package org.jboss.as.controller.access.management;

import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.access.Authorizer;
import org.jboss.as.controller.access.AuthorizerConfiguration;
import org.jboss.as.controller.access.Caller;
import org.jboss.as.controller.access.CombinationPolicy;
import org.jboss.as.controller.access.rbac.StandardRBACAuthorizer;

/* loaded from: input_file:m2repo/org/wildfly/core/wildfly-controller/3.0.8.Final/wildfly-controller-3.0.8.Final.jar:org/jboss/as/controller/access/management/WritableAuthorizerConfiguration.class */
public class WritableAuthorizerConfiguration implements AuthorizerConfiguration, AccessConstraintUtilizationRegistry {
    private volatile boolean useIdentityRoles;
    private volatile boolean nonFacadeMBeansSensitive;
    private volatile Authorizer.AuthorizerDescription authorizerDescription;
    private volatile RoleMaps roleMaps;
    static final /* synthetic */ boolean $assertionsDisabled;
    private volatile Map<String, RoleMappingImpl> roleMappings = new HashMap();
    private final Map<Object, RoleMappingImpl> removedRoles = new WeakHashMap();
    private final Map<AccessConstraintKey, Map<PathAddress, AccessConstraintUtilization>> accessConstraintUtilization = new HashMap();
    private volatile CombinationPolicy combinationPolicy = CombinationPolicy.PERMISSIVE;
    private final Set<AuthorizerConfiguration.ScopedRoleListener> scopedRoleListeners = new LinkedHashSet();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:m2repo/org/wildfly/core/wildfly-controller/3.0.8.Final/wildfly-controller-3.0.8.Final.jar:org/jboss/as/controller/access/management/WritableAuthorizerConfiguration$MappingPrincipalImpl.class */
    public static final class MappingPrincipalImpl implements AuthorizerConfiguration.MappingPrincipal {
        private final AuthorizerConfiguration.PrincipalType type;
        private final String realm;
        private final String name;
        private final int hashCode;

        private MappingPrincipalImpl(AuthorizerConfiguration.PrincipalType principalType, String str, String str2) {
            this.type = principalType;
            this.name = str;
            this.realm = str2;
            this.hashCode = principalType.ordinal() * str.hashCode() * (str2 == null ? 31 : str2.hashCode());
        }

        @Override // org.jboss.as.controller.access.AuthorizerConfiguration.MappingPrincipal
        public AuthorizerConfiguration.PrincipalType getType() {
            return this.type;
        }

        @Override // org.jboss.as.controller.access.AuthorizerConfiguration.MappingPrincipal
        public String getRealm() {
            return this.realm;
        }

        @Override // org.jboss.as.controller.access.AuthorizerConfiguration.MappingPrincipal
        public String getName() {
            return this.name;
        }

        public int hashCode() {
            return this.hashCode;
        }

        public boolean equals(Object obj) {
            return (obj instanceof MappingPrincipalImpl) && equals((MappingPrincipalImpl) obj);
        }

        private boolean equals(MappingPrincipalImpl mappingPrincipalImpl) {
            return this.type == mappingPrincipalImpl.type && this.name.equals(mappingPrincipalImpl.name) && (this.realm != null ? this.realm.equals(mappingPrincipalImpl.realm) : mappingPrincipalImpl.realm == null);
        }

        public String toString() {
            return "Principal [type=" + this.type + ", realm=" + this.realm + ", name=" + this.name + "]";
        }
    }

    /* loaded from: input_file:m2repo/org/wildfly/core/wildfly-controller/3.0.8.Final/wildfly-controller-3.0.8.Final.jar:org/jboss/as/controller/access/management/WritableAuthorizerConfiguration$MatchType.class */
    public enum MatchType {
        EXCLUDE,
        INCLUDE
    }

    /* loaded from: input_file:m2repo/org/wildfly/core/wildfly-controller/3.0.8.Final/wildfly-controller-3.0.8.Final.jar:org/jboss/as/controller/access/management/WritableAuthorizerConfiguration$RoleMappingImpl.class */
    private static final class RoleMappingImpl implements AuthorizerConfiguration.RoleMapping {
        private final String name;
        private boolean includeAll;
        private volatile Set<AuthorizerConfiguration.MappingPrincipal> includes;
        private volatile Set<AuthorizerConfiguration.MappingPrincipal> excludes;

        private RoleMappingImpl(String str) {
            this.includes = new HashSet();
            this.excludes = new HashSet();
            this.name = str;
        }

