package org.wildfly.extension.elytron;

import java.util.List;
import javax.xml.stream.XMLStreamException;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.PersistentResourceXMLDescription;
import org.jboss.as.controller.parsing.ParseUtils;
import org.jboss.as.controller.security.CredentialReference;
import org.jboss.dmr.ModelNode;
import org.jboss.staxmapper.XMLExtendedStreamReader;
import org.jboss.staxmapper.XMLExtendedStreamWriter;
import org.wildfly.extension.elytron.LdapKeyStoreDefinition;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/extension/elytron/TlsParser.class */
public class TlsParser {
    private PersistentResourceXMLDescription keyManagerParser = PersistentResourceXMLDescription.builder(PathElement.pathElement(ElytronDescriptionConstants.KEY_MANAGER)).setXmlWrapperElement(ElytronDescriptionConstants.KEY_MANAGERS).addAttribute(SSLDefinitions.ALGORITHM).addAttribute(SSLDefinitions.KEYSTORE).addAttribute(SSLDefinitions.ALIAS_FILTER).addAttribute(SSLDefinitions.PROVIDERS).addAttribute(SSLDefinitions.PROVIDER_NAME).addAttribute(CredentialReference.getAttributeDefinition()).build();
    private PersistentResourceXMLDescription keyStoreParser = PersistentResourceXMLDescription.builder(PathElement.pathElement(ElytronDescriptionConstants.KEY_STORE)).addAttribute(KeyStoreDefinition.TYPE).addAttribute(KeyStoreDefinition.PROVIDER_NAME).addAttribute(KeyStoreDefinition.PROVIDERS).addAttribute(KeyStoreDefinition.CREDENTIAL_REFERENCE).addAttribute(KeyStoreDefinition.ALIAS_FILTER).addAttribute(KeyStoreDefinition.REQUIRED).addAttribute(FileAttributeDefinitions.PATH).addAttribute(FileAttributeDefinitions.RELATIVE_TO).addAttribute(CredentialReference.getAttributeDefinition()).build();
    private PersistentResourceXMLDescription ldapKeyStoreParser = PersistentResourceXMLDescription.builder(PathElement.pathElement(ElytronDescriptionConstants.LDAP_KEY_STORE)).addAttribute(LdapKeyStoreDefinition.DIR_CONTEXT).addAttribute(LdapKeyStoreDefinition.SEARCH_PATH).addAttribute(LdapKeyStoreDefinition.SEARCH_RECURSIVE).addAttribute(LdapKeyStoreDefinition.SEARCH_TIME_LIMIT).addAttribute(LdapKeyStoreDefinition.FILTER_ALIAS).addAttribute(LdapKeyStoreDefinition.FILTER_CERTIFICATE).addAttribute(LdapKeyStoreDefinition.FILTER_ITERATE).addAttribute(LdapKeyStoreDefinition.NewItemTemplateObjectDefinition.OBJECT_DEFINITION).addAttribute(LdapKeyStoreDefinition.ALIAS_ATTRIBUTE).addAttribute(LdapKeyStoreDefinition.CERTIFICATE_ATTRIBUTE).addAttribute(LdapKeyStoreDefinition.CERTIFICATE_TYPE).addAttribute(LdapKeyStoreDefinition.CERTIFICATE_CHAIN_ATTRIBUTE).addAttribute(LdapKeyStoreDefinition.CERTIFICATE_CHAIN_ENCODING).addAttribute(LdapKeyStoreDefinition.KEY_ATTRIBUTE).addAttribute(LdapKeyStoreDefinition.KEY_TYPE).setMarshallDefaultValues(true).build();
    private PersistentResourceXMLDescription trustManagerParser = PersistentResourceXMLDescription.builder(PathElement.pathElement(ElytronDescriptionConstants.TRUST_MANAGER)).setXmlWrapperElement(ElytronDescriptionConstants.TRUST_MANAGERS).addAttribute(SSLDefinitions.ALGORITHM).addAttribute(SSLDefinitions.KEYSTORE).addAttribute(SSLDefinitions.ALIAS_FILTER).addAttribute(SSLDefinitions.PROVIDERS).addAttribute(SSLDefinitions.PROVIDER_NAME).addAttribute(SSLDefinitions.CERTIFICATE_REVOCATION_LIST).build();
    private PersistentResourceXMLDescription filteringKeyStoreParser = PersistentResourceXMLDescription.builder(PathElement.pathElement(ElytronDescriptionConstants.FILTERING_KEY_STORE)).addAttribute(FilteringKeyStoreDefinition.KEY_STORE).addAttribute(FilteringKeyStoreDefinition.ALIAS_FILTER).build();
    private PersistentResourceXMLDescription serverSslContextParser = PersistentResourceXMLDescription.builder(PathElement.pathElement(ElytronDescriptionConstants.SERVER_SSL_CONTEXT)).setXmlWrapperElement(ElytronDescriptionConstants.SERVER_SSL_CONTEXTS).setMarshallDefaultValues(true).addAttribute(SSLDefinitions.SECURITY_DOMAIN).addAttribute(SSLDefinitions.CIPHER_SUITE_FILTER).addAttribute(SSLDefinitions.PROTOCOLS).addAttribute(SSLDefinitions.WANT_CLIENT_AUTH).addAttribute(SSLDefinitions.NEED_CLIENT_AUTH).addAttribute(SSLDefinitions.AUTHENTICATION_OPTIONAL).addAttribute(SSLDefinitions.USE_CIPHER_SUITES_ORDER).addAttribute(SSLDefinitions.MAXIMUM_SESSION_CACHE_SIZE).addAttribute(SSLDefinitions.SESSION_TIMEOUT).addAttribute(SSLDefinitions.WRAP).addAttribute(SSLDefinitions.KEY_MANAGER).addAttribute(SSLDefinitions.TRUST_MANAGER).addAttribute(SSLDefinitions.PROVIDERS).addAttribute(SSLDefinitions.PROVIDER_NAME).addAttribute(SSLDefinitions.PRE_REALM_PRINCIPAL_TRANSFORMER).addAttribute(SSLDefinitions.POST_REALM_PRINCIPAL_TRANSFORMER).addAttribute(SSLDefinitions.FINAL_PRINCIPAL_TRANSFORMER).addAttribute(SSLDefinitions.REALM_MAPPER).build();
    private PersistentResourceXMLDescription clientSslContextParser = PersistentResourceXMLDescription.builder(PathElement.pathElement(ElytronDescriptionConstants.CLIENT_SSL_CONTEXT)).setXmlWrapperElement(ElytronDescriptionConstants.CLIENT_SSL_CONTEXTS).addAttribute(SSLDefinitions.SECURITY_DOMAIN).addAttribute(SSLDefinitions.CIPHER_SUITE_FILTER).addAttribute(SSLDefinitions.PROTOCOLS).addAttribute(SSLDefinitions.WANT_CLIENT_AUTH).addAttribute(SSLDefinitions.NEED_CLIENT_AUTH).addAttribute(SSLDefinitions.AUTHENTICATION_OPTIONAL).addAttribute(SSLDefinitions.USE_CIPHER_SUITES_ORDER).addAttribute(SSLDefinitions.MAXIMUM_SESSION_CACHE_SIZE).addAttribute(SSLDefinitions.SESSION_TIMEOUT).addAttribute(SSLDefinitions.WRAP).addAttribute(SSLDefinitions.KEY_MANAGER).addAttribute(SSLDefinitions.TRUST_MANAGER).addAttribute(SSLDefinitions.PROVIDERS).addAttribute(SSLDefinitions.PROVIDER_NAME).build();

