package org.wildfly.extension.elytron;

import java.security.AccessController;
import java.security.Policy;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.ServiceLoader;
import java.util.function.Consumer;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.PolicyContextHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.ModelOnlyWriteAttributeHandler;
import org.jboss.as.controller.ObjectTypeAttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.ParameterCorrector;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.ReloadRequiredRemoveStepHandler;
import org.jboss.as.controller.ReloadRequiredWriteAttributeHandler;
import org.jboss.as.controller.ResourceDefinition;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.OperationEntry;
import org.jboss.as.controller.registry.Resource;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.modules.ModuleLoadException;
import org.jboss.msc.service.Service;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
import org.wildfly.security.authz.jacc.DelegatingPolicyContextHandler;
import org.wildfly.security.authz.jacc.ElytronPolicyConfigurationFactory;
import org.wildfly.security.authz.jacc.JaccDelegatingPolicy;
import org.wildfly.security.authz.jacc.SecurityIdentityHandler;
import org.wildfly.security.authz.jacc.SubjectPolicyContextHandler;
import org.wildfly.security.manager.WildFlySecurityManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/extension/elytron/PolicyDefinitions.class */
public class PolicyDefinitions {
    static final SimpleAttributeDefinition RESOURCE_NAME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.NAME, ModelType.STRING).setMinSize(1).build();
    static final SimpleAttributeDefinition DEFAULT_POLICY = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.DEFAULT_POLICY, ModelType.STRING).setRequired(false).setCorrector(new ParameterCorrector() { // from class: org.wildfly.extension.elytron.PolicyDefinitions.1
        public ModelNode correct(ModelNode modelNode, ModelNode modelNode2) {
            return new ModelNode();
        }
    }).setDeprecated(ElytronExtension.ELYTRON_1_2_0).build();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/extension/elytron/PolicyDefinitions$CustomPolicyDefinition.class */
    public static class CustomPolicyDefinition {
        static final SimpleAttributeDefinition NAME = PolicyDefinitions.RESOURCE_NAME;
        static final SimpleAttributeDefinition CLASS_NAME = ClassLoadingAttributeDefinitions.CLASS_NAME;
        static final SimpleAttributeDefinition MODULE = ClassLoadingAttributeDefinitions.MODULE;
        static final ObjectTypeAttributeDefinition POLICY = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.CUSTOM_POLICY, new AttributeDefinition[]{CLASS_NAME, MODULE}).setRequired(true).setAlternatives(new String[]{ElytronDescriptionConstants.JACC_POLICY}).setCorrector(ListToObjectCorrector.INSTANCE).build();

        CustomPolicyDefinition() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/extension/elytron/PolicyDefinitions$JaccPolicyDefinition.class */
    public static class JaccPolicyDefinition {
        static final SimpleAttributeDefinition NAME = PolicyDefinitions.RESOURCE_NAME;
        static final SimpleAttributeDefinition POLICY_PROVIDER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.POLICY, ModelType.STRING, true).setDefaultValue(new ModelNode(JaccDelegatingPolicy.class.getName())).setMinSize(1).build();
        static final SimpleAttributeDefinition CONFIGURATION_FACTORY = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.CONFIGURATION_FACTORY, ModelType.STRING, true).setDefaultValue(new ModelNode(ElytronPolicyConfigurationFactory.class.getName())).setMinSize(1).build();
        static final SimpleAttributeDefinition MODULE = ClassLoadingAttributeDefinitions.MODULE;
        static final ObjectTypeAttributeDefinition POLICY = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.JACC_POLICY, new AttributeDefinition[]{POLICY_PROVIDER, CONFIGURATION_FACTORY, MODULE}).setRequired(true).setAlternatives(new String[]{ElytronDescriptionConstants.CUSTOM_POLICY}).setCorrector(ListToObjectCorrector.INSTANCE).build();

        JaccPolicyDefinition() {
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/PolicyDefinitions$ListToObjectCorrector.class */
    private static class ListToObjectCorrector implements ParameterCorrector {
        private static final ListToObjectCorrector INSTANCE = new ListToObjectCorrector();

        private ListToObjectCorrector() {
        }

        public ModelNode correct(ModelNode modelNode, ModelNode modelNode2) {
            ModelNode modelNode3 = modelNode;
            if (modelNode.getType() == ModelType.LIST && modelNode.asInt() == 1) {
                modelNode3 = modelNode.get(0);
                if (modelNode3.has(ElytronDescriptionConstants.NAME)) {
                    modelNode3.remove(ElytronDescriptionConstants.NAME);
                }
            }
            return modelNode3;
        }
    }

