package org.hawkular.dmrclient;

import java.util.Map;
import javax.security.auth.login.AppConfigurationEntry;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.james.mime4j.util.MimeUtil;
import org.jboss.as.controller.client.ModelControllerClient;
import org.jboss.as.security.Constants;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.dmr.ValueExpression;

/* loaded from: input_file:m2repo/org/hawkular/agent/hawkular-dmr-client/0.19.1.Final/hawkular-dmr-client-0.19.1.Final.jar:org/hawkular/dmrclient/SecurityDomainJBossASClient.class */
public class SecurityDomainJBossASClient extends JBossASClient {
    public static final String SUBSYSTEM_SECURITY = "security";
    public static final String SECURITY_DOMAIN = "security-domain";
    public static final String CACHE_TYPE = "cache-type";
    public static final String AUTHENTICATION = "authentication";
    public static final String LOGIN_MODULE = "login-module";
    public static final String LOGIN_MODULES = "login-modules";
    public static final String CLASSIC = "classic";
    public static final String CODE = "code";
    public static final String FLAG = "flag";
    public static final String MODULE_OPTIONS = "module-options";
    public static final String USERNAME = "username";
    public static final String PASSWORD = "password";
    public static final String DS_JNDI_NAME = "dsJndiName";
    public static final String PRINCIPALS_QUERY = "principalsQuery";
    public static final String ROLES_QUERY = "rolesQuery";
    public static final String HASH_ALGORITHM = "hashAlgorithm";
    public static final String HASH_ENCODING = "hashEncoding";

    /* loaded from: input_file:m2repo/org/hawkular/agent/hawkular-dmr-client/0.19.1.Final/hawkular-dmr-client-0.19.1.Final.jar:org/hawkular/dmrclient/SecurityDomainJBossASClient$LoginModuleRequest.class */
    public static class LoginModuleRequest {
        private AppConfigurationEntry entry;

        public LoginModuleRequest(String str, AppConfigurationEntry.LoginModuleControlFlag loginModuleControlFlag, Map<String, String> map) {
            this.entry = new AppConfigurationEntry(str, loginModuleControlFlag, map);
        }

        public String getLoginModuleFQCN() {
            return this.entry.getLoginModuleName();
        }

        public AppConfigurationEntry.LoginModuleControlFlag getFlag() {
            return this.entry.getControlFlag();
        }

        public String getFlagString() {
            return AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT.equals(this.entry.getControlFlag()) ? Constants.SUFFICIENT : AppConfigurationEntry.LoginModuleControlFlag.REQUISITE.equals(this.entry.getControlFlag()) ? Constants.REQUISITE : AppConfigurationEntry.LoginModuleControlFlag.REQUIRED.equals(this.entry.getControlFlag()) ? "required" : "optional";
        }

        public Map<String, String> getModuleOptionProperties() {
            return this.entry.getOptions();
        }

        public String toString() {
            return "LoginModuleRequest [loginModuleFQCN=" + getLoginModuleFQCN() + ", flag=" + getFlag() + ", moduleOptionProperties=" + getModuleOptionProperties() + "]";
        }
    }

    public SecurityDomainJBossASClient(ModelControllerClient modelControllerClient) {
        super(modelControllerClient);
    }

    public boolean isSecurityDomain(String str) throws Exception {
        return null != findNodeInList(Address.root().add("subsystem", "security"), "security-domain", str);
    }

    public void createNewSecureIdentitySecurityDomain72(String str, String str2, String str3) throws Exception {
        Address add = Address.root().add("subsystem", "security", "security-domain", str);
        ModelNode createRequest = createRequest("add", add);
        createRequest.get("cache-type").set("default");
        Address add2 = add.m3083clone().add("authentication", "classic");
        ModelNode createRequest2 = createRequest("add", add2);
        ModelNode createRequest3 = createRequest("add", add2.m3083clone().add("login-module", "SecureIdentity"));
        createRequest3.get("code").set("SecureIdentity");
        createRequest3.get("flag").set("required");
        ModelNode modelNode = createRequest3.get("module-options");
        modelNode.setEmptyList();
        addPossibleExpression(modelNode, "username", str2);
        addPossibleExpression(modelNode, "password", str3);
        ModelNode execute = execute(createBatchRequest(createRequest, createRequest2, createRequest3));
        if (!isSuccess(execute)) {
            throw new FailureException(execute, "Failed to create security domain [" + str + "]");
        }
    }

