package org.jboss.as.test.integration.management.rbac;

import java.io.IOException;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.client.ModelControllerClient;
import org.jboss.as.controller.operations.common.Util;
import org.jboss.as.test.integration.management.interfaces.ManagementInterface;
import org.jboss.as.test.integration.management.util.ModelUtil;
import org.jboss.as.test.integration.security.common.Constants;
import org.jboss.dmr.ModelNode;
import org.junit.Assert;

/* loaded from: input_file:org/jboss/as/test/integration/management/rbac/RbacUtil.class */
public class RbacUtil {
    public static final String MONITOR_USER = "Monitor";
    public static final String OPERATOR_USER = "Operator";
    public static final String MAINTAINER_USER = "Maintainer";
    public static final String DEPLOYER_USER = "Deployer";
    public static final String ADMINISTRATOR_USER = "Administrator";
    public static final String AUDITOR_USER = "Auditor";
    public static final String SUPERUSER_USER = "SuperUser";
    public static final String MONITOR_ROLE = "Monitor";
    public static final String OPERATOR_ROLE = "Operator";
    public static final String MAINTAINER_ROLE = "Maintainer";
    public static final String DEPLOYER_ROLE = "Deployer";
    public static final String ADMINISTRATOR_ROLE = "Administrator";
    public static final String AUDITOR_ROLE = "Auditor";
    public static final String SUPERUSER_ROLE = "SuperUser";
    public static final String ROLE_MAPPING_ADDRESS_BASE = "core-service=management/access=authorization/role-mapping=";
    private static final String ROLE_MAPPING_USER_INCLUDE_ADDRESS_BASE = "/include=user-";
    private static final String ROLE_MAPPING_GROUP_INCLUDE_ADDRESS_BASE = "/include=group-";

    private RbacUtil() {
    }

    public static ModelNode executeOperation(ModelControllerClient modelControllerClient, ModelNode modelNode, Outcome outcome) throws IOException {
        return checkOperationResult(modelNode, modelControllerClient.execute(modelNode), outcome);
    }

    public static ModelNode executeOperation(ManagementInterface managementInterface, ModelNode modelNode, Outcome outcome) throws IOException {
        return checkOperationResult(modelNode, managementInterface.execute(modelNode), outcome);
    }

    public static ModelNode checkOperationResult(ModelNode modelNode, ModelNode modelNode2, Outcome outcome) {
        String asString = modelNode2.get("outcome").asString();
        switch (outcome) {
            case SUCCESS:
                if (!"success".equals(asString)) {
                    System.out.println("Failed: " + modelNode);
                    System.out.print("Result: " + modelNode2);
                    Assert.fail(modelNode2.asString());
                    break;
                }
                break;
            case UNAUTHORIZED:
                if (!"failed".equals(asString)) {
                    Assert.fail("Didn't fail: " + modelNode2.asString());
                }
                if (!modelNode2.get("failure-description").asString().contains("WFLYCTL0313") && !modelNode2.asString().contains("WFLYJMX0037") && !modelNode2.asString().contains("WFLYJMX0038") && !modelNode2.asString().contains("WFLYJMX0039") && !modelNode2.asString().contains("WFLYJMX0040")) {
                    Assert.fail("Incorrect failure type: " + modelNode2.asString());
                    break;
                }
                break;
            case HIDDEN:
                if (!"failed".equals(asString)) {
                    Assert.fail("Didn't fail: " + modelNode2.asString());
                }
                String asString2 = modelNode2.get("failure-description").asString();
                if (!asString2.contains("WFLYCTL0216") && !asString2.contains("WFLYCTL0030") && !asString2.contains("WFLYJMX0017")) {
                    Assert.fail("Incorrect failure type: " + modelNode2.asString());
                    break;
                }
                break;
            case FAILED:
                if (!"failed".equals(asString)) {
                    Assert.fail("Didn't fail: " + modelNode2.asString());
                }
                String asString3 = modelNode2.get("failure-description").asString();
                if (asString3.contains("WFLYCTL0216") || asString3.contains("WFLYCTL0030") || asString3.contains("WFLYCTL0313") || asString3.contains("WFLYJMX0017")) {
                    Assert.fail("Incorrect failure type: " + modelNode2.asString());
                    break;
                }
                break;
            default:
                throw new IllegalStateException();
        }
        return modelNode2;
    }

    public static void addRoleMapping(String str, ModelControllerClient modelControllerClient) throws IOException {
        String str2 = "core-service=management/access=authorization/role-mapping=" + str;
        if ("failed".equals(modelControllerClient.execute(ModelUtil.createOpNode(str2, "read-resource")).get("outcome").asString())) {
            executeOperation(modelControllerClient, ModelUtil.createOpNode(str2, "add"), Outcome.SUCCESS);
        }
    }

    public static void addRoleUser(String str, String str2, ModelControllerClient modelControllerClient) throws IOException {
        ModelNode createOpNode = ModelUtil.createOpNode("core-service=management/access=authorization/role-mapping=" + str + "/include=user-" + str2, "add");
        createOpNode.get(Constants.TYPE).set("user");
        createOpNode.get(Constants.NAME).set(str2);
        executeOperation(modelControllerClient, createOpNode, Outcome.SUCCESS);
    }

