package org.wildfly.extras.creaper.commands.security.realms;

import org.wildfly.extras.creaper.commands.foundation.offline.xml.GroovyXmlTransform;
import org.wildfly.extras.creaper.commands.foundation.offline.xml.Subtree;
import org.wildfly.extras.creaper.commands.security.realms.AbstractAddSecurityRealmSubElement;
import org.wildfly.extras.creaper.core.ServerVersion;
import org.wildfly.extras.creaper.core.offline.OfflineCommand;
import org.wildfly.extras.creaper.core.offline.OfflineCommandContext;
import org.wildfly.extras.creaper.core.online.OnlineCommandContext;
import org.wildfly.extras.creaper.core.online.operations.Address;
import org.wildfly.extras.creaper.core.online.operations.Batch;
import org.wildfly.extras.creaper.core.online.operations.Operations;
import org.wildfly.extras.creaper.core.online.operations.Values;
import org.wildfly.extras.creaper.core.online.operations.admin.Administration;

/* loaded from: input_file:org/wildfly/extras/creaper/commands/security/realms/AddLdapAuthorization.class */
public final class AddLdapAuthorization extends AbstractAddSecurityRealmSubElement {
    private final String connection;
    private final GroupToPrincipal groupToPrincipal;
    private final PrincipalToGroup principalToGroup;
    private final AdvancedFilter advancedFilter;
    private final UsernameFilter usernameFilter;
    private final UsernameIsDn usernameIsDn;

    /* loaded from: input_file:org/wildfly/extras/creaper/commands/security/realms/AddLdapAuthorization$Builder.class */
    public static final class Builder extends AbstractAddSecurityRealmSubElement.Builder<Builder> {
        private String connection;
        private GroupToPrincipal groupToPrincipal;
        private PrincipalToGroup principalToGroup;
        private AdvancedFilter advancedFilter;
        private UsernameFilter usernameFilter;
        private UsernameIsDn usernameIsDn;

        public Builder(String str) {
            super(str);
        }

        public Builder connection(String str) {
            this.connection = str;
            return this;
        }

        public Builder groupToPrincipal(GroupToPrincipal groupToPrincipal) {
            this.groupToPrincipal = groupToPrincipal;
            return this;
        }

        public Builder principalToGroup(PrincipalToGroup principalToGroup) {
            this.principalToGroup = principalToGroup;
            return this;
        }

        public Builder advancedFilter(AdvancedFilter advancedFilter) {
            this.advancedFilter = advancedFilter;
            return this;
        }

        public Builder usernameFilter(UsernameFilter usernameFilter) {
            this.usernameFilter = usernameFilter;
            return this;
        }

        public Builder usernameIsDn(UsernameIsDn usernameIsDn) {
            this.usernameIsDn = usernameIsDn;
            return this;
        }

        @Override // org.wildfly.extras.creaper.commands.security.realms.AbstractAddSecurityRealmSubElement.Builder
        public AddLdapAuthorization build() {
            if (this.connection == null) {
                throw new IllegalArgumentException("Connection must be specified as non null value");
            }
            if (this.connection.isEmpty()) {
                throw new IllegalArgumentException("Connection must not be empty value");
            }
            if (this.groupToPrincipal != null && this.principalToGroup != null) {
                throw new IllegalArgumentException("Only one of 'group-to-principal' or 'principal-to-group' is required.");
            }
            if (this.groupToPrincipal == null && this.principalToGroup == null) {
                throw new IllegalArgumentException("One of 'group-to-principal' or 'principal-to-group' is required.");
            }
            if ((this.advancedFilter == null || (this.usernameFilter == null && this.usernameIsDn == null)) && ((this.usernameFilter == null || (this.advancedFilter == null && this.usernameIsDn == null)) && (this.usernameIsDn == null || (this.advancedFilter == null && this.usernameFilter == null)))) {
                return new AddLdapAuthorization(this);
            }
            throw new IllegalArgumentException("Only one of 'advanced-filter','username-filter','username-is-dn' is allowed.");
        }
    }