    public void updateSecureIdentitySecurityDomainCredentials(String str, String str2, String str3) throws Exception {
        Address add = Address.root().add("subsystem", "security", "security-domain", str, "authentication", "classic");
        ModelNode modelNode = new ModelNode();
        modelNode.get("code").set("SecureIdentity");
        modelNode.get("flag").set("required");
        ModelNode modelNode2 = modelNode.get("module-options");
        modelNode2.setEmptyList();
        addPossibleExpression(modelNode2, "username", str2);
        addPossibleExpression(modelNode2, "password", str3);
        ModelNode modelNode3 = new ModelNode();
        modelNode3.setEmptyList();
        modelNode3.add(modelNode);
        ModelNode createRequest = createRequest("write-attribute", add);
        createRequest.get("name").set("login-modules");
        createRequest.get("value").set(modelNode3);
        ModelNode execute = execute(createRequest);
        if (!isSuccess(execute)) {
            throw new FailureException(execute, "Failed to update credentials for security domain [" + str + "]");
        }
    }

    private void addPossibleExpression(ModelNode modelNode, String str, String str2) {
        if (str2 == null || !str2.contains("${")) {
            modelNode.add(str, str2);
        } else {
            modelNode.add(str, new ModelNode(ModelType.EXPRESSION).set(new ValueExpression(str2)));
        }
    }

    public ModelNode getSecureIdentitySecurityDomainModuleOptions(String str) throws Exception {
        for (ModelNode modelNode : readResource(Address.root().add("subsystem", "security", "security-domain", str, "authentication", "classic")).get("login-modules").asList()) {
            if ("SecureIdentity".equals(modelNode.get("code").asString())) {
                return modelNode.get("module-options");
            }
        }
        return null;
    }

    public void createNewDatabaseServerSecurityDomain72(String str, String str2, String str3, String str4, String str5, String str6) throws Exception {
        Address add = Address.root().add("subsystem", "security", "security-domain", str);
        ModelNode createRequest = createRequest("add", add);
        createRequest.get("cache-type").set("default");
        Address add2 = add.m3083clone().add("authentication", "classic");
        ModelNode createRequest2 = createRequest("add", add2);
        ModelNode createRequest3 = createRequest("add", add2.m3083clone().add("login-module", "Database"));
        createRequest3.get("code").set("Database");
        createRequest3.get("flag").set("required");
        ModelNode modelNode = createRequest3.get("module-options");
        modelNode.setEmptyList();
        modelNode.add("dsJndiName", str2);
        modelNode.add("principalsQuery", str3);
        modelNode.add(ROLES_QUERY, str4);
        modelNode.add(HASH_ALGORITHM, null == str5 ? MessageDigestAlgorithms.MD5 : str5);
        modelNode.add(HASH_ENCODING, null == str6 ? MimeUtil.ENC_BASE64 : str6);
        ModelNode execute = execute(createBatchRequest(createRequest, createRequest2, createRequest3));
        if (!isSuccess(execute)) {
            throw new FailureException(execute, "Failed to create security domain [" + str + "]");
        }
    }

    public void removeSecurityDomain(String str) throws Exception {
        if (isSecurityDomain(str)) {
            ModelNode execute = execute(createRequest("remove", Address.root().add("subsystem", "security", "security-domain", str)));
            if (!isSuccess(execute)) {
                throw new FailureException(execute, "Failed to remove security domain [" + str + "]");
            }
        }
    }

    public void createNewSecurityDomain(String str, LoginModuleRequest... loginModuleRequestArr) throws Exception {
        if (new CoreJBossASClient(getModelControllerClient()).getAppServerVersion().startsWith("7.2")) {
            createNewSecurityDomain72(str, loginModuleRequestArr);
        } else {
            createNewSecurityDomain71(str, loginModuleRequestArr);
        }
    }

