package org.wildfly.extension.elytron;

import java.util.Properties;
import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.ObjectListAttributeDefinition;
import org.jboss.as.controller.ObjectTypeAttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.RestartParentWriteAttributeHandler;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.registry.AttributeAccess;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.OperationEntry;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.ServiceTarget;
import org.wildfly.security.auth.provider.ldap.AttributeMapping;
import org.wildfly.security.auth.provider.ldap.LdapSecurityRealmBuilder;
import org.wildfly.security.auth.provider.ldap.SimpleDirContextFactoryBuilder;
import org.wildfly.security.auth.server.SecurityRealm;

/* loaded from: input_file:org/wildfly/extension/elytron/LdapRealmDefinition.class */
class LdapRealmDefinition extends SimpleResourceDefinition {
    static final ServiceUtil<SecurityRealm> REALM_SERVICE_UTIL = ServiceUtil.newInstance(Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY, ElytronDescriptionConstants.LDAP_REALM, SecurityRealm.class);
    static final SimpleAttributeDefinition DIRECT_VERIFICATION = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.DIRECT_VERIFICATION, ModelType.BOOLEAN, true).setDefaultValue(new ModelNode(false)).setAllowExpression(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    private static final AttributeDefinition[] ATTRIBUTES = {DirContextObjectDefinition.OBJECT_DEFINITION, IdentityMappingObjectDefinition.OBJECT_DEFINITION, DIRECT_VERIFICATION};
    private static final AbstractAddStepHandler ADD = new RealmAddHandler();
    private static final OperationStepHandler REMOVE = new SingleCapabilityServiceRemoveHandler(ADD, Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY, SecurityRealm.class);
    private static final OperationStepHandler WRITE = new WriteAttributeHandler();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/extension/elytron/LdapRealmDefinition$AttributeMappingObjectDefinition.class */
    public static class AttributeMappingObjectDefinition {
        static final SimpleAttributeDefinition FROM = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.FROM, ModelType.STRING, false).setAlternatives(new String[]{ElytronDescriptionConstants.FILTER}).setAllowExpression(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
        static final SimpleAttributeDefinition TO = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.TO, ModelType.STRING, true).setRequires(new String[]{ElytronDescriptionConstants.FROM}).setAllowExpression(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
        static final SimpleAttributeDefinition FILTER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.FILTER, ModelType.STRING, true).setRequires(new String[]{ElytronDescriptionConstants.TO}).setAlternatives(new String[]{ElytronDescriptionConstants.FROM}).setAllowExpression(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
        static final SimpleAttributeDefinition FILTER_BASE_DN = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.FILTER_BASE_DN, ModelType.STRING, true).setRequires(new String[]{ElytronDescriptionConstants.FILTER}).setAllowExpression(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
        static final SimpleAttributeDefinition AS_RDN = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.AS_RDN, ModelType.STRING, true).setAllowExpression(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
        static final SimpleAttributeDefinition[] ATTRIBUTES = {FROM, TO, FILTER, FILTER_BASE_DN, AS_RDN};
        static final ObjectTypeAttributeDefinition OBJECT_DEFINITION = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.ATTRIBUTE, ATTRIBUTES).setAllowNull(true).build();

        AttributeMappingObjectDefinition() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/extension/elytron/LdapRealmDefinition$DirContextObjectDefinition.class */
    public static class DirContextObjectDefinition {
        static final SimpleAttributeDefinition URL = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.URL, ModelType.STRING, false).setAllowExpression(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
        static final SimpleAttributeDefinition AUTHENTICATION_LEVEL = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.AUTHENTICATION_LEVEL, ModelType.STRING, false).setDefaultValue(new ModelNode("simple")).setAllowedValues(new String[]{"none", "simple", "strong"}).setAllowExpression(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
        static final SimpleAttributeDefinition PRINCIPAL = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PRINCIPAL, ModelType.STRING, false).setAllowExpression(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
        static final SimpleAttributeDefinition CREDENTIAL = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.CREDENTIAL, ModelType.STRING, false).setAllowExpression(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
        static final SimpleAttributeDefinition ENABLE_CONNECTION_POOLING = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ENABLE_CONNECTION_POOLING, ModelType.BOOLEAN, false).setDefaultValue(new ModelNode(false)).setAllowExpression(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
        static final SimpleAttributeDefinition[] ATTRIBUTES = {URL, AUTHENTICATION_LEVEL, PRINCIPAL, CREDENTIAL, ENABLE_CONNECTION_POOLING};
        static final ObjectTypeAttributeDefinition OBJECT_DEFINITION = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.DIR_CONTEXT, ATTRIBUTES).setAllowNull(false).build();