    private AddLdapAuthorization(Builder builder) {
        super(builder);
        this.connection = builder.connection;
        this.groupToPrincipal = builder.groupToPrincipal;
        this.principalToGroup = builder.principalToGroup;
        this.advancedFilter = builder.advancedFilter;
        this.usernameFilter = builder.usernameFilter;
        this.usernameIsDn = builder.usernameIsDn;
    }

    public void apply(OnlineCommandContext onlineCommandContext) throws Exception {
        if (this.groupToPrincipal != null && this.groupToPrincipal.preferOriginalConnection != null && (onlineCommandContext.version.lessThan(ServerVersion.VERSION_1_7_0) || onlineCommandContext.version.inRange(ServerVersion.VERSION_2_0_0, ServerVersion.VERSION_2_2_0))) {
            throw new AssertionError("Option prefer-original-connection for group-to-principal is available since WildFly 9 or in EAP 6.4.x.");
        }
        if (this.principalToGroup != null) {
            if (this.principalToGroup.skipMissingGroups != null && (onlineCommandContext.version.lessThan(ServerVersion.VERSION_1_7_0) || onlineCommandContext.version.inRange(ServerVersion.VERSION_2_0_0, ServerVersion.VERSION_2_2_0))) {
                throw new AssertionError("Option skip-missing-groups for principal-to-group is available since WildFly 9 or in EAP 6.4.x.");
            }
            if (this.principalToGroup.preferOriginalConnection != null && (onlineCommandContext.version.lessThan(ServerVersion.VERSION_1_7_0) || onlineCommandContext.version.equalTo(ServerVersion.VERSION_2_0_0))) {
                throw new AssertionError("Option prefer-original-connection for principal-to-group is available since WildFly 8.1.0 or in EAP 6.4.x.");
            }
            if (this.principalToGroup.cache != null && (onlineCommandContext.version.lessThan(ServerVersion.VERSION_1_7_0) || onlineCommandContext.version.inRange(ServerVersion.VERSION_2_0_0, ServerVersion.VERSION_2_2_0))) {
                throw new AssertionError("Cache for principal-to-group is available since WildFly 9 or in EAP 6.4.x.");
            }
        }
        Operations operations = new Operations(onlineCommandContext.client);
        Address and = this.securityRealmAddress.and("authorization", "ldap");
        if (this.replaceExisting) {
            operations.removeIfExists(and);
            new Administration(onlineCommandContext.client).reloadIfRequired();
        }
        Batch batch = new Batch();
        batch.add(and, Values.empty().andOptional("connection", this.connection));
        if (this.groupToPrincipal != null) {
            Address and2 = and.and("group-search", "group-to-principal");
            batch.add(and2, Values.empty().andOptional("base-dn", this.groupToPrincipal.baseDn).andOptional("group-dn-attribute", this.groupToPrincipal.groupDnAttribute).andOptional("group-name", this.groupToPrincipal.groupName).andOptional("group-name-attribute", this.groupToPrincipal.groupNameAttribute).andOptional("iterative", this.groupToPrincipal.iterative).andOptional("prefer-original-connection", this.groupToPrincipal.preferOriginalConnection).andOptional("principal-attribute", this.groupToPrincipal.principalAttribute).andOptional("recursive", this.groupToPrincipal.recursive).andOptional("search-by", this.groupToPrincipal.searchBy));
            addCache(batch, and2, this.groupToPrincipal.cache);
        }
        if (this.principalToGroup != null) {
            Address and3 = and.and("group-search", "principal-to-group");
            batch.add(and3, Values.empty().andOptional("group-attribute", this.principalToGroup.groupAttribute).andOptional("group-dn-attribute", this.principalToGroup.groupDnAttribute).andOptional("group-name", this.principalToGroup.groupName).andOptional("group-name-attribute", this.principalToGroup.groupNameAttribute).andOptional("iterative", this.principalToGroup.iterative).andOptional("prefer-original-connection", this.principalToGroup.preferOriginalConnection).andOptional("skip-missing-groups", this.principalToGroup.skipMissingGroups));
            addCache(batch, and3, this.principalToGroup.cache);
        }
        if (this.advancedFilter != null) {
            Address and4 = and.and("username-to-dn", "advanced-filter");
            batch.add(and4, Values.empty().andOptional("base-dn", this.advancedFilter.baseDn).andOptional("filter", this.advancedFilter.filter).andOptional("force", this.advancedFilter.force).andOptional("recursive", this.advancedFilter.recursive).andOptional("user-dn-attribute", this.advancedFilter.userDnAttribute));
            addCache(batch, and4, this.advancedFilter.cache);
        }
        if (this.usernameFilter != null) {
            Address and5 = and.and("username-to-dn", "username-filter");
            batch.add(and5, Values.empty().andOptional("attribute", this.usernameFilter.attribute).andOptional("base-dn", this.usernameFilter.baseDn).andOptional("force", this.usernameFilter.force).andOptional("recursive", this.usernameFilter.recursive).andOptional("user-dn-attribute", this.usernameFilter.userDnAttribute));
            addCache(batch, and5, this.usernameFilter.cache);
        }
        if (this.usernameIsDn != null) {
            Address and6 = and.and("username-to-dn", "username-is-dn");
            batch.add(and6, Values.empty().andOptional("force", this.usernameIsDn.force));
            addCache(batch, and6, this.usernameIsDn.cache);
        }
        operations.batch(batch);
    }

