package org.jboss.as.domain.management.security;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
import javax.net.ssl.SSLContext;
import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.registry.Resource;
import org.jboss.as.controller.security.CredentialReference;
import org.jboss.as.controller.services.path.PathManager;
import org.jboss.as.core.security.ServerSecurityManager;
import org.jboss.as.domain.management.AuthMechanism;
import org.jboss.as.domain.management.CallbackHandlerFactory;
import org.jboss.as.domain.management.ModelDescriptionConstants;
import org.jboss.as.domain.management.SecurityRealm;
import org.jboss.as.domain.management.connections.ldap.LdapConnectionManagerService;
import org.jboss.as.domain.management.security.AbstractKeyManagerService;
import org.jboss.as.domain.management.security.AbstractTrustManagerService;
import org.jboss.as.domain.management.security.BaseLdapGroupSearchResource;
import org.jboss.as.domain.management.security.CallbackHandlerService;
import org.jboss.as.domain.management.security.ClientCertCallbackHandler;
import org.jboss.as.domain.management.security.JaasCallbackHandler;
import org.jboss.as.domain.management.security.KerberosCallbackHandler;
import org.jboss.as.domain.management.security.KeytabIdentityFactoryService;
import org.jboss.as.domain.management.security.KeytabService;
import org.jboss.as.domain.management.security.LdapSearcherCache;
import org.jboss.as.domain.management.security.LdapSubjectSupplementalService;
import org.jboss.as.domain.management.security.LocalCallbackHandlerService;
import org.jboss.as.domain.management.security.PlugInAuthenticationCallbackHandler;
import org.jboss.as.domain.management.security.PlugInLoaderService;
import org.jboss.as.domain.management.security.PlugInSubjectSupplemental;
import org.jboss.as.domain.management.security.PropertiesCallbackHandler;
import org.jboss.as.domain.management.security.PropertiesSubjectSupplemental;
import org.jboss.as.domain.management.security.SSLContextService;
import org.jboss.as.domain.management.security.SecretIdentityService;
import org.jboss.as.domain.management.security.SubjectSupplementalService;
import org.jboss.as.domain.management.security.UserDomainCallbackHandler;
import org.jboss.as.domain.management.security.UserLdapCallbackHandler;
import org.jboss.as.server.ServerEnvironment;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.dmr.Property;
import org.jboss.msc.inject.Injector;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.ServiceTarget;
import org.jboss.msc.value.InjectedSetValue;
import org.jboss.msc.value.InjectedValue;
import org.wildfly.common.function.ExceptionSupplier;
import org.wildfly.security.credential.source.CredentialSource;

/* loaded from: input_file:m2repo/org/wildfly/core/wildfly-domain-management/3.0.8.Final/wildfly-domain-management-3.0.8.Final.jar:org/jboss/as/domain/management/security/SecurityRealmAddHandler.class */
public class SecurityRealmAddHandler extends AbstractAddStepHandler {
    private static final String ELYTRON_CAPABILITY = "org.wildfly.security.elytron";
    private static final String PATH_MANAGER_CAPABILITY = "org.wildfly.management.path-manager";
    public static final SecurityRealmAddHandler INSTANCE = new SecurityRealmAddHandler();

    /* loaded from: input_file:m2repo/org/wildfly/core/wildfly-domain-management/3.0.8.Final/wildfly-domain-management-3.0.8.Final.jar:org/jboss/as/domain/management/security/SecurityRealmAddHandler$ServiceInstallStepHandler.class */
    private static class ServiceInstallStepHandler implements OperationStepHandler {
        private static final ServiceInstallStepHandler INSTANCE = new ServiceInstallStepHandler();

        private ServiceInstallStepHandler() {
        }

        @Override // org.jboss.as.controller.OperationStepHandler
        public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            SecurityRealmAddHandler.INSTANCE.installServices(operationContext, operationContext.getCurrentAddressValue(), Resource.Tools.readModel(operationContext.readResource(PathAddress.EMPTY_ADDRESS)));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.jboss.as.controller.AbstractAddStepHandler
    public boolean requiresRuntime(OperationContext operationContext) {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.jboss.as.controller.AbstractAddStepHandler
    public void populateModel(ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
        super.populateModel(modelNode, modelNode2);
        SecurityRealmResourceDefinition.MAP_GROUPS_TO_ROLES.validateAndSet(modelNode, modelNode2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.jboss.as.controller.AbstractAddStepHandler
    public void performRuntime(OperationContext operationContext, ModelNode modelNode, Resource resource) throws OperationFailedException {
        operationContext.addStep(ServiceInstallStepHandler.INSTANCE, OperationContext.Stage.RUNTIME);
    }

