package org.wildfly.extension.elytron;

import java.security.Permissions;
import java.util.ArrayList;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import java.util.function.BinaryOperator;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.AttributeMarshaller;
import org.jboss.as.controller.AttributeMarshallers;
import org.jboss.as.controller.AttributeParser;
import org.jboss.as.controller.AttributeParsers;
import org.jboss.as.controller.ObjectListAttributeDefinition;
import org.jboss.as.controller.ObjectTypeAttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.ParameterCorrector;
import org.jboss.as.controller.ResourceDefinition;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.StringListAttributeDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.operations.validation.EnumValidator;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.modules.Module;
import org.jboss.modules.ModuleIdentifier;
import org.jboss.modules.ModuleLoadException;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.StartException;
import org.jboss.msc.value.InjectedValue;
import org.wildfly.extension.elytron.TrivialService;
import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
import org.wildfly.security.authz.PermissionMapper;
import org.wildfly.security.authz.SimplePermissionMapper;
import org.wildfly.security.permission.InvalidPermissionClassException;
import org.wildfly.security.permission.PermissionUtil;
import org.wildfly.security.permission.PermissionVerifier;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/extension/elytron/PermissionMapperDefinitions.class */
public class PermissionMapperDefinitions {
    static final SimpleAttributeDefinition LEFT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.LEFT, ModelType.STRING, false).setMinSize(1).setRestartAllServices().setCapabilityReference("org.wildfly.security.permission-mapper", "org.wildfly.security.permission-mapper", true).build();
    static final SimpleAttributeDefinition RIGHT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.RIGHT, ModelType.STRING, false).setMinSize(1).setRestartAllServices().setCapabilityReference("org.wildfly.security.permission-mapper", "org.wildfly.security.permission-mapper", true).build();
    static final SimpleAttributeDefinition LOGICAL_OPERATION = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.LOGICAL_OPERATION, ModelType.STRING, false).setAllowExpression(true).setAllowedValues(new String[]{ElytronDescriptionConstants.AND, ElytronDescriptionConstants.OR, ElytronDescriptionConstants.XOR, ElytronDescriptionConstants.UNLESS}).setValidator(EnumValidator.create(LogicalMapperOperation.class, false, true)).setMinSize(1).setRestartAllServices().build();
    static final SimpleAttributeDefinition MAPPING_MODE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.MAPPING_MODE, ModelType.STRING, true).setAllowExpression(true).setDefaultValue(new ModelNode(ElytronDescriptionConstants.FIRST)).setAllowedValues(new String[]{ElytronDescriptionConstants.AND, ElytronDescriptionConstants.OR, ElytronDescriptionConstants.XOR, ElytronDescriptionConstants.UNLESS, ElytronDescriptionConstants.FIRST}).setValidator(EnumValidator.create(MappingMode.class, EnumSet.allOf(MappingMode.class))).setRestartAllServices().build();
    static final SimpleAttributeDefinition MATCH_ALL = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.MATCH_ALL, ModelType.BOOLEAN, true).setCorrector(new ParameterCorrector() { // from class: org.wildfly.extension.elytron.PermissionMapperDefinitions.1
        public ModelNode correct(ModelNode modelNode, ModelNode modelNode2) {
            if (modelNode.isDefined() && "false".equals(modelNode.asString())) {
                modelNode.clear();
            }
            return modelNode;
        }
    }).setAllowExpression(false).setAlternatives(new String[]{ElytronDescriptionConstants.PRINCIPALS, ElytronDescriptionConstants.ROLES}).setRestartAllServices().build();
