package org.jboss.as.test.integration.security.common;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.client.ModelControllerClient;
import org.jboss.as.controller.operations.common.Util;
import org.jboss.as.test.integration.security.common.config.realm.Authentication;
import org.jboss.as.test.integration.security.common.config.realm.Authorization;
import org.jboss.as.test.integration.security.common.config.realm.CredentialReference;
import org.jboss.as.test.integration.security.common.config.realm.LdapAuthentication;
import org.jboss.as.test.integration.security.common.config.realm.RealmKeystore;
import org.jboss.as.test.integration.security.common.config.realm.SecurityRealm;
import org.jboss.as.test.integration.security.common.config.realm.ServerIdentity;
import org.jboss.dmr.ModelNode;
import org.jboss.logging.Logger;
import org.wildfly.core.testrunner.ManagementClient;
import org.wildfly.core.testrunner.ServerSetupTask;

/* loaded from: input_file:org/jboss/as/test/integration/security/common/AbstractBaseSecurityRealmsServerSetupTask.class */
public abstract class AbstractBaseSecurityRealmsServerSetupTask implements ServerSetupTask {
    private static final Logger LOGGER = Logger.getLogger(AbstractBaseSecurityRealmsServerSetupTask.class);
    private static final String KEYSTORE_PATH = "keystore-path";
    private SecurityRealm[] securityRealms;

    public void setup(ManagementClient managementClient) throws Exception {
        setup(managementClient.getControllerClient());
    }

    public void tearDown(ManagementClient managementClient) throws Exception {
        tearDown(managementClient.getControllerClient());
    }

    @Deprecated
    public void tearDown(ModelControllerClient modelControllerClient, String str) throws Exception {
        tearDown(modelControllerClient);
    }

    @Deprecated
    public void setup(ModelControllerClient modelControllerClient, String str) throws Exception {
        setup(modelControllerClient);
    }