    @Override // org.jboss.as.controller.AbstractAddStepHandler, org.jboss.as.controller.OperationStepHandler
    public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        super.execute(operationContext, modelNode);
        operationContext.addStep(AuthenticationValidatingHandler.createOperation(modelNode), AuthenticationValidatingHandler.INSTANCE, OperationContext.Stage.MODEL);
        operationContext.addStep(AuthorizationValidatingHandler.createOperation(modelNode), AuthorizationValidatingHandler.INSTANCE, OperationContext.Stage.MODEL);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void installServices(OperationContext operationContext, String str, ModelNode modelNode) throws OperationFailedException {
        ModelNode modelNode2 = modelNode.hasDefined(ModelDescriptionConstants.PLUG_IN) ? modelNode.get(ModelDescriptionConstants.PLUG_IN) : null;
        ModelNode modelNode3 = modelNode.hasDefined("authentication") ? modelNode.get("authentication") : null;
        ModelNode modelNode4 = modelNode.hasDefined("authorization") ? modelNode.get("authorization") : null;
        ModelNode modelNode5 = modelNode.hasDefined(org.jboss.as.controller.descriptions.ModelDescriptionConstants.SERVER_IDENTITY) ? modelNode.get(org.jboss.as.controller.descriptions.ModelDescriptionConstants.SERVER_IDENTITY) : null;
        ServiceTarget serviceTarget = operationContext.getServiceTarget();
        SecurityRealmService securityRealmService = new SecurityRealmService(str, SecurityRealmResourceDefinition.MAP_GROUPS_TO_ROLES.resolveModelAttribute(operationContext, modelNode).asBoolean());
        ServiceBuilder<?> addAliases = serviceTarget.addService(SecurityRealm.ServiceUtil.createServiceName(str), securityRealmService).addAliases(SecurityRealm.ServiceUtil.createLegacyServiceName(str));
        ServiceName append = ServiceName.JBOSS.append("server", "path", ServerEnvironment.CONTROLLER_TEMP_DIR);
        boolean shareLdapConnection = shareLdapConnection(operationContext, modelNode3, modelNode4);
        ModelNode modelNode6 = null;
        if (modelNode2 != null) {
            addPlugInLoaderService(str, modelNode2, serviceTarget);
        }
        InjectedSetValue<CallbackHandlerService> callbackHandlerService = securityRealmService.getCallbackHandlerService();
        if (!operationContext.getProcessType().isServer()) {
            addDomainManagedServersService(operationContext, str, serviceTarget, addAliases, callbackHandlerService.injector());
        }
        if (modelNode3 != null) {
            if (modelNode3.hasDefined("truststore")) {
                modelNode6 = modelNode3.require("truststore");
                addClientCertService(str, serviceTarget, addAliases, callbackHandlerService.injector());
            }
            if (modelNode3.hasDefined("local")) {
                addLocalService(operationContext, modelNode3.require("local"), str, serviceTarget, addAliases, callbackHandlerService.injector());
            }
            if (modelNode3.hasDefined("kerberos")) {
                addKerberosService(operationContext, modelNode3.require("kerberos"), str, serviceTarget, addAliases, callbackHandlerService.injector());
            }
            if (modelNode3.hasDefined(ModelDescriptionConstants.JAAS)) {
                addJaasService(operationContext, modelNode3.require(ModelDescriptionConstants.JAAS), str, serviceTarget, operationContext.isNormalServer(), addAliases, callbackHandlerService.injector());
            } else if (modelNode3.hasDefined("ldap")) {
                addLdapService(operationContext, modelNode3.require("ldap"), str, serviceTarget, addAliases, callbackHandlerService.injector(), shareLdapConnection);
            } else if (modelNode3.hasDefined(ModelDescriptionConstants.PLUG_IN)) {
                addPlugInAuthenticationService(operationContext, modelNode3.require(ModelDescriptionConstants.PLUG_IN), str, securityRealmService, serviceTarget, addAliases, callbackHandlerService.injector());
            } else if (modelNode3.hasDefined("properties")) {
                addPropertiesAuthenticationService(operationContext, modelNode3.require("properties"), str, serviceTarget, addAliases, callbackHandlerService.injector());
            } else if (modelNode3.hasDefined("users")) {
                addUsersService(operationContext, modelNode3.require("users"), str, serviceTarget, addAliases, callbackHandlerService.injector());
            }
        }
        if (modelNode4 != null) {
            if (modelNode4.hasDefined("properties")) {
                addPropertiesAuthorizationService(operationContext, modelNode4.require("properties"), str, serviceTarget, addAliases, securityRealmService.getSubjectSupplementalInjector());
            } else if (modelNode4.hasDefined(ModelDescriptionConstants.PLUG_IN)) {
                addPlugInAuthorizationService(operationContext, modelNode4.require(ModelDescriptionConstants.PLUG_IN), str, serviceTarget, addAliases, securityRealmService.getSubjectSupplementalInjector());
            } else if (modelNode4.hasDefined("ldap")) {
                addLdapAuthorizationService(operationContext, modelNode4.require("ldap"), str, serviceTarget, addAliases, securityRealmService.getSubjectSupplementalInjector(), shareLdapConnection);
            }
        }
        ModelNode modelNode7 = null;
        if (modelNode5 != null) {
            if (modelNode5.hasDefined("ssl")) {
                modelNode7 = modelNode5.require("ssl");
            }
            if (modelNode5.hasDefined("secret")) {
                addSecretService(operationContext, modelNode5.require("secret"), str, serviceTarget, addAliases, securityRealmService.getSecretCallbackFactory());
            }
            if (modelNode5.hasDefined("kerberos")) {
                addKerberosIdentityServices(operationContext, modelNode5.require("kerberos"), str, serviceTarget, addAliases, securityRealmService.getKeytabIdentityFactoryInjector());
            }
        }
        if (modelNode7 != null || modelNode6 != null) {
            addSSLServices(operationContext, modelNode7, modelNode6, str, serviceTarget, addAliases, securityRealmService.getSSLContextInjector());
        }
        addAliases.addDependency(append, String.class, securityRealmService.getTmpDirPathInjector());
        addAliases.setInitialMode(ServiceController.Mode.ACTIVE);
        addAliases.install();
    }

    private boolean shareLdapConnection(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
        if (modelNode == null || modelNode2 == null || !modelNode.hasDefined("ldap") || !modelNode2.hasDefined("ldap")) {
            return false;
        }
        return LdapAuthenticationResourceDefinition.CONNECTION.resolveModelAttribute(operationContext, modelNode.require("ldap")).asString().equals(LdapAuthorizationResourceDefinition.CONNECTION.resolveModelAttribute(operationContext, modelNode2.require("ldap")).asString());
    }

    private ServiceName addPlugInLoaderService(String str, ModelNode modelNode, ServiceTarget serviceTarget) {
        ServiceName createServiceName = PlugInLoaderService.ServiceUtil.createServiceName(str);
        List<Property> asPropertyList = modelNode.asPropertyList();
        ArrayList arrayList = new ArrayList(asPropertyList.size());
        Iterator<Property> it = asPropertyList.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getName());
        }
        serviceTarget.addService(createServiceName, new PlugInLoaderService(Collections.unmodifiableList(arrayList))).setInitialMode(ServiceController.Mode.ON_DEMAND).install();
        return createServiceName;
    }

    private void addClientCertService(String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder, Injector<CallbackHandlerService> injector) {
        ServiceName createServiceName = ClientCertCallbackHandler.ServiceUtil.createServiceName(str);
        serviceTarget.addService(createServiceName, new ClientCertCallbackHandler()).setInitialMode(ServiceController.Mode.ON_DEMAND).install();
        CallbackHandlerService.ServiceUtil.addDependency(serviceBuilder, injector, createServiceName);
    }

    private void addKerberosService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder, Injector<CallbackHandlerService> injector) throws OperationFailedException {
        ServiceName createServiceName = KerberosCallbackHandler.ServiceUtil.createServiceName(str);
        serviceTarget.addService(createServiceName, new KerberosCallbackHandler(KerberosAuthenticationResourceDefinition.REMOVE_REALM.resolveModelAttribute(operationContext, modelNode).asBoolean())).setInitialMode(ServiceController.Mode.ON_DEMAND).install();
        CallbackHandlerService.ServiceUtil.addDependency(serviceBuilder, injector, createServiceName);
    }