    static final StringListAttributeDefinition PRINCIPALS = new StringListAttributeDefinition.Builder(ElytronDescriptionConstants.PRINCIPALS).setAllowExpression(true).setRequired(false).setAlternatives(new String[]{ElytronDescriptionConstants.MATCH_ALL}).setMinSize(1).setXmlName(ElytronDescriptionConstants.PRINCIPAL).setAttributeParser(AttributeParsers.STRING_LIST_NAMED_ELEMENT).setAttributeMarshaller(AttributeMarshallers.STRING_LIST_NAMED_ELEMENT).build();
    static final StringListAttributeDefinition ROLES = new StringListAttributeDefinition.Builder(ElytronDescriptionConstants.ROLES).setAllowExpression(true).setRequired(false).setAlternatives(new String[]{ElytronDescriptionConstants.MATCH_ALL}).setMinSize(1).setXmlName("role").setAttributeParser(AttributeParsers.STRING_LIST_NAMED_ELEMENT).setAttributeMarshaller(AttributeMarshallers.STRING_LIST_NAMED_ELEMENT).build();
    static final SimpleAttributeDefinition TARGET_NAME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.TARGET_NAME, ModelType.STRING, true).setAllowExpression(true).setMinSize(0).build();
    static final SimpleAttributeDefinition ACTION = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ACTION, ModelType.STRING, true).setAllowExpression(true).setMinSize(0).build();
    static final ObjectTypeAttributeDefinition PERMISSION = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.PERMISSION, new AttributeDefinition[]{ClassLoadingAttributeDefinitions.CLASS_NAME, ClassLoadingAttributeDefinitions.MODULE, TARGET_NAME, ACTION}).build();
    static final ObjectListAttributeDefinition PERMISSIONS = new ObjectListAttributeDefinition.Builder(ElytronDescriptionConstants.PERMISSIONS, PERMISSION).setRequired(false).setRestartAllServices().setAttributeMarshaller(AttributeMarshaller.UNWRAPPED_OBJECT_LIST_MARSHALLER).setAttributeParser(AttributeParser.UNWRAPPED_OBJECT_LIST_PARSER).build();
    static final ObjectTypeAttributeDefinition PERMISSION_MAPPING = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.PERMISSION_MAPPING, new AttributeDefinition[]{MATCH_ALL, PRINCIPALS, ROLES, PERMISSIONS}).setCorrector(new MatchAllCorrector()).build();
    static final ObjectListAttributeDefinition PERMISSION_MAPPINGS = new ObjectListAttributeDefinition.Builder(ElytronDescriptionConstants.PERMISSION_MAPPINGS, PERMISSION_MAPPING).setRequired(false).setCorrector(new PermissionMappingCorrector()).setRestartAllServices().setAttributeMarshaller(AttributeMarshallers.OBJECT_LIST_UNWRAPPED).setAttributeParser(AttributeParsers.UNWRAPPED_OBJECT_LIST_PARSER).build();
    static final StringListAttributeDefinition ROLES_1_0 = new StringListAttributeDefinition.Builder(ROLES).setXmlName(ElytronDescriptionConstants.ROLES).setAttributeParser(AttributeParsers.STRING_LIST).setAttributeMarshaller(AttributeMarshallers.STRING_LIST).build();
    static final StringListAttributeDefinition PRINCIPALS_1_0 = new StringListAttributeDefinition.Builder(PRINCIPALS).setXmlName(ElytronDescriptionConstants.PRINCIPALS).setAttributeParser(AttributeParsers.STRING_LIST).setAttributeMarshaller(AttributeMarshallers.STRING_LIST).build();
    private static final ObjectTypeAttributeDefinition PERMISSION_MAPPING_1_0 = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.PERMISSION_MAPPING, new AttributeDefinition[]{MATCH_ALL, PRINCIPALS_1_0, ROLES_1_0, PERMISSIONS}).setCorrector(new MatchAllCorrector()).build();
    static final ObjectListAttributeDefinition PERMISSION_MAPPINGS_1_0 = new ObjectListAttributeDefinition.Builder(PERMISSION_MAPPINGS).setValueType(PERMISSION_MAPPING_1_0).build();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/extension/elytron/PermissionMapperDefinitions$LogicalMapperOperation.class */
    public enum LogicalMapperOperation {
        AND((permissionMapper, permissionMapper2) -> {
            return permissionMapper.and(permissionMapper2);
        }),
        OR((permissionMapper3, permissionMapper4) -> {
            return permissionMapper3.or(permissionMapper4);
        }),
        XOR((permissionMapper5, permissionMapper6) -> {
            return permissionMapper5.xor(permissionMapper6);
        }),
        UNLESS((permissionMapper7, permissionMapper8) -> {
            return permissionMapper7.unless(permissionMapper8);
        });

