package org.jboss.as.domain.management.security;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
import java.util.function.Supplier;
import javax.net.ssl.SSLContext;
import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.ProcessType;
import org.jboss.as.controller.RunningMode;
import org.jboss.as.controller.registry.Resource;
import org.jboss.as.controller.security.CredentialReference;
import org.jboss.as.controller.services.path.PathManager;
import org.jboss.as.domain.management.AuthMechanism;
import org.jboss.as.domain.management.CallbackHandlerFactory;
import org.jboss.as.domain.management.ModelDescriptionConstants;
import org.jboss.as.domain.management.SecurityRealm;
import org.jboss.as.domain.management.connections.ldap.LdapConnectionManager;
import org.jboss.as.domain.management.connections.ldap.LdapConnectionManagerService;
import org.jboss.as.domain.management.security.AbstractKeyManagerService;
import org.jboss.as.domain.management.security.AbstractTrustManagerService;
import org.jboss.as.domain.management.security.BaseLdapGroupSearchResource;
import org.jboss.as.domain.management.security.CallbackHandlerService;
import org.jboss.as.domain.management.security.ClientCertCallbackHandler;
import org.jboss.as.domain.management.security.JaasCallbackHandler;
import org.jboss.as.domain.management.security.KerberosCallbackHandler;
import org.jboss.as.domain.management.security.KeytabIdentityFactoryService;
import org.jboss.as.domain.management.security.KeytabService;
import org.jboss.as.domain.management.security.LdapSearcherCache;
import org.jboss.as.domain.management.security.LdapSubjectSupplementalService;
import org.jboss.as.domain.management.security.LocalCallbackHandlerService;
import org.jboss.as.domain.management.security.PlugInAuthenticationCallbackHandler;
import org.jboss.as.domain.management.security.PlugInLoaderService;
import org.jboss.as.domain.management.security.PlugInSubjectSupplemental;
import org.jboss.as.domain.management.security.PropertiesCallbackHandler;
import org.jboss.as.domain.management.security.PropertiesSubjectSupplemental;
import org.jboss.as.domain.management.security.SSLContextService;
import org.jboss.as.domain.management.security.SecretIdentityService;
import org.jboss.as.domain.management.security.SubjectSupplementalService;
import org.jboss.as.domain.management.security.UserDomainCallbackHandler;
import org.jboss.as.domain.management.security.UserLdapCallbackHandler;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.dmr.Property;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.ServiceTarget;
import org.wildfly.common.function.ExceptionSupplier;
import org.wildfly.security.credential.source.CredentialSource;

/* loaded from: input_file:WEB-INF/lib/wildfly-domain-management-15.0.1.Final.jar:org/jboss/as/domain/management/security/SecurityRealmAddHandler.class */
public class SecurityRealmAddHandler extends AbstractAddStepHandler {
    private static final String ELYTRON_CAPABILITY = "org.wildfly.security.elytron";
    private static final String PATH_MANAGER_CAPABILITY = "org.wildfly.management.path-manager";
    public static final SecurityRealmAddHandler INSTANCE = new SecurityRealmAddHandler();

    /* loaded from: input_file:WEB-INF/lib/wildfly-domain-management-15.0.1.Final.jar:org/jboss/as/domain/management/security/SecurityRealmAddHandler$ServiceInstallStepHandler.class */
    private static class ServiceInstallStepHandler implements OperationStepHandler {
        private static final ServiceInstallStepHandler INSTANCE = new ServiceInstallStepHandler();

        private ServiceInstallStepHandler() {
        }

        @Override // org.jboss.as.controller.OperationStepHandler
        public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            SecurityRealmAddHandler.INSTANCE.installServices(operationContext, operationContext.getCurrentAddressValue(), Resource.Tools.readModel(operationContext.readResource(PathAddress.EMPTY_ADDRESS)));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.jboss.as.controller.AbstractAddStepHandler
    public boolean requiresRuntime(OperationContext operationContext) {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.jboss.as.controller.AbstractAddStepHandler
    public void populateModel(ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
        super.populateModel(modelNode, modelNode2);
        SecurityRealmResourceDefinition.MAP_GROUPS_TO_ROLES.validateAndSet(modelNode, modelNode2);
    }

    @Override // org.jboss.as.controller.AbstractAddStepHandler
    protected void performRuntime(OperationContext operationContext, ModelNode modelNode, Resource resource) throws OperationFailedException {
        if (!operationContext.isBooting() && operationContext.getProcessType() == ProcessType.EMBEDDED_SERVER && operationContext.getRunningMode() == RunningMode.ADMIN_ONLY) {
            operationContext.reloadRequired();
        } else {
            operationContext.addStep(ServiceInstallStepHandler.INSTANCE, OperationContext.Stage.RUNTIME);
        }
    }

    @Override // org.jboss.as.controller.AbstractAddStepHandler
    protected void rollbackRuntime(OperationContext operationContext, ModelNode modelNode, Resource resource) {
        if (!operationContext.isBooting() && operationContext.getProcessType() == ProcessType.EMBEDDED_SERVER && operationContext.getRunningMode() == RunningMode.ADMIN_ONLY) {
            operationContext.revertReloadRequired();
        }
    }

