package org.wildfly.extension.elytron;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
import javax.security.sasl.SaslServerFactory;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.ObjectListAttributeDefinition;
import org.jboss.as.controller.ObjectTypeAttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.ResourceDefinition;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.StringListAttributeDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.registry.AttributeAccess;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.inject.Injector;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.value.InjectedValue;
import org.wildfly.extension.elytron.TrivialService;
import org.wildfly.security.SecurityFactory;
import org.wildfly.security.auth.server.HttpAuthenticationFactory;
import org.wildfly.security.auth.server.MechanismAuthenticationFactory;
import org.wildfly.security.auth.server.MechanismConfiguration;
import org.wildfly.security.auth.server.MechanismRealmConfiguration;
import org.wildfly.security.auth.server.NameRewriter;
import org.wildfly.security.auth.server.SaslAuthenticationFactory;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.http.HttpServerAuthenticationMechanismFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/extension/elytron/AuthenticationFactoryDefinitions.class */
public class AuthenticationFactoryDefinitions {
    static final SimpleAttributeDefinition BASE_SECURITY_DOMAIN_REF = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.SECURITY_DOMAIN, ModelType.STRING, false).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition HTTP_SERVER_FACTORY = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.HTTP_SERVER_FACTORY, ModelType.STRING, false).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setCapabilityReference("org.wildfly.security.http-server-mechanism-factory", "org.wildfly.security.http-server-authentication", true).build();
    static final SimpleAttributeDefinition SASL_SERVER_FACTORY = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.SASL_SERVER_FACTORY, ModelType.STRING, false).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setCapabilityReference("org.wildfly.security.sasl-server-factory", "org.wildfly.security.sasl-server-authentication", true).build();
    static final SimpleAttributeDefinition MECHANISM_NAME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.MECHANISM_NAME, ModelType.STRING, false).setAllowExpression(true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final StringListAttributeDefinition BASE_CREDENTIAL_SECURITY_FACTORIES = new StringListAttributeDefinition.Builder(ElytronDescriptionConstants.CREDENTIAL_SECURITY_FACTORIES).setAllowNull(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition BASE_PRE_REALM_NAME_REWRITER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PRE_REALM_NAME_REWRITER, ModelType.STRING, true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition BASE_POST_REALM_NAME_REWRITER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.POST_REALM_NAME_REWRITER, ModelType.STRING, true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition BASE_FINAL_NAME_REWRITER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.FINAL_NAME_REWRITER, ModelType.STRING, true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition REALM_NAME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.REALM_NAME, ModelType.STRING, false).setMinSize(1).setAllowExpression(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/extension/elytron/AuthenticationFactoryDefinitions$NameRewriterTrio.class */
    public static class NameRewriterTrio {
        final InjectedValue<NameRewriter> preRealmNameRewriter;
        final InjectedValue<NameRewriter> postRealmNameRewriter;
        final InjectedValue<NameRewriter> finalNameRewriter;

        private NameRewriterTrio() {
            this.preRealmNameRewriter = new InjectedValue<>();
            this.postRealmNameRewriter = new InjectedValue<>();
            this.finalNameRewriter = new InjectedValue<>();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/extension/elytron/AuthenticationFactoryDefinitions$ResolvedMechanismConfiguration.class */
    public static class ResolvedMechanismConfiguration extends NameRewriterTrio {
        final Map<String, NameRewriterTrio> mechanismRealms;
        final List<InjectedValue<SecurityFactory>> securityFactories;

        private ResolvedMechanismConfiguration() {
            super();
            this.mechanismRealms = new HashMap();
            this.securityFactories = new ArrayList();
        }
    }

    AuthenticationFactoryDefinitions() {
    }

    private static AttributeDefinition getMechanismConfiguration(String str) {
        AttributeDefinition build = new SimpleAttributeDefinitionBuilder(BASE_PRE_REALM_NAME_REWRITER).setCapabilityReference("org.wildfly.security.name-rewriter", str, true).build();
        AttributeDefinition build2 = new SimpleAttributeDefinitionBuilder(BASE_POST_REALM_NAME_REWRITER).setCapabilityReference("org.wildfly.security.name-rewriter", str, true).build();
        AttributeDefinition build3 = new SimpleAttributeDefinitionBuilder(BASE_FINAL_NAME_REWRITER).setCapabilityReference("org.wildfly.security.name-rewriter", str, true).build();
        return new ObjectListAttributeDefinition.Builder(ElytronDescriptionConstants.MECHANISM_CONFIGURATIONS, new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.MECHANISM_CONFIGURATION, new AttributeDefinition[]{MECHANISM_NAME, build, build2, build3, new ObjectListAttributeDefinition.Builder(ElytronDescriptionConstants.MECHANISM_REALM_CONFIGURATIONS, new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.MECHANISM_REALM_CONFIGURATION, new AttributeDefinition[]{REALM_NAME, build, build2, build3}).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build()).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build(), new StringListAttributeDefinition.Builder(BASE_CREDENTIAL_SECURITY_FACTORIES).setCapabilityReference("org.wildfly.security.security-factory.credential", str, true).build()}).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build()).setAllowNull(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    }

