package org.wildfly.extension.elytron;

import java.util.Iterator;
import java.util.List;
import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.ObjectListAttributeDefinition;
import org.jboss.as.controller.ObjectTypeAttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.RestartParentWriteAttributeHandler;
import org.jboss.as.controller.ServiceRemoveStepHandler;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleOperationDefinition;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.registry.AttributeAccess;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.OperationEntry;
import org.jboss.as.controller.registry.Resource;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.inject.Injector;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.ServiceTarget;
import org.wildfly.extension.elytron.DomainService;
import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
import org.wildfly.security.auth.server.NameRewriter;
import org.wildfly.security.auth.server.PrincipalDecoder;
import org.wildfly.security.auth.server.RealmMapper;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.auth.server.ServerAuthenticationContext;
import org.wildfly.security.authz.PermissionMapper;
import org.wildfly.security.authz.RoleDecoder;
import org.wildfly.security.authz.RoleMapper;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/extension/elytron/DomainDefinition.class */
public class DomainDefinition extends SimpleResourceDefinition {
    private static final ServiceUtil<SecurityDomain> DOMAIN_SERVICE_UTIL = ServiceUtil.newInstance(Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY, ElytronDescriptionConstants.SECURITY_DOMAIN, SecurityDomain.class);
    private static final ServiceUtil<SecurityRealm> REALM_SERVICE_UTIL = ServiceUtil.newInstance(Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY, null, SecurityRealm.class);
    static final SimpleAttributeDefinition DEFAULT_REALM = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.DEFAULT_REALM, ModelType.STRING, false).setAllowExpression(false).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition PRE_REALM_NAME_REWRITER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PRE_REALM_NAME_REWRITER, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setCapabilityReference("org.wildfly.security.name-rewriter", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition POST_REALM_NAME_REWRITER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.POST_REALM_NAME_REWRITER, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setCapabilityReference("org.wildfly.security.name-rewriter", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition PRINCIPAL_DECODER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PRINCIPAL_DECODER, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setCapabilityReference("org.wildfly.security.principal-decoder", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition PERMISSION_MAPPER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PERMISSION_MAPPER, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setCapabilityReference("org.wildfly.security.permission-mapper", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition REALM_MAPPER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.REALM_MAPPER, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setCapabilityReference("org.wildfly.security.realm-mapper", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition ROLE_MAPPER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ROLE_MAPPER, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setCapabilityReference("org.wildfly.security.role-mapper", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition REALM_NAME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.REALM, ModelType.STRING, false).setXmlName(ElytronDescriptionConstants.NAME).setAllowExpression(true).setMinSize(1).setCapabilityReference("org.wildfly.security.security-realm", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition REALM_NAME_REWRITER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.NAME_REWRITER, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).setCapabilityReference("org.wildfly.security.name-rewriter", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition REALM_ROLE_DECODER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ROLE_DECODER, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).setCapabilityReference("org.wildfly.security.role-decoder", "org.wildfly.security.security-domain", true).build();
    static final ObjectTypeAttributeDefinition REALM = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.REALM, new AttributeDefinition[]{REALM_NAME, REALM_NAME_REWRITER, REALM_ROLE_DECODER, ROLE_MAPPER}).build();
    static final ObjectListAttributeDefinition REALMS = new ObjectListAttributeDefinition.Builder(ElytronDescriptionConstants.REALMS, REALM).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    private static final AttributeDefinition[] ATTRIBUTES = {PRE_REALM_NAME_REWRITER, POST_REALM_NAME_REWRITER, PRINCIPAL_DECODER, REALM_MAPPER, ROLE_MAPPER, PERMISSION_MAPPER, DEFAULT_REALM, REALMS};
    private static final DomainAddHandler ADD = new DomainAddHandler();
    private static final DomainRemoveHandler REMOVE = new DomainRemoveHandler(ADD);
    private static final WriteAttributeHandler WRITE = new WriteAttributeHandler(ElytronDescriptionConstants.SECURITY_DOMAIN);
    private static final AuthenticatorOperationHandler AUTHENTICATE = new AuthenticatorOperationHandler();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/extension/elytron/DomainDefinition$AuthenticatorOperationHandler.class */
    public static class AuthenticatorOperationHandler implements OperationStepHandler {
        private static final String OPERATION_NAME = "authenticate";
        private static final String PARAMETER_PASSWORD = "password";
        private static final String PARAMETER_USERNAME = "username";
        private static final SimpleAttributeDefinition USER_NAME = new SimpleAttributeDefinitionBuilder(PARAMETER_USERNAME, ModelType.STRING, false).setAllowExpression(false).build();
        private static final SimpleAttributeDefinition PASSWORD = new SimpleAttributeDefinitionBuilder("password", ModelType.STRING, false).setAllowExpression(false).build();

