValuesValidator(ElytronDescriptionConstants.BCRYPT)).setAllowExpression(false).build();
            static final SimpleAttributeDefinition PASSWORD = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PASSWORD, ModelType.STRING, false).setMinSize(1).setAllowExpression(false).build();
            static final SimpleAttributeDefinition ITERATION_COUNT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ITERATION_COUNT, ModelType.INT, false).setAllowExpression(false).build();
            static final SimpleAttributeDefinition SALT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.SALT, ModelType.BYTES, false).setAllowExpression(false).build();
            static final ObjectTypeAttributeDefinition OBJECT_DEFINITION = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.BCRYPT, new AttributeDefinition[]{PASSWORD, SALT, ITERATION_COUNT}).setAllowNull(true).build();

            Bcrypt() {
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:org/wildfly/extension/elytron/IdentityResourceDefinition$PasswordSetHandler$Clear.class */
        public static class Clear {
            static final SimpleAttributeDefinition ALGORITHM = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ALGORITHM, ModelType.STRING, false).setDefaultValue(new ModelNode(ElytronDescriptionConstants.CLEAR)).setValidator(new StringValuesValidator(ElytronDescriptionConstants.CLEAR)).setAllowExpression(false).build();
            static final SimpleAttributeDefinition PASSWORD = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PASSWORD, ModelType.STRING, false).setMinSize(1).setAllowExpression(false).build();
            static final ObjectTypeAttributeDefinition OBJECT_DEFINITION = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.CLEAR, new AttributeDefinition[]{PASSWORD}).setAllowNull(true).build();

            Clear() {
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:org/wildfly/extension/elytron/IdentityResourceDefinition$PasswordSetHandler$Digest.class */
        public static class Digest {
            static final SimpleAttributeDefinition ALGORITHM = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ALGORITHM, ModelType.STRING, false).setDefaultValue(new ModelNode("digest-sha-512")).setValidator(new StringValuesValidator("digest-md5", "digest-sha", "digest-sha-256", "digest-sha-512")).setAllowExpression(false).build();
            static final SimpleAttributeDefinition PASSWORD = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PASSWORD, ModelType.STRING, false).setAllowExpression(false).build();
            static final SimpleAttributeDefinition REALM = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.REALM, ModelType.STRING, false).setAllowExpression(false).build();
            static final ObjectTypeAttributeDefinition OBJECT_DEFINITION = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.DIGEST, new AttributeDefinition[]{ALGORITHM, PASSWORD, REALM}).setAllowNull(true).build();

            Digest() {
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:org/wildfly/extension/elytron/IdentityResourceDefinition$PasswordSetHandler$SaltedSimpleDigest.class */
        public static class SaltedSimpleDigest {
            static final SimpleAttributeDefinition ALGORITHM = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ALGORITHM, ModelType.STRING, false).setDefaultValue(new ModelNode("password-salt-digest-sha-512")).setValidator(new StringValuesValidator("password-salt-digest-md5", "password-salt-digest-sha-1", "password-salt-digest-sha-256", "password-salt-digest-sha-384", "password-salt-digest-sha-512", "salt-password-digest-md5", "salt-password-digest-sha-1", "salt-password-digest-sha-256", "salt-password-digest-sha-384", "salt-password-digest-sha-512")).setAllowExpression(false).build();
            static final SimpleAttributeDefinition PASSWORD = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PASSWORD, ModelType.STRING, false).setAllowExpression(false).build();
            static final SimpleAttributeDefinition SALT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.SALT, ModelType.BYTES, false).setAllowExpression(false).build();
            static final ObjectTypeAttributeDefinition OBJECT_DEFINITION = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.SALTED_SIMPLE_DIGEST, new AttributeDefinition[]{ALGORITHM, PASSWORD, SALT}).setAllowNull(true).build();

            SaltedSimpleDigest() {
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:org/wildfly/extension/elytron/IdentityResourceDefinition$PasswordSetHandler$SimpleDigest.class */
        public static class SimpleDigest {
            static final SimpleAttributeDefinition ALGORITHM = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ALGORITHM, ModelType.STRING, false).setDefaultValue(new ModelNode("simple-digest-sha-512")).setValidator(new StringValuesValidator("simple-digest-md2", "simple-digest-md5", "simple-digest-sha-1", "simple-digest-sha-256", "simple-digest-sha-384", "simple-digest-sha-512")).setAllowExpression(false).build();
            static final SimpleAttributeDefinition PASSWORD = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PASSWORD, ModelType.STRING, false).setMinSize(1).setAllowExpression(false).build();
            static final ObjectTypeAttributeDefinition OBJECT_DEFINITION = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.SIMPLE_DIGEST, new AttributeDefinition[]{ALGORITHM, PASSWORD}).setAllowNull(true).build();