    static Map<String, ResolvedMechanismConfiguration> getResolvedMechanismConfiguration(AttributeDefinition attributeDefinition, ServiceBuilder<?> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        ModelNode resolveModelAttribute = attributeDefinition.resolveModelAttribute(operationContext, modelNode);
        if (!resolveModelAttribute.isDefined()) {
            return Collections.emptyMap();
        }
        List<ModelNode> asList = resolveModelAttribute.asList();
        HashMap hashMap = new HashMap(asList.size());
        for (ModelNode modelNode2 : asList) {
            ResolvedMechanismConfiguration resolvedMechanismConfiguration = new ResolvedMechanismConfiguration();
            String asString = MECHANISM_NAME.resolveModelAttribute(operationContext, modelNode2).asString();
            injectNameRewriter(BASE_PRE_REALM_NAME_REWRITER, serviceBuilder, operationContext, modelNode2, resolvedMechanismConfiguration.preRealmNameRewriter);
            injectNameRewriter(BASE_POST_REALM_NAME_REWRITER, serviceBuilder, operationContext, modelNode2, resolvedMechanismConfiguration.postRealmNameRewriter);
            injectNameRewriter(BASE_FINAL_NAME_REWRITER, serviceBuilder, operationContext, modelNode2, resolvedMechanismConfiguration.finalNameRewriter);
            for (String str : BASE_CREDENTIAL_SECURITY_FACTORIES.unwrap(operationContext, modelNode2)) {
                InjectedValue<SecurityFactory> injectedValue = new InjectedValue<>();
                serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.security-factory.credential", str), SecurityFactory.class), SecurityFactory.class, injectedValue);
                resolvedMechanismConfiguration.securityFactories.add(injectedValue);
            }
            if (modelNode2.hasDefined(ElytronDescriptionConstants.MECHANISM_REALM_CONFIGURATIONS)) {
                for (ModelNode modelNode3 : modelNode2.require(ElytronDescriptionConstants.MECHANISM_REALM_CONFIGURATIONS).asList()) {
                    String asString2 = REALM_NAME.resolveModelAttribute(operationContext, modelNode3).asString();
                    NameRewriterTrio nameRewriterTrio = new NameRewriterTrio();
                    injectNameRewriter(BASE_PRE_REALM_NAME_REWRITER, serviceBuilder, operationContext, modelNode3, nameRewriterTrio.preRealmNameRewriter);
                    injectNameRewriter(BASE_POST_REALM_NAME_REWRITER, serviceBuilder, operationContext, modelNode3, nameRewriterTrio.postRealmNameRewriter);
                    injectNameRewriter(BASE_FINAL_NAME_REWRITER, serviceBuilder, operationContext, modelNode3, nameRewriterTrio.finalNameRewriter);
                    resolvedMechanismConfiguration.mechanismRealms.put(asString2, nameRewriterTrio);
                }
            }
            hashMap.put(asString, resolvedMechanismConfiguration);
        }
        return hashMap;
    }