    /* JADX INFO: Access modifiers changed from: package-private */
    public void readTls(PathAddress pathAddress, XMLExtendedStreamReader xMLExtendedStreamReader, List<ModelNode> list) throws XMLStreamException {
        ParseUtils.requireNoAttributes(xMLExtendedStreamReader);
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        while (xMLExtendedStreamReader.hasNext() && xMLExtendedStreamReader.nextTag() != 2) {
            ElytronSubsystemParser.verifyNamespace(xMLExtendedStreamReader);
            String localName = xMLExtendedStreamReader.getLocalName();
            if (ElytronDescriptionConstants.KEY_MANAGERS.equals(localName) && !z) {
                z = true;
                readWithWrapper(pathAddress, xMLExtendedStreamReader, list, this.keyManagerParser);
            } else if (ElytronDescriptionConstants.KEY_STORES.equals(localName) && !z2) {
                z2 = true;
                readKeyStores(pathAddress, xMLExtendedStreamReader, list);
            } else if (ElytronDescriptionConstants.TRUST_MANAGERS.equals(localName) && !z3) {
                z3 = true;
                readWithWrapper(pathAddress, xMLExtendedStreamReader, list, this.trustManagerParser);
            } else if (ElytronDescriptionConstants.SERVER_SSL_CONTEXTS.equals(localName) && !z4) {
                z4 = true;
                readWithWrapper(pathAddress, xMLExtendedStreamReader, list, this.serverSslContextParser);
            } else {
                if (!ElytronDescriptionConstants.CLIENT_SSL_CONTEXTS.equals(localName) || z5) {
                    throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
                }
                z5 = true;
                readWithWrapper(pathAddress, xMLExtendedStreamReader, list, this.clientSslContextParser);
            }
        }
    }