    @Override // org.jboss.as.controller.AbstractAddStepHandler, org.jboss.as.controller.OperationStepHandler
    public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        super.execute(operationContext, modelNode);
        operationContext.addStep(AuthenticationValidatingHandler.createOperation(modelNode), AuthenticationValidatingHandler.INSTANCE, OperationContext.Stage.MODEL);
        operationContext.addStep(AuthorizationValidatingHandler.createOperation(modelNode), AuthorizationValidatingHandler.INSTANCE, OperationContext.Stage.MODEL);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void installServices(OperationContext operationContext, String str, ModelNode modelNode) throws OperationFailedException {
        Supplier<CallbackHandlerService> addDomainManagedServersService;
        ModelNode modelNode2 = modelNode.hasDefined(ModelDescriptionConstants.PLUG_IN) ? modelNode.get(ModelDescriptionConstants.PLUG_IN) : null;
        ModelNode modelNode3 = modelNode.hasDefined("authentication") ? modelNode.get("authentication") : null;
        ModelNode modelNode4 = modelNode.hasDefined("authorization") ? modelNode.get("authorization") : null;
        ModelNode modelNode5 = modelNode.hasDefined(org.jboss.as.controller.descriptions.ModelDescriptionConstants.SERVER_IDENTITY) ? modelNode.get(org.jboss.as.controller.descriptions.ModelDescriptionConstants.SERVER_IDENTITY) : null;
        ServiceTarget serviceTarget = operationContext.getServiceTarget();
        boolean asBoolean = SecurityRealmResourceDefinition.MAP_GROUPS_TO_ROLES.resolveModelAttribute(operationContext, modelNode).asBoolean();
        ServiceName createServiceName = SecurityRealm.ServiceUtil.createServiceName(str);
        ServiceBuilder<?> addService = serviceTarget.addService(createServiceName);
        HashSet hashSet = new HashSet();
        Consumer<V> provides = addService.provides(createServiceName, SecurityRealm.ServiceUtil.createLegacyServiceName(str));
        ServiceName append = ServiceName.JBOSS.append("server", "path", "jboss.controller.temp.dir");
        boolean shareLdapConnection = shareLdapConnection(operationContext, modelNode3, modelNode4);
        ModelNode modelNode6 = null;
        if (modelNode2 != null) {
            addPlugInLoaderService(str, modelNode2, serviceTarget);
        }
        if (!operationContext.getProcessType().isServer() && (addDomainManagedServersService = addDomainManagedServersService(operationContext, addService)) != null) {
            hashSet.add(addDomainManagedServersService);
        }
        if (modelNode3 != null) {
            if (modelNode3.hasDefined(org.jboss.as.controller.descriptions.ModelDescriptionConstants.TRUSTSTORE)) {
                modelNode6 = modelNode3.require(org.jboss.as.controller.descriptions.ModelDescriptionConstants.TRUSTSTORE);
                hashSet.add(addClientCertService(str, serviceTarget, addService));
            }
            if (modelNode3.hasDefined("local")) {
                hashSet.add(addLocalService(operationContext, modelNode3.require("local"), str, serviceTarget, addService));
            }
            if (modelNode3.hasDefined("kerberos")) {
                hashSet.add(addKerberosService(operationContext, modelNode3.require("kerberos"), str, serviceTarget, addService));
            }
            if (modelNode3.hasDefined(ModelDescriptionConstants.JAAS)) {
                hashSet.add(addJaasService(operationContext, modelNode3.require(ModelDescriptionConstants.JAAS), str, serviceTarget, operationContext.isNormalServer(), addService));
            } else if (modelNode3.hasDefined("ldap")) {
                hashSet.add(addLdapService(operationContext, modelNode3.require("ldap"), str, serviceTarget, addService, shareLdapConnection));
            } else if (modelNode3.hasDefined(ModelDescriptionConstants.PLUG_IN)) {
                hashSet.add(addPlugInAuthenticationService(operationContext, modelNode3.require(ModelDescriptionConstants.PLUG_IN), str, str, serviceTarget, addService));
            } else if (modelNode3.hasDefined("properties")) {
                hashSet.add(addPropertiesAuthenticationService(operationContext, modelNode3.require("properties"), str, serviceTarget, addService));
            } else if (modelNode3.hasDefined("users")) {
                hashSet.add(addUsersService(operationContext, modelNode3.require("users"), str, serviceTarget, addService));
            }
        }
        Supplier<SubjectSupplementalService> supplier = null;
        if (modelNode4 != null) {
            if (modelNode4.hasDefined("properties")) {
                supplier = addPropertiesAuthorizationService(operationContext, modelNode4.require("properties"), str, serviceTarget, addService);
            } else if (modelNode4.hasDefined(ModelDescriptionConstants.PLUG_IN)) {
                supplier = addPlugInAuthorizationService(operationContext, modelNode4.require(ModelDescriptionConstants.PLUG_IN), str, serviceTarget, addService);
            } else if (modelNode4.hasDefined("ldap")) {
                supplier = addLdapAuthorizationService(operationContext, modelNode4.require("ldap"), str, serviceTarget, addService, shareLdapConnection);
            }
        }
        ModelNode modelNode7 = null;
        Supplier<CallbackHandlerFactory> supplier2 = null;
        Supplier<KeytabIdentityFactoryService> supplier3 = null;
        if (modelNode5 != null) {
            if (modelNode5.hasDefined(org.jboss.as.controller.descriptions.ModelDescriptionConstants.SSL)) {
                modelNode7 = modelNode5.require(org.jboss.as.controller.descriptions.ModelDescriptionConstants.SSL);
            }
            if (modelNode5.hasDefined("secret")) {
                supplier2 = addSecretService(operationContext, modelNode5.require("secret"), str, serviceTarget, addService);
            }
            if (modelNode5.hasDefined("kerberos")) {
                supplier3 = addKerberosIdentityServices(operationContext, modelNode5.require("kerberos"), str, serviceTarget, addService);
            }
        }
        Supplier<SSLContext> supplier4 = null;
        if (modelNode7 != null || modelNode6 != null) {
            supplier4 = addSSLServices(operationContext, modelNode7, modelNode6, str, serviceTarget, addService);
        }
        addService.setInstance(new SecurityRealmService(provides, supplier, supplier2, supplier3, supplier4, addService.requires(append), hashSet, str, asBoolean));
        addService.install();
    }

    private boolean shareLdapConnection(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
        if (modelNode == null || modelNode2 == null || !modelNode.hasDefined("ldap") || !modelNode2.hasDefined("ldap")) {
            return false;
        }
        return LdapAuthenticationResourceDefinition.CONNECTION.resolveModelAttribute(operationContext, modelNode.require("ldap")).asString().equals(LdapAuthorizationResourceDefinition.CONNECTION.resolveModelAttribute(operationContext, modelNode2.require("ldap")).asString());
    }

    private void addPlugInLoaderService(String str, ModelNode modelNode, ServiceTarget serviceTarget) {
        ServiceName createServiceName = PlugInLoaderService.ServiceUtil.createServiceName(str);
        List<Property> asPropertyList = modelNode.asPropertyList();
        ArrayList arrayList = new ArrayList(asPropertyList.size());
        Iterator<Property> it = asPropertyList.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getName());
        }
        ServiceBuilder<?> addService = serviceTarget.addService(createServiceName);
        addService.setInstance(new PlugInLoaderService(addService.provides(createServiceName), Collections.unmodifiableList(arrayList)));
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService.install();
    }

    private Supplier<CallbackHandlerService> addClientCertService(String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder) {
        ServiceName createServiceName = ClientCertCallbackHandler.ServiceUtil.createServiceName(str);
        ServiceBuilder<?> addService = serviceTarget.addService(createServiceName);
        addService.setInstance(new ClientCertCallbackHandler(addService.provides(createServiceName)));
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService.install();
        return CallbackHandlerService.ServiceUtil.requires(serviceBuilder, createServiceName);
    }