    private void addJaasService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, boolean z, ServiceBuilder<?> serviceBuilder, Injector<CallbackHandlerService> injector) throws OperationFailedException {
        ServiceName createServiceName = JaasCallbackHandler.ServiceUtil.createServiceName(str);
        JaasCallbackHandler jaasCallbackHandler = new JaasCallbackHandler(str, JaasAuthenticationResourceDefinition.NAME.resolveModelAttribute(operationContext, modelNode).asString(), JaasAuthenticationResourceDefinition.ASSIGN_GROUPS.resolveModelAttribute(operationContext, modelNode).asBoolean());
        ServiceBuilder addService = serviceTarget.addService(createServiceName, jaasCallbackHandler);
        if (z) {
            addService.addDependency(ServiceName.JBOSS.append("security", "simple-security-manager"), ServerSecurityManager.class, jaasCallbackHandler.getSecurityManagerValue());
        }
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND).install();
        CallbackHandlerService.ServiceUtil.addDependency(serviceBuilder, injector, createServiceName);
    }

    private <R, K> LdapCacheService<R, K> createCacheService(OperationContext operationContext, LdapSearcher<R, K> ldapSearcher, ModelNode modelNode) throws OperationFailedException {
        if (modelNode != null && modelNode.isDefined()) {
            ModelNode modelNode2 = null;
            boolean z = false;
            if (modelNode.hasDefined(ModelDescriptionConstants.BY_ACCESS_TIME)) {
                modelNode2 = modelNode.require(ModelDescriptionConstants.BY_ACCESS_TIME);
                z = true;
            } else if (modelNode.hasDefined(ModelDescriptionConstants.BY_SEARCH_TIME)) {
                modelNode2 = modelNode.require(ModelDescriptionConstants.BY_SEARCH_TIME);
            }
            if (modelNode2 != null) {
                int asInt = LdapCacheResourceDefinition.EVICTION_TIME.resolveModelAttribute(operationContext, modelNode2).asInt();
                boolean asBoolean = LdapCacheResourceDefinition.CACHE_FAILURES.resolveModelAttribute(operationContext, modelNode2).asBoolean();
                int asInt2 = LdapCacheResourceDefinition.MAX_CACHE_SIZE.resolveModelAttribute(operationContext, modelNode2).asInt();
                return z ? LdapCacheService.createByAccessCacheService(ldapSearcher, asInt, asBoolean, asInt2) : LdapCacheService.createBySearchCacheService(ldapSearcher, asInt, asBoolean, asInt2);
            }
        }
        return LdapCacheService.createNoCacheService(ldapSearcher);
    }

    private void addLdapService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder, Injector<CallbackHandlerService> injector, boolean z) throws OperationFailedException {
        ServiceName createServiceName = UserLdapCallbackHandler.ServiceUtil.createServiceName(str);
        String asString = LdapAuthenticationResourceDefinition.BASE_DN.resolveModelAttribute(operationContext, modelNode).asString();
        ModelNode resolveModelAttribute = LdapAuthenticationResourceDefinition.USERNAME_FILTER.resolveModelAttribute(operationContext, modelNode);
        String asString2 = resolveModelAttribute.isDefined() ? resolveModelAttribute.asString() : null;
        ModelNode resolveModelAttribute2 = LdapAuthenticationResourceDefinition.ADVANCED_FILTER.resolveModelAttribute(operationContext, modelNode);
        String asString3 = resolveModelAttribute2.isDefined() ? resolveModelAttribute2.asString() : null;
        ModelNode resolveModelAttribute3 = LdapAuthenticationResourceDefinition.USERNAME_LOAD.resolveModelAttribute(operationContext, modelNode);
        String asString4 = resolveModelAttribute3.isDefined() ? resolveModelAttribute3.asString() : null;
        boolean asBoolean = LdapAuthenticationResourceDefinition.RECURSIVE.resolveModelAttribute(operationContext, modelNode).asBoolean();
        boolean asBoolean2 = LdapAuthenticationResourceDefinition.ALLOW_EMPTY_PASSWORDS.resolveModelAttribute(operationContext, modelNode).asBoolean();
        String asString5 = LdapAuthenticationResourceDefinition.USER_DN.resolveModelAttribute(operationContext, modelNode).asString();
        UserLdapCallbackHandler userLdapCallbackHandler = new UserLdapCallbackHandler(asBoolean2, z);
        serviceTarget.addService(LdapSearcherCache.ServiceUtil.createServiceName(true, true, str), createCacheService(operationContext, asString2 != null ? LdapUserSearcherFactory.createForUsernameFilter(asString, asBoolean, asString5, asString2, asString4) : LdapUserSearcherFactory.createForAdvancedFilter(asString, asBoolean, asString5, asString3, asString4), modelNode.get("cache"))).setInitialMode(ServiceController.Mode.ON_DEMAND).install();
        ServiceBuilder addService = serviceTarget.addService(createServiceName, userLdapCallbackHandler);
        LdapConnectionManagerService.ServiceUtil.addDependency(addService, userLdapCallbackHandler.getConnectionManagerInjector(), LdapAuthenticationResourceDefinition.CONNECTION.resolveModelAttribute(operationContext, modelNode).asString());
        LdapSearcherCache.ServiceUtil.addDependency(addService, LdapSearcherCache.class, userLdapCallbackHandler.getLdapUserSearcherInjector(), true, true, str);
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND).install();
        CallbackHandlerService.ServiceUtil.addDependency(serviceBuilder, injector, createServiceName);
    }

    private void addLocalService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder, Injector<CallbackHandlerService> injector) throws OperationFailedException {
        ServiceName createServiceName = LocalCallbackHandlerService.ServiceUtil.createServiceName(str);
        ModelNode resolveModelAttribute = LocalAuthenticationResourceDefinition.DEFAULT_USER.resolveModelAttribute(operationContext, modelNode);
        String asString = resolveModelAttribute.isDefined() ? resolveModelAttribute.asString() : null;
        ModelNode resolveModelAttribute2 = LocalAuthenticationResourceDefinition.ALLOWED_USERS.resolveModelAttribute(operationContext, modelNode);
        serviceTarget.addService(createServiceName, new LocalCallbackHandlerService(asString, resolveModelAttribute2.isDefined() ? resolveModelAttribute2.asString() : null, LocalAuthenticationResourceDefinition.SKIP_GROUP_LOADING.resolveModelAttribute(operationContext, modelNode).asBoolean())).setInitialMode(ServiceController.Mode.ON_DEMAND).install();
        CallbackHandlerService.ServiceUtil.addDependency(serviceBuilder, injector, createServiceName);
    }