    private void createNewSecurityDomain71(String str, LoginModuleRequest... loginModuleRequestArr) throws Exception {
        if (isSecurityDomain(str)) {
            removeSecurityDomain(str);
        }
        Address add = Address.root().add("subsystem", "security", "security-domain", str);
        ModelNode createRequest = createRequest("add", add);
        createRequest.get("cache-type").set("default");
        ModelNode createRequest2 = createRequest("add", add.m3083clone().add("authentication", "classic"));
        ModelNode modelNode = createRequest2.get("login-modules");
        int length = loginModuleRequestArr.length;
        for (int i = 0; i < length; i++) {
            ModelNode modelNode2 = new ModelNode();
            modelNode2.get("code").set(loginModuleRequestArr[i].getLoginModuleFQCN());
            modelNode2.get("flag").set(loginModuleRequestArr[i].getFlagString());
            ModelNode modelNode3 = modelNode2.get("module-options");
            modelNode3.setEmptyList();
            Map<String, String> moduleOptionProperties = loginModuleRequestArr[i].getModuleOptionProperties();
            if (null != moduleOptionProperties) {
                for (String str2 : moduleOptionProperties.keySet()) {
                    String str3 = moduleOptionProperties.get(str2);
                    if (null != str3) {
                        modelNode3.add(str2, str3);
                    }
                }
            }
            modelNode.add(modelNode2);
        }
        ModelNode execute = execute(createBatchRequest(createRequest, createRequest2));
        if (!isSuccess(execute)) {
            throw new FailureException(execute, "Failed to create security domain [" + str + "]");
        }
    }

    private void createNewSecurityDomain72(String str, LoginModuleRequest... loginModuleRequestArr) throws Exception {
        if (isSecurityDomain(str)) {
            removeSecurityDomain(str);
        }
        Address add = Address.root().add("subsystem", "security", "security-domain", str);
        ModelNode createRequest = createRequest("add", add);
        createRequest.get("cache-type").set("default");
        Address add2 = add.m3083clone().add("authentication", "classic");
        ModelNode createRequest2 = createRequest("add", add2);
        ModelNode[] modelNodeArr = new ModelNode[loginModuleRequestArr.length + 2];
        modelNodeArr[0] = createRequest;
        modelNodeArr[1] = createRequest2;
        for (int i = 0; i < loginModuleRequestArr.length; i++) {
            LoginModuleRequest loginModuleRequest = loginModuleRequestArr[i];
            ModelNode createRequest3 = createRequest("add", add2.m3083clone().add("login-module", loginModuleRequest.getLoginModuleFQCN()));
            createRequest3.get("code").set(loginModuleRequest.getLoginModuleFQCN());
            createRequest3.get("flag").set(loginModuleRequest.getFlagString());
            ModelNode modelNode = createRequest3.get("module-options");
            modelNode.setEmptyList();
            Map<String, String> moduleOptionProperties = loginModuleRequest.getModuleOptionProperties();
            if (null != moduleOptionProperties) {
                for (String str2 : moduleOptionProperties.keySet()) {
                    String str3 = moduleOptionProperties.get(str2);
                    if (null != str3) {
                        modelNode.add(str2, str3);
                    }
                }
            }
            modelNodeArr[i + 2] = createRequest3;
        }
        ModelNode execute = execute(createBatchRequest(modelNodeArr));
        if (!isSuccess(execute)) {
            throw new FailureException(execute, "Failed to create security domain [" + str + "]");
        }
    }

    public void flushSecurityDomainCache(String str) throws Exception {
        if (isSuccess(execute(createRequest("flush-cache", Address.root().add("subsystem", "security", "security-domain", str))))) {
            return;
        }
        this.log.warn("Flushing " + str + " failed - principals may be longer cached than expected");
    }

    public boolean securityDomainHasLoginModule(String str, String str2) throws Exception {
        Address add = Address.root().add("subsystem", "security", "security-domain", str);
        add.add("authentication", "classic");
        add.add("login-module", str2);
        return isSuccess(execute(createRequest("read-resource", add)));
    }
}