    protected void setup(ModelControllerClient modelControllerClient) throws Exception {
        this.securityRealms = getSecurityRealms();
        if (this.securityRealms == null || this.securityRealms.length == 0) {
            LOGGER.warn("Empty security realm configuration.");
            return;
        }
        LinkedList linkedList = new LinkedList();
        for (SecurityRealm securityRealm : this.securityRealms) {
            String name = securityRealm.getName();
            LOGGER.info("Adding security realm " + name);
            ModelNode modelNode = new ModelNode();
            modelNode.get("operation").set("composite");
            modelNode.get("address").setEmptyList();
            ModelNode modelNode2 = modelNode.get("steps");
            PathAddress append = getBaseAddress().append("core-service", "management").append("security-realm", name);
            modelNode2.add(Util.createAddOperation(append));
            ServerIdentity serverIdentity = securityRealm.getServerIdentity();
            if (serverIdentity != null) {
                if (StringUtils.isNotEmpty(serverIdentity.getSecret())) {
                    ModelNode createAddOperation = Util.createAddOperation(append.append("server-identity", "secret"));
                    createAddOperation.get(Constants.VALUE).set(serverIdentity.getSecret());
                    createAddOperation.get(new String[]{"operation-headers", "allow-resource-service-restart"}).set(true);
                    modelNode2.add(createAddOperation);
                }
                RealmKeystore ssl = serverIdentity.getSsl();
                if (ssl != null) {
                    ModelNode createAddOperation2 = Util.createAddOperation(append.append("server-identity", "ssl"));
                    createAddOperation2.get(KEYSTORE_PATH).set(ssl.getKeystorePath());
                    if (StringUtils.isNotEmpty(ssl.getKeystorePassword())) {
                        createAddOperation2.get(Constants.KEYSTORE_PASSWORD).set(ssl.getKeystorePassword());
                    } else {
                        createAddOperation2.get(Constants.KEYSTORE_PASSWORD_CREDENTIAL_REFERENCE).set(getCredentialReferenceModelNode(ssl.getKeystorePasswordCredentialReference()));
                    }
                    if (StringUtils.isNotEmpty(ssl.getKeyPassword())) {
                        createAddOperation2.get(Constants.KEY_PASSWORD).set(ssl.getKeyPassword());
                    } else if (ssl.getKeyPasswordCredentialReference() != null) {
                        createAddOperation2.get(Constants.KEY_PASSWORD_CREDENTIAL_REFERENCE).set(getCredentialReferenceModelNode(ssl.getKeyPasswordCredentialReference()));
                    }
                    if (StringUtils.isNotEmpty(ssl.getAlias())) {
                        createAddOperation2.get(Constants.ALIAS).set(ssl.getAlias());
                    }
                    if (StringUtils.isNotEmpty(ssl.getProvider())) {
                        createAddOperation2.get(Constants.KEYSTORE_PROVIDER).set(ssl.getProvider());
                    }
                    createAddOperation2.get(new String[]{"operation-headers", "allow-resource-service-restart"}).set(true);
                    modelNode2.add(createAddOperation2);
                }
            }
            Authentication authentication = securityRealm.getAuthentication();
            if (authentication != null) {
                RealmKeystore truststore = authentication.getTruststore();
                if (truststore != null) {
                    ModelNode createAddOperation3 = Util.createAddOperation(append.append(Constants.AUTHENTICATION, Constants.TRUSTSTORE));
                    createAddOperation3.get(KEYSTORE_PATH).set(truststore.getKeystorePath());
                    if (StringUtils.isNotEmpty(truststore.getKeystorePassword())) {
                        createAddOperation3.get(Constants.KEYSTORE_PASSWORD).set(truststore.getKeystorePassword());
                    } else {
                        createAddOperation3.get(Constants.KEYSTORE_PASSWORD_CREDENTIAL_REFERENCE).set(getCredentialReferenceModelNode(truststore.getKeystorePasswordCredentialReference()));
                    }
                    if (StringUtils.isNotEmpty(truststore.getProvider())) {
                        createAddOperation3.get(Constants.KEYSTORE_PROVIDER).set(truststore.getProvider());
                    }
                    createAddOperation3.get(new String[]{"operation-headers", "allow-resource-service-restart"}).set(true);
                    modelNode2.add(createAddOperation3);
                }
                LdapAuthentication ldap = authentication.getLdap();
                if (ldap != null) {
                    ModelNode createAddOperation4 = Util.createAddOperation(getBaseAddress().append("core-service", "management").append("ldap-connection", ldap.getConnection()));
                    setModelAttribute(createAddOperation4, "search-dn", ldap.getSearchDn());
                    setModelAttribute(createAddOperation4, "search-credential", ldap.getSearchCredential());
                    setModelAttribute(createAddOperation4, "security-realm", ldap.getSecurityRealm());
                    setModelAttribute(createAddOperation4, Constants.URL, ldap.getUrl());
                    setModelAttribute(createAddOperation4, "initial-context-factory", ldap.getInitialContextFactory());
                    setModelAttribute(createAddOperation4, "always-send-client-cert", Boolean.valueOf(ldap.isAlwaysSendClientCert()));
                    createAddOperation4.get(new String[]{"operation-headers", "allow-resource-service-restart"}).set(true);
                    modelNode2.add(createAddOperation4);
                    ModelNode createAddOperation5 = Util.createAddOperation(append.append(Constants.AUTHENTICATION, "ldap"));
                    setModelAttribute(createAddOperation5, "connection", ldap.getConnection());
                    setModelAttribute(createAddOperation5, "advanced-filter", ldap.getAdvancedFilter());
                    setModelAttribute(createAddOperation5, "base-dn", ldap.getBaseDn());
                    setModelAttribute(createAddOperation5, "user-dn", ldap.getUserDn());
                    setModelAttribute(createAddOperation5, "recursive", ldap.getRecursive());
                    setModelAttribute(createAddOperation5, "username-attribute", ldap.getUsernameAttribute());
                    setModelAttribute(createAddOperation5, "allow-empty-passwords", ldap.getAllowEmptyPasswords());
                    createAddOperation5.get(new String[]{"operation-headers", "allow-resource-service-restart"}).set(true);
                    modelNode2.add(createAddOperation5);
                }
            }
            Authorization authorization = securityRealm.getAuthorization();
            if (authorization != null) {
                ModelNode createAddOperation6 = Util.createAddOperation(append.append(Constants.AUTHORIZATION, "properties"));
                setModelAttribute(createAddOperation6, "path", authorization.getPath());
                setModelAttribute(createAddOperation6, "relative-to", authorization.getRelativeTo());
                createAddOperation6.get(new String[]{"operation-headers", "allow-resource-service-restart"}).set(true);
                modelNode2.add(createAddOperation6);
            }
            linkedList.add(modelNode);
        }
        CoreUtils.applyUpdates(linkedList, modelControllerClient);
    }