        @Override // org.jboss.as.controller.access.AuthorizerConfiguration.RoleMapping
        public String getName() {
            return this.name;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder("[Role name='" + this.name + "' ");
            sb.append("{Includes = ");
            Iterator<AuthorizerConfiguration.MappingPrincipal> it = this.includes.iterator();
            while (it.hasNext()) {
                sb.append(it.next().toString());
            }
            sb.append("}");
            sb.append("{Excludes = ");
            Iterator<AuthorizerConfiguration.MappingPrincipal> it2 = this.excludes.iterator();
            while (it2.hasNext()) {
                sb.append(it2.next().toString());
            }
            sb.append("}");
            sb.append("]");
            return sb.toString();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean addPrincipalImmediate(AuthorizerConfiguration.MappingPrincipal mappingPrincipal, MatchType matchType) {
            Set<AuthorizerConfiguration.MappingPrincipal> set = getSet(matchType, true);
            try {
                boolean add = set.add(mappingPrincipal);
                setSet(set, matchType, true);
                return add;
            } catch (Throwable th) {
                setSet(set, matchType, true);
                throw th;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized boolean addPrincipal(AuthorizerConfiguration.MappingPrincipal mappingPrincipal, MatchType matchType) {
            Set<AuthorizerConfiguration.MappingPrincipal> set = getSet(matchType, false);
            try {
                boolean add = set.add(mappingPrincipal);
                setSet(set, matchType, false);
                return add;
            } catch (Throwable th) {
                setSet(set, matchType, false);
                throw th;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void setIncludeAll(boolean z) {
            this.includeAll = z;
        }

        @Override // org.jboss.as.controller.access.AuthorizerConfiguration.RoleMapping
        public boolean includeAllAuthedUsers() {
            return this.includeAll;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public synchronized boolean removePrincipal(AuthorizerConfiguration.MappingPrincipal mappingPrincipal, MatchType matchType) {
            Set<AuthorizerConfiguration.MappingPrincipal> set = getSet(matchType, false);
            try {
                boolean remove = set.remove(mappingPrincipal);
                setSet(set, matchType, false);
                return remove;
            } catch (Throwable th) {
                setSet(set, matchType, false);
                throw th;
            }
        }

        @Override // org.jboss.as.controller.access.AuthorizerConfiguration.RoleMapping
        public AuthorizerConfiguration.MappingPrincipal isIncluded(Caller caller) {
            return isInSet(caller, this.includes);
        }

        @Override // org.jboss.as.controller.access.AuthorizerConfiguration.RoleMapping
        public AuthorizerConfiguration.MappingPrincipal isExcluded(Caller caller) {
            return isInSet(caller, this.excludes);
        }

        private AuthorizerConfiguration.MappingPrincipal isInSet(Caller caller, Set<AuthorizerConfiguration.MappingPrincipal> set) {
            String str = null;
            String str2 = null;
            Set<String> set2 = null;
            for (AuthorizerConfiguration.MappingPrincipal mappingPrincipal : set) {
                String realm = mappingPrincipal.getRealm();
                switch (mappingPrincipal.getType()) {
                    case USER:
                        if (realm == null) {
                            String name = mappingPrincipal.getName();
                            String accountName = getAccountName(caller, str);
                            str = accountName;
                            if (name.equals(accountName)) {
                                return mappingPrincipal;
                            }
                            break;
                        } else {
                            String name2 = mappingPrincipal.getName();
                            String accountName2 = getAccountName(caller, str);
                            str = accountName2;
                            if (name2.equals(accountName2)) {
                                String realmName = getRealmName(caller, str2);
                                str2 = realmName;
                                if (realm.equals(realmName)) {
                                    return mappingPrincipal;
                                }
                                break;
                            } else {
                                continue;
                            }
                        }
                    case GROUP:
                        if (realm == null) {
                            Set<String> groups = getGroups(caller, set2);
                            set2 = groups;
                            if (groups.contains(mappingPrincipal.getName())) {
                                return mappingPrincipal;
                            }
                            break;
                        } else {
                            Set<String> groups2 = getGroups(caller, set2);
                            set2 = groups2;
                            if (groups2.contains(mappingPrincipal.getName())) {
                                String realmName2 = getRealmName(caller, str2);
                                str2 = realmName2;
                                if (realm.equals(realmName2)) {
                                    return mappingPrincipal;
                                }
                                break;
                            } else {
                                continue;
                            }
                        }
                }
            }
            return null;
        }

        private String getAccountName(Caller caller, String str) {
            return str != null ? str : caller.getName();
        }

        private String getRealmName(Caller caller, String str) {
            return str != null ? str : caller.getRealm();
        }