    private void addDomainManagedServersService(OperationContext operationContext, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder, Injector<CallbackHandlerService> injector) throws OperationFailedException {
        if (operationContext.getServiceRegistry(false).getService(DomainManagedServerCallbackHandler.SERVICE_NAME) != null) {
            CallbackHandlerService.ServiceUtil.addDependency(serviceBuilder, injector, DomainManagedServerCallbackHandler.SERVICE_NAME);
        }
    }

    private void addPlugInAuthenticationService(OperationContext operationContext, ModelNode modelNode, String str, SecurityRealmService securityRealmService, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder, Injector<CallbackHandlerService> injector) throws OperationFailedException {
        ServiceName createServiceName = PlugInAuthenticationCallbackHandler.ServiceUtil.createServiceName(str);
        PlugInAuthenticationCallbackHandler plugInAuthenticationCallbackHandler = new PlugInAuthenticationCallbackHandler(securityRealmService.getName(), PlugInAuthorizationResourceDefinition.NAME.resolveModelAttribute(operationContext, modelNode).asString(), resolveProperties(operationContext, modelNode), AuthMechanism.valueOf(PlugInAuthenticationResourceDefinition.MECHANISM.resolveModelAttribute(operationContext, modelNode).asString()));
        ServiceBuilder addService = serviceTarget.addService(createServiceName, plugInAuthenticationCallbackHandler);
        PlugInLoaderService.ServiceUtil.addDependency(addService, plugInAuthenticationCallbackHandler.getPlugInLoaderServiceValue(), str);
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND).install();
        CallbackHandlerService.ServiceUtil.addDependency(serviceBuilder, injector, createServiceName);
    }

    private void addPropertiesAuthenticationService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder, Injector<CallbackHandlerService> injector) throws OperationFailedException {
        ServiceName createServiceName = PropertiesCallbackHandler.ServiceUtil.createServiceName(str);
        String asString = PropertiesAuthenticationResourceDefinition.PATH.resolveModelAttribute(operationContext, modelNode).asString();
        ModelNode resolveModelAttribute = PropertiesAuthenticationResourceDefinition.RELATIVE_TO.resolveModelAttribute(operationContext, modelNode);
        boolean asBoolean = PropertiesAuthenticationResourceDefinition.PLAIN_TEXT.resolveModelAttribute(operationContext, modelNode).asBoolean();
        String asString2 = resolveModelAttribute.isDefined() ? resolveModelAttribute.asString() : null;
        PropertiesCallbackHandler propertiesCallbackHandler = new PropertiesCallbackHandler(str, asString, asString2, asBoolean);
        ServiceBuilder addService = serviceTarget.addService(createServiceName, propertiesCallbackHandler);
        if (asString2 != null) {
            addService.addDependency(operationContext.getCapabilityServiceName(PATH_MANAGER_CAPABILITY, PathManager.class), PathManager.class, propertiesCallbackHandler.getPathManagerInjectorInjector());
            addService.addDependency(pathName(asString2));
        }
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND).install();
        CallbackHandlerService.ServiceUtil.addDependency(serviceBuilder, injector, createServiceName);
    }

    private void addPropertiesAuthorizationService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder, InjectedValue<SubjectSupplementalService> injectedValue) throws OperationFailedException {
        ServiceName createServiceName = PropertiesSubjectSupplemental.ServiceUtil.createServiceName(str);
        String asString = PropertiesAuthorizationResourceDefinition.PATH.resolveModelAttribute(operationContext, modelNode).asString();
        ModelNode resolveModelAttribute = PropertiesAuthorizationResourceDefinition.RELATIVE_TO.resolveModelAttribute(operationContext, modelNode);
        String asString2 = resolveModelAttribute.isDefined() ? resolveModelAttribute.asString() : null;
        PropertiesSubjectSupplemental propertiesSubjectSupplemental = new PropertiesSubjectSupplemental(str, asString, asString2);
        ServiceBuilder addService = serviceTarget.addService(createServiceName, propertiesSubjectSupplemental);
        if (asString2 != null) {
            addService.addDependency(operationContext.getCapabilityServiceName(PATH_MANAGER_CAPABILITY, PathManager.class), PathManager.class, propertiesSubjectSupplemental.getPathManagerInjectorInjector());
            addService.addDependency(pathName(asString2));
        }
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND).install();
        SubjectSupplementalService.ServiceUtil.addDependency(serviceBuilder, injectedValue, createServiceName);
    }

    private void addPlugInAuthorizationService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder, InjectedValue<SubjectSupplementalService> injectedValue) throws OperationFailedException {
        ServiceName createServiceName = PlugInSubjectSupplemental.ServiceUtil.createServiceName(str);
        PlugInSubjectSupplemental plugInSubjectSupplemental = new PlugInSubjectSupplemental(str, PlugInAuthorizationResourceDefinition.NAME.resolveModelAttribute(operationContext, modelNode).asString(), resolveProperties(operationContext, modelNode));
        ServiceBuilder addService = serviceTarget.addService(createServiceName, plugInSubjectSupplemental);
        PlugInLoaderService.ServiceUtil.addDependency(addService, plugInSubjectSupplemental.getPlugInLoaderServiceValue(), str);
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND).install();
        SubjectSupplementalService.ServiceUtil.addDependency(serviceBuilder, injectedValue, createServiceName);
    }