        private AuthenticatorOperationHandler() {
        }

        public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            operationContext.addStep((operationContext2, modelNode2) -> {
                String asString = USER_NAME.resolveModelAttribute(operationContext, modelNode).asString();
                String asString2 = PASSWORD.resolveModelAttribute(operationContext, modelNode).asString();
                try {
                    try {
                        ServerAuthenticationContext createNewAuthenticationContext = getSecurityDomain(operationContext, modelNode).createNewAuthenticationContext();
                        createNewAuthenticationContext.setAuthenticationName(asString);
                        if (!createNewAuthenticationContext.exists()) {
                            addFailureDescription("Principal [" + asString + "] does not exist.", operationContext);
                            operationContext.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
                            return;
                        }
                        if (!createNewAuthenticationContext.getCredentialSupport(ClearPassword.class, (String) null).mayBeVerifiable()) {
                            addFailureDescription("Credential type [" + ClearPassword.class + "] not verifiable.", operationContext);
                            operationContext.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
                            return;
                        }
                        if (createNewAuthenticationContext.verifyCredential(PasswordFactory.getInstance("clear").generatePassword(new ClearPasswordSpec(asString2.toCharArray())))) {
                            createNewAuthenticationContext.succeed();
                            SecurityIdentity authorizedIdentity = createNewAuthenticationContext.getAuthorizedIdentity();
                            if (authorizedIdentity == null) {
                                addFailureDescription("Principal [" + asString + "] authenticated but no identity could be obtained.", operationContext);
                                operationContext.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
                                return;
                            } else {
                                operationContext.getResult().add("Principal [" + asString + "] successfully authenticated.");
                                operationContext.getResult().add("Roles are " + authorizedIdentity.getRoles() + ".");
                                operationContext.getResult().add("Permissions are [" + authorizedIdentity.getPermissions() + "].");
                            }
                        } else {
                            createNewAuthenticationContext.fail();
                            addFailureDescription("Invalid credentials for Principal [" + asString + "].", operationContext);
                        }
                        operationContext.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
                    } catch (Exception e) {
                        addFailureDescription(e.getMessage(), operationContext);
                        ElytronSubsystemMessages.ROOT_LOGGER.error(e);
                        operationContext.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
                    }
                } catch (Throwable th) {
                    operationContext.completeStep(OperationContext.ResultHandler.NOOP_RESULT_HANDLER);
                    throw th;
                }
            }, OperationContext.Stage.RUNTIME);
        }

        private void addFailureDescription(String str, OperationContext operationContext) {
            operationContext.getFailureDescription().add(str);
        }

        private SecurityDomain getSecurityDomain(OperationContext operationContext, ModelNode modelNode) {
            return (SecurityDomain) operationContext.getServiceRegistry(false).getRequiredService(DomainDefinition.DOMAIN_SERVICE_UTIL.serviceName(modelNode)).getService().getValue();
        }

        private static String getOperationName() {
            return OPERATION_NAME;
        }

        private static AttributeDefinition[] getParameterDefinitions() {
            return new AttributeDefinition[]{USER_NAME, PASSWORD};
        }

        static /* synthetic */ String access$200() {
            return getOperationName();
        }

        static /* synthetic */ AttributeDefinition[] access$300() {
            return getParameterDefinitions();
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/DomainDefinition$DomainAddHandler.class */
    private static class DomainAddHandler extends AbstractAddStepHandler {
        private DomainAddHandler() {
            super(Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY, DomainDefinition.ATTRIBUTES);
        }