    protected void tearDown(ModelControllerClient modelControllerClient) throws Exception {
        if (this.securityRealms == null || this.securityRealms.length == 0) {
            LOGGER.warn("Empty security realms configuration.");
            return;
        }
        ArrayList arrayList = new ArrayList();
        List<SecurityRealm> asList = Arrays.asList(this.securityRealms);
        Collections.reverse(asList);
        for (SecurityRealm securityRealm : asList) {
            String name = securityRealm.getName();
            if (LOGGER.isInfoEnabled()) {
                LOGGER.info("Removing security realm " + name);
            }
            ModelNode createRemoveOperation = Util.createRemoveOperation(getBaseAddress().append("core-service", "management").append("security-realm", name));
            createRemoveOperation.get(new String[]{"operation-headers", "rollback-on-runtime-failure"}).set(false);
            createRemoveOperation.get(new String[]{"operation-headers", "allow-resource-service-restart"}).set(true);
            arrayList.add(createRemoveOperation);
            Authentication authentication = securityRealm.getAuthentication();
            if (authentication != null && authentication.getLdap() != null) {
                ModelNode createRemoveOperation2 = Util.createRemoveOperation(getBaseAddress().append("core-service", "management").append("ldap-connection", authentication.getLdap().getConnection()));
                createRemoveOperation2.get(new String[]{"operation-headers", "rollback-on-runtime-failure"}).set(false);
                createRemoveOperation2.get(new String[]{"operation-headers", "allow-resource-service-restart"}).set(true);
                arrayList.add(createRemoveOperation2);
            }
        }
        CoreUtils.applyUpdates(arrayList, modelControllerClient);
        this.securityRealms = null;
    }

    protected PathAddress getBaseAddress() {
        return PathAddress.EMPTY_ADDRESS;
    }

    protected abstract SecurityRealm[] getSecurityRealms() throws Exception;

    private void setModelAttribute(ModelNode modelNode, String str, String str2) {
        if (str2 != null) {
            modelNode.get(str).set(str2);
        }
    }

    private void setModelAttribute(ModelNode modelNode, String str, Boolean bool) {
        if (bool != null) {
            modelNode.get(str).set(bool.booleanValue());
        }
    }

    private ModelNode getCredentialReferenceModelNode(CredentialReference credentialReference) {
        ModelNode modelNode = new ModelNode();
        if (StringUtils.isNotEmpty(credentialReference.getClearText())) {
            modelNode.get(Constants.CLEAR_TEXT).set(credentialReference.getClearText());
        }
        if (StringUtils.isNotEmpty(credentialReference.getType())) {
            modelNode.get(Constants.TYPE).set(credentialReference.getType());
        }
        if (StringUtils.isNotEmpty(credentialReference.getAlias())) {
            modelNode.get(Constants.ALIAS).set(credentialReference.getAlias());
        }
        if (StringUtils.isNotEmpty(credentialReference.getStore())) {
            modelNode.get(Constants.STORE).set(credentialReference.getStore());
        }
        return modelNode;
    }
}