    private void addLdapAuthorizationService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder, InjectedValue<SubjectSupplementalService> injectedValue, boolean z) throws OperationFailedException {
        ModelNode modelNode2;
        BaseLdapGroupSearchResource.GroupName valueOf;
        boolean asBoolean;
        LdapSearcher<LdapEntry[], LdapEntry> createForPrincipalToGroup;
        ServiceName createServiceName = LdapSubjectSupplementalService.ServiceUtil.createServiceName(str);
        LdapSearcher<LdapEntry, String> ldapSearcher = null;
        boolean z2 = false;
        ModelNode modelNode3 = null;
        if (modelNode.hasDefined(org.jboss.as.controller.descriptions.ModelDescriptionConstants.USERNAME_TO_DN)) {
            ModelNode require = modelNode.require(org.jboss.as.controller.descriptions.ModelDescriptionConstants.USERNAME_TO_DN);
            if (require.hasDefined(org.jboss.as.controller.descriptions.ModelDescriptionConstants.USERNAME_IS_DN)) {
                ModelNode require2 = require.require(org.jboss.as.controller.descriptions.ModelDescriptionConstants.USERNAME_IS_DN);
                modelNode3 = require2.get("cache");
                z2 = UserIsDnResourceDefintion.FORCE.resolveModelAttribute(operationContext, require2).asBoolean();
                ldapSearcher = LdapUserSearcherFactory.createForUsernameIsDn();
            } else if (require.hasDefined(org.jboss.as.controller.descriptions.ModelDescriptionConstants.USERNAME_FILTER)) {
                ModelNode require3 = require.require(org.jboss.as.controller.descriptions.ModelDescriptionConstants.USERNAME_FILTER);
                modelNode3 = require3.get("cache");
                z2 = UserSearchResourceDefintion.FORCE.resolveModelAttribute(operationContext, require3).asBoolean();
                ldapSearcher = LdapUserSearcherFactory.createForUsernameFilter(UserSearchResourceDefintion.BASE_DN.resolveModelAttribute(operationContext, require3).asString(), UserSearchResourceDefintion.RECURSIVE.resolveModelAttribute(operationContext, require3).asBoolean(), UserSearchResourceDefintion.USER_DN_ATTRIBUTE.resolveModelAttribute(operationContext, require3).asString(), UserSearchResourceDefintion.ATTRIBUTE.resolveModelAttribute(operationContext, require3).asString(), null);
            } else if (require.hasDefined(org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADVANCED_FILTER)) {
                ModelNode require4 = require.require(org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADVANCED_FILTER);
                modelNode3 = require4.get("cache");
                z2 = AdvancedUserSearchResourceDefintion.FORCE.resolveModelAttribute(operationContext, require4).asBoolean();
                ldapSearcher = LdapUserSearcherFactory.createForAdvancedFilter(AdvancedUserSearchResourceDefintion.BASE_DN.resolveModelAttribute(operationContext, require4).asString(), AdvancedUserSearchResourceDefintion.RECURSIVE.resolveModelAttribute(operationContext, require4).asBoolean(), AdvancedUserSearchResourceDefintion.USER_DN_ATTRIBUTE.resolveModelAttribute(operationContext, require4).asString(), AdvancedUserSearchResourceDefintion.FILTER.resolveModelAttribute(operationContext, require4).asString(), null);
            }
        }
        if (ldapSearcher != null) {
            serviceTarget.addService(LdapSearcherCache.ServiceUtil.createServiceName(false, true, str), createCacheService(operationContext, ldapSearcher, modelNode3)).setInitialMode(ServiceController.Mode.ON_DEMAND).install();
        }
        ModelNode require5 = modelNode.require(org.jboss.as.controller.descriptions.ModelDescriptionConstants.GROUP_SEARCH);
        BaseLdapGroupSearchResource.GroupName groupName = BaseLdapGroupSearchResource.GroupName.DISTINGUISHED_NAME;
        if (require5.hasDefined(org.jboss.as.controller.descriptions.ModelDescriptionConstants.GROUP_TO_PRINCIPAL)) {
            ModelNode require6 = require5.require(org.jboss.as.controller.descriptions.ModelDescriptionConstants.GROUP_TO_PRINCIPAL);
            modelNode2 = require6.get("cache");
            String asString = GroupToPrincipalResourceDefinition.BASE_DN.resolveModelAttribute(operationContext, require6).asString();
            String asString2 = GroupToPrincipalResourceDefinition.GROUP_DN_ATTRIBUTE.resolveModelAttribute(operationContext, require6).asString();
            valueOf = BaseLdapGroupSearchResource.GroupName.valueOf(GroupToPrincipalResourceDefinition.GROUP_NAME.resolveModelAttribute(operationContext, require6).asString());
            String asString3 = GroupToPrincipalResourceDefinition.GROUP_NAME_ATTRIBUTE.resolveModelAttribute(operationContext, require6).asString();
            asBoolean = GroupToPrincipalResourceDefinition.ITERATIVE.resolveModelAttribute(operationContext, require6).asBoolean();
            createForPrincipalToGroup = LdapGroupSearcherFactory.createForGroupToPrincipal(asString, asString2, asString3, GroupToPrincipalResourceDefinition.PRINCIPAL_ATTRIBUTE.resolveModelAttribute(operationContext, require6).asString(), GroupToPrincipalResourceDefinition.RECURSIVE.resolveModelAttribute(operationContext, require6).asBoolean(), BaseLdapGroupSearchResource.GroupName.valueOf(GroupToPrincipalResourceDefinition.SEARCH_BY.resolveModelAttribute(operationContext, require6).asString()), GroupToPrincipalResourceDefinition.PREFER_ORIGINAL_CONNECTION.resolveModelAttribute(operationContext, require6).asBoolean());
        } else {
            ModelNode require7 = require5.require(org.jboss.as.controller.descriptions.ModelDescriptionConstants.PRINCIPAL_TO_GROUP);
            modelNode2 = require7.get("cache");
            String asString4 = PrincipalToGroupResourceDefinition.GROUP_ATTRIBUTE.resolveModelAttribute(operationContext, require7).asString();
            boolean asBoolean2 = PrincipalToGroupResourceDefinition.PREFER_ORIGINAL_CONNECTION.resolveModelAttribute(operationContext, require7).asBoolean();
            PrincipalToGroupResourceDefinition.GROUP_DN_ATTRIBUTE.resolveModelAttribute(operationContext, require7).asString();
            valueOf = BaseLdapGroupSearchResource.GroupName.valueOf(PrincipalToGroupResourceDefinition.GROUP_NAME.resolveModelAttribute(operationContext, require7).asString());
            String asString5 = PrincipalToGroupResourceDefinition.GROUP_NAME_ATTRIBUTE.resolveModelAttribute(operationContext, require7).asString();
            asBoolean = PrincipalToGroupResourceDefinition.ITERATIVE.resolveModelAttribute(operationContext, require7).asBoolean();
            createForPrincipalToGroup = LdapGroupSearcherFactory.createForPrincipalToGroup(asString4, asString5, asBoolean2, PrincipalToGroupResourceDefinition.SKIP_MISSING_GROUPS.resolveModelAttribute(operationContext, require7).asBoolean(), BaseLdapGroupSearchResource.GroupName.SIMPLE == valueOf, PrincipalToGroupResourceDefinition.PARSE_ROLES_FROM_DN.resolveModelAttribute(operationContext, require7).asBoolean());
        }
        serviceTarget.addService(LdapSearcherCache.ServiceUtil.createServiceName(false, false, str), createCacheService(operationContext, createForPrincipalToGroup, modelNode2)).setInitialMode(ServiceController.Mode.ON_DEMAND).install();
        String asString6 = LdapAuthorizationResourceDefinition.CONNECTION.resolveModelAttribute(operationContext, modelNode).asString();
        LdapSubjectSupplementalService ldapSubjectSupplementalService = new LdapSubjectSupplementalService(str, z, z2, asBoolean, valueOf);
        ServiceBuilder initialMode = serviceTarget.addService(createServiceName, ldapSubjectSupplementalService).setInitialMode(ServiceController.Mode.ON_DEMAND);
        LdapConnectionManagerService.ServiceUtil.addDependency(initialMode, ldapSubjectSupplementalService.getConnectionManagerInjector(), asString6);
        if (ldapSearcher != null) {
            LdapSearcherCache.ServiceUtil.addDependency(initialMode, LdapSearcherCache.class, ldapSubjectSupplementalService.getLdapUserSearcherInjector(), false, true, str);
        }
        LdapSearcherCache.ServiceUtil.addDependency(initialMode, LdapSearcherCache.class, ldapSubjectSupplementalService.getLdapGroupSearcherInjector(), false, false, str);
        initialMode.install();
        SubjectSupplementalService.ServiceUtil.addDependency(serviceBuilder, injectedValue, createServiceName);
    }