    public static void removeRoleUser(String str, String str2, ModelControllerClient modelControllerClient) throws IOException {
        executeOperation(modelControllerClient, ModelUtil.createOpNode("core-service=management/access=authorization/role-mapping=" + str + "/include=user-" + str2, "remove"), Outcome.SUCCESS);
    }

    public static void addRoleGroup(String str, String str2, ModelControllerClient modelControllerClient) throws IOException {
        ModelNode createOpNode = ModelUtil.createOpNode("core-service=management/access=authorization/role-mapping=" + str + "/include=group-" + str2, "add");
        createOpNode.get(Constants.TYPE).set("group");
        createOpNode.get(Constants.NAME).set(str2);
        executeOperation(modelControllerClient, createOpNode, Outcome.SUCCESS);
    }

    public static void removeRoleGroup(String str, String str2, ModelControllerClient modelControllerClient) throws IOException {
        executeOperation(modelControllerClient, ModelUtil.createOpNode("core-service=management/access=authorization/role-mapping=" + str + "/include=group-" + str2, "remove"), Outcome.SUCCESS);
    }

    public static void removeRoleMapping(String str, ModelControllerClient modelControllerClient) throws IOException {
        executeOperation(modelControllerClient, ModelUtil.createOpNode("core-service=management/access=authorization/role-mapping=" + str, "remove"), Outcome.SUCCESS);
    }

    public static void addRoleHeader(ModelNode modelNode, String... strArr) {
        ModelNode modelNode2 = modelNode.get(new String[]{"operation-headers", "roles"});
        for (String str : strArr) {
            modelNode2.add(str);
        }
    }

    public static String[] allStandardRoles() {
        return new String[]{"Monitor", "Operator", "Maintainer", "Deployer", "Administrator", "Auditor", "SuperUser"};
    }

    public static void assertIsCallerInRole(ModelControllerClient modelControllerClient, String str, boolean z) throws IOException {
        Assert.assertEquals("expected caller to be in role " + str, Boolean.valueOf(z), Boolean.valueOf(executeOperation(modelControllerClient, ModelUtil.createOpNode("core-service=management/access=authorization/role-mapping=" + str, "is-caller-in-role"), Outcome.SUCCESS).get("result").asBoolean()));
    }

    public static void setRoleMappingIncludeAll(ModelControllerClient modelControllerClient, String str, boolean z) throws IOException {
        ModelNode createOpNode = ModelUtil.createOpNode("core-service=management/access=authorization/role-mapping=" + str, "write-attribute");
        createOpNode.get(Constants.NAME).set("include-all");
        createOpNode.get(Constants.VALUE).set(z);
        executeOperation(modelControllerClient, createOpNode, Outcome.SUCCESS);
    }

    public static void addServerGroupScopedRole(ModelControllerClient modelControllerClient, String str, String str2, String... strArr) throws IOException {
        ModelNode createOperation = Util.createOperation("add", PathAddress.pathAddress(new PathElement[]{PathElement.pathElement("core-service", "management"), PathElement.pathElement("access", Constants.AUTHORIZATION), PathElement.pathElement("server-group-scoped-role", str)}));
        createOperation.get("base-role").set(str2);
        ModelNode modelNode = createOperation.get("server-groups");
        for (String str3 : strArr) {
            modelNode.add(str3);
        }
        executeOperation(modelControllerClient, createOperation, Outcome.SUCCESS);
    }

    public static void removeServerGroupScopedRole(ModelControllerClient modelControllerClient, String str) throws IOException {
        executeOperation(modelControllerClient, Util.createOperation("remove", PathAddress.pathAddress(new PathElement[]{PathElement.pathElement("core-service", "management"), PathElement.pathElement("access", Constants.AUTHORIZATION), PathElement.pathElement("server-group-scoped-role", str)})), Outcome.SUCCESS);
    }

    public static void addHostScopedRole(ModelControllerClient modelControllerClient, String str, String str2, String... strArr) throws IOException {
        ModelNode createOperation = Util.createOperation("add", PathAddress.pathAddress(new PathElement[]{PathElement.pathElement("core-service", "management"), PathElement.pathElement("access", Constants.AUTHORIZATION), PathElement.pathElement("host-scoped-role", str)}));
        createOperation.get("base-role").set(str2);
        ModelNode modelNode = createOperation.get("hosts");
        for (String str3 : strArr) {
            modelNode.add(str3);
        }
        executeOperation(modelControllerClient, createOperation, Outcome.SUCCESS);
    }

    public static void removeHostScopedRole(ModelControllerClient modelControllerClient, String str) throws IOException {
        executeOperation(modelControllerClient, Util.createOperation("remove", PathAddress.pathAddress(new PathElement[]{PathElement.pathElement("core-service", "management"), PathElement.pathElement("access", Constants.AUTHORIZATION), PathElement.pathElement("host-scoped-role", str)})), Outcome.SUCCESS);
    }
}