            SimpleDigest() {
            }
        }

        PasswordSetHandler() {
        }

        public static void register(ManagementResourceRegistration managementResourceRegistration, ResourceDescriptionResolver resourceDescriptionResolver) {
            managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinition(ElytronDescriptionConstants.SET_PASSWORD, resourceDescriptionResolver, new AttributeDefinition[]{Bcrypt.OBJECT_DEFINITION, Clear.OBJECT_DEFINITION, SimpleDigest.OBJECT_DEFINITION, SaltedSimpleDigest.OBJECT_DEFINITION, Digest.OBJECT_DEFINITION}), new PasswordSetHandler());
        }

        public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            operationContext.addStep(modelNode, (operationContext2, modelNode2) -> {
                try {
                    IdentityResourceDefinition.getRealmIdentity(operationContext).setCredentials(Collections.singleton(new PasswordCredential(createPassword(operationContext2, operationContext2.getCurrentAddress().getLastElement().getValue(), ((ModelNode) modelNode2.asList().get(2)).asProperty()))));
                    operationContext2.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
                } catch (NoSuchAlgorithmException | InvalidKeySpecException | RealmUnavailableException e) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.couldNotCreatePassword(e);
                }
            }, OperationContext.Stage.RUNTIME);
        }

        private Password createPassword(OperationContext operationContext, String str, Property property) throws OperationFailedException, NoSuchAlgorithmException, InvalidKeySpecException {
            String asString;
            EncryptablePasswordSpec encryptablePasswordSpec;
            String name = property.getName();
            ModelNode value = property.getValue();
            String asString2 = Bcrypt.PASSWORD.resolveModelAttribute(operationContext, value).asString();
            if (name.equals(ElytronDescriptionConstants.BCRYPT)) {
                byte[] asBytes = Bcrypt.SALT.resolveModelAttribute(operationContext, value).asBytes();
                encryptablePasswordSpec = new EncryptablePasswordSpec(asString2.toCharArray(), new IteratedSaltedPasswordAlgorithmSpec(Bcrypt.ITERATION_COUNT.resolveModelAttribute(operationContext, value).asInt(), asBytes));
                asString = Bcrypt.ALGORITHM.resolveModelAttribute(operationContext, value).asString();
            } else if (name.equals(ElytronDescriptionConstants.CLEAR)) {
                encryptablePasswordSpec = new ClearPasswordSpec(asString2.toCharArray());
                asString = Clear.ALGORITHM.resolveModelAttribute(operationContext, value).asString();
            } else if (name.equals(ElytronDescriptionConstants.SIMPLE_DIGEST)) {
                encryptablePasswordSpec = new EncryptablePasswordSpec(asString2.toCharArray(), (AlgorithmParameterSpec) null);
                asString = SimpleDigest.ALGORITHM.resolveModelAttribute(operationContext, value).asString();
            } else if (name.equals(ElytronDescriptionConstants.SALTED_SIMPLE_DIGEST)) {
                encryptablePasswordSpec = new EncryptablePasswordSpec(asString2.toCharArray(), new SaltedPasswordAlgorithmSpec(SaltedSimpleDigest.SALT.resolveModelAttribute(operationContext, value).asBytes()));
                asString = SaltedSimpleDigest.ALGORITHM.resolveModelAttribute(operationContext, value).asString();
            } else {
                if (!name.equals(ElytronDescriptionConstants.DIGEST)) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.unexpectedPasswordType(name);
                }
                String asString3 = Digest.REALM.resolveModelAttribute(operationContext, value).asString();
                asString = Digest.ALGORITHM.resolveModelAttribute(operationContext, value).asString();
                encryptablePasswordSpec = new EncryptablePasswordSpec(asString2.toCharArray(), new DigestPasswordAlgorithmSpec(str, asString3));
            }
            return PasswordFactory.getInstance(asString).generatePassword(encryptablePasswordSpec);
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/IdentityResourceDefinition$ReadIdentityHandler.class */
    static class ReadIdentityHandler implements OperationStepHandler {
        static void register(ManagementResourceRegistration managementResourceRegistration, ResourceDescriptionResolver resourceDescriptionResolver) {
            managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinition(ElytronDescriptionConstants.READ_IDENTITY, resourceDescriptionResolver), new ReadIdentityHandler());
        }