        private Set<String> getGroups(Caller caller, Set<String> set) {
            return set != null ? set : caller.getAssociatedGroups();
        }

        private Set<AuthorizerConfiguration.MappingPrincipal> getSet(MatchType matchType, boolean z) {
            Set<AuthorizerConfiguration.MappingPrincipal> set;
            switch (matchType) {
                case INCLUDE:
                    set = this.includes;
                    break;
                default:
                    set = this.excludes;
                    break;
            }
            return z ? set : new HashSet(set);
        }

        private void setSet(Set<AuthorizerConfiguration.MappingPrincipal> set, MatchType matchType, boolean z) {
            if (z) {
                return;
            }
            switch (matchType) {
                case INCLUDE:
                    this.includes = Collections.unmodifiableSet(set);
                    return;
                case EXCLUDE:
                    this.excludes = Collections.unmodifiableSet(set);
                    return;
                default:
                    return;
            }
        }
    }

    /* loaded from: input_file:m2repo/org/wildfly/core/wildfly-controller/3.0.8.Final/wildfly-controller-3.0.8.Final.jar:org/jboss/as/controller/access/management/WritableAuthorizerConfiguration$RoleMaps.class */
    private static class RoleMaps {
        private final Set<String> standardRoles;
        private final Map<String, AuthorizerConfiguration.ScopedRole> scopedRoles;
        private final Set<String> allRoles;
        private final Set<String> canonicalRoles;

        private RoleMaps(Set<String> set, Map<String, AuthorizerConfiguration.ScopedRole> map) {
            this.standardRoles = set;
            this.scopedRoles = map;
            HashSet hashSet = new HashSet();
            hashSet.addAll(set);
            hashSet.addAll(map.keySet());
            this.allRoles = Collections.unmodifiableSet(hashSet);
            HashSet hashSet2 = new HashSet();
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                hashSet2.add(WritableAuthorizerConfiguration.getOfficialForm((String) it.next()));
            }
            this.canonicalRoles = Collections.unmodifiableSet(hashSet2);
        }
    }

    public WritableAuthorizerConfiguration(Authorizer.AuthorizerDescription authorizerDescription) {
        this.authorizerDescription = authorizerDescription;
        this.roleMaps = new RoleMaps(authorizerDescription.getStandardRoles(), Collections.emptyMap());
    }

    public synchronized void reset() {
        this.authorizerDescription = StandardRBACAuthorizer.AUTHORIZER_DESCRIPTION;
        this.nonFacadeMBeansSensitive = false;
        this.useIdentityRoles = false;
        this.roleMappings = new HashMap();
        RoleMaps roleMaps = this.roleMaps;
        this.roleMaps = new RoleMaps(this.authorizerDescription.getStandardRoles(), Collections.emptyMap());
        for (AuthorizerConfiguration.ScopedRole scopedRole : roleMaps.scopedRoles.values()) {
            Iterator<AuthorizerConfiguration.ScopedRoleListener> it = this.scopedRoleListeners.iterator();
            while (it.hasNext()) {
                try {
                    it.next().scopedRoleRemoved(scopedRole);
                } catch (Exception e) {
                }
            }
        }
    }

    @Override // org.jboss.as.controller.access.AuthorizerConfiguration
    public synchronized void registerScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener scopedRoleListener) {
        this.scopedRoleListeners.add(scopedRoleListener);
    }

    @Override // org.jboss.as.controller.access.AuthorizerConfiguration
    public synchronized void unregisterScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener scopedRoleListener) {
        this.scopedRoleListeners.remove(scopedRoleListener);
    }

    @Override // org.jboss.as.controller.access.AuthorizerConfiguration
    public CombinationPolicy getPermissionCombinationPolicy() {
        return this.combinationPolicy;
    }

    @Override // org.jboss.as.controller.access.AuthorizerConfiguration
    public boolean isRoleBased() {
        return this.authorizerDescription.isRoleBased();
    }

    @Override // org.jboss.as.controller.access.AuthorizerConfiguration
    public boolean isMapUsingIdentityRoles() {
        return this.useIdentityRoles;
    }

    @Override // org.jboss.as.controller.access.AuthorizerConfiguration
    public Set<String> getStandardRoles() {
        return this.roleMaps.standardRoles;
    }

    @Override // org.jboss.as.controller.access.AuthorizerConfiguration
    public Map<String, AuthorizerConfiguration.ScopedRole> getScopedRoles() {
        return this.roleMaps.scopedRoles;
    }

    @Override // org.jboss.as.controller.access.AuthorizerConfiguration
    public Set<String> getAllRoles() {
        return this.roleMaps.allRoles;
    }