    static void buildMechanismConfiguration(Map<String, ResolvedMechanismConfiguration> map, MechanismAuthenticationFactory.Builder builder) {
        for (Map.Entry<String, ResolvedMechanismConfiguration> entry : map.entrySet()) {
            ResolvedMechanismConfiguration value = entry.getValue();
            MechanismConfiguration.Builder builder2 = MechanismConfiguration.builder();
            InjectedValue<NameRewriter> injectedValue = value.preRealmNameRewriter;
            builder2.getClass();
            setNameRewriter(injectedValue, builder2::setPreRealmRewriter);
            InjectedValue<NameRewriter> injectedValue2 = value.postRealmNameRewriter;
            builder2.getClass();
            setNameRewriter(injectedValue2, builder2::setPostRealmRewriter);
            InjectedValue<NameRewriter> injectedValue3 = value.finalNameRewriter;
            builder2.getClass();
            setNameRewriter(injectedValue3, builder2::setFinalRewriter);
            for (Map.Entry<String, NameRewriterTrio> entry2 : value.mechanismRealms.entrySet()) {
                MechanismRealmConfiguration.Builder builder3 = MechanismRealmConfiguration.builder();
                builder3.setRealmName(entry2.getKey());
                NameRewriterTrio value2 = entry2.getValue();
                InjectedValue<NameRewriter> injectedValue4 = value2.preRealmNameRewriter;
                builder3.getClass();
                setNameRewriter(injectedValue4, builder3::setPreRealmRewriter);
                InjectedValue<NameRewriter> injectedValue5 = value2.postRealmNameRewriter;
                builder3.getClass();
                setNameRewriter(injectedValue5, builder3::setPostRealmRewriter);
                InjectedValue<NameRewriter> injectedValue6 = value2.finalNameRewriter;
                builder3.getClass();
                setNameRewriter(injectedValue6, builder3::setFinalRewriter);
                builder2.addMechanismRealm(builder3.build());
            }
            Iterator<InjectedValue<SecurityFactory>> it = value.securityFactories.iterator();
            while (it.hasNext()) {
                builder2.addServerCredential((SecurityFactory) it.next().getValue());
            }
            builder.addMechanism(entry.getKey(), builder2.build());
        }
    }

    private static void setNameRewriter(InjectedValue<NameRewriter> injectedValue, Consumer<NameRewriter> consumer) {
        NameRewriter nameRewriter = (NameRewriter) injectedValue.getOptionalValue();
        if (nameRewriter != null) {
            consumer.accept(nameRewriter);
        }
    }

    private static void injectNameRewriter(SimpleAttributeDefinition simpleAttributeDefinition, ServiceBuilder<?> serviceBuilder, OperationContext operationContext, ModelNode modelNode, Injector<NameRewriter> injector) throws OperationFailedException {
        String asStringIfDefined = ElytronExtension.asStringIfDefined(operationContext, simpleAttributeDefinition, modelNode);
        if (asStringIfDefined != null) {
            serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.name-rewriter", asStringIfDefined), NameRewriter.class), NameRewriter.class, injector);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResourceDefinition getSecurityDomainHttpServerConfiguration() {
        final AttributeDefinition build = new SimpleAttributeDefinitionBuilder(BASE_SECURITY_DOMAIN_REF).setCapabilityReference("org.wildfly.security.security-domain", "org.wildfly.security.http-server-authentication", true).build();
        final AttributeDefinition mechanismConfiguration = getMechanismConfiguration("org.wildfly.security.http-server-authentication");
        AttributeDefinition[] attributeDefinitionArr = {build, HTTP_SERVER_FACTORY, mechanismConfiguration};
        return AvailableMechanismsRuntimeResource.wrap(new TrivialResourceDefinition(ElytronDescriptionConstants.HTTP_SERVER_AUTHENITCATION, Capabilities.HTTP_SERVER_AUTHENTICATION_RUNTIME_CAPABILITY, HttpAuthenticationFactory.class, new TrivialAddHandler<HttpAuthenticationFactory>(Capabilities.HTTP_SERVER_AUTHENTICATION_RUNTIME_CAPABILITY, HttpAuthenticationFactory.class, attributeDefinitionArr) { // from class: org.wildfly.extension.elytron.AuthenticationFactoryDefinitions.1
            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected TrivialService.ValueSupplier<HttpAuthenticationFactory> getValueSupplier(ServiceBuilder<HttpAuthenticationFactory> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                InjectedValue injectedValue = new InjectedValue();
                InjectedValue injectedValue2 = new InjectedValue();
                serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.security-domain", build.resolveModelAttribute(operationContext, modelNode).asString()), SecurityDomain.class), SecurityDomain.class, injectedValue);
                serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.http-server-mechanism-factory", AuthenticationFactoryDefinitions.HTTP_SERVER_FACTORY.resolveModelAttribute(operationContext, modelNode).asString()), HttpServerAuthenticationMechanismFactory.class), HttpServerAuthenticationMechanismFactory.class, injectedValue2);
                Map<String, ResolvedMechanismConfiguration> resolvedMechanismConfiguration = AuthenticationFactoryDefinitions.getResolvedMechanismConfiguration(mechanismConfiguration, serviceBuilder, operationContext, modelNode);
                return () -> {
                    HttpAuthenticationFactory.Builder httpServerAuthenticationMechanismFactory = HttpAuthenticationFactory.builder().setSecurityDomain((SecurityDomain) injectedValue.getValue()).setHttpServerAuthenticationMechanismFactory((HttpServerAuthenticationMechanismFactory) injectedValue2.getValue());
                    AuthenticationFactoryDefinitions.buildMechanismConfiguration(resolvedMechanismConfiguration, httpServerAuthenticationMechanismFactory);
                    return httpServerAuthenticationMechanismFactory.build();
                };
            }
        }, attributeDefinitionArr), AuthenticationFactoryDefinitions::getAvailableHttpMechanisms);
    }

