package org.jboss.as.domain.management.access;

import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.access.AuthorizerConfiguration;
import org.jboss.as.controller.access.management.WritableAuthorizerConfiguration;
import org.jboss.as.controller.registry.Resource;
import org.jboss.as.domain.management.logging.DomainManagementLogger;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.Property;

/* loaded from: input_file:WEB-INF/lib/wildfly-domain-management-15.0.1.Final.jar:org/jboss/as/domain/management/access/PrincipalAdd.class */
public class PrincipalAdd implements OperationStepHandler {
    private final WritableAuthorizerConfiguration authorizerConfiguration;
    private final WritableAuthorizerConfiguration.MatchType matchType;

    private PrincipalAdd(WritableAuthorizerConfiguration writableAuthorizerConfiguration, WritableAuthorizerConfiguration.MatchType matchType) {
        this.authorizerConfiguration = writableAuthorizerConfiguration;
        this.matchType = matchType;
    }

    public static OperationStepHandler createForInclude(WritableAuthorizerConfiguration writableAuthorizerConfiguration) {
        return new PrincipalAdd(writableAuthorizerConfiguration, WritableAuthorizerConfiguration.MatchType.INCLUDE);
    }

    public static OperationStepHandler createForExclude(WritableAuthorizerConfiguration writableAuthorizerConfiguration) {
        return new PrincipalAdd(writableAuthorizerConfiguration, WritableAuthorizerConfiguration.MatchType.EXCLUDE);
    }

    @Override // org.jboss.as.controller.OperationStepHandler
    public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        ModelNode model = operationContext.createResource(PathAddress.EMPTY_ADDRESS).getModel();
        PrincipalResourceDefinition.TYPE.validateAndSet(modelNode, model);
        PrincipalResourceDefinition.REALM.validateAndSet(modelNode, model);
        PrincipalResourceDefinition.NAME.validateAndSet(modelNode, model);
        String roleName = RoleMappingResourceDefinition.getRoleName(modelNode);
        AuthorizerConfiguration.PrincipalType principalType = PrincipalResourceDefinition.getPrincipalType(operationContext, model);
        String realm = PrincipalResourceDefinition.getRealm(operationContext, model);
        String name = PrincipalResourceDefinition.getName(operationContext, model);
        PathAddress pathAddress = PathAddress.pathAddress(modelNode.get("address"));
        validateUniqueness(operationContext, roleName, pathAddress.subAddress(0, pathAddress.size() - 1), principalType, realm, name);
        registerRuntimeAdd(operationContext, roleName.toUpperCase(Locale.ENGLISH), principalType, name, realm);
    }

    private void validateUniqueness(OperationContext operationContext, String str, PathAddress pathAddress, AuthorizerConfiguration.PrincipalType principalType, String str2, String str3) throws OperationFailedException {
        int i = 0;
        Iterator<Property> it = getIncludeExclude(Resource.Tools.readModel(operationContext.readResourceFromRoot(pathAddress))).iterator();
        while (it.hasNext()) {
            if (matches(operationContext, it.next().getValue(), principalType, str2, str3)) {
                i++;
                if (i > 1) {
                    throw DomainManagementLogger.ROOT_LOGGER.duplicateIncludeExclude(str, this.matchType.toString(), principalType.toString(), str3, str2 != null ? str2 : "undefined");
                }
            }
        }
    }

    private boolean matches(OperationContext operationContext, ModelNode modelNode, AuthorizerConfiguration.PrincipalType principalType, String str, String str2) throws OperationFailedException {
        if (principalType != PrincipalResourceDefinition.getPrincipalType(operationContext, modelNode) || !str2.equals(PrincipalResourceDefinition.getName(operationContext, modelNode))) {
            return false;
        }
        String realm = PrincipalResourceDefinition.getRealm(operationContext, modelNode);
        if (str != null || realm == null) {
            return str == null || str.equals(realm);
        }
        return false;
    }

    private List<Property> getIncludeExclude(ModelNode modelNode) {
        return this.matchType == WritableAuthorizerConfiguration.MatchType.INCLUDE ? modelNode.get("include").asPropertyList() : modelNode.get("exclude").asPropertyList();
    }

    private void registerRuntimeAdd(OperationContext operationContext, final String str, final AuthorizerConfiguration.PrincipalType principalType, final String str2, final String str3) {
        operationContext.addStep(new OperationStepHandler() { // from class: org.jboss.as.domain.management.access.PrincipalAdd.1
            @Override // org.jboss.as.controller.OperationStepHandler
            public void execute(OperationContext operationContext2, ModelNode modelNode) throws OperationFailedException {
                if (!PrincipalAdd.this.authorizerConfiguration.addRoleMappingPrincipal(str, principalType, PrincipalAdd.this.matchType, str2, str3, operationContext2.isBooting())) {
                    throw DomainManagementLogger.ROOT_LOGGER.inconsistentRbacRuntimeState();
                }
                PrincipalAdd.this.registerRollbackHandler(operationContext2, str, principalType, str2, str3);
            }
        }, OperationContext.Stage.RUNTIME);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void registerRollbackHandler(OperationContext operationContext, final String str, final AuthorizerConfiguration.PrincipalType principalType, final String str2, final String str3) {
        operationContext.completeStep(new OperationContext.RollbackHandler() { // from class: org.jboss.as.domain.management.access.PrincipalAdd.2
            @Override // org.jboss.as.controller.OperationContext.RollbackHandler
            public void handleRollback(OperationContext operationContext2, ModelNode modelNode) {
                if (PrincipalAdd.this.authorizerConfiguration.removeRoleMappingPrincipal(str, principalType, PrincipalAdd.this.matchType, str2, str3)) {
                    return;
                }
                operationContext2.restartRequired();
            }
        });
    }
}