    PolicyDefinitions() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResourceDefinition getPolicy() {
        final AttributeDefinition[] attributeDefinitionArr = {DEFAULT_POLICY, JaccPolicyDefinition.POLICY, CustomPolicyDefinition.POLICY};
        return new SimpleResourceDefinition(new SimpleResourceDefinition.Parameters(PathElement.pathElement(ElytronDescriptionConstants.POLICY), ElytronExtension.getResourceDescriptionResolver(ElytronDescriptionConstants.POLICY)).setAddHandler(new BaseAddHandler(Capabilities.POLICY_RUNTIME_CAPABILITY, attributeDefinitionArr) { // from class: org.wildfly.extension.elytron.PolicyDefinitions.2
            protected void populateModel(OperationContext operationContext, ModelNode modelNode, Resource resource) throws OperationFailedException {
                super.populateModel(operationContext, modelNode, resource);
                resource.getModel().get(PolicyDefinitions.DEFAULT_POLICY.getName()).clear();
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.wildfly.extension.elytron.BaseAddHandler
            public void recordCapabilitiesAndRequirements(OperationContext operationContext, ModelNode modelNode, Resource resource) throws OperationFailedException {
                super.recordCapabilitiesAndRequirements(operationContext, modelNode, resource);
                if (resource.getModel().hasDefined(ElytronDescriptionConstants.JACC_POLICY)) {
                    operationContext.registerCapability(Capabilities.JACC_POLICY_RUNTIME_CAPABILITY);
                }
            }

            protected void performRuntime(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
                ServiceBuilder addService = operationContext.getServiceTarget().addService(Capabilities.POLICY_RUNTIME_CAPABILITY.getCapabilityServiceName(Policy.class), createPolicyService(PolicyDefinitions.getPolicyProvider(operationContext, modelNode2)));
                if (modelNode2.get(ElytronDescriptionConstants.JACC_POLICY).isDefined()) {
                    addService.addAliases(new ServiceName[]{Capabilities.JACC_POLICY_RUNTIME_CAPABILITY.getCapabilityServiceName()});
                }
                addService.setInitialMode(ServiceController.Mode.ACTIVE).install();
                if (operationContext.isBooting()) {
                    return;
                }
                operationContext.reloadRequired();
            }

            private Service<Policy> createPolicyService(final Consumer<Consumer<Policy>> consumer) {
                return new Service<Policy>() { // from class: org.wildfly.extension.elytron.PolicyDefinitions.2.1
                    volatile Policy original;

                    public void start(StartContext startContext) throws StartException {
                        this.original = getPolicy();
                        try {
                            consumer.accept(this::setPolicy);
                        } catch (Exception e) {
                            setPolicy(this.original);
                            throw new StartException(e);
                        }
                    }

                    public void stop(StopContext stopContext) {
                        setPolicy(this.original);
                    }

                    /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
                    public Policy m104getValue() throws IllegalStateException, IllegalArgumentException {
                        return getPolicy();
                    }

                    private void setPolicy(Policy policy) {
                        policy.refresh();
                        try {
                            if (WildFlySecurityManager.isChecking()) {
                                AccessController.doPrivileged(setPolicyAction(policy));
                            } else {
                                setPolicyAction(policy).run();
                            }
                        } catch (Exception e) {
                            throw ElytronSubsystemMessages.ROOT_LOGGER.failedToSetPolicy(policy, e);
                        }
                    }

                    private PrivilegedAction<Void> setPolicyAction(Policy policy) {
                        return () -> {
                            Policy.setPolicy(policy);
                            return null;
                        };
                    }

                    private Policy getPolicy() {
                        return WildFlySecurityManager.isChecking() ? (Policy) AccessController.doPrivileged(getPolicyAction()) : getPolicyAction().run();
                    }