    private void addSSLServices(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder, InjectedValue<SSLContext> injectedValue) throws OperationFailedException {
        ModelNode modelNode3 = modelNode == null ? new ModelNode() : modelNode;
        ServiceName serviceName = null;
        String asString = KeystoreAttributes.KEYSTORE_PROVIDER.resolveModelAttribute(operationContext, modelNode3).asString();
        if (modelNode3.hasDefined("keystore-path") || !"JKS".equalsIgnoreCase(asString)) {
            serviceName = AbstractKeyManagerService.ServiceUtil.createServiceName(SecurityRealm.ServiceUtil.createServiceName(str));
            addKeyManagerService(operationContext, modelNode3, serviceName, serviceTarget);
        }
        ServiceName serviceName2 = null;
        if (modelNode2 != null) {
            serviceName2 = AbstractTrustManagerService.ServiceUtil.createServiceName(SecurityRealm.ServiceUtil.createServiceName(str));
            addTrustManagerService(operationContext, modelNode2, serviceName2, serviceTarget);
        }
        String asString2 = SSLServerIdentityResourceDefinition.PROTOCOL.resolveModelAttribute(operationContext, modelNode3).asString();
        HashSet hashSet = new HashSet();
        ModelNode resolveModelAttribute = SSLServerIdentityResourceDefinition.ENABLED_CIPHER_SUITES.resolveModelAttribute(operationContext, modelNode3);
        if (resolveModelAttribute.isDefined()) {
            Iterator<ModelNode> it = resolveModelAttribute.asList().iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().asString());
            }
        }
        HashSet hashSet2 = new HashSet();
        ModelNode resolveModelAttribute2 = SSLServerIdentityResourceDefinition.ENABLED_PROTOCOLS.resolveModelAttribute(operationContext, modelNode3);
        if (resolveModelAttribute2.isDefined()) {
            Iterator<ModelNode> it2 = resolveModelAttribute2.asList().iterator();
            while (it2.hasNext()) {
                hashSet2.add(it2.next().asString());
            }
        }
        ServiceName createServiceName = SSLContextService.ServiceUtil.createServiceName(SecurityRealm.ServiceUtil.createServiceName(str), false);
        ServiceName createServiceName2 = SSLContextService.ServiceUtil.createServiceName(SecurityRealm.ServiceUtil.createServiceName(str), true);
        Consumer consumer = serviceBuilder2 -> {
        };
        try {
            consumer = (Consumer) operationContext.getCapabilityRuntimeAPI(ELYTRON_CAPABILITY, Consumer.class);
        } catch (IllegalStateException e) {
        }
        if (serviceName != null) {
            SSLContextService sSLContextService = new SSLContextService(asString2, hashSet, hashSet2);
            ServiceBuilder addService = serviceTarget.addService(createServiceName, sSLContextService);
            AbstractKeyManagerService.ServiceUtil.addDependency(addService, sSLContextService.getKeyManagerInjector(), SecurityRealm.ServiceUtil.createServiceName(str));
            if (serviceName2 != null) {
                AbstractTrustManagerService.ServiceUtil.addDependency(addService, sSLContextService.getTrustManagerInjector(), SecurityRealm.ServiceUtil.createServiceName(str));
            }
            consumer.accept(addService);
            addService.setInitialMode(ServiceController.Mode.ON_DEMAND).install();
        }
        SSLContextService sSLContextService2 = new SSLContextService(asString2, hashSet, hashSet2);
        ServiceBuilder addService2 = serviceTarget.addService(createServiceName2, sSLContextService2);
        if (serviceName == null) {
            addService2.addAliases(createServiceName);
        }
        if (serviceName2 != null) {
            AbstractTrustManagerService.ServiceUtil.addDependency(addService2, sSLContextService2.getTrustManagerInjector(), SecurityRealm.ServiceUtil.createServiceName(str));
        }
        consumer.accept(addService2);
        addService2.setInitialMode(ServiceController.Mode.ON_DEMAND).install();
        SSLContextService.ServiceUtil.addDependency(serviceBuilder, injectedValue, SecurityRealm.ServiceUtil.createServiceName(str), false);
    }