        protected void populateModel(OperationContext operationContext, ModelNode modelNode, Resource resource) throws OperationFailedException {
            super.populateModel(operationContext, modelNode, resource);
            ModelNode model = resource.getModel();
            String asString = DomainDefinition.DEFAULT_REALM.resolveModelAttribute(operationContext, model).asString();
            boolean z = false;
            Iterator it = DomainDefinition.REALMS.resolveModelAttribute(operationContext, model).asList().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (asString.equals(DomainDefinition.REALM_NAME.resolveModelAttribute(operationContext, (ModelNode) it.next()).asString())) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.defaultRealmNotReferenced(asString);
            }
        }

        protected void performRuntime(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
            DomainDefinition.installService(operationContext, Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.fromBaseCapability(operationContext.getCurrentAddressValue()).getCapabilityServiceName(SecurityDomain.class), modelNode2);
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/DomainDefinition$DomainRemoveHandler.class */
    private static class DomainRemoveHandler extends ServiceRemoveStepHandler {
        public DomainRemoveHandler(AbstractAddStepHandler abstractAddStepHandler) {
            super(abstractAddStepHandler, new RuntimeCapability[]{Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY});
        }

        protected ServiceName serviceName(String str) {
            return super.serviceName(str);
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/DomainDefinition$WriteAttributeHandler.class */
    private static class WriteAttributeHandler extends RestartParentWriteAttributeHandler {
        public WriteAttributeHandler(String str) {
            super(str, DomainDefinition.ATTRIBUTES);
        }

        protected ServiceName getParentServiceName(PathAddress pathAddress) {
            return Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.fromBaseCapability(pathAddress.getLastElement().getValue()).getCapabilityServiceName(SecurityDomain.class);
        }

        protected void recreateParentService(OperationContext operationContext, PathAddress pathAddress, ModelNode modelNode) throws OperationFailedException {
            DomainDefinition.installService(operationContext, getParentServiceName(pathAddress), modelNode);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DomainDefinition() {
        super(new SimpleResourceDefinition.Parameters(PathElement.pathElement(ElytronDescriptionConstants.SECURITY_DOMAIN), ElytronExtension.getResourceDescriptionResolver(ElytronDescriptionConstants.SECURITY_DOMAIN)).setAddHandler(ADD).setRemoveHandler(REMOVE).setAddRestartLevel(OperationEntry.Flag.RESTART_RESOURCE_SERVICES).setRemoveRestartLevel(OperationEntry.Flag.RESTART_RESOURCE_SERVICES));
    }

    public void registerAttributes(ManagementResourceRegistration managementResourceRegistration) {
        for (AttributeDefinition attributeDefinition : ATTRIBUTES) {
            managementResourceRegistration.registerReadWriteAttribute(attributeDefinition, (OperationStepHandler) null, WRITE);
        }
    }

    public void registerOperations(ManagementResourceRegistration managementResourceRegistration) {
        super.registerOperations(managementResourceRegistration);
        registerAuthenticatorOperationHandler(managementResourceRegistration);
    }

