package org.jboss.as.domain.management.controller;

import java.util.EnumSet;
import java.util.Set;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.access.Action;
import org.jboss.as.controller.access.AuthorizationResult;
import org.jboss.as.domain.management.ModelDescriptionConstants;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.Property;

/* loaded from: input_file:org/jboss/as/domain/management/controller/SecureOperationReadHandler.class */
public class SecureOperationReadHandler implements OperationStepHandler {
    private static final String HIDDEN = "<hidden>";
    private static final Set<Action.ActionEffect> ADDRESS_EFFECT = EnumSet.of(Action.ActionEffect.ADDRESS);
    static final OperationStepHandler INSTANCE = new SecureOperationReadHandler();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jboss/as/domain/management/controller/SecureOperationReadHandler$AuthorizedAddress.class */
    public static class AuthorizedAddress {
        private final ModelNode address;
        private final boolean elided;

        private AuthorizedAddress(ModelNode modelNode, boolean z) {
            this.address = modelNode;
            this.elided = z;
        }
    }

    public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        ModelNode model = operationContext.readResource(PathAddress.EMPTY_ADDRESS).getModel();
        AuthorizedAddress authorizeAddress = authorizeAddress(operationContext, modelNode);
        String asString = modelNode.require(ModelDescriptionConstants.NAME).asString();
        if (ActiveOperationResourceDefinition.OPERATION_NAME.getName().equals(asString)) {
            if (authorizeAddress.elided) {
                operationContext.getResult().set(HIDDEN);
            } else {
                operationContext.getResult().set(model.get(asString));
            }
        } else {
            if (!ActiveOperationResourceDefinition.ADDRESS.getName().equals(asString)) {
                throw new IllegalStateException();
            }
            if (authorizeAddress.elided) {
                operationContext.getResult().set(authorizeAddress.address);
            } else {
                operationContext.getResult().set(model.get(asString));
            }
        }
        operationContext.stepCompleted();
    }

    private AuthorizedAddress authorizeAddress(OperationContext operationContext, ModelNode modelNode) {
        ModelNode modelNode2 = modelNode.get("address");
        ModelNode modelNode3 = new ModelNode();
        modelNode3.get("operation").set("read-resource");
        modelNode3.get("address").set(modelNode2);
        if (operationContext.authorize(modelNode3, ADDRESS_EFFECT).getDecision() == AuthorizationResult.Decision.PERMIT) {
            return new AuthorizedAddress(modelNode2, false);
        }
        ModelNode emptyList = new ModelNode().setEmptyList();
        ModelNode emptyList2 = new ModelNode().setEmptyList();
        for (Property property : modelNode2.asPropertyList()) {
            emptyList.add(property);
            modelNode3.get("address").set(modelNode2);
            if (operationContext.authorize(modelNode3, ADDRESS_EFFECT).getDecision() == AuthorizationResult.Decision.DENY) {
                emptyList2.add(property.getName(), HIDDEN);
                return new AuthorizedAddress(emptyList2, false);
            }
            emptyList2.add(property);
        }
        ModelNode modelNode4 = new ModelNode();
        modelNode4.add(HIDDEN, HIDDEN);
        return new AuthorizedAddress(modelNode4, true);
    }
}