    private Supplier<CallbackHandlerService> addKerberosService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder) throws OperationFailedException {
        ServiceName createServiceName = KerberosCallbackHandler.ServiceUtil.createServiceName(str);
        boolean asBoolean = KerberosAuthenticationResourceDefinition.REMOVE_REALM.resolveModelAttribute(operationContext, modelNode).asBoolean();
        ServiceBuilder<?> addService = serviceTarget.addService(createServiceName);
        addService.setInstance(new KerberosCallbackHandler(addService.provides(createServiceName), asBoolean));
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService.install();
        return CallbackHandlerService.ServiceUtil.requires(serviceBuilder, createServiceName);
    }

    private Supplier<CallbackHandlerService> addJaasService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, boolean z, ServiceBuilder<?> serviceBuilder) throws OperationFailedException {
        ServiceName createServiceName = JaasCallbackHandler.ServiceUtil.createServiceName(str);
        String asString = JaasAuthenticationResourceDefinition.NAME.resolveModelAttribute(operationContext, modelNode).asString();
        boolean asBoolean = JaasAuthenticationResourceDefinition.ASSIGN_GROUPS.resolveModelAttribute(operationContext, modelNode).asBoolean();
        ServiceBuilder<?> addService = serviceTarget.addService(createServiceName);
        addService.setInstance(new JaasCallbackHandler(addService.provides(createServiceName), z ? addService.requires(ServiceName.JBOSS.append("security", "simple-security-manager")) : null, str, asString, asBoolean));
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService.install();
        return CallbackHandlerService.ServiceUtil.requires(serviceBuilder, createServiceName);
    }

    private <R, K> LdapCacheService<R, K> createCacheService(Consumer<LdapSearcherCache<R, K>> consumer, OperationContext operationContext, LdapSearcher<R, K> ldapSearcher, ModelNode modelNode) throws OperationFailedException {
        if (modelNode != null && modelNode.isDefined()) {
            ModelNode modelNode2 = null;
            boolean z = false;
            if (modelNode.hasDefined(ModelDescriptionConstants.BY_ACCESS_TIME)) {
                modelNode2 = modelNode.require(ModelDescriptionConstants.BY_ACCESS_TIME);
                z = true;
            } else if (modelNode.hasDefined(ModelDescriptionConstants.BY_SEARCH_TIME)) {
                modelNode2 = modelNode.require(ModelDescriptionConstants.BY_SEARCH_TIME);
            }
            if (modelNode2 != null) {
                int asInt = LdapCacheResourceDefinition.EVICTION_TIME.resolveModelAttribute(operationContext, modelNode2).asInt();
                boolean asBoolean = LdapCacheResourceDefinition.CACHE_FAILURES.resolveModelAttribute(operationContext, modelNode2).asBoolean();
                int asInt2 = LdapCacheResourceDefinition.MAX_CACHE_SIZE.resolveModelAttribute(operationContext, modelNode2).asInt();
                return z ? LdapCacheService.createByAccessCacheService(consumer, ldapSearcher, asInt, asBoolean, asInt2) : LdapCacheService.createBySearchCacheService(consumer, ldapSearcher, asInt, asBoolean, asInt2);
            }
        }
        return LdapCacheService.createNoCacheService(consumer, ldapSearcher);
    }

    private Supplier<CallbackHandlerService> addLdapService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder, boolean z) throws OperationFailedException {
        ServiceName createServiceName = UserLdapCallbackHandler.ServiceUtil.createServiceName(str);
        String asString = LdapAuthenticationResourceDefinition.BASE_DN.resolveModelAttribute(operationContext, modelNode).asString();
        ModelNode resolveModelAttribute = LdapAuthenticationResourceDefinition.USERNAME_FILTER.resolveModelAttribute(operationContext, modelNode);
        String asString2 = resolveModelAttribute.isDefined() ? resolveModelAttribute.asString() : null;
        ModelNode resolveModelAttribute2 = LdapAuthenticationResourceDefinition.ADVANCED_FILTER.resolveModelAttribute(operationContext, modelNode);
        String asString3 = resolveModelAttribute2.isDefined() ? resolveModelAttribute2.asString() : null;
        ModelNode resolveModelAttribute3 = LdapAuthenticationResourceDefinition.USERNAME_LOAD.resolveModelAttribute(operationContext, modelNode);
        String asString4 = resolveModelAttribute3.isDefined() ? resolveModelAttribute3.asString() : null;
        boolean asBoolean = LdapAuthenticationResourceDefinition.RECURSIVE.resolveModelAttribute(operationContext, modelNode).asBoolean();
        boolean asBoolean2 = LdapAuthenticationResourceDefinition.ALLOW_EMPTY_PASSWORDS.resolveModelAttribute(operationContext, modelNode).asBoolean();
        String asString5 = LdapAuthenticationResourceDefinition.USER_DN.resolveModelAttribute(operationContext, modelNode).asString();
        LdapSearcher<LdapEntry, String> createForUsernameFilter = asString2 != null ? LdapUserSearcherFactory.createForUsernameFilter(asString, asBoolean, asString5, asString2, asString4) : LdapUserSearcherFactory.createForAdvancedFilter(asString, asBoolean, asString5, asString3, asString4);
        ServiceName createServiceName2 = LdapSearcherCache.ServiceUtil.createServiceName(true, true, str);
        ServiceBuilder<?> addService = serviceTarget.addService(createServiceName2);
        addService.setInstance(createCacheService(addService.provides(createServiceName2), operationContext, createForUsernameFilter, modelNode.get("cache")));
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService.install();
        ServiceBuilder<?> addService2 = serviceTarget.addService(createServiceName);
        addService2.setInstance(new UserLdapCallbackHandler(addService2.provides(createServiceName), LdapConnectionManagerService.ServiceUtil.requires(addService2, LdapAuthenticationResourceDefinition.CONNECTION.resolveModelAttribute(operationContext, modelNode).asString()), LdapSearcherCache.ServiceUtil.requires(addService2, true, true, str), asBoolean2, z));
        addService2.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService2.install();
        return CallbackHandlerService.ServiceUtil.requires(serviceBuilder, createServiceName);
    }