        private final BinaryOperator<PermissionMapper> operator;

        LogicalMapperOperation(BinaryOperator binaryOperator) {
            this.operator = binaryOperator;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public PermissionMapper create(PermissionMapper permissionMapper, PermissionMapper permissionMapper2) {
            return (PermissionMapper) this.operator.apply(permissionMapper, permissionMapper2);
        }

        @Override // java.lang.Enum
        public String toString() {
            return name().toLowerCase(Locale.US);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/extension/elytron/PermissionMapperDefinitions$Mapping.class */
    public static class Mapping {
        private boolean matchAll;
        private final Set<String> principals;
        private final Set<String> roles;
        private final List<Permission> permissions;

        Mapping(Set<String> set, Set<String> set2, List<Permission> list, boolean z) {
            this.principals = set;
            this.roles = set2;
            this.permissions = list;
            this.matchAll = z;
        }

        public Set<String> getPrincipals() {
            return this.principals;
        }

        public Set<String> getRoles() {
            return this.roles;
        }

        public List<Permission> getPermissions() {
            return this.permissions;
        }

        public boolean matchAll() {
            return this.matchAll;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/extension/elytron/PermissionMapperDefinitions$MappingMode.class */
    public enum MappingMode {
        AND,
        OR,
        XOR,
        UNLESS,
        FIRST;

        SimplePermissionMapper.MappingMode convert() {
            switch (this) {
                case AND:
                    return SimplePermissionMapper.MappingMode.AND;
                case OR:
                    return SimplePermissionMapper.MappingMode.OR;
                case XOR:
                    return SimplePermissionMapper.MappingMode.XOR;
                case UNLESS:
                    return SimplePermissionMapper.MappingMode.UNLESS;
                default:
                    return SimplePermissionMapper.MappingMode.FIRST_MATCH;
            }
        }

        @Override // java.lang.Enum
        public String toString() {
            return name().toLowerCase(Locale.US);
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/PermissionMapperDefinitions$MatchAllCorrector.class */
    static class MatchAllCorrector implements ParameterCorrector {
        MatchAllCorrector() {
        }

        public ModelNode correct(ModelNode modelNode, ModelNode modelNode2) {
            String name = PermissionMapperDefinitions.MATCH_ALL.getName();
            if (!modelNode.isDefined() || !modelNode.hasDefined(name)) {
                return modelNode;
            }
            ModelNode modelNode3 = modelNode.get(name);
            PermissionMapperDefinitions.MATCH_ALL.getCorrector().correct(modelNode3, new ModelNode());
            if (!modelNode3.isDefined()) {
                modelNode.remove(name);
            }
            return modelNode;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/extension/elytron/PermissionMapperDefinitions$Permission.class */
    public static class Permission {
        private final String className;
        private final String module;
        private final String targetName;
        private final String action;

        Permission(String str, String str2, String str3, String str4) {
            this.className = str;
            this.module = str2;
            this.targetName = str3;
            this.action = str4;
        }

        public String getClassName() {
            return this.className;
        }

        public String getModule() {
            return this.module;
        }

        public String getTargetName() {
            return this.targetName;
        }

        public String getAction() {
            return this.action;
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/PermissionMapperDefinitions$PermissionMappingCorrector.class */
    static class PermissionMappingCorrector implements ParameterCorrector {
        PermissionMappingCorrector() {
        }

        public ModelNode correct(ModelNode modelNode, ModelNode modelNode2) {
            if (!modelNode.isDefined() || modelNode.getType() != ModelType.LIST) {
                return modelNode;
            }
            Iterator it = modelNode.asList().iterator();
            while (it.hasNext()) {
                PermissionMapperDefinitions.PERMISSION_MAPPING.getCorrector().correct((ModelNode) it.next(), new ModelNode());
            }
            return modelNode;
        }
    }