    private void addKeyManagerService(OperationContext operationContext, ModelNode modelNode, ServiceName serviceName, ServiceTarget serviceTarget) throws OperationFailedException {
        ServiceBuilder addService;
        ModelNode resolveModelAttribute = KeystoreAttributes.KEYSTORE_PASSWORD.resolveModelAttribute(operationContext, modelNode);
        char[] charArray = resolveModelAttribute.isDefined() ? resolveModelAttribute.asString().toCharArray() : null;
        ModelNode resolveModelAttribute2 = KeystoreAttributes.KEYSTORE_PROVIDER.resolveModelAttribute(operationContext, modelNode);
        String asString = resolveModelAttribute2.isDefined() ? resolveModelAttribute2.asString() : null;
        String str = null;
        ModelNode resolveModelAttribute3 = KeystoreAttributes.GENERATE_SELF_SIGNED_CERTIFICATE_HOST.resolveModelAttribute(operationContext, modelNode);
        if (resolveModelAttribute3.isDefined()) {
            str = resolveModelAttribute3.asString();
        }
        ModelNode resolveModelAttribute4 = KeystoreAttributes.KEYSTORE_PATH.resolveModelAttribute(operationContext, modelNode);
        if (resolveModelAttribute4.isDefined()) {
            String asString2 = resolveModelAttribute4.asString();
            ModelNode resolveModelAttribute5 = KeystoreAttributes.KEY_PASSWORD.resolveModelAttribute(operationContext, modelNode);
            char[] charArray2 = resolveModelAttribute5.isDefined() ? resolveModelAttribute5.asString().toCharArray() : null;
            ModelNode resolveModelAttribute6 = KeystoreAttributes.KEYSTORE_RELATIVE_TO.resolveModelAttribute(operationContext, modelNode);
            String asString3 = resolveModelAttribute6.isDefined() ? resolveModelAttribute6.asString() : null;
            ModelNode resolveModelAttribute7 = KeystoreAttributes.ALIAS.resolveModelAttribute(operationContext, modelNode);
            FileKeyManagerService fileKeyManagerService = new FileKeyManagerService(asString, asString2, asString3, charArray, charArray2, resolveModelAttribute7.isDefined() ? resolveModelAttribute7.asString() : null, str);
            addService = serviceTarget.addService(serviceName, fileKeyManagerService);
            if (modelNode.hasDefined(KeystoreAttributes.KEYSTORE_PASSWORD_CREDENTIAL_REFERENCE_NAME)) {
                fileKeyManagerService.getKeystoreCredentialSourceSupplierInjector().inject(CredentialReference.getCredentialSourceSupplier(operationContext, KeystoreAttributes.KEYSTORE_PASSWORD_CREDENTIAL_REFERENCE, modelNode, addService));
            }
            if (modelNode.hasDefined(KeystoreAttributes.KEY_PASSWORD_CREDENTIAL_REFERENCE_NAME)) {
                fileKeyManagerService.getKeyCredentialSourceSupplierInjector().inject(CredentialReference.getCredentialSourceSupplier(operationContext, KeystoreAttributes.KEY_PASSWORD_CREDENTIAL_REFERENCE, modelNode, addService));
            }
            if (asString3 != null) {
                addService.addDependency(operationContext.getCapabilityServiceName(PATH_MANAGER_CAPABILITY, PathManager.class), PathManager.class, fileKeyManagerService.getPathManagerInjector());
                addService.addDependency(pathName(asString3));
            }
        } else {
            addService = serviceTarget.addService(serviceName, new ProviderKeyManagerService(asString, charArray));
        }
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND).install();
    }

    private void addTrustManagerService(OperationContext operationContext, ModelNode modelNode, ServiceName serviceName, ServiceTarget serviceTarget) throws OperationFailedException {
        ServiceBuilder addService;
        char[] charArray = KeystoreAttributes.KEYSTORE_PASSWORD.resolveModelAttribute(operationContext, modelNode).asString().toCharArray();
        String asString = KeystoreAttributes.KEYSTORE_PROVIDER.resolveModelAttribute(operationContext, modelNode).asString();
        if ("JKS".equalsIgnoreCase(asString)) {
            String asString2 = KeystoreAttributes.KEYSTORE_PATH.resolveModelAttribute(operationContext, modelNode).asString();
            ModelNode resolveModelAttribute = KeystoreAttributes.KEYSTORE_RELATIVE_TO.resolveModelAttribute(operationContext, modelNode);
            String asString3 = resolveModelAttribute.isDefined() ? resolveModelAttribute.asString() : null;
            FileTrustManagerService fileTrustManagerService = new FileTrustManagerService(asString, asString2, asString3, charArray);
            addService = serviceTarget.addService(serviceName, fileTrustManagerService);
            if (modelNode.hasDefined(KeystoreAttributes.KEYSTORE_PASSWORD_CREDENTIAL_REFERENCE_NAME)) {
                fileTrustManagerService.getCredentialSourceSupplierInjector().inject(CredentialReference.getCredentialSourceSupplier(operationContext, KeystoreAttributes.KEYSTORE_PASSWORD_CREDENTIAL_REFERENCE, modelNode, addService));
            }
            if (asString3 != null) {
                addService.addDependency(operationContext.getCapabilityServiceName(PATH_MANAGER_CAPABILITY, PathManager.class), PathManager.class, fileTrustManagerService.getPathManagerInjector());
                addService.addDependency(pathName(asString3));
            }
        } else {
            ProviderTrustManagerService providerTrustManagerService = new ProviderTrustManagerService(asString, charArray);
            addService = serviceTarget.addService(serviceName, providerTrustManagerService);
            if (modelNode.hasDefined(KeystoreAttributes.KEYSTORE_PASSWORD_CREDENTIAL_REFERENCE_NAME)) {
                providerTrustManagerService.getCredentialSourceSupplierInjector().inject(CredentialReference.getCredentialSourceSupplier(operationContext, KeystoreAttributes.KEYSTORE_PASSWORD_CREDENTIAL_REFERENCE, modelNode, addService));
            }
        }
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND).install();
    }

