package org.wildfly.iiop.openjdk;

import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.dmr.ModelNode;
import org.wildfly.iiop.openjdk.logging.IIOPLogger;

/* loaded from: input_file:org/wildfly/iiop/openjdk/ConfigValidator.class */
public class ConfigValidator {
    private ConfigValidator() {
    }

    public static void validateConfig(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        boolean asBoolean = IIOPRootDefinition.SUPPORT_SSL.resolveModelAttribute(operationContext, modelNode).asBoolean();
        boolean asBoolean2 = IIOPRootDefinition.SERVER_REQUIRES_SSL.resolveModelAttribute(operationContext, modelNode).asBoolean();
        validateSSLConfig(operationContext, modelNode, asBoolean, asBoolean2, IIOPRootDefinition.CLIENT_REQUIRES_SSL.resolveModelAttribute(operationContext, modelNode).asBoolean());
        validateIORTransportConfig(operationContext, modelNode, asBoolean, asBoolean2);
        validateORBInitializerConfig(operationContext, modelNode);
    }

    private static void validateSSLConfig(OperationContext operationContext, ModelNode modelNode, boolean z, boolean z2, boolean z3) throws OperationFailedException {
        if (!z) {
            if (z2 || z3) {
                throw IIOPLogger.ROOT_LOGGER.sslNotConfigured();
            }
            return;
        }
        ModelNode resolveModelAttribute = IIOPRootDefinition.SECURITY_DOMAIN.resolveModelAttribute(operationContext, modelNode);
        ModelNode resolveModelAttribute2 = IIOPRootDefinition.SERVER_SSL_CONTEXT.resolveModelAttribute(operationContext, modelNode);
        ModelNode resolveModelAttribute3 = IIOPRootDefinition.CLIENT_SSL_CONTEXT.resolveModelAttribute(operationContext, modelNode);
        if (resolveModelAttribute.isDefined()) {
            return;
        }
        if (!resolveModelAttribute2.isDefined() || !resolveModelAttribute3.isDefined()) {
            throw IIOPLogger.ROOT_LOGGER.noSecurityDomainOrSSLContextsSpecified();
        }
    }

    private static void validateIORTransportConfig(OperationContext operationContext, ModelNode modelNode, boolean z, boolean z2) throws OperationFailedException {
        validateSSLAttribute(operationContext, modelNode, z, z2, IIOPRootDefinition.INTEGRITY);
        validateSSLAttribute(operationContext, modelNode, z, z2, IIOPRootDefinition.CONFIDENTIALITY);
        validateSSLAttribute(operationContext, modelNode, z, z2, IIOPRootDefinition.TRUST_IN_CLIENT);
        validateTrustInTarget(operationContext, modelNode, z);
        validateSupportedAttribute(operationContext, modelNode, IIOPRootDefinition.DETECT_MISORDERING);
        validateSupportedAttribute(operationContext, modelNode, IIOPRootDefinition.DETECT_REPLAY);
    }

    private static void validateSSLAttribute(OperationContext operationContext, ModelNode modelNode, boolean z, boolean z2, AttributeDefinition attributeDefinition) throws OperationFailedException {
        ModelNode resolveModelAttribute = attributeDefinition.resolveModelAttribute(operationContext, modelNode);
        if (resolveModelAttribute.isDefined()) {
            String asString = resolveModelAttribute.asString();
            if (!z) {
                if (!asString.equals("none")) {
                    throw IIOPLogger.ROOT_LOGGER.inconsistentUnsupportedTransportConfig(attributeDefinition.getName());
                }
            } else {
                if (asString.equals("none")) {
                    throw IIOPLogger.ROOT_LOGGER.inconsistentSupportedTransportConfig(attributeDefinition.getName());
                }
                if (z2 && asString.equals(Constants.IOR_SUPPORTED)) {
                    throw IIOPLogger.ROOT_LOGGER.inconsistentRequiredTransportConfig(Constants.SECURITY_SERVER_REQUIRES_SSL, attributeDefinition.getName());
                }
            }
        }
    }

    private static void validateTrustInTarget(OperationContext operationContext, ModelNode modelNode, boolean z) throws OperationFailedException {
        ModelNode resolveModelAttribute = IIOPRootDefinition.TRUST_IN_TARGET.resolveModelAttribute(operationContext, modelNode);
        if (resolveModelAttribute.isDefined()) {
            String asString = resolveModelAttribute.asString();
            if (z && asString.equals("none")) {
                throw IIOPLogger.ROOT_LOGGER.inconsistentSupportedTransportConfig(Constants.IOR_TRANSPORT_TRUST_IN_TARGET);
            }
        }
    }

    private static void validateSupportedAttribute(OperationContext operationContext, ModelNode modelNode, AttributeDefinition attributeDefinition) throws OperationFailedException {
        ModelNode resolveModelAttribute = attributeDefinition.resolveModelAttribute(operationContext, modelNode);
        if (resolveModelAttribute.isDefined() && !resolveModelAttribute.asString().equals(Constants.IOR_SUPPORTED)) {
            throw IIOPLogger.ROOT_LOGGER.inconsistentSupportedTransportConfig(attributeDefinition.getName());
        }
    }

    private static void validateORBInitializerConfig(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        ModelNode resolveModelAttribute = IIOPRootDefinition.SECURITY.resolveModelAttribute(operationContext, modelNode);
        ModelNode resolveModelAttribute2 = IIOPRootDefinition.AUTHENTICATION_CONTEXT.resolveModelAttribute(operationContext, modelNode);
        if (!(resolveModelAttribute.isDefined() && resolveModelAttribute.asString().equalsIgnoreCase(Constants.ELYTRON)) && resolveModelAttribute2.isDefined()) {
            throw IIOPLogger.ROOT_LOGGER.ineffectiveAuthenticationContextConfiguration();
        }
    }
}