    PermissionMapperDefinitions() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResourceDefinition getLogicalPermissionMapper() {
        AttributeDefinition[] attributeDefinitionArr = {LOGICAL_OPERATION, LEFT, RIGHT};
        return new TrivialResourceDefinition(ElytronDescriptionConstants.LOGICAL_PERMISSION_MAPPER, new TrivialAddHandler<PermissionMapper>(PermissionMapper.class, attributeDefinitionArr, Capabilities.PERMISSION_MAPPER_RUNTIME_CAPABILITY) { // from class: org.wildfly.extension.elytron.PermissionMapperDefinitions.2
            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected TrivialService.ValueSupplier<PermissionMapper> getValueSupplier(ServiceBuilder<PermissionMapper> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                InjectedValue injectedValue = new InjectedValue();
                InjectedValue injectedValue2 = new InjectedValue();
                LogicalMapperOperation logicalMapperOperation = (LogicalMapperOperation) LogicalMapperOperation.valueOf(LogicalMapperOperation.class, PermissionMapperDefinitions.LOGICAL_OPERATION.resolveModelAttribute(operationContext, modelNode).asString().toUpperCase(Locale.ENGLISH));
                serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.permission-mapper", PermissionMapperDefinitions.LEFT.resolveModelAttribute(operationContext, modelNode).asString()), PermissionMapper.class), PermissionMapper.class, injectedValue);
                serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.permission-mapper", PermissionMapperDefinitions.RIGHT.resolveModelAttribute(operationContext, modelNode).asString()), PermissionMapper.class), PermissionMapper.class, injectedValue2);
                return () -> {
                    return logicalMapperOperation.create((PermissionMapper) injectedValue.getValue(), (PermissionMapper) injectedValue2.getValue());
                };
            }
        }, attributeDefinitionArr, Capabilities.PERMISSION_MAPPER_RUNTIME_CAPABILITY);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResourceDefinition getSimplePermissionMapper() {
        AttributeDefinition[] attributeDefinitionArr = {MAPPING_MODE, PERMISSION_MAPPINGS};
        return new TrivialResourceDefinition(ElytronDescriptionConstants.SIMPLE_PERMISSION_MAPPER, new TrivialAddHandler<PermissionMapper>(PermissionMapper.class, attributeDefinitionArr, Capabilities.PERMISSION_MAPPER_RUNTIME_CAPABILITY) { // from class: org.wildfly.extension.elytron.PermissionMapperDefinitions.3
            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected TrivialService.ValueSupplier<PermissionMapper> getValueSupplier(ServiceBuilder<PermissionMapper> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                MappingMode mappingMode = (MappingMode) MappingMode.valueOf(MappingMode.class, PermissionMapperDefinitions.MAPPING_MODE.resolveModelAttribute(operationContext, modelNode).asString().toUpperCase(Locale.ENGLISH));
                ArrayList arrayList = new ArrayList();
                if (modelNode.hasDefined(ElytronDescriptionConstants.PERMISSION_MAPPINGS)) {
                    for (ModelNode modelNode2 : modelNode.get(ElytronDescriptionConstants.PERMISSION_MAPPINGS).asList()) {
                        boolean asBoolean = PermissionMapperDefinitions.MATCH_ALL.resolveModelAttribute(operationContext, modelNode2).asBoolean(false);
                        Set hashSet = !asBoolean ? new HashSet(PermissionMapperDefinitions.PRINCIPALS.unwrap(operationContext, modelNode2)) : Collections.emptySet();
                        Set hashSet2 = !asBoolean ? new HashSet(PermissionMapperDefinitions.ROLES.unwrap(operationContext, modelNode2)) : Collections.emptySet();
                        ArrayList arrayList2 = new ArrayList();
                        if (modelNode2.hasDefined(ElytronDescriptionConstants.PERMISSIONS)) {
                            for (ModelNode modelNode3 : modelNode2.require(ElytronDescriptionConstants.PERMISSIONS).asList()) {
                                arrayList2.add(new Permission(ClassLoadingAttributeDefinitions.CLASS_NAME.resolveModelAttribute(operationContext, modelNode3).asString(), ClassLoadingAttributeDefinitions.MODULE.resolveModelAttribute(operationContext, modelNode3).asStringOrNull(), PermissionMapperDefinitions.TARGET_NAME.resolveModelAttribute(operationContext, modelNode3).asStringOrNull(), PermissionMapperDefinitions.ACTION.resolveModelAttribute(operationContext, modelNode3).asStringOrNull()));
                            }
                        }
                        arrayList.add(new Mapping(hashSet, hashSet2, arrayList2, asBoolean));
                    }
                }
                return () -> {