    @Override // org.jboss.as.controller.access.AuthorizerConfiguration
    public boolean hasRole(String str) {
        return this.roleMaps.canonicalRoles.contains(getOfficialForm(str));
    }

    @Override // org.jboss.as.controller.access.AuthorizerConfiguration
    public Map<String, AuthorizerConfiguration.RoleMapping> getRoleMappings() {
        return Collections.unmodifiableMap(this.roleMappings);
    }

    public void setUseIdentityRoles(boolean z) {
        this.useIdentityRoles = z;
    }

    public synchronized void addScopedRole(AuthorizerConfiguration.ScopedRole scopedRole) {
        Iterator<AuthorizerConfiguration.ScopedRoleListener> it = this.scopedRoleListeners.iterator();
        while (it.hasNext()) {
            it.next().scopedRoleAdded(scopedRole);
        }
        HashMap hashMap = new HashMap(this.roleMaps.scopedRoles);
        hashMap.put(scopedRole.getName(), scopedRole);
        this.roleMaps = new RoleMaps(this.roleMaps.standardRoles, hashMap);
    }

    public synchronized void removeScopedRole(String str) {
        HashMap hashMap = new HashMap(this.roleMaps.scopedRoles);
        AuthorizerConfiguration.ScopedRole scopedRole = (AuthorizerConfiguration.ScopedRole) hashMap.remove(str);
        this.roleMaps = new RoleMaps(this.roleMaps.standardRoles, hashMap);
        if (scopedRole != null) {
            Iterator<AuthorizerConfiguration.ScopedRoleListener> it = this.scopedRoleListeners.iterator();
            while (it.hasNext()) {
                it.next().scopedRoleRemoved(scopedRole);
            }
        }
    }

    @Override // org.jboss.as.controller.access.AuthorizerConfiguration
    public boolean isNonFacadeMBeansSensitive() {
        return this.nonFacadeMBeansSensitive;
    }

    public void addRoleMappingImmediate(String str) {
        this.roleMappings.put(str, new RoleMappingImpl(str));
    }

    public synchronized void addRoleMapping(String str) {
        HashMap hashMap = new HashMap(this.roleMappings);
        if (hashMap.containsKey(str)) {
            return;
        }
        hashMap.put(str, new RoleMappingImpl(str));
        this.roleMappings = Collections.unmodifiableMap(hashMap);
    }

    public synchronized Object removeRoleMapping(String str) {
        HashMap hashMap = new HashMap(this.roleMappings);
        if (!hashMap.containsKey(str)) {
            return null;
        }
        RoleMappingImpl roleMappingImpl = (RoleMappingImpl) hashMap.remove(str);
        Object obj = new Object();
        this.removedRoles.put(obj, roleMappingImpl);
        this.roleMappings = Collections.unmodifiableMap(hashMap);
        return obj;
    }

    public synchronized boolean undoRoleMappingRemove(Object obj) {
        HashMap hashMap = new HashMap(this.roleMappings);
        RoleMappingImpl remove = this.removedRoles.remove(obj);
        if (remove == null || hashMap.containsKey(remove.getName())) {
            return false;
        }
        hashMap.put(remove.getName(), remove);
        this.roleMappings = Collections.unmodifiableMap(hashMap);
        return true;
    }

    public void setRoleMappingIncludeAll(String str, boolean z) {
        this.roleMappings.get(str).setIncludeAll(z);
    }

    public boolean addRoleMappingPrincipal(String str, AuthorizerConfiguration.PrincipalType principalType, MatchType matchType, String str2, String str3, boolean z) {
        RoleMappingImpl roleMappingImpl = this.roleMappings.get(str);
        if (roleMappingImpl != null) {
            return z ? roleMappingImpl.addPrincipalImmediate(createPrincipal(principalType, str2, str3), matchType) : roleMappingImpl.addPrincipal(createPrincipal(principalType, str2, str3), matchType);
        }
        return false;
    }

    public boolean removeRoleMappingPrincipal(String str, AuthorizerConfiguration.PrincipalType principalType, MatchType matchType, String str2, String str3) {
        RoleMappingImpl roleMappingImpl = this.roleMappings.get(str);
        if (roleMappingImpl != null) {
            return roleMappingImpl.removePrincipal(createPrincipal(principalType, str2, str3), matchType);
        }
        return false;
    }

    public AuthorizerConfiguration.MappingPrincipal createPrincipal(AuthorizerConfiguration.PrincipalType principalType, String str, String str2) {
        return new MappingPrincipalImpl(principalType, str, str2);
    }