    private void readWithWrapper(PathAddress pathAddress, XMLExtendedStreamReader xMLExtendedStreamReader, List<ModelNode> list, PersistentResourceXMLDescription persistentResourceXMLDescription) throws XMLStreamException {
        ParseUtils.requireNoAttributes(xMLExtendedStreamReader);
        while (xMLExtendedStreamReader.hasNext() && xMLExtendedStreamReader.nextTag() != 2) {
            ElytronSubsystemParser.verifyNamespace(xMLExtendedStreamReader);
            if (!persistentResourceXMLDescription.getPathElement().getKey().equals(xMLExtendedStreamReader.getLocalName())) {
                throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
            }
            persistentResourceXMLDescription.parse(xMLExtendedStreamReader, pathAddress, list);
        }
    }

    private void readKeyStores(PathAddress pathAddress, XMLExtendedStreamReader xMLExtendedStreamReader, List<ModelNode> list) throws XMLStreamException {
        ParseUtils.requireNoAttributes(xMLExtendedStreamReader);
        while (xMLExtendedStreamReader.hasNext() && xMLExtendedStreamReader.nextTag() != 2) {
            ElytronSubsystemParser.verifyNamespace(xMLExtendedStreamReader);
            String localName = xMLExtendedStreamReader.getLocalName();
            if (ElytronDescriptionConstants.KEY_STORE.equals(localName)) {
                this.keyStoreParser.parse(xMLExtendedStreamReader, pathAddress, list);
            } else if (ElytronDescriptionConstants.LDAP_KEY_STORE.equals(localName)) {
                this.ldapKeyStoreParser.parse(xMLExtendedStreamReader, pathAddress, list);
            } else {
                if (!ElytronDescriptionConstants.FILTERING_KEY_STORE.equals(localName)) {
                    throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
                }
                this.filteringKeyStoreParser.parse(xMLExtendedStreamReader, pathAddress, list);
            }
        }
    }

    private void startTLS(boolean z, XMLExtendedStreamWriter xMLExtendedStreamWriter) throws XMLStreamException {
        if (z) {
            return;
        }
        xMLExtendedStreamWriter.writeStartElement(ElytronDescriptionConstants.TLS);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void writeTLS(ModelNode modelNode, XMLExtendedStreamWriter xMLExtendedStreamWriter) throws XMLStreamException {
        boolean writeKeyStores = false | writeKeyStores(false, modelNode, xMLExtendedStreamWriter);
        boolean writeElement = writeKeyStores | writeElement(writeKeyStores, modelNode, xMLExtendedStreamWriter, this.keyManagerParser);
        boolean writeElement2 = writeElement | writeElement(writeElement, modelNode, xMLExtendedStreamWriter, this.trustManagerParser);
        boolean writeElement3 = writeElement2 | writeElement(writeElement2, modelNode, xMLExtendedStreamWriter, this.serverSslContextParser);
        if (writeElement3 || writeElement(writeElement3, modelNode, xMLExtendedStreamWriter, this.clientSslContextParser)) {
            xMLExtendedStreamWriter.writeEndElement();
        }
    }

    private boolean writeElement(boolean z, ModelNode modelNode, XMLExtendedStreamWriter xMLExtendedStreamWriter, PersistentResourceXMLDescription persistentResourceXMLDescription) throws XMLStreamException {
        if (!modelNode.hasDefined(persistentResourceXMLDescription.getPathElement().getKey())) {
            return false;
        }
        startTLS(z, xMLExtendedStreamWriter);
        persistentResourceXMLDescription.persist(xMLExtendedStreamWriter, modelNode);
        return true;
    }

    private boolean writeKeyStores(boolean z, ModelNode modelNode, XMLExtendedStreamWriter xMLExtendedStreamWriter) throws XMLStreamException {
        if (!modelNode.hasDefined(ElytronDescriptionConstants.KEY_STORE) && !modelNode.hasDefined(ElytronDescriptionConstants.LDAP_KEY_STORE) && !modelNode.hasDefined(ElytronDescriptionConstants.FILTERING_KEY_STORE)) {
            return false;
        }
        startTLS(z, xMLExtendedStreamWriter);
        xMLExtendedStreamWriter.writeStartElement(ElytronDescriptionConstants.KEY_STORES);
        this.keyStoreParser.persist(xMLExtendedStreamWriter, modelNode);
        this.ldapKeyStoreParser.persist(xMLExtendedStreamWriter, modelNode);
        this.filteringKeyStoreParser.persist(xMLExtendedStreamWriter, modelNode);
        xMLExtendedStreamWriter.writeEndElement();
        return true;
    }
}