                    return PermissionMapperDefinitions.createSimplePermissionMapper(mappingMode, arrayList);
                };
            }
        }, attributeDefinitionArr, Capabilities.PERMISSION_MAPPER_RUNTIME_CAPABILITY);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static PermissionMapper createSimplePermissionMapper(MappingMode mappingMode, List<Mapping> list) throws StartException {
        SimplePermissionMapper.Builder builder = SimplePermissionMapper.builder();
        builder.setMappingMode(mappingMode.convert());
        for (Mapping mapping : list) {
            Permissions permissions = new Permissions();
            Iterator<Permission> it = mapping.getPermissions().iterator();
            while (it.hasNext()) {
                java.security.Permission createPermission = createPermission(it.next());
                if (createPermission != null) {
                    permissions.add(createPermission);
                }
            }
            if (mapping.matchAll()) {
                builder.addMatchAllPrincipals(PermissionVerifier.from(permissions));
            } else {
                builder.addMapping(mapping.getPrincipals(), mapping.getRoles(), PermissionVerifier.from(permissions));
            }
        }
        return builder.build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResourceDefinition getConstantPermissionMapper() {
        AttributeDefinition[] attributeDefinitionArr = {PERMISSIONS};
        return new TrivialResourceDefinition(ElytronDescriptionConstants.CONSTANT_PERMISSION_MAPPER, new TrivialAddHandler<PermissionMapper>(PermissionMapper.class, attributeDefinitionArr, Capabilities.PERMISSION_MAPPER_RUNTIME_CAPABILITY) { // from class: org.wildfly.extension.elytron.PermissionMapperDefinitions.4
            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected TrivialService.ValueSupplier<PermissionMapper> getValueSupplier(ServiceBuilder<PermissionMapper> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                ArrayList arrayList = new ArrayList();
                if (modelNode.hasDefined(ElytronDescriptionConstants.PERMISSIONS)) {
                    for (ModelNode modelNode2 : modelNode.require(ElytronDescriptionConstants.PERMISSIONS).asList()) {
                        arrayList.add(new Permission(ClassLoadingAttributeDefinitions.CLASS_NAME.resolveModelAttribute(operationContext, modelNode2).asString(), ClassLoadingAttributeDefinitions.MODULE.resolveModelAttribute(operationContext, modelNode2).asStringOrNull(), PermissionMapperDefinitions.TARGET_NAME.resolveModelAttribute(operationContext, modelNode2).asStringOrNull(), PermissionMapperDefinitions.ACTION.resolveModelAttribute(operationContext, modelNode2).asStringOrNull()));
                    }
                }
                return () -> {
                    return PermissionMapperDefinitions.createConstantPermissionMapper(arrayList);
                };
            }
        }, attributeDefinitionArr, Capabilities.PERMISSION_MAPPER_RUNTIME_CAPABILITY);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static PermissionMapper createConstantPermissionMapper(List<Permission> list) throws StartException {
        Permissions permissions = new Permissions();
        Iterator<Permission> it = list.iterator();
        while (it.hasNext()) {
            java.security.Permission createPermission = createPermission(it.next());
            if (createPermission != null) {
                permissions.add(createPermission);
            }
        }
        return PermissionMapper.createConstant(PermissionVerifier.from(permissions));
    }

    private static java.security.Permission createPermission(Permission permission) throws StartException {
        Module callerModule = Module.getCallerModule();
        if (permission.getModule() != null && callerModule != null) {
            try {
                callerModule = callerModule.getModule(ModuleIdentifier.fromString(permission.getModule()));
            } catch (ModuleLoadException e) {
                return null;
            }
        }
        try {
            return PermissionUtil.createPermission(callerModule != null ? callerModule.getClassLoader() : PermissionMapperDefinitions.class.getClassLoader(), permission.getClassName(), permission.getTargetName(), permission.getAction());
        } catch (InvalidPermissionClassException e2) {
            ElytronSubsystemMessages.ROOT_LOGGER.invalidPermissionClass(permission.getClassName());
            return null;
        } catch (Throwable th) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.exceptionWhileCreatingPermission(permission.getClassName(), th);
        }
    }
}