    public void setPermissionCombinationPolicy(CombinationPolicy combinationPolicy) {
        if (!$assertionsDisabled && combinationPolicy == null) {
            throw new AssertionError("combinationPolicy is null");
        }
        this.combinationPolicy = combinationPolicy;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setNonFacadeMBeansSensitive(boolean z) {
        this.nonFacadeMBeansSensitive = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized void setAuthorizerDescription(Authorizer.AuthorizerDescription authorizerDescription) {
        this.authorizerDescription = authorizerDescription;
        this.roleMaps = new RoleMaps(authorizerDescription.getStandardRoles(), this.roleMaps.scopedRoles);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String getOfficialForm(String str) {
        if (str == null) {
            return null;
        }
        return str.toUpperCase(Locale.ENGLISH);
    }

    @Override // org.jboss.as.controller.access.management.AccessConstraintUtilizationRegistry
    public synchronized Map<PathAddress, AccessConstraintUtilization> getAccessConstraintUtilizations(AccessConstraintKey accessConstraintKey) {
        Map<PathAddress, AccessConstraintUtilization> accessConstraintUtilizations = getAccessConstraintUtilizations(accessConstraintKey, false);
        return accessConstraintUtilizations == null ? Collections.emptyMap() : Collections.unmodifiableMap(accessConstraintUtilizations);
    }

    private Map<PathAddress, AccessConstraintUtilization> getAccessConstraintUtilizations(AccessConstraintKey accessConstraintKey, boolean z) {
        Map<PathAddress, AccessConstraintUtilization> map = this.accessConstraintUtilization.get(accessConstraintKey);
        if (map == null && z) {
            map = new HashMap();
            this.accessConstraintUtilization.put(accessConstraintKey, map);
        }
        return map;
    }

    @Override // org.jboss.as.controller.access.management.AccessConstraintUtilizationRegistry
    public synchronized void registerAccessConstraintResourceUtilization(AccessConstraintKey accessConstraintKey, PathAddress pathAddress) {
        getAccessConstraintUtilizationImpl(accessConstraintKey, pathAddress).setResourceConstrained(true);
    }

    @Override // org.jboss.as.controller.access.management.AccessConstraintUtilizationRegistry
    public synchronized void registerAccessConstraintAttributeUtilization(AccessConstraintKey accessConstraintKey, PathAddress pathAddress, String str) {
        getAccessConstraintUtilizationImpl(accessConstraintKey, pathAddress).addAttribute(str);
    }

    @Override // org.jboss.as.controller.access.management.AccessConstraintUtilizationRegistry
    public synchronized void registerAccessConstraintOperationUtilization(AccessConstraintKey accessConstraintKey, PathAddress pathAddress, String str) {
        getAccessConstraintUtilizationImpl(accessConstraintKey, pathAddress).addOperation(str);
    }

    @Override // org.jboss.as.controller.access.management.AccessConstraintUtilizationRegistry
    public synchronized void unregisterAccessConstraintUtilizations(PathAddress pathAddress) {
        Iterator<Map<PathAddress, AccessConstraintUtilization>> it = this.accessConstraintUtilization.values().iterator();
        while (it.hasNext()) {
            it.next().remove(pathAddress);
        }
    }

    private AccessConstraintUtilizationImpl getAccessConstraintUtilizationImpl(AccessConstraintKey accessConstraintKey, PathAddress pathAddress) {
        Map<PathAddress, AccessConstraintUtilization> accessConstraintUtilizations = getAccessConstraintUtilizations(accessConstraintKey, true);
        AccessConstraintUtilizationImpl accessConstraintUtilizationImpl = (AccessConstraintUtilizationImpl) accessConstraintUtilizations.get(pathAddress);
        if (accessConstraintUtilizationImpl == null) {
            if (accessConstraintKey.isCore() && ApplicationTypeAccessConstraintDefinition.DEPLOYMENT.getName().equals(accessConstraintKey.getName()) && ApplicationTypeAccessConstraintDefinition.DEPLOYMENT.getType().equals(accessConstraintKey.getType()) && !$assertionsDisabled && pathAddress.toString().contains("subsystem")) {
                throw new AssertionError("Invalid use of " + accessConstraintKey + " in a subsystem; reserved for core use");
            }
            accessConstraintUtilizationImpl = new AccessConstraintUtilizationImpl(accessConstraintKey, pathAddress);
            accessConstraintUtilizations.put(pathAddress, accessConstraintUtilizationImpl);
        }
        return accessConstraintUtilizationImpl;
    }

    static {
        $assertionsDisabled = !WritableAuthorizerConfiguration.class.desiredAssertionStatus();
    }
}