    private Supplier<CallbackHandlerService> addLocalService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder) throws OperationFailedException {
        ServiceName createServiceName = LocalCallbackHandlerService.ServiceUtil.createServiceName(str);
        ModelNode resolveModelAttribute = LocalAuthenticationResourceDefinition.DEFAULT_USER.resolveModelAttribute(operationContext, modelNode);
        String asString = resolveModelAttribute.isDefined() ? resolveModelAttribute.asString() : null;
        ModelNode resolveModelAttribute2 = LocalAuthenticationResourceDefinition.ALLOWED_USERS.resolveModelAttribute(operationContext, modelNode);
        String asString2 = resolveModelAttribute2.isDefined() ? resolveModelAttribute2.asString() : null;
        boolean asBoolean = LocalAuthenticationResourceDefinition.SKIP_GROUP_LOADING.resolveModelAttribute(operationContext, modelNode).asBoolean();
        ServiceBuilder<?> addService = serviceTarget.addService(createServiceName);
        addService.setInstance(new LocalCallbackHandlerService(addService.provides(createServiceName), asString, asString2, asBoolean));
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService.install();
        return CallbackHandlerService.ServiceUtil.requires(serviceBuilder, createServiceName);
    }

    private Supplier<CallbackHandlerService> addDomainManagedServersService(OperationContext operationContext, ServiceBuilder<?> serviceBuilder) {
        if (operationContext.getServiceRegistry(false).getService(DomainManagedServerCallbackHandler.SERVICE_NAME) != null) {
            return CallbackHandlerService.ServiceUtil.requires(serviceBuilder, DomainManagedServerCallbackHandler.SERVICE_NAME);
        }
        return null;
    }

    private Supplier<CallbackHandlerService> addPlugInAuthenticationService(OperationContext operationContext, ModelNode modelNode, String str, String str2, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder) throws OperationFailedException {
        ServiceName createServiceName = PlugInAuthenticationCallbackHandler.ServiceUtil.createServiceName(str);
        String asString = PlugInAuthorizationResourceDefinition.NAME.resolveModelAttribute(operationContext, modelNode).asString();
        Map<String, String> resolveProperties = resolveProperties(operationContext, modelNode);
        AuthMechanism valueOf = AuthMechanism.valueOf(PlugInAuthenticationResourceDefinition.MECHANISM.resolveModelAttribute(operationContext, modelNode).asString());
        ServiceBuilder<?> addService = serviceTarget.addService(createServiceName);
        addService.setInstance(new PlugInAuthenticationCallbackHandler(addService.provides(createServiceName), PlugInLoaderService.ServiceUtil.requires(addService, str), str2, asString, resolveProperties, valueOf));
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService.install();
        return CallbackHandlerService.ServiceUtil.requires(serviceBuilder, createServiceName);
    }

    private Supplier<CallbackHandlerService> addPropertiesAuthenticationService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder) throws OperationFailedException {
        ServiceName createServiceName = PropertiesCallbackHandler.ServiceUtil.createServiceName(str);
        String asString = PropertiesAuthenticationResourceDefinition.PATH.resolveModelAttribute(operationContext, modelNode).asString();
        ModelNode resolveModelAttribute = PropertiesAuthenticationResourceDefinition.RELATIVE_TO.resolveModelAttribute(operationContext, modelNode);
        boolean asBoolean = PropertiesAuthenticationResourceDefinition.PLAIN_TEXT.resolveModelAttribute(operationContext, modelNode).asBoolean();
        String asString2 = resolveModelAttribute.isDefined() ? resolveModelAttribute.asString() : null;
        ServiceBuilder<?> addService = serviceTarget.addService(createServiceName);
        Consumer<V> provides = addService.provides(createServiceName);
        Supplier supplier = null;
        if (asString2 != null) {
            supplier = addService.requires(operationContext.getCapabilityServiceName(PATH_MANAGER_CAPABILITY, PathManager.class));
            addService.requires(pathName(asString2));
        }
        addService.setInstance(new PropertiesCallbackHandler(provides, supplier, str, asString, asString2, asBoolean));
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService.install();
        return CallbackHandlerService.ServiceUtil.requires(serviceBuilder, createServiceName);
    }

    private Supplier<SubjectSupplementalService> addPropertiesAuthorizationService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder) throws OperationFailedException {
        ServiceName createServiceName = PropertiesSubjectSupplemental.ServiceUtil.createServiceName(str);
        String asString = PropertiesAuthorizationResourceDefinition.PATH.resolveModelAttribute(operationContext, modelNode).asString();
        ModelNode resolveModelAttribute = PropertiesAuthorizationResourceDefinition.RELATIVE_TO.resolveModelAttribute(operationContext, modelNode);
        String asString2 = resolveModelAttribute.isDefined() ? resolveModelAttribute.asString() : null;
        ServiceBuilder<?> addService = serviceTarget.addService(createServiceName);
        Consumer<V> provides = addService.provides(createServiceName);
        Supplier supplier = null;
        if (asString2 != null) {
            supplier = addService.requires(operationContext.getCapabilityServiceName(PATH_MANAGER_CAPABILITY, PathManager.class));
            addService.requires(pathName(asString2));
        }
        addService.setInstance(new PropertiesSubjectSupplemental(provides, supplier, str, asString, asString2));
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService.install();
        return SubjectSupplementalService.ServiceUtil.requires(serviceBuilder, createServiceName);
    }

    private Supplier<SubjectSupplementalService> addPlugInAuthorizationService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder) throws OperationFailedException {
        ServiceName createServiceName = PlugInSubjectSupplemental.ServiceUtil.createServiceName(str);
        String asString = PlugInAuthorizationResourceDefinition.NAME.resolveModelAttribute(operationContext, modelNode).asString();
        Map<String, String> resolveProperties = resolveProperties(operationContext, modelNode);
        ServiceBuilder<?> addService = serviceTarget.addService(createServiceName);
        addService.setInstance(new PlugInSubjectSupplemental(addService.provides(createServiceName), PlugInLoaderService.ServiceUtil.requires(addService, str), str, asString, resolveProperties));
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService.install();
        return SubjectSupplementalService.ServiceUtil.requires(serviceBuilder, createServiceName);
    }