        private ReadIdentityHandler() {
        }

        public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            operationContext.addStep(modelNode, (operationContext2, modelNode2) -> {
                String value = PathAddress.pathAddress(modelNode.get("address")).getLastElement().getValue();
                ModifiableRealmIdentity realmIdentity = IdentityResourceDefinition.getRealmIdentity(operationContext);
                try {
                    if (!realmIdentity.exists()) {
                        operationContext2.getFailureDescription().add(ElytronSubsystemMessages.ROOT_LOGGER.identityNotFound(value));
                        return;
                    }
                    AuthorizationIdentity authorizationIdentity = realmIdentity.getAuthorizationIdentity();
                    ModelNode result = operationContext2.getResult();
                    result.get(ElytronDescriptionConstants.NAME).set(value);
                    ModelNode modelNode2 = result.get(ElytronDescriptionConstants.ATTRIBUTES);
                    authorizationIdentity.getAttributes().entries().forEach(entry -> {
                        ModelNode emptyList = modelNode2.get(entry.getKey()).setEmptyList();
                        entry.forEach(str -> {
                            emptyList.add(str);
                        });
                    });
                    ModelNode emptyList = result.get(ElytronDescriptionConstants.CREDENTIALS).setEmptyList();
                    IdentityResourceDefinition.getCredentials(realmIdentity).forEach(obj -> {
                        String str;
                        if (obj instanceof BCryptPassword) {
                            str = ElytronDescriptionConstants.BCRYPT;
                        } else if (obj instanceof ClearPassword) {
                            str = ElytronDescriptionConstants.CLEAR;
                        } else if (obj instanceof SimpleDigestPassword) {
                            str = ElytronDescriptionConstants.SIMPLE_DIGEST;
                        } else if (obj instanceof SaltedSimpleDigestPassword) {
                            str = ElytronDescriptionConstants.SALTED_SIMPLE_DIGEST;
                        } else {
                            if (!(obj instanceof DigestPassword)) {
                                throw ElytronSubsystemMessages.ROOT_LOGGER.unsupportedPasswordType(obj.getClass());
                            }
                            str = ElytronDescriptionConstants.DIGEST;
                        }
                        emptyList.add(str);
                    });
                    operationContext2.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
                } catch (RealmUnavailableException e) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.couldNotReadIdentity(value, e);
                }
            }, OperationContext.Stage.RUNTIME);
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/IdentityResourceDefinition$ReadSecurityDomainIdentityHandler.class */
    static class ReadSecurityDomainIdentityHandler implements OperationStepHandler {
        public static final SimpleAttributeDefinition NAME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.NAME, ModelType.STRING, false).setAllowExpression(false).build();

        /* JADX INFO: Access modifiers changed from: package-private */
        public static void register(ManagementResourceRegistration managementResourceRegistration, ResourceDescriptionResolver resourceDescriptionResolver) {
            managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinition(ElytronDescriptionConstants.READ_IDENTITY, resourceDescriptionResolver, new AttributeDefinition[]{NAME}), new ReadSecurityDomainIdentityHandler());
        }

        private ReadSecurityDomainIdentityHandler() {
        }

        public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            operationContext.addStep(modelNode, (operationContext2, modelNode2) -> {
                ServiceRegistry serviceRegistry = operationContext2.getServiceRegistry(false);
                ServiceName capabilityServiceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.fromBaseCapability(operationContext2.getCurrentAddressValue()).getCapabilityServiceName(SecurityDomain.class);
                ServerAuthenticationContext createNewAuthenticationContext = ((SecurityDomain) ElytronExtension.getRequiredService(serviceRegistry, capabilityServiceName, SecurityDomain.class).getValue()).createNewAuthenticationContext();
                String asString = NAME.resolveModelAttribute(operationContext2, modelNode2).asString();
                try {
                    createNewAuthenticationContext.setAuthenticationName(asString);
                    if (!createNewAuthenticationContext.exists()) {
                        operationContext2.getFailureDescription().add(ElytronSubsystemMessages.ROOT_LOGGER.identityNotFound(asString));
                        return;
                    }
                    if (!createNewAuthenticationContext.authorize(asString)) {
                        operationContext2.getFailureDescription().add(ElytronSubsystemMessages.ROOT_LOGGER.identityNotAuthorized(asString));
                        return;
                    }
                    SecurityIdentity authorizedIdentity = createNewAuthenticationContext.getAuthorizedIdentity();
                    ModelNode result = operationContext2.getResult();
                    result.get(ElytronDescriptionConstants.NAME).set(asString);
                    ModelNode modelNode2 = result.get(ElytronDescriptionConstants.ATTRIBUTES);
                    authorizedIdentity.getAttributes().entries().forEach(entry -> {
                        ModelNode emptyList = modelNode2.get(entry.getKey()).setEmptyList();
                        entry.forEach(str -> {
                            emptyList.add(str);
                        });
                    });
                    ModelNode modelNode3 = result.get(ElytronDescriptionConstants.ROLES);
                    authorizedIdentity.getRoles().forEach(str -> {
                        modelNode3.add(str);
                    });
                    operationContext2.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
                } catch (RealmUnavailableException e) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.couldNotReadIdentity(asString, capabilityServiceName, e);
                }
            }, OperationContext.Stage.RUNTIME);
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/IdentityResourceDefinition$StringValuesValidator.class */
    static class StringValuesValidator extends ModelTypeValidator implements AllowedValuesValidator {
        private List<ModelNode> allowedValues;