    public void apply(OfflineCommandContext offlineCommandContext) throws Exception {
        if (this.groupToPrincipal != null && this.groupToPrincipal.preferOriginalConnection != null && (offlineCommandContext.version.lessThan(ServerVersion.VERSION_1_7_0) || offlineCommandContext.version.inRange(ServerVersion.VERSION_2_0_0, ServerVersion.VERSION_2_2_0))) {
            throw new AssertionError("Option prefer-original-connection for group-to-principal is available since WildFly 9 or in EAP 6.4.x.");
        }
        if (this.principalToGroup != null) {
            if (this.principalToGroup.skipMissingGroups != null && (offlineCommandContext.version.lessThan(ServerVersion.VERSION_1_7_0) || offlineCommandContext.version.inRange(ServerVersion.VERSION_2_0_0, ServerVersion.VERSION_2_2_0))) {
                throw new AssertionError("Option skip-missing-groups for principal-to-group is available since WildFly 9 or in EAP 6.4.x.");
            }
            if (this.principalToGroup.preferOriginalConnection != null && (offlineCommandContext.version.lessThan(ServerVersion.VERSION_1_7_0) || offlineCommandContext.version.equalTo(ServerVersion.VERSION_2_0_0))) {
                throw new AssertionError("Option prefer-original-connection for principal-to-group is available since WildFly 8.1.0 or in EAP 6.4.x.");
            }
            if (this.principalToGroup.cache != null && (offlineCommandContext.version.lessThan(ServerVersion.VERSION_1_7_0) || offlineCommandContext.version.inRange(ServerVersion.VERSION_2_0_0, ServerVersion.VERSION_2_2_0))) {
                throw new AssertionError("Cache for principal-to-group is available since WildFly 9 or in EAP 6.4.x.");
            }
        }
        offlineCommandContext.client.apply(new OfflineCommand[]{GroovyXmlTransform.of(AddLdapAuthorization.class).subtree("management", Subtree.management()).parameter("atrSecurityRealmName", this.securityRealmName).parameter("atrConnection", this.connection).parameter("atrReplaceExisting", Boolean.valueOf(this.replaceExisting)).parameter("atrGroupToPrincipal", this.groupToPrincipal).parameter("atrPrincipalToGroup", this.principalToGroup).parameter("atrAdvancedFilter", this.advancedFilter).parameter("atrUsernameFilter", this.usernameFilter).parameter("atrUsernameIsDn", this.usernameIsDn).build()});
    }

    private void addCache(Batch batch, Address address, LdapCache ldapCache) {
        if (ldapCache != null) {
            String str = null;
            if (ldapCache.getByAccessTime()) {
                str = "by-access-time";
            } else if (ldapCache.getBySearchTime()) {
                str = "by-search-time";
            }
            batch.add(address.and("cache", str), Values.empty().andOptional("cache-failures", ldapCache.getCacheFailures()).andOptional("eviction-time", ldapCache.getEvictionTime()).andOptional("max-cache-size", ldapCache.getMaxCacheSize()));
        }
    }
}