    private Supplier<SubjectSupplementalService> addLdapAuthorizationService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder, boolean z) throws OperationFailedException {
        ModelNode modelNode2;
        BaseLdapGroupSearchResource.GroupName valueOf;
        boolean asBoolean;
        LdapSearcher<LdapEntry[], LdapEntry> createForPrincipalToGroup;
        ServiceName createServiceName = LdapSubjectSupplementalService.ServiceUtil.createServiceName(str);
        LdapSearcher<LdapEntry, String> ldapSearcher = null;
        boolean z2 = false;
        ModelNode modelNode3 = null;
        if (modelNode.hasDefined(org.jboss.as.controller.descriptions.ModelDescriptionConstants.USERNAME_TO_DN)) {
            ModelNode require = modelNode.require(org.jboss.as.controller.descriptions.ModelDescriptionConstants.USERNAME_TO_DN);
            if (require.hasDefined(org.jboss.as.controller.descriptions.ModelDescriptionConstants.USERNAME_IS_DN)) {
                ModelNode require2 = require.require(org.jboss.as.controller.descriptions.ModelDescriptionConstants.USERNAME_IS_DN);
                modelNode3 = require2.get("cache");
                z2 = UserIsDnResourceDefintion.FORCE.resolveModelAttribute(operationContext, require2).asBoolean();
                ldapSearcher = LdapUserSearcherFactory.createForUsernameIsDn();
            } else if (require.hasDefined(org.jboss.as.controller.descriptions.ModelDescriptionConstants.USERNAME_FILTER)) {
                ModelNode require3 = require.require(org.jboss.as.controller.descriptions.ModelDescriptionConstants.USERNAME_FILTER);
                modelNode3 = require3.get("cache");
                z2 = UserSearchResourceDefintion.FORCE.resolveModelAttribute(operationContext, require3).asBoolean();
                ldapSearcher = LdapUserSearcherFactory.createForUsernameFilter(UserSearchResourceDefintion.BASE_DN.resolveModelAttribute(operationContext, require3).asString(), UserSearchResourceDefintion.RECURSIVE.resolveModelAttribute(operationContext, require3).asBoolean(), UserSearchResourceDefintion.USER_DN_ATTRIBUTE.resolveModelAttribute(operationContext, require3).asString(), UserSearchResourceDefintion.ATTRIBUTE.resolveModelAttribute(operationContext, require3).asString(), null);
            } else if (require.hasDefined(org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADVANCED_FILTER)) {
                ModelNode require4 = require.require(org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADVANCED_FILTER);
                modelNode3 = require4.get("cache");
                z2 = AdvancedUserSearchResourceDefintion.FORCE.resolveModelAttribute(operationContext, require4).asBoolean();
                ldapSearcher = LdapUserSearcherFactory.createForAdvancedFilter(AdvancedUserSearchResourceDefintion.BASE_DN.resolveModelAttribute(operationContext, require4).asString(), AdvancedUserSearchResourceDefintion.RECURSIVE.resolveModelAttribute(operationContext, require4).asBoolean(), AdvancedUserSearchResourceDefintion.USER_DN_ATTRIBUTE.resolveModelAttribute(operationContext, require4).asString(), AdvancedUserSearchResourceDefintion.FILTER.resolveModelAttribute(operationContext, require4).asString(), null);
            }
        }
        if (ldapSearcher != null) {
            ServiceName createServiceName2 = LdapSearcherCache.ServiceUtil.createServiceName(false, true, str);
            ServiceBuilder<?> addService = serviceTarget.addService(createServiceName2);
            addService.setInstance(createCacheService(addService.provides(createServiceName2), operationContext, ldapSearcher, modelNode3));
            addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
            addService.install();
        }
        ModelNode require5 = modelNode.require(org.jboss.as.controller.descriptions.ModelDescriptionConstants.GROUP_SEARCH);
        BaseLdapGroupSearchResource.GroupName groupName = BaseLdapGroupSearchResource.GroupName.DISTINGUISHED_NAME;
        if (require5.hasDefined(org.jboss.as.controller.descriptions.ModelDescriptionConstants.GROUP_TO_PRINCIPAL)) {
            ModelNode require6 = require5.require(org.jboss.as.controller.descriptions.ModelDescriptionConstants.GROUP_TO_PRINCIPAL);
            modelNode2 = require6.get("cache");
            String asString = GroupToPrincipalResourceDefinition.BASE_DN.resolveModelAttribute(operationContext, require6).asString();
            String asString2 = GroupToPrincipalResourceDefinition.GROUP_DN_ATTRIBUTE.resolveModelAttribute(operationContext, require6).asString();
            valueOf = BaseLdapGroupSearchResource.GroupName.valueOf(GroupToPrincipalResourceDefinition.GROUP_NAME.resolveModelAttribute(operationContext, require6).asString());
            String asString3 = GroupToPrincipalResourceDefinition.GROUP_NAME_ATTRIBUTE.resolveModelAttribute(operationContext, require6).asString();
            asBoolean = GroupToPrincipalResourceDefinition.ITERATIVE.resolveModelAttribute(operationContext, require6).asBoolean();
            createForPrincipalToGroup = LdapGroupSearcherFactory.createForGroupToPrincipal(asString, asString2, asString3, GroupToPrincipalResourceDefinition.PRINCIPAL_ATTRIBUTE.resolveModelAttribute(operationContext, require6).asString(), GroupToPrincipalResourceDefinition.RECURSIVE.resolveModelAttribute(operationContext, require6).asBoolean(), BaseLdapGroupSearchResource.GroupName.valueOf(GroupToPrincipalResourceDefinition.SEARCH_BY.resolveModelAttribute(operationContext, require6).asString()), GroupToPrincipalResourceDefinition.PREFER_ORIGINAL_CONNECTION.resolveModelAttribute(operationContext, require6).asBoolean());
        } else {
            ModelNode require7 = require5.require(org.jboss.as.controller.descriptions.ModelDescriptionConstants.PRINCIPAL_TO_GROUP);
            modelNode2 = require7.get("cache");
            String asString4 = PrincipalToGroupResourceDefinition.GROUP_ATTRIBUTE.resolveModelAttribute(operationContext, require7).asString();
            boolean asBoolean2 = PrincipalToGroupResourceDefinition.PREFER_ORIGINAL_CONNECTION.resolveModelAttribute(operationContext, require7).asBoolean();
            PrincipalToGroupResourceDefinition.GROUP_DN_ATTRIBUTE.resolveModelAttribute(operationContext, require7).asString();
            valueOf = BaseLdapGroupSearchResource.GroupName.valueOf(PrincipalToGroupResourceDefinition.GROUP_NAME.resolveModelAttribute(operationContext, require7).asString());
            String asString5 = PrincipalToGroupResourceDefinition.GROUP_NAME_ATTRIBUTE.resolveModelAttribute(operationContext, require7).asString();
            asBoolean = PrincipalToGroupResourceDefinition.ITERATIVE.resolveModelAttribute(operationContext, require7).asBoolean();
            createForPrincipalToGroup = LdapGroupSearcherFactory.createForPrincipalToGroup(asString4, asString5, asBoolean2, PrincipalToGroupResourceDefinition.SKIP_MISSING_GROUPS.resolveModelAttribute(operationContext, require7).asBoolean(), BaseLdapGroupSearchResource.GroupName.SIMPLE == valueOf, PrincipalToGroupResourceDefinition.PARSE_ROLES_FROM_DN.resolveModelAttribute(operationContext, require7).asBoolean());
        }
        ServiceName createServiceName3 = LdapSearcherCache.ServiceUtil.createServiceName(false, false, str);
        ServiceBuilder<?> addService2 = serviceTarget.addService(createServiceName3);
        addService2.setInstance(createCacheService(addService2.provides(createServiceName3), operationContext, createForPrincipalToGroup, modelNode2));
        addService2.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService2.install();
        String asString6 = LdapAuthorizationResourceDefinition.CONNECTION.resolveModelAttribute(operationContext, modelNode).asString();
        ServiceBuilder<?> addService3 = serviceTarget.addService(createServiceName);
        Consumer<V> provides = addService3.provides(createServiceName);
        Supplier<LdapConnectionManager> requires = LdapConnectionManagerService.ServiceUtil.requires(addService3, asString6);
        Supplier supplier = null;
        if (ldapSearcher != null) {
            supplier = LdapSearcherCache.ServiceUtil.requires(addService3, false, true, str);
        }
        addService3.setInstance(new LdapSubjectSupplementalService(provides, requires, supplier, LdapSearcherCache.ServiceUtil.requires(addService3, false, false, str), str, z, z2, asBoolean, valueOf));
        addService3.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService3.install();
        return SubjectSupplementalService.ServiceUtil.requires(serviceBuilder, createServiceName);
    }

