package org.jboss.as.cli.impl.aesh.cmd.security.auth;

import java.io.IOException;
import java.util.ArrayList;
import org.aesh.command.Command;
import org.aesh.command.CommandDefinition;
import org.aesh.command.CommandException;
import org.aesh.command.CommandResult;
import org.aesh.command.impl.completer.FileOptionCompleter;
import org.aesh.command.option.Option;
import org.jboss.as.cli.CommandContext;
import org.jboss.as.cli.CommandFormatException;
import org.jboss.as.cli.impl.aesh.cmd.RelativeFile;
import org.jboss.as.cli.impl.aesh.cmd.RelativeFilePathConverter;
import org.jboss.as.cli.impl.aesh.cmd.security.SecurityCommand;
import org.jboss.as.cli.impl.aesh.cmd.security.auth.OptionActivators;
import org.jboss.as.cli.impl.aesh.cmd.security.model.AuthFactory;
import org.jboss.as.cli.impl.aesh.cmd.security.model.AuthFactorySpec;
import org.jboss.as.cli.impl.aesh.cmd.security.model.AuthMechanism;
import org.jboss.as.cli.impl.aesh.cmd.security.model.AuthSecurityBuilder;
import org.jboss.as.cli.impl.aesh.cmd.security.model.ElytronUtil;
import org.jboss.as.cli.impl.aesh.cmd.security.model.EmptyConfiguration;
import org.jboss.as.cli.impl.aesh.cmd.security.model.ExistingKeyStoreConfiguration;
import org.jboss.as.cli.impl.aesh.cmd.security.model.ExistingPropertiesRealmConfiguration;
import org.jboss.as.cli.impl.aesh.cmd.security.model.FileSystemRealmConfiguration;
import org.jboss.as.cli.impl.aesh.cmd.security.model.KeyStoreConfiguration;
import org.jboss.as.cli.impl.aesh.cmd.security.model.LocalUserConfiguration;
import org.jboss.as.cli.impl.aesh.cmd.security.model.MechanismConfiguration;
import org.jboss.as.cli.impl.aesh.cmd.security.model.PropertiesRealmConfiguration;
import org.jboss.as.cli.operation.OperationFormatException;
import org.jboss.dmr.ModelNode;
import org.wildfly.core.cli.command.DMRCommand;
import org.wildfly.core.cli.command.aesh.CLICommandInvocation;

@CommandDefinition(name = "abstract-auth-enable", description = "")
/* loaded from: input_file:wildfly.zip:modules/system/layers/base/org/jboss/as/cli/main/wildfly-cli-14.0.0.Final.jar:org/jboss/as/cli/impl/aesh/cmd/security/auth/AbstractEnableAuthenticationCommand.class */
public abstract class AbstractEnableAuthenticationCommand implements Command<CLICommandInvocation>, DMRCommand {

    @Option(name = SecurityCommand.OPT_FILE_SYSTEM_REALM_NAME, activator = OptionActivators.FilesystemRealmActivator.class, completer = SecurityCommand.OptionCompleters.FileSystemRealmCompleter.class)
    String fileSystemRealmName;

    @Option(name = SecurityCommand.OPT_PROPERTIES_REALM_NAME, activator = OptionActivators.PropertiesRealmActivator.class, completer = SecurityCommand.OptionCompleters.PropertiesRealmCompleter.class)
    String propertiesRealmName;

    @Option(name = SecurityCommand.OPT_USER_ROLE_DECODER, activator = OptionActivators.FileSystemRoleDecoderActivator.class, completer = SecurityCommand.OptionCompleters.SimpleDecoderCompleter.class)
    String userRoleDecoder;

    @Option(name = SecurityCommand.OPT_USER_PROPERTIES_FILE, activator = OptionActivators.PropertiesFileRealmActivator.class, converter = RelativeFilePathConverter.class, completer = FileOptionCompleter.class)
    RelativeFile userPropertiesFile;

    @Option(name = SecurityCommand.OPT_GROUP_PROPERTIES_FILE, activator = OptionActivators.GroupPropertiesFileActivator.class, converter = RelativeFilePathConverter.class, completer = FileOptionCompleter.class)
    RelativeFile groupPropertiesFile;

    @Option(name = SecurityCommand.OPT_EXPOSED_REALM, activator = OptionActivators.MechanismWithRealmActivator.class)
    String exposedRealm;

    @Option(name = "relative-to", activator = OptionActivators.RelativeToActivator.class)
    String relativeTo;

    @Option(name = "plain-text", hasValue = false, activator = OptionActivators.PlainTextActivator.class)
    boolean plaintext;

    @Option(name = SecurityCommand.OPT_NO_RELOAD, hasValue = false)
    boolean noReload;

    @Option(name = SecurityCommand.OPT_SUPER_USER, hasValue = false, activator = OptionActivators.SuperUserActivator.class)
    boolean superUser;

    @Option(name = SecurityCommand.OPT_NEW_SECURITY_DOMAIN_NAME, activator = OptionActivators.DependsOnMechanism.class)
    String newSecurityDomain;