        public StringValuesValidator(String... strArr) {
            super(ModelType.STRING);
            this.allowedValues = new ArrayList();
            for (String str : strArr) {
                this.allowedValues.add(new ModelNode().set(str));
            }
        }

        public void validateParameter(String str, ModelNode modelNode) throws OperationFailedException {
            super.validateParameter(str, modelNode);
            if (modelNode.isDefined() && !this.allowedValues.contains(modelNode)) {
                throw new OperationFailedException(ControllerLogger.ROOT_LOGGER.invalidValue(modelNode.asString(), str, this.allowedValues));
            }
        }

        public List<ModelNode> getAllowedValues() {
            return this.allowedValues;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public IdentityResourceDefinition(ResourceDefinition resourceDefinition) {
        super(new SimpleResourceDefinition.Parameters(PathElement.pathElement(ElytronDescriptionConstants.IDENTITY), ElytronExtension.getResourceDescriptionResolver(resourceDefinition.getPathElement().getKey(), ElytronDescriptionConstants.IDENTITY)).setAddHandler(ADD).setRemoveHandler(REMOVE));
    }

    public void registerOperations(ManagementResourceRegistration managementResourceRegistration) {
        super.registerOperations(managementResourceRegistration);
        ReadIdentityHandler.register(managementResourceRegistration, getResourceDescriptionResolver());
        registerAttributeOperations(managementResourceRegistration);
        registerCredentialOperations(managementResourceRegistration);
    }

    private void registerCredentialOperations(ManagementResourceRegistration managementResourceRegistration) {
        PasswordSetHandler.register(managementResourceRegistration, getResourceDescriptionResolver());
    }

    private void registerAttributeOperations(ManagementResourceRegistration managementResourceRegistration) {
        AttributeAddHandler.register(managementResourceRegistration, getResourceDescriptionResolver());
        AttributeRemoveHandler.register(managementResourceRegistration, getResourceDescriptionResolver());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ModifiableSecurityRealm getModifiableSecurityRealm(OperationContext operationContext) throws OperationFailedException {
        ServiceRegistry serviceRegistry = operationContext.getServiceRegistry(false);
        PathAddress currentAddress = operationContext.getCurrentAddress();
        ServiceName capabilityServiceName = Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY.fromBaseCapability(currentAddress.subAddress(0, currentAddress.size() - 1).getLastElement().getValue()).getCapabilityServiceName(SecurityRealm.class);
        ModifiableSecurityRealm modifiableSecurityRealm = (SecurityRealm) ElytronExtension.getRequiredService(serviceRegistry, capabilityServiceName, SecurityRealm.class).getValue();
        if (ModifiableSecurityRealm.class.isInstance(modifiableSecurityRealm)) {
            return modifiableSecurityRealm;
        }
        throw ElytronSubsystemMessages.ROOT_LOGGER.realmNotModifiable(capabilityServiceName);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ModifiableRealmIdentity getRealmIdentity(OperationContext operationContext) throws OperationFailedException {
        ModifiableSecurityRealm modifiableSecurityRealm = getModifiableSecurityRealm(operationContext);
        String value = operationContext.getCurrentAddress().getLastElement().getValue();
        try {
            ModifiableRealmIdentity realmIdentityForUpdate = modifiableSecurityRealm.getRealmIdentityForUpdate(value, (Principal) null, (Evidence) null);
            if (realmIdentityForUpdate.exists()) {
                return realmIdentityForUpdate;
            }
            throw new OperationFailedException(ElytronSubsystemMessages.ROOT_LOGGER.identityNotFound(value));
        } catch (RealmUnavailableException e) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.couldNotReadIdentity(value, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static List<Object> getCredentials(ModifiableRealmIdentity modifiableRealmIdentity) throws RealmUnavailableException {
        return new ArrayList();
    }

    private static void addPassword(RealmIdentity realmIdentity, Class<? extends Password> cls, List<Object> list) throws RealmUnavailableException {
    }
}