                    private PrivilegedAction<Policy> getPolicyAction() {
                        return Policy::getPolicy;
                    }
                };
            }
        }).setRemoveHandler(new ReloadRequiredRemoveStepHandler() { // from class: org.wildfly.extension.elytron.PolicyDefinitions.3
            protected void recordCapabilitiesAndRequirements(OperationContext operationContext, ModelNode modelNode, Resource resource) throws OperationFailedException {
                super.recordCapabilitiesAndRequirements(operationContext, modelNode, resource);
                operationContext.deregisterCapability("org.wildfly.security.jacc-policy");
            }
        }).setAddRestartLevel(OperationEntry.Flag.RESTART_ALL_SERVICES).setRemoveRestartLevel(OperationEntry.Flag.RESTART_ALL_SERVICES).setCapabilities(new RuntimeCapability[]{Capabilities.POLICY_RUNTIME_CAPABILITY}).setMaxOccurs(1)) { // from class: org.wildfly.extension.elytron.PolicyDefinitions.4
            public void registerAttributes(ManagementResourceRegistration managementResourceRegistration) {
                ReloadRequiredWriteAttributeHandler reloadRequiredWriteAttributeHandler = new ReloadRequiredWriteAttributeHandler(attributeDefinitionArr) { // from class: org.wildfly.extension.elytron.PolicyDefinitions.4.1
                    protected void recordCapabilitiesAndRequirements(OperationContext operationContext, AttributeDefinition attributeDefinition, ModelNode modelNode, ModelNode modelNode2) {
                        super.recordCapabilitiesAndRequirements(operationContext, attributeDefinition, modelNode, modelNode2);
                        if (ElytronDescriptionConstants.JACC_POLICY.equals(attributeDefinition.getName())) {
                            if (!modelNode.isDefined()) {
                                operationContext.deregisterCapability("org.wildfly.security.jacc-policy");
                            } else {
                                if (modelNode2.isDefined()) {
                                    return;
                                }
                                operationContext.registerCapability(Capabilities.JACC_POLICY_RUNTIME_CAPABILITY);
                            }
                        }
                    }
                };
                for (SimpleAttributeDefinition simpleAttributeDefinition : attributeDefinitionArr) {
                    if (simpleAttributeDefinition != PolicyDefinitions.DEFAULT_POLICY) {
                        managementResourceRegistration.registerReadWriteAttribute(simpleAttributeDefinition, (OperationStepHandler) null, reloadRequiredWriteAttributeHandler);
                    } else {
                        managementResourceRegistration.registerReadWriteAttribute(simpleAttributeDefinition, (OperationStepHandler) null, new ModelOnlyWriteAttributeHandler(new AttributeDefinition[]{PolicyDefinitions.DEFAULT_POLICY}));
                    }
                }
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Consumer<Consumer<Policy>> getPolicyProvider(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        Consumer<Consumer<Policy>> configureJaccPolicy = configureJaccPolicy(operationContext, modelNode);
        if (configureJaccPolicy == null) {
            configureJaccPolicy = configureCustomPolicy(operationContext, modelNode);
        }
        return configureJaccPolicy;
    }

    private static Consumer<Consumer<Policy>> configureCustomPolicy(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        ModelNode modelNode2 = modelNode.get(ElytronDescriptionConstants.CUSTOM_POLICY);
        if (!modelNode2.isDefined()) {
            return null;
        }
        String asString = CustomPolicyDefinition.CLASS_NAME.resolveModelAttribute(operationContext, modelNode2).asString();
        String asStringOrNull = CustomPolicyDefinition.MODULE.resolveModelAttribute(operationContext, modelNode2).asStringOrNull();
        return consumer -> {
            try {
                consumer.accept(newPolicy(asString, ClassLoadingAttributeDefinitions.resolveClassLoader(asStringOrNull)));
            } catch (ModuleLoadException e) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.unableToLoadModuleRuntime(asStringOrNull, e);
            }
        };
    }