    @Option(name = SecurityCommand.OPT_NEW_AUTH_FACTORY_NAME, activator = OptionActivators.DependsOnMechanism.class)
    String newAuthFactoryName;

    @Option(name = SecurityCommand.OPT_NEW_SECURITY_REALM_NAME, activator = OptionActivators.NewSecurityRealmActivator.class)
    String newRealmName;

    @Option(name = SecurityCommand.OPT_KEY_STORE_NAME, activator = OptionActivators.KeyStoreActivator.class, completer = SecurityCommand.OptionCompleters.KeyStoreNameCompleter.class)
    String keyStoreName;

    @Option(name = SecurityCommand.OPT_KEY_STORE_REALM_NAME, activator = OptionActivators.KeyStoreRealmActivator.class, completer = SecurityCommand.OptionCompleters.KeyStoreRealmCompleter.class)
    String keyStoreRealmName;

    @Option(name = "roles", activator = OptionActivators.RolesActivator.class)
    String roles;
    private final AuthFactorySpec factorySpec;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractEnableAuthenticationCommand(AuthFactorySpec authFactorySpec) {
        this.factorySpec = authFactorySpec;
    }

    public AuthFactorySpec getFactorySpec() {
        return this.factorySpec;
    }

    protected abstract String getMechanism();

    protected abstract void secure(CommandContext commandContext, AuthSecurityBuilder authSecurityBuilder) throws Exception;

    protected abstract String getOOTBFactory(CommandContext commandContext) throws Exception;

    protected abstract String getSecuredEndpoint(CommandContext commandContext);

    protected abstract String getEnabledFactory(CommandContext commandContext) throws Exception;

    @Override // org.aesh.command.Command
    public CommandResult execute(CLICommandInvocation cLICommandInvocation) throws CommandException, InterruptedException {
        CommandContext commandContext = cLICommandInvocation.getCommandContext();
        try {
            AuthSecurityBuilder buildSecurityRequest = buildSecurityRequest(commandContext);
            if (buildSecurityRequest.isEmpty()) {
                cLICommandInvocation.getCommandContext().printLine("Authentication is already enabled for " + getSecuredEndpoint(cLICommandInvocation.getCommandContext()));
            } else {
                SecurityCommand.execute(commandContext, buildSecurityRequest.getRequest(), SecurityCommand.DEFAULT_FAILURE_CONSUMER, !shouldReload());
                cLICommandInvocation.getCommandContext().printLine("Command success.");
                cLICommandInvocation.getCommandContext().printLine("Authentication configured for " + getSecuredEndpoint(cLICommandInvocation.getCommandContext()));
                if (buildSecurityRequest.getReferencedSecurityDomain() != null) {
                    cLICommandInvocation.getCommandContext().printLine("security domain=" + buildSecurityRequest.getReferencedSecurityDomain());
                } else {
                    cLICommandInvocation.getCommandContext().printLine(this.factorySpec.getName() + " authentication-factory=" + buildSecurityRequest.getAuthFactory().getName());
                    cLICommandInvocation.getCommandContext().printLine("security-domain=" + buildSecurityRequest.getAuthFactory().getSecurityDomain().getName());
                }
            }
            return CommandResult.SUCCESS;
        } catch (Exception e) {
            throw new CommandException(e.getLocalizedMessage());
        }
    }

    @Override // org.wildfly.core.cli.command.DMRCommand
    public ModelNode buildRequest(CommandContext commandContext) throws CommandFormatException {
        try {
            return buildSecurityRequest(commandContext).getRequest();
        } catch (Exception e) {
            throw new CommandFormatException(e.getLocalizedMessage() == null ? e.toString() : e.getLocalizedMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthSecurityBuilder buildSecurityRequest(CommandContext commandContext) throws Exception {
        AuthSecurityBuilder buildSecurityBuilder = buildSecurityBuilder(commandContext);
        if (buildSecurityBuilder == null) {
            String oOTBFactory = getOOTBFactory(commandContext);
            AuthFactory authFactory = ElytronUtil.getAuthFactory(oOTBFactory, getFactorySpec(), commandContext);
            if (authFactory == null) {
                throw new Exception("Can't enable " + this.factorySpec.getName() + " authentication, " + oOTBFactory + " doesn't exist");
            }
            buildSecurityBuilder = new AuthSecurityBuilder(authFactory);
        }
        buildSecurityBuilder.buildRequest(commandContext);
        if (!buildSecurityBuilder.isFactoryAlreadySet()) {
            secure(commandContext, buildSecurityBuilder);
        }
        return buildSecurityBuilder;
    }

    private AuthSecurityBuilder buildSecurityBuilder(CommandContext commandContext) throws Exception {
        AuthMechanism buildAuthMechanism = buildAuthMechanism(commandContext);
        if (buildAuthMechanism != null) {
            return buildSecurityBuilder(commandContext, buildAuthMechanism);
        }
        return null;
    }

