package org.jboss.as.controller.access.constraint;

import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.access.Action;
import org.jboss.as.controller.access.JmxAction;
import org.jboss.as.controller.access.JmxTarget;
import org.jboss.as.controller.access.TargetAttribute;
import org.jboss.as.controller.access.TargetResource;
import org.jboss.as.controller.access.rbac.StandardRole;
import org.jboss.as.controller.descriptions.ModelDescriptionConstants;

/* loaded from: input_file:WEB-INF/lib/wildfly-controller-17.0.0.Final.jar:org/jboss/as/controller/access/constraint/TopRoleConstraint.class */
public class TopRoleConstraint extends AllowAllowNotConstraint {
    private static final PathElement MGMT_ELEMENT = PathElement.pathElement(ModelDescriptionConstants.CORE_SERVICE, ModelDescriptionConstants.MANAGEMENT);
    private static final PathElement AUTHZ_ELEMENT = PathElement.pathElement("access", "authorization");
    public static final ConstraintFactory FACTORY = new Factory();
    private static final TopRoleConstraint TOP_ROLE = new TopRoleConstraint(true);
    private static final TopRoleConstraint NOT_TOP_ROLE = new TopRoleConstraint(false);
    private static final TopRoleConstraint ALLOWS = new TopRoleConstraint(true, true);
    private static final TopRoleConstraint DISALLOWS = new TopRoleConstraint(false, true);

    /* loaded from: input_file:WEB-INF/lib/wildfly-controller-17.0.0.Final.jar:org/jboss/as/controller/access/constraint/TopRoleConstraint$Factory.class */
    static class Factory extends AbstractConstraintFactory {
        Factory() {
        }

        @Override // org.jboss.as.controller.access.constraint.ConstraintFactory
        public Constraint getStandardUserConstraint(StandardRole standardRole, Action.ActionEffect actionEffect) {
            if ((actionEffect == Action.ActionEffect.WRITE_CONFIG || actionEffect == Action.ActionEffect.WRITE_RUNTIME) && standardRole != StandardRole.SUPERUSER) {
                return TopRoleConstraint.DISALLOWS;
            }
            return TopRoleConstraint.ALLOWS;
        }

        @Override // org.jboss.as.controller.access.constraint.ConstraintFactory
        public Constraint getRequiredConstraint(Action.ActionEffect actionEffect, Action action, TargetAttribute targetAttribute) {
            return getRequiredConstraint(actionEffect, action, targetAttribute.getTargetResource());
        }

        @Override // org.jboss.as.controller.access.constraint.ConstraintFactory
        public Constraint getRequiredConstraint(Action.ActionEffect actionEffect, Action action, TargetResource targetResource) {
            return isTopRole(targetResource) ? TopRoleConstraint.TOP_ROLE : TopRoleConstraint.NOT_TOP_ROLE;
        }

        private boolean isTopRole(TargetResource targetResource) {
            return isTopRole(targetResource.getResourceAddress());
        }

        private boolean isTopRole(PathAddress pathAddress) {
            if (pathAddress.size() < 3 || !TopRoleConstraint.MGMT_ELEMENT.equals(pathAddress.getElement(0)) || !TopRoleConstraint.AUTHZ_ELEMENT.equals(pathAddress.getElement(1))) {
                return false;
            }
            PathElement element = pathAddress.getElement(2);
            if (!"role-mapping".equals(element.getKey())) {
                return false;
            }
            String value = element.getValue();
            return StandardRole.AUDITOR.name().equalsIgnoreCase(value) || StandardRole.SUPERUSER.name().equalsIgnoreCase(value);
        }

        @Override // org.jboss.as.controller.access.constraint.AbstractConstraintFactory
        protected int internalCompare(AbstractConstraintFactory abstractConstraintFactory) {
            return 0;
        }

        @Override // org.jboss.as.controller.access.constraint.ConstraintFactory
        public Constraint getRequiredConstraint(Action.ActionEffect actionEffect, JmxAction jmxAction, JmxTarget jmxTarget) {
            return TopRoleConstraint.NOT_TOP_ROLE;
        }
    }

    private TopRoleConstraint(boolean z) {
        super(z);
    }

    private TopRoleConstraint(boolean z, boolean z2) {
        super(z, z2);
    }
}