    private Supplier<SSLContext> addSSLServices(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder) throws OperationFailedException {
        ModelNode modelNode3 = modelNode == null ? new ModelNode() : modelNode;
        ServiceName serviceName = null;
        String asString = KeystoreAttributes.KEYSTORE_PROVIDER.resolveModelAttribute(operationContext, modelNode3).asString();
        if (modelNode3.hasDefined("keystore-path") || !"JKS".equalsIgnoreCase(asString)) {
            serviceName = AbstractKeyManagerService.ServiceUtil.createServiceName(SecurityRealm.ServiceUtil.createServiceName(str));
            addKeyManagerService(operationContext, modelNode3, serviceName, serviceTarget);
        }
        ServiceName serviceName2 = null;
        if (modelNode2 != null) {
            serviceName2 = AbstractTrustManagerService.ServiceUtil.createServiceName(SecurityRealm.ServiceUtil.createServiceName(str));
            addTrustManagerService(operationContext, modelNode2, serviceName2, serviceTarget);
        }
        String asString2 = SSLServerIdentityResourceDefinition.PROTOCOL.resolveModelAttribute(operationContext, modelNode3).asString();
        HashSet hashSet = new HashSet();
        ModelNode resolveModelAttribute = SSLServerIdentityResourceDefinition.ENABLED_CIPHER_SUITES.resolveModelAttribute(operationContext, modelNode3);
        if (resolveModelAttribute.isDefined()) {
            Iterator<ModelNode> it = resolveModelAttribute.asList().iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().asString());
            }
        }
        HashSet hashSet2 = new HashSet();
        ModelNode resolveModelAttribute2 = SSLServerIdentityResourceDefinition.ENABLED_PROTOCOLS.resolveModelAttribute(operationContext, modelNode3);
        if (resolveModelAttribute2.isDefined()) {
            Iterator<ModelNode> it2 = resolveModelAttribute2.asList().iterator();
            while (it2.hasNext()) {
                hashSet2.add(it2.next().asString());
            }
        }
        ServiceName createServiceName = SSLContextService.ServiceUtil.createServiceName(SecurityRealm.ServiceUtil.createServiceName(str), false);
        ServiceName createServiceName2 = SSLContextService.ServiceUtil.createServiceName(SecurityRealm.ServiceUtil.createServiceName(str), true);
        Consumer consumer = serviceBuilder2 -> {
        };
        try {
            consumer = (Consumer) operationContext.getCapabilityRuntimeAPI(ELYTRON_CAPABILITY, Consumer.class);
        } catch (IllegalStateException e) {
        }
        if (serviceName != null) {
            ServiceBuilder<?> addService = serviceTarget.addService(createServiceName);
            addService.setInstance(new SSLContextService(addService.provides(createServiceName), AbstractKeyManagerService.ServiceUtil.requires(addService, SecurityRealm.ServiceUtil.createServiceName(str)), serviceName2 != null ? AbstractTrustManagerService.ServiceUtil.requires(addService, SecurityRealm.ServiceUtil.createServiceName(str)) : null, asString2, hashSet, hashSet2));
            consumer.accept(addService);
            addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
            addService.install();
        }
        ServiceBuilder<?> addService2 = serviceTarget.addService(createServiceName2);
        addService2.setInstance(new SSLContextService(serviceName != null ? addService2.provides(createServiceName2) : addService2.provides(createServiceName2, createServiceName), null, serviceName2 != null ? AbstractTrustManagerService.ServiceUtil.requires(addService2, SecurityRealm.ServiceUtil.createServiceName(str)) : null, asString2, hashSet, hashSet2));
        consumer.accept(addService2);
        addService2.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService2.install();
        return SSLContextService.ServiceUtil.requires(serviceBuilder, SecurityRealm.ServiceUtil.createServiceName(str), false);
    }