    private AuthSecurityBuilder buildSecurityBuilder(CommandContext commandContext, AuthMechanism authMechanism) throws Exception {
        String enabledFactory = getEnabledFactory(commandContext);
        AuthSecurityBuilder authSecurityBuilder = new AuthSecurityBuilder(authMechanism, getFactorySpec());
        authSecurityBuilder.setActiveFactoryName(enabledFactory);
        configureBuilder(authSecurityBuilder);
        return authSecurityBuilder;
    }

    protected MechanismConfiguration buildLocalUserConfiguration(CommandContext commandContext, boolean z) throws CommandException, IOException, OperationFormatException {
        if (ElytronUtil.localUserExists(commandContext)) {
            return new LocalUserConfiguration(z);
        }
        throw new CommandException("Can't configure 'local' user, no such identity.");
    }

    public static void throwInvalidOptions() throws CommandException {
        throw new CommandException("You must only set a single mechanism.");
    }

    protected static MechanismConfiguration buildExternalConfiguration(CommandContext commandContext, String str, String str2, String str3) throws CommandException, IOException, OperationFormatException {
        if (str == null && str2 == null) {
            throw new CommandException("A key-store name or key-store realm name must be set");
        }
        if (str != null && str2 != null) {
            throw new CommandException("Only one of a key-store name or key-store realm name must be set");
        }
        ArrayList arrayList = null;
        if (str3 != null) {
            String[] split = str3.split(",");
            arrayList = new ArrayList();
            for (String str4 : split) {
                arrayList.add(str4.trim());
            }
        }
        if (str == null) {
            return new ExistingKeyStoreConfiguration(str2, arrayList);
        }
        if (ElytronUtil.keyStoreExists(commandContext, str)) {
            return new KeyStoreConfiguration(str, arrayList);
        }
        throw new CommandException("Can't configure 'certificate' authentication, no key-store " + str);
    }

    protected static MechanismConfiguration buildUserPasswordConfiguration(RelativeFile relativeFile, String str, String str2, String str3, RelativeFile relativeFile2, String str4, String str5, boolean z) throws CommandException, IOException {
        if (relativeFile == null && str == null && str4 == null) {
            throw new CommandException("A properties file or propertie-realm name or a filesystem-realm name must be provided");
        }
        int i = 0;
        if (relativeFile != null) {
            i = 0 + 1;
        }
        if (str4 != null) {
            i++;
        }
        if (str != null) {
            i++;
        }
        if (i > 1) {
            throw new CommandException("Only one of properties file, propertie-realm name or filesystem-realm name must be provided");
        }
        if (relativeFile != null) {
            if (str3 == null) {
                throw new CommandException(SecurityCommand.formatOption(SecurityCommand.OPT_EXPOSED_REALM) + " must be set when using a user properties file");
            }
            return new PropertiesRealmConfiguration(str3, relativeFile, relativeFile2, str5, z);
        }
        if (str4 == null) {
            return new FileSystemRealmConfiguration(str3, str, str2);
        }
        if (str3 == null) {
            throw new CommandException(SecurityCommand.formatOption(SecurityCommand.OPT_EXPOSED_REALM) + " must be set when using a properties file realm");
        }
        return new ExistingPropertiesRealmConfiguration(str4, str3);
    }

    private AuthMechanism buildAuthMechanism(CommandContext commandContext) throws Exception {
        AuthMechanism authMechanism;
        if (getMechanism() == null) {
            return null;
        }
        if (!ElytronUtil.getAvailableMechanisms(commandContext, getFactorySpec()).contains(getMechanism())) {
            throw new CommandException("Unavailable mechanism " + getMechanism());
        }
        if (ElytronUtil.getMechanismsWithRealm().contains(getMechanism())) {
            authMechanism = new AuthMechanism(getMechanism(), buildUserPasswordConfiguration(this.userPropertiesFile, this.fileSystemRealmName, this.userRoleDecoder, this.exposedRealm, this.groupPropertiesFile, this.propertiesRealmName, this.relativeTo, this.plaintext));
        } else if (ElytronUtil.getMechanismsWithTrustStore().contains(getMechanism())) {
            authMechanism = new AuthMechanism(getMechanism(), buildExternalConfiguration(commandContext, this.keyStoreName, this.keyStoreRealmName, this.roles));
        } else if (ElytronUtil.getMechanismsLocalUser().contains(getMechanism())) {
            authMechanism = new AuthMechanism(getMechanism(), buildLocalUserConfiguration(commandContext, this.superUser));
        } else {
            authMechanism = new AuthMechanism(getMechanism(), new EmptyConfiguration());
        }
        return authMechanism;
    }

    private boolean shouldReload() {
        return !this.noReload;
    }

    private void configureBuilder(AuthSecurityBuilder authSecurityBuilder) {
        authSecurityBuilder.setNewRealmName(this.newRealmName).setAuthFactoryName(this.newAuthFactoryName).setSecurityDomainName(this.newSecurityDomain);
    }
}