    private static String[] getAvailableHttpMechanisms(OperationContext operationContext) {
        ServiceController requiredService = ElytronExtension.getRequiredService(operationContext.getServiceRegistry(false), Capabilities.HTTP_SERVER_AUTHENTICATION_RUNTIME_CAPABILITY.fromBaseCapability(operationContext.getCurrentAddressValue()).getCapabilityServiceName(HttpAuthenticationFactory.class), HttpAuthenticationFactory.class);
        if (requiredService.getState() != ServiceController.State.UP) {
            return null;
        }
        Collection mechanismNames = ((HttpAuthenticationFactory) requiredService.getValue()).getMechanismNames();
        return (String[]) mechanismNames.toArray(new String[mechanismNames.size()]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResourceDefinition getSecurityDomainSaslConfiguration() {
        final AttributeDefinition build = new SimpleAttributeDefinitionBuilder(BASE_SECURITY_DOMAIN_REF).setCapabilityReference("org.wildfly.security.security-domain", "org.wildfly.security.sasl-server-authentication", true).build();
        final AttributeDefinition mechanismConfiguration = getMechanismConfiguration("org.wildfly.security.sasl-server-authentication");
        AttributeDefinition[] attributeDefinitionArr = {build, SASL_SERVER_FACTORY, mechanismConfiguration};
        return AvailableMechanismsRuntimeResource.wrap(new TrivialResourceDefinition(ElytronDescriptionConstants.SASL_SERVER_AUTHENTICATION, Capabilities.SASL_SERVER_AUTHENTICATION_RUNTIME_CAPABILITY, SaslAuthenticationFactory.class, new TrivialAddHandler<SaslAuthenticationFactory>(Capabilities.SASL_SERVER_AUTHENTICATION_RUNTIME_CAPABILITY, SaslAuthenticationFactory.class, attributeDefinitionArr) { // from class: org.wildfly.extension.elytron.AuthenticationFactoryDefinitions.2
            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected TrivialService.ValueSupplier<SaslAuthenticationFactory> getValueSupplier(ServiceBuilder<SaslAuthenticationFactory> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                String asString = build.resolveModelAttribute(operationContext, modelNode).asString();
                String asString2 = AuthenticationFactoryDefinitions.SASL_SERVER_FACTORY.resolveModelAttribute(operationContext, modelNode).asString();
                InjectedValue injectedValue = new InjectedValue();
                InjectedValue injectedValue2 = new InjectedValue();
                serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.security-domain", asString), SecurityDomain.class), SecurityDomain.class, injectedValue);
                serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.sasl-server-factory", asString2), SaslServerFactory.class), SaslServerFactory.class, injectedValue2);
                Map<String, ResolvedMechanismConfiguration> resolvedMechanismConfiguration = AuthenticationFactoryDefinitions.getResolvedMechanismConfiguration(mechanismConfiguration, serviceBuilder, operationContext, modelNode);
                return () -> {
                    SaslAuthenticationFactory.Builder saslServerFactory = SaslAuthenticationFactory.builder().setSecurityDomain((SecurityDomain) injectedValue.getValue()).setSaslServerFactory((SaslServerFactory) injectedValue2.getValue());
                    AuthenticationFactoryDefinitions.buildMechanismConfiguration(resolvedMechanismConfiguration, saslServerFactory);
                    return saslServerFactory.build();
                };
            }
        }, attributeDefinitionArr), AuthenticationFactoryDefinitions::getAvailableSaslMechanisms);
    }

    private static String[] getAvailableSaslMechanisms(OperationContext operationContext) {
        ServiceController requiredService = ElytronExtension.getRequiredService(operationContext.getServiceRegistry(false), Capabilities.SASL_SERVER_AUTHENTICATION_RUNTIME_CAPABILITY.fromBaseCapability(operationContext.getCurrentAddressValue()).getCapabilityServiceName(SaslAuthenticationFactory.class), SaslAuthenticationFactory.class);
        if (requiredService.getState() != ServiceController.State.UP) {
            return null;
        }
        Collection mechanismNames = ((SaslAuthenticationFactory) requiredService.getValue()).getMechanismNames();
        return (String[]) mechanismNames.toArray(new String[mechanismNames.size()]);
    }
}