    private void addKeyManagerService(OperationContext operationContext, ModelNode modelNode, ServiceName serviceName, ServiceTarget serviceTarget) throws OperationFailedException {
        ServiceBuilder<?> addService;
        ModelNode resolveModelAttribute = KeystoreAttributes.KEYSTORE_PASSWORD.resolveModelAttribute(operationContext, modelNode);
        char[] charArray = resolveModelAttribute.isDefined() ? resolveModelAttribute.asString().toCharArray() : null;
        ModelNode resolveModelAttribute2 = KeystoreAttributes.KEYSTORE_PROVIDER.resolveModelAttribute(operationContext, modelNode);
        String asString = resolveModelAttribute2.isDefined() ? resolveModelAttribute2.asString() : null;
        String str = null;
        ModelNode resolveModelAttribute3 = KeystoreAttributes.GENERATE_SELF_SIGNED_CERTIFICATE_HOST.resolveModelAttribute(operationContext, modelNode);
        if (resolveModelAttribute3.isDefined()) {
            str = resolveModelAttribute3.asString();
        }
        ModelNode resolveModelAttribute4 = KeystoreAttributes.KEYSTORE_PATH.resolveModelAttribute(operationContext, modelNode);
        if (resolveModelAttribute4.isDefined()) {
            String asString2 = resolveModelAttribute4.asString();
            ModelNode resolveModelAttribute5 = KeystoreAttributes.KEY_PASSWORD.resolveModelAttribute(operationContext, modelNode);
            char[] charArray2 = resolveModelAttribute5.isDefined() ? resolveModelAttribute5.asString().toCharArray() : null;
            ModelNode resolveModelAttribute6 = KeystoreAttributes.KEYSTORE_RELATIVE_TO.resolveModelAttribute(operationContext, modelNode);
            String asString3 = resolveModelAttribute6.isDefined() ? resolveModelAttribute6.asString() : null;
            ModelNode resolveModelAttribute7 = KeystoreAttributes.ALIAS.resolveModelAttribute(operationContext, modelNode);
            String asString4 = resolveModelAttribute7.isDefined() ? resolveModelAttribute7.asString() : null;
            addService = serviceTarget.addService(serviceName);
            Consumer<V> provides = addService.provides(serviceName);
            Supplier supplier = null;
            if (asString3 != null) {
                supplier = addService.requires(operationContext.getCapabilityServiceName(PATH_MANAGER_CAPABILITY, PathManager.class));
                addService.requires(pathName(asString3));
            }
            ExceptionSupplier<CredentialSource, Exception> exceptionSupplier = null;
            ExceptionSupplier<CredentialSource, Exception> exceptionSupplier2 = null;
            if (modelNode.hasDefined(KeystoreAttributes.KEYSTORE_PASSWORD_CREDENTIAL_REFERENCE_NAME)) {
                exceptionSupplier2 = CredentialReference.getCredentialSourceSupplier(operationContext, KeystoreAttributes.KEYSTORE_PASSWORD_CREDENTIAL_REFERENCE, modelNode, addService, "server-identity.ssl");
            }
            if (modelNode.hasDefined(KeystoreAttributes.KEY_PASSWORD_CREDENTIAL_REFERENCE_NAME)) {
                exceptionSupplier = CredentialReference.getCredentialSourceSupplier(operationContext, KeystoreAttributes.KEY_PASSWORD_CREDENTIAL_REFERENCE, modelNode, addService, "server-identity.ssl");
            }
            addService.setInstance(new FileKeyManagerService(provides, supplier, exceptionSupplier, exceptionSupplier2, asString, asString2, asString3, charArray, charArray2, asString4, str));
        } else {
            addService = serviceTarget.addService(serviceName);
            addService.setInstance(new ProviderKeyManagerService(addService.provides(serviceName), null, null, asString, charArray));
        }
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService.install();
    }

    private void addTrustManagerService(OperationContext operationContext, ModelNode modelNode, ServiceName serviceName, ServiceTarget serviceTarget) throws OperationFailedException {
        ServiceBuilder<?> addService;
        ModelNode resolveModelAttribute = KeystoreAttributes.KEYSTORE_PASSWORD.resolveModelAttribute(operationContext, modelNode);
        char[] charArray = resolveModelAttribute.isDefined() ? resolveModelAttribute.asString().toCharArray() : null;
        String asString = KeystoreAttributes.KEYSTORE_PROVIDER.resolveModelAttribute(operationContext, modelNode).asString();
        ModelNode resolveModelAttribute2 = KeystoreAttributes.KEYSTORE_PATH.resolveModelAttribute(operationContext, modelNode);
        if (resolveModelAttribute2.isDefined()) {
            String asString2 = resolveModelAttribute2.asString();
            ModelNode resolveModelAttribute3 = KeystoreAttributes.KEYSTORE_RELATIVE_TO.resolveModelAttribute(operationContext, modelNode);
            String asString3 = resolveModelAttribute3.isDefined() ? resolveModelAttribute3.asString() : null;
            addService = serviceTarget.addService(serviceName);
            Consumer<V> provides = addService.provides(serviceName);
            Supplier supplier = null;
            if (asString3 != null) {
                supplier = addService.requires(operationContext.getCapabilityServiceName(PATH_MANAGER_CAPABILITY, PathManager.class));
                addService.requires(pathName(asString3));
            }
            ExceptionSupplier<CredentialSource, Exception> exceptionSupplier = null;
            if (modelNode.hasDefined(KeystoreAttributes.KEYSTORE_PASSWORD_CREDENTIAL_REFERENCE_NAME)) {
                exceptionSupplier = CredentialReference.getCredentialSourceSupplier(operationContext, KeystoreAttributes.KEYSTORE_PASSWORD_CREDENTIAL_REFERENCE, modelNode, addService, "authentication.truststore");
            }
            addService.setInstance(new FileTrustManagerService(provides, supplier, exceptionSupplier, asString, asString2, asString3, charArray));
        } else {
            addService = serviceTarget.addService(serviceName);
            Consumer<V> provides2 = addService.provides(serviceName);
            ExceptionSupplier<CredentialSource, Exception> exceptionSupplier2 = null;
            if (modelNode.hasDefined(KeystoreAttributes.KEYSTORE_PASSWORD_CREDENTIAL_REFERENCE_NAME)) {
                exceptionSupplier2 = CredentialReference.getCredentialSourceSupplier(operationContext, KeystoreAttributes.KEYSTORE_PASSWORD_CREDENTIAL_REFERENCE, modelNode, addService, "authentication.truststore");
            }
            addService.setInstance(new ProviderTrustManagerService(provides2, exceptionSupplier2, asString, charArray));
        }
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService.install();
    }