    private static Consumer<Consumer<Policy>> configureJaccPolicy(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        ModelNode modelNode2 = modelNode.get(ElytronDescriptionConstants.JACC_POLICY);
        if (!modelNode2.isDefined()) {
            return null;
        }
        final String asString = JaccPolicyDefinition.POLICY_PROVIDER.resolveModelAttribute(operationContext, modelNode2).asString();
        final String asString2 = JaccPolicyDefinition.CONFIGURATION_FACTORY.resolveModelAttribute(operationContext, modelNode2).asString();
        final boolean equals = asString2.equals(JaccPolicyDefinition.CONFIGURATION_FACTORY.getDefaultValue().asString());
        final String asStringOrNull = JaccPolicyDefinition.MODULE.resolveModelAttribute(operationContext, modelNode2).asStringOrNull();
        return new Consumer<Consumer<Policy>>() { // from class: org.wildfly.extension.elytron.PolicyDefinitions.5
            @Override // java.util.function.Consumer
            public void accept(Consumer<Policy> consumer) {
                try {
                    ClassLoader resolveClassLoader = ClassLoadingAttributeDefinitions.resolveClassLoader(asStringOrNull);
                    consumer.accept(PolicyDefinitions.newPolicy(asString, resolveClassLoader));
                    String str = asString2;
                    boolean z = equals;
                    SecurityActions.doPrivileged(() -> {
                        return PolicyDefinitions.newPolicyConfigurationFactory(str, z ? PolicyDefinitions.class.getClassLoader() : resolveClassLoader);
                    });
                    Map<String, PolicyContextHandler> discoverPolicyContextHandlers = discoverPolicyContextHandlers();
                    registerHandler(discoverPolicyContextHandlers, new SubjectPolicyContextHandler());
                    registerHandler(discoverPolicyContextHandlers, new SecurityIdentityHandler());
                    for (Map.Entry<String, PolicyContextHandler> entry : discoverPolicyContextHandlers.entrySet()) {
                        PolicyContext.registerHandler(entry.getKey(), entry.getValue(), true);
                    }
                } catch (Exception e) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.failedToRegisterPolicyHandlers(e);
                }
            }

            private void registerHandler(Map<String, PolicyContextHandler> map, PolicyContextHandler policyContextHandler) throws PolicyContextException {
                for (String str : policyContextHandler.getKeys()) {
                    PolicyContextHandler remove = map.remove(str);
                    if (remove != null) {
                        ElytronSubsystemMessages.ROOT_LOGGER.tracef("Registering DelegatingPolicyContextHandler for key '%s'.", str);
                        PolicyContext.registerHandler(str, new DelegatingPolicyContextHandler(str, policyContextHandler, remove), true);
                    } else {
                        PolicyContext.registerHandler(str, policyContextHandler, true);
                    }
                }
            }

            private Map<String, PolicyContextHandler> discoverPolicyContextHandlers() throws PolicyContextException {
                HashMap hashMap = new HashMap();
                Iterator it = ServiceLoader.load(PolicyContextHandler.class, PolicyDefinitions.class.getClassLoader()).iterator();
                while (it.hasNext()) {
                    PolicyContextHandler policyContextHandler = (PolicyContextHandler) it.next();
                    for (String str : policyContextHandler.getKeys()) {
                        if (hashMap.put(str, policyContextHandler) != null) {
                            throw ElytronSubsystemMessages.ROOT_LOGGER.duplicatePolicyContextHandler(str);
                        }
                        if (ElytronSubsystemMessages.ROOT_LOGGER.isTraceEnabled()) {
                            ElytronSubsystemMessages.ROOT_LOGGER.tracef("Discovered PolicyContextHandler '%s' for key '%s'.", policyContextHandler.getClass().getName(), str);
                        }
                    }
                }
                return hashMap;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Policy newPolicy(String str, ClassLoader classLoader) {
        try {
            return (Policy) Policy.class.cast(classLoader.loadClass(str).newInstance());
        } catch (Exception e) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.failedToCreatePolicy(str, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static PolicyConfigurationFactory newPolicyConfigurationFactory(String str, ClassLoader classLoader) throws PolicyContextException, ClassNotFoundException {
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        try {
            Thread.currentThread().setContextClassLoader(classLoader);
            System.setProperty(PolicyConfigurationFactory.class.getName() + ".provider", str);
            PolicyConfigurationFactory policyConfigurationFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
            String name = policyConfigurationFactory.getClass().getName();
            if (!str.equals(name)) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.invalidImplementationLoaded(PolicyConfigurationFactory.class.getCanonicalName(), str, name);
            }
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            return policyConfigurationFactory;
        } catch (Throwable th) {
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            throw th;
        }
    }
}