    private void addSecretService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder, Injector<CallbackHandlerFactory> injector) throws OperationFailedException {
        ServiceName createServiceName = SecretIdentityService.ServiceUtil.createServiceName(str);
        ModelNode resolveModelAttribute = SecretServerIdentityResourceDefinition.VALUE.resolveModelAttribute(operationContext, modelNode);
        SecretIdentityService secretIdentityService = modelNode.hasDefined(CredentialReference.CREDENTIAL_REFERENCE) ? new SecretIdentityService(resolveModelAttribute.asString(), false) : new SecretIdentityService(resolveModelAttribute.asString(), modelNode.get(SecretServerIdentityResourceDefinition.VALUE.getName()).getType() != ModelType.EXPRESSION);
        ServiceBuilder initialMode = serviceTarget.addService(createServiceName, secretIdentityService).setInitialMode(ServiceController.Mode.ON_DEMAND);
        if (modelNode.hasDefined(CredentialReference.CREDENTIAL_REFERENCE)) {
            secretIdentityService.getCredentialSourceSupplierInjector().inject(CredentialReference.getCredentialSourceSupplier(operationContext, SecretServerIdentityResourceDefinition.CREDENTIAL_REFERENCE, modelNode, initialMode));
        }
        initialMode.install();
        CallbackHandlerFactory.ServiceUtil.addDependency(serviceBuilder, injector, createServiceName);
    }

    private void addKerberosIdentityServices(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder, Injector<KeytabIdentityFactoryService> injector) throws OperationFailedException {
        String[] strArr;
        ServiceName createServiceName = KeytabIdentityFactoryService.ServiceUtil.createServiceName(str);
        KeytabIdentityFactoryService keytabIdentityFactoryService = new KeytabIdentityFactoryService();
        ServiceBuilder initialMode = serviceTarget.addService(createServiceName, keytabIdentityFactoryService).setInitialMode(ServiceController.Mode.ON_DEMAND);
        if (modelNode.hasDefined("keytab")) {
            for (Property property : modelNode.get("keytab").asPropertyList()) {
                String name = property.getName();
                ModelNode value = property.getValue();
                String asString = KeytabResourceDefinition.PATH.resolveModelAttribute(operationContext, value).asString();
                ModelNode resolveModelAttribute = KeytabResourceDefinition.RELATIVE_TO.resolveModelAttribute(operationContext, value);
                String asString2 = resolveModelAttribute.isDefined() ? resolveModelAttribute.asString() : null;
                boolean asBoolean = KeytabResourceDefinition.DEBUG.resolveModelAttribute(operationContext, value).asBoolean();
                ModelNode resolveModelAttribute2 = KeytabResourceDefinition.FOR_HOSTS.resolveModelAttribute(operationContext, value);
                if (resolveModelAttribute2.isDefined()) {
                    List<ModelNode> asList = resolveModelAttribute2.asList();
                    strArr = new String[asList.size()];
                    for (int i = 0; i < asList.size(); i++) {
                        strArr[i] = asList.get(i).asString();
                    }
                } else {
                    strArr = new String[0];
                }
                ServiceName createServiceName2 = KeytabService.ServiceUtil.createServiceName(str, name);
                KeytabService keytabService = new KeytabService(name, asString, asString2, strArr, asBoolean);
                ServiceBuilder initialMode2 = serviceTarget.addService(createServiceName2, keytabService).setInitialMode(ServiceController.Mode.ON_DEMAND);
                if (asString2 != null) {
                    initialMode2.addDependency(operationContext.getCapabilityServiceName(PATH_MANAGER_CAPABILITY, PathManager.class), PathManager.class, keytabService.getPathManagerInjector());
                    initialMode2.addDependency(pathName(asString2));
                }
                initialMode2.install();
                KeytabService.ServiceUtil.addDependency(initialMode, keytabIdentityFactoryService.getKeytabInjector(), str, name);
            }
        }
        initialMode.install();
        KeytabIdentityFactoryService.ServiceUtil.addDependency(serviceBuilder, injector, str);
    }

    private void addUsersService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder, Injector<CallbackHandlerService> injector) throws OperationFailedException {
        ServiceName createServiceName = UserDomainCallbackHandler.ServiceUtil.createServiceName(str);
        UserDomainCallbackHandler userDomainCallbackHandler = new UserDomainCallbackHandler(str, unmaskUsersPasswords(operationContext, modelNode));
        ServiceBuilder<CallbackHandlerService> initialMode = serviceTarget.addService(createServiceName, userDomainCallbackHandler).setInitialMode(ServiceController.Mode.ON_DEMAND);
        userDomainCallbackHandler.getCredentialSourceSupplierInjector().inject(unmaskUsersCredentials(operationContext, initialMode, modelNode.m9429clone()));
        initialMode.install();
        CallbackHandlerService.ServiceUtil.addDependency(serviceBuilder, injector, createServiceName);
    }

    private static ServiceName pathName(String str) {
        return ServiceName.JBOSS.append("server", "path", str);
    }

    private ModelNode unmaskUsersPasswords(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        ModelNode m9429clone = modelNode.m9429clone();
        Iterator<Property> it = m9429clone.get("user").asPropertyList().iterator();
        while (it.hasNext()) {
            ModelNode modelNode2 = m9429clone.get("user", it.next().getName());
            if (modelNode2.hasDefined("password")) {
                modelNode2.set("password", operationContext.resolveExpressions(modelNode2.get("password")).asString());
            }
        }
        return m9429clone;
    }

    private Map<String, ExceptionSupplier<CredentialSource, Exception>> unmaskUsersCredentials(OperationContext operationContext, ServiceBuilder<CallbackHandlerService> serviceBuilder, ModelNode modelNode) throws OperationFailedException {
        HashMap hashMap = new HashMap();
        for (Property property : modelNode.get("user").asPropertyList()) {
            ModelNode modelNode2 = modelNode.get("user", property.getName());
            if (modelNode2.hasDefined(CredentialReference.CREDENTIAL_REFERENCE)) {
                hashMap.put(property.getName(), CredentialReference.getCredentialSourceSupplier(operationContext, UserResourceDefinition.CREDENTIAL_REFERENCE, modelNode2, serviceBuilder));
            }
        }
        return hashMap;
    }

    private static Map<String, String> resolveProperties(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        Map<String, String> emptyMap;
        if (modelNode.hasDefined("property")) {
            List<Property> asPropertyList = modelNode.require("property").asPropertyList();
            HashMap hashMap = new HashMap(asPropertyList.size());
            for (Property property : asPropertyList) {
                String name = property.getName();
                ModelNode resolveModelAttribute = PropertyResourceDefinition.VALUE.resolveModelAttribute(operationContext, property.getValue());
                hashMap.put(name, resolveModelAttribute.isDefined() ? resolveModelAttribute.asString() : null);
            }
            emptyMap = Collections.unmodifiableMap(hashMap);
        } else {
            emptyMap = Collections.emptyMap();
        }
        return emptyMap;
    }
}
