package org.jboss.as.domain.management.access;

import java.util.Objects;
import java.util.function.Supplier;
import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.ProcessType;
import org.jboss.as.controller.ReloadRequiredRemoveStepHandler;
import org.jboss.as.controller.ReloadRequiredWriteAttributeHandler;
import org.jboss.as.controller.ResourceDefinition;
import org.jboss.as.controller.RunningMode;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.access.management.AccessConstraintDefinition;
import org.jboss.as.controller.access.management.ManagementSecurityIdentitySupplier;
import org.jboss.as.controller.access.management.SensitiveTargetAccessConstraintDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.registry.AttributeAccess;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.OperationEntry;
import org.jboss.as.domain.management.ModelDescriptionConstants;
import org.jboss.as.domain.management._private.DomainManagementResolver;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.Service;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceNotFoundException;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StopContext;
import org.wildfly.security.auth.server.SecurityDomain;

/* loaded from: input_file:org/jboss/as/domain/management/access/AccessIdentityResourceDefinition.class */
public class AccessIdentityResourceDefinition extends SimpleResourceDefinition {
    private static final String MANAGEMENT_IDENTITY_CAPABILITY = "org.wildfly.management.identity";
    private static final RuntimeCapability<Void> MANAGEMENT_IDENTITY_RUNTIME_CAPABILITY = RuntimeCapability.Builder.of(MANAGEMENT_IDENTITY_CAPABILITY, Void.class).build();
    public static final PathElement PATH_ELEMENT = PathElement.pathElement("access", ModelDescriptionConstants.IDENTITY);
    private static final String SECURITY_DOMAIN_CAPABILITY = "org.wildfly.security.security-domain";
    public static final SimpleAttributeDefinition SECURITY_DOMAIN = new SimpleAttributeDefinitionBuilder(ModelDescriptionConstants.SECURITY_DOMAIN, ModelType.STRING, false).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setCapabilityReference(SECURITY_DOMAIN_CAPABILITY, MANAGEMENT_IDENTITY_CAPABILITY).setAccessConstraints(new AccessConstraintDefinition[]{SensitiveTargetAccessConstraintDefinition.ELYTRON_SECURITY_DOMAIN_REF}).build();
    private static final AttributeDefinition[] ATTRIBUTES = {SECURITY_DOMAIN};

    /* loaded from: input_file:org/jboss/as/domain/management/access/AccessIdentityResourceDefinition$AccessIdentityAddHandler.class */
    static class AccessIdentityAddHandler extends AbstractAddStepHandler {
        private final ManagementSecurityIdentitySupplier securityIdentitySupplier;

        AccessIdentityAddHandler(ManagementSecurityIdentitySupplier managementSecurityIdentitySupplier) {
            super(AccessIdentityResourceDefinition.ATTRIBUTES);
            this.securityIdentitySupplier = managementSecurityIdentitySupplier;
        }

        protected void performRuntime(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
            String asString = AccessIdentityResourceDefinition.SECURITY_DOMAIN.resolveModelAttribute(operationContext, modelNode2).asString();
            ServiceBuilder addService = operationContext.getServiceTarget().addService(AccessIdentityResourceDefinition.MANAGEMENT_IDENTITY_RUNTIME_CAPABILITY.getCapabilityServiceName());
            addService.setInstance(new IdentityService(addService.requires(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName(AccessIdentityResourceDefinition.SECURITY_DOMAIN_CAPABILITY, asString), SecurityDomain.class)), this.securityIdentitySupplier));
            addService.install();
            operationContext.addStep((operationContext2, modelNode3) -> {
                try {
                    ServiceController requiredService = operationContext2.getServiceRegistry(false).getRequiredService(AccessIdentityResourceDefinition.MANAGEMENT_IDENTITY_RUNTIME_CAPABILITY.getCapabilityServiceName());
                    if (requiredService == null || ServiceController.State.UP != requiredService.getState()) {
                        operationContext.setRollbackOnly();
                    }
                } catch (ServiceNotFoundException e) {
                    operationContext.setRollbackOnly();
                }
            }, OperationContext.Stage.VERIFY);
        }

        protected boolean requiresRuntime(OperationContext operationContext) {
            return ((operationContext.getProcessType() == ProcessType.EMBEDDED_SERVER && operationContext.getRunningMode() == RunningMode.ADMIN_ONLY) || operationContext.getProcessType() == ProcessType.EMBEDDED_HOST_CONTROLLER) ? false : true;
        }
    }

    /* loaded from: input_file:org/jboss/as/domain/management/access/AccessIdentityResourceDefinition$IdentityService.class */
    private static final class IdentityService implements Service {
        private final Supplier<SecurityDomain> securityDomainSupplier;
        private final ManagementSecurityIdentitySupplier securityIdentitySupplier;

        private IdentityService(Supplier<SecurityDomain> supplier, ManagementSecurityIdentitySupplier managementSecurityIdentitySupplier) {
            this.securityDomainSupplier = supplier;
            this.securityIdentitySupplier = managementSecurityIdentitySupplier;
        }

        public void start(StartContext startContext) {
            ManagementSecurityIdentitySupplier managementSecurityIdentitySupplier = this.securityIdentitySupplier;
            Supplier<SecurityDomain> supplier = this.securityDomainSupplier;
            Objects.requireNonNull(supplier);
            managementSecurityIdentitySupplier.setConfiguredSecurityDomainSupplier(supplier::get);
        }

        public void stop(StopContext stopContext) {
            this.securityIdentitySupplier.setConfiguredSecurityDomainSupplier((Supplier) null);
        }
    }

    /* loaded from: input_file:org/jboss/as/domain/management/access/AccessIdentityResourceDefinition$WriteAttributeHandler.class */
    static class WriteAttributeHandler extends ReloadRequiredWriteAttributeHandler {
        public WriteAttributeHandler() {
            super(AccessIdentityResourceDefinition.ATTRIBUTES);
        }

        protected boolean requiresRuntime(OperationContext operationContext) {
            return !operationContext.isBooting();
        }
    }

    private AccessIdentityResourceDefinition(AbstractAddStepHandler abstractAddStepHandler) {
        super(new SimpleResourceDefinition.Parameters(PATH_ELEMENT, DomainManagementResolver.getResolver("core.identity")).setAddHandler(abstractAddStepHandler).setRemoveHandler(ReloadRequiredRemoveStepHandler.INSTANCE).setAddRestartLevel(OperationEntry.Flag.RESTART_NONE).setRemoveRestartLevel(OperationEntry.Flag.RESTART_RESOURCE_SERVICES).setCapabilities(new RuntimeCapability[]{MANAGEMENT_IDENTITY_RUNTIME_CAPABILITY}).setAccessConstraints(new AccessConstraintDefinition[]{SensitiveTargetAccessConstraintDefinition.ACCESS_CONTROL}));
    }

    public static ResourceDefinition newInstance(ManagementSecurityIdentitySupplier managementSecurityIdentitySupplier) {
        return new AccessIdentityResourceDefinition(new AccessIdentityAddHandler(managementSecurityIdentitySupplier));
    }

    public void registerAttributes(ManagementResourceRegistration managementResourceRegistration) {
        WriteAttributeHandler writeAttributeHandler = new WriteAttributeHandler();
        for (AttributeDefinition attributeDefinition : ATTRIBUTES) {
            managementResourceRegistration.registerReadWriteAttribute(attributeDefinition, (OperationStepHandler) null, writeAttributeHandler);
        }
    }
}