    private void registerAuthenticatorOperationHandler(ManagementResourceRegistration managementResourceRegistration) {
        managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinition(AuthenticatorOperationHandler.access$200(), getResourceDescriptionResolver(), AuthenticatorOperationHandler.access$300()), AUTHENTICATE);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ServiceController<SecurityDomain> installService(OperationContext operationContext, ServiceName serviceName, ModelNode modelNode) throws OperationFailedException {
        ServiceTarget serviceTarget = operationContext.getServiceTarget();
        String simpleName = serviceName.getSimpleName();
        String asString = DEFAULT_REALM.resolveModelAttribute(operationContext, modelNode).asString();
        List<ModelNode> asList = REALMS.resolveModelAttribute(operationContext, modelNode).asList();
        String asStringIfDefined = ElytronExtension.asStringIfDefined(operationContext, PRE_REALM_NAME_REWRITER, modelNode);
        String asStringIfDefined2 = ElytronExtension.asStringIfDefined(operationContext, POST_REALM_NAME_REWRITER, modelNode);
        String asStringIfDefined3 = ElytronExtension.asStringIfDefined(operationContext, PRINCIPAL_DECODER, modelNode);
        String asStringIfDefined4 = ElytronExtension.asStringIfDefined(operationContext, PERMISSION_MAPPER, modelNode);
        String asStringIfDefined5 = ElytronExtension.asStringIfDefined(operationContext, REALM_MAPPER, modelNode);
        String asStringIfDefined6 = ElytronExtension.asStringIfDefined(operationContext, ROLE_MAPPER, modelNode);
        DomainService domainService = new DomainService(simpleName, asString);
        ServiceBuilder<?> initialMode = serviceTarget.addService(serviceName, domainService).setInitialMode(ServiceController.Mode.ACTIVE);
        if (asStringIfDefined != null) {
            injectNameRewriter(asStringIfDefined, operationContext, initialMode, domainService.createPreRealmNameRewriterInjector(asStringIfDefined));
        }
        if (asStringIfDefined2 != null) {
            injectNameRewriter(asStringIfDefined2, operationContext, initialMode, domainService.createPostRealmNameRewriterInjector(asStringIfDefined2));
        }
        if (asStringIfDefined3 != null) {
            initialMode.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.principal-decoder", asStringIfDefined3), PrincipalDecoder.class), PrincipalDecoder.class, domainService.getPrincipalDecoderInjector());
        }
        if (asStringIfDefined4 != null) {
            initialMode.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.permission-mapper", asStringIfDefined4), PermissionMapper.class), PermissionMapper.class, domainService.getPermissionMapperInjector());
        }
        if (asStringIfDefined5 != null) {
            initialMode.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.realm-mapper", asStringIfDefined5), RealmMapper.class), RealmMapper.class, domainService.getRealmMapperInjector());
        }
        if (asStringIfDefined6 != null) {
            injectRoleMapper(asStringIfDefined6, operationContext, initialMode, domainService.createDomainRoleMapperInjector(asStringIfDefined6));
        }
        for (ModelNode modelNode2 : asList) {
            String asString2 = REALM_NAME.resolveModelAttribute(operationContext, modelNode2).asString();
            ServiceName capabilityServiceName = operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.security-realm", asString2), SecurityRealm.class);
            DomainService.RealmDependency createRealmDependency = domainService.createRealmDependency(asString2);
            REALM_SERVICE_UTIL.addInjection(initialMode, createRealmDependency.getSecurityRealmInjector(), capabilityServiceName);
            String asStringIfDefined7 = ElytronExtension.asStringIfDefined(operationContext, REALM_NAME_REWRITER, modelNode2);
            if (asStringIfDefined7 != null) {
                injectNameRewriter(asStringIfDefined7, operationContext, initialMode, createRealmDependency.getNameRewriterInjector(asStringIfDefined7));
            }
            String asStringIfDefined8 = ElytronExtension.asStringIfDefined(operationContext, ROLE_MAPPER, modelNode2);
            if (asStringIfDefined8 != null) {
                injectRoleMapper(asStringIfDefined8, operationContext, initialMode, createRealmDependency.getRoleMapperInjector(asStringIfDefined8));
            }
            String asStringIfDefined9 = ElytronExtension.asStringIfDefined(operationContext, REALM_ROLE_DECODER, modelNode2);
            if (asStringIfDefined9 != null) {
                injectRoleDecoder(asStringIfDefined9, operationContext, initialMode, createRealmDependency.getRoleDecoderInjector(asStringIfDefined9));
            }
        }
        ElytronDefinition.commonDependencies(initialMode);
        return initialMode.install();
    }

    private static void injectNameRewriter(String str, OperationContext operationContext, ServiceBuilder<SecurityDomain> serviceBuilder, Injector<NameRewriter> injector) {
        if (str == null || injector == null) {
            return;
        }
        serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.name-rewriter", str), NameRewriter.class), NameRewriter.class, injector);
    }

    private static void injectRoleMapper(String str, OperationContext operationContext, ServiceBuilder<SecurityDomain> serviceBuilder, Injector<RoleMapper> injector) {
        if (str == null || injector == null) {
            return;
        }
        serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.role-mapper", str), RoleMapper.class), RoleMapper.class, injector);
    }

    private static void injectRoleDecoder(String str, OperationContext operationContext, ServiceBuilder<SecurityDomain> serviceBuilder, Injector<RoleDecoder> injector) {
        if (str == null || injector == null) {
            return;
        }
        serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.role-decoder", str), RoleDecoder.class), RoleDecoder.class, injector);
    }
}