    private Supplier<CallbackHandlerFactory> addSecretService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder) throws OperationFailedException {
        ServiceName createServiceName = SecretIdentityService.ServiceUtil.createServiceName(str);
        ModelNode resolveModelAttribute = SecretServerIdentityResourceDefinition.VALUE.resolveModelAttribute(operationContext, modelNode);
        boolean z = modelNode.get(SecretServerIdentityResourceDefinition.VALUE.getName()).getType() != ModelType.EXPRESSION;
        ServiceBuilder<?> addService = serviceTarget.addService(createServiceName);
        Consumer<V> provides = addService.provides(createServiceName);
        ExceptionSupplier<CredentialSource, Exception> exceptionSupplier = null;
        if (modelNode.hasDefined(CredentialReference.CREDENTIAL_REFERENCE)) {
            exceptionSupplier = CredentialReference.getCredentialSourceSupplier(operationContext, SecretServerIdentityResourceDefinition.CREDENTIAL_REFERENCE, modelNode, addService, "server-identity.secret");
        }
        addService.setInstance(modelNode.hasDefined(CredentialReference.CREDENTIAL_REFERENCE) ? new SecretIdentityService(provides, exceptionSupplier, resolveModelAttribute.asString(), false) : new SecretIdentityService(provides, exceptionSupplier, resolveModelAttribute.asString(), z));
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService.install();
        return CallbackHandlerFactory.ServiceUtil.requires(serviceBuilder, createServiceName);
    }

    private Supplier<KeytabIdentityFactoryService> addKerberosIdentityServices(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder) throws OperationFailedException {
        String[] strArr;
        ServiceName createServiceName = KeytabIdentityFactoryService.ServiceUtil.createServiceName(str);
        ServiceBuilder<?> addService = serviceTarget.addService(createServiceName);
        KeytabIdentityFactoryService keytabIdentityFactoryService = new KeytabIdentityFactoryService(addService.provides(createServiceName));
        addService.setInstance(keytabIdentityFactoryService);
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
        if (modelNode.hasDefined("keytab")) {
            for (Property property : modelNode.get("keytab").asPropertyList()) {
                String name = property.getName();
                ModelNode value = property.getValue();
                String asString = KeytabResourceDefinition.PATH.resolveModelAttribute(operationContext, value).asString();
                ModelNode resolveModelAttribute = KeytabResourceDefinition.RELATIVE_TO.resolveModelAttribute(operationContext, value);
                String asString2 = resolveModelAttribute.isDefined() ? resolveModelAttribute.asString() : null;
                boolean asBoolean = KeytabResourceDefinition.DEBUG.resolveModelAttribute(operationContext, value).asBoolean();
                ModelNode resolveModelAttribute2 = KeytabResourceDefinition.FOR_HOSTS.resolveModelAttribute(operationContext, value);
                if (resolveModelAttribute2.isDefined()) {
                    List<ModelNode> asList = resolveModelAttribute2.asList();
                    strArr = new String[asList.size()];
                    for (int i = 0; i < asList.size(); i++) {
                        strArr[i] = asList.get(i).asString();
                    }
                } else {
                    strArr = new String[0];
                }
                ServiceName createServiceName2 = KeytabService.ServiceUtil.createServiceName(str, name);
                ServiceBuilder<?> addService2 = serviceTarget.addService(createServiceName2);
                Consumer<V> provides = addService2.provides(createServiceName2);
                Supplier supplier = null;
                if (asString2 != null) {
                    supplier = addService2.requires(operationContext.getCapabilityServiceName(PATH_MANAGER_CAPABILITY, PathManager.class));
                    addService2.requires(pathName(asString2));
                }
                addService2.setInstance(new KeytabService(provides, supplier, name, asString, asString2, strArr, asBoolean));
                addService2.setInitialMode(ServiceController.Mode.ON_DEMAND);
                addService2.install();
                keytabIdentityFactoryService.addKeytabSupplier(KeytabService.ServiceUtil.requires(addService, str, name));
            }
        }
        addService.install();
        return KeytabIdentityFactoryService.ServiceUtil.requires(serviceBuilder, str);
    }

    private Supplier<CallbackHandlerService> addUsersService(OperationContext operationContext, ModelNode modelNode, String str, ServiceTarget serviceTarget, ServiceBuilder<?> serviceBuilder) throws OperationFailedException {
        ServiceName createServiceName = UserDomainCallbackHandler.ServiceUtil.createServiceName(str);
        ServiceBuilder<?> addService = serviceTarget.addService(createServiceName);
        addService.setInstance(new UserDomainCallbackHandler(addService.provides(createServiceName), unmaskUsersCredentials(operationContext, addService, modelNode.m13848clone()), str, unmaskUsersPasswords(operationContext, modelNode)));
        addService.setInitialMode(ServiceController.Mode.ON_DEMAND);
        addService.install();
        return CallbackHandlerService.ServiceUtil.requires(serviceBuilder, createServiceName);
    }

    private static ServiceName pathName(String str) {
        return ServiceName.JBOSS.append("server", "path", str);
    }

    private ModelNode unmaskUsersPasswords(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        ModelNode m13848clone = modelNode.m13848clone();
        Iterator<Property> it = m13848clone.get("user").asPropertyList().iterator();
        while (it.hasNext()) {
            ModelNode modelNode2 = m13848clone.get("user", it.next().getName());
            if (modelNode2.hasDefined("password")) {
                modelNode2.set("password", operationContext.resolveExpressions(modelNode2.get("password")).asString());
            }
        }
        return m13848clone;
    }

    private Map<String, ExceptionSupplier<CredentialSource, Exception>> unmaskUsersCredentials(OperationContext operationContext, ServiceBuilder<?> serviceBuilder, ModelNode modelNode) throws OperationFailedException {
        HashMap hashMap = new HashMap();
        for (Property property : modelNode.get("user").asPropertyList()) {
            ModelNode modelNode2 = modelNode.get("user", property.getName());
            if (modelNode2.hasDefined(CredentialReference.CREDENTIAL_REFERENCE)) {
                hashMap.put(property.getName(), CredentialReference.getCredentialSourceSupplier(operationContext, UserResourceDefinition.CREDENTIAL_REFERENCE, modelNode2, serviceBuilder, "authentication.users.user." + property.getName()));
            }
        }
        return hashMap;
    }

    private static Map<String, String> resolveProperties(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        Map<String, String> emptyMap;
        if (modelNode.hasDefined("property")) {
            List<Property> asPropertyList = modelNode.require("property").asPropertyList();
            HashMap hashMap = new HashMap(asPropertyList.size());
            for (Property property : asPropertyList) {
                String name = property.getName();
                ModelNode resolveModelAttribute = PropertyResourceDefinition.VALUE.resolveModelAttribute(operationContext, property.getValue());
                hashMap.put(name, resolveModelAttribute.isDefined() ? resolveModelAttribute.asString() : null);
            }
            emptyMap = Collections.unmodifiableMap(hashMap);
        } else {
            emptyMap = Collections.emptyMap();
        }
        return emptyMap;
    }
}