        DirContextObjectDefinition() {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/extension/elytron/LdapRealmDefinition$IdentityMappingObjectDefinition.class */
    public static class IdentityMappingObjectDefinition {
        static final SimpleAttributeDefinition RDN_IDENTIFIER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.RDN_IDENTIFIER, ModelType.STRING, false).setAllowExpression(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
        static final SimpleAttributeDefinition USE_RECURSIVE_SEARCH = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.USE_RECURSIVE_SEARCH, ModelType.BOOLEAN, false).setRequires(new String[]{ElytronDescriptionConstants.SEARCH_BASE_DN}).setDefaultValue(new ModelNode(false)).setAllowExpression(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
        static final SimpleAttributeDefinition SEARCH_BASE_DN = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.SEARCH_BASE_DN, ModelType.STRING, true).setRequires(new String[]{ElytronDescriptionConstants.RDN_IDENTIFIER}).setAllowExpression(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
        static final ObjectListAttributeDefinition ATTRIBUTE_MAPPINGS = new ObjectListAttributeDefinition.Builder(ElytronDescriptionConstants.ATTRIBUTE_MAPPING, AttributeMappingObjectDefinition.OBJECT_DEFINITION).setAllowNull(true).setAttributeGroup(ElytronDescriptionConstants.ATTRIBUTE).setAllowDuplicates(true).build();
        static final AttributeDefinition[] ATTRIBUTES = {RDN_IDENTIFIER, USE_RECURSIVE_SEARCH, SEARCH_BASE_DN, ATTRIBUTE_MAPPINGS};
        static final ObjectTypeAttributeDefinition OBJECT_DEFINITION = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.IDENTITY_MAPPING, ATTRIBUTES).setAllowNull(false).build();

        IdentityMappingObjectDefinition() {
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/LdapRealmDefinition$RealmAddHandler.class */
    private static class RealmAddHandler extends BaseAddHandler {
        public static final String CONNECTION_POOLING_PROPERTY = "com.sun.jndi.ldap.connect.pool";

        private RealmAddHandler() {
            super(Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY, LdapRealmDefinition.ATTRIBUTES);
        }

        protected void performRuntime(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
            ServiceTarget serviceTarget = operationContext.getServiceTarget();
            ServiceName capabilityServiceName = Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY.fromBaseCapability(operationContext.getCurrentAddressValue()).getCapabilityServiceName(SecurityRealm.class);
            LdapSecurityRealmBuilder builder = LdapSecurityRealmBuilder.builder();
            configureIdentityMapping(operationContext, modelNode2, builder);
            configureDirContext(operationContext, modelNode2, builder);
            if (LdapRealmDefinition.DIRECT_VERIFICATION.resolveModelAttribute(operationContext, modelNode2).asBoolean()) {
                builder.addDirectEvidenceVerification();
            }
            builder.getClass();
            ElytronDefinition.commonDependencies(serviceTarget.addService(capabilityServiceName, new TrivialService(builder::build))).setInitialMode(ServiceController.Mode.ACTIVE).install();
        }

        private void configureDirContext(OperationContext operationContext, ModelNode modelNode, LdapSecurityRealmBuilder ldapSecurityRealmBuilder) throws OperationFailedException {
            ModelNode resolveModelAttribute = DirContextObjectDefinition.OBJECT_DEFINITION.resolveModelAttribute(operationContext, modelNode);
            Properties properties = new Properties();
            properties.put(CONNECTION_POOLING_PROPERTY, Boolean.valueOf(DirContextObjectDefinition.ENABLE_CONNECTION_POOLING.resolveModelAttribute(operationContext, resolveModelAttribute).asBoolean()));
            ldapSecurityRealmBuilder.setDirContextFactory(SimpleDirContextFactoryBuilder.builder().setProviderUrl(DirContextObjectDefinition.URL.resolveModelAttribute(operationContext, resolveModelAttribute).asString()).setSecurityAuthentication(DirContextObjectDefinition.AUTHENTICATION_LEVEL.resolveModelAttribute(operationContext, resolveModelAttribute).asString()).setSecurityPrincipal(DirContextObjectDefinition.PRINCIPAL.resolveModelAttribute(operationContext, resolveModelAttribute).asString()).setSecurityCredential(DirContextObjectDefinition.CREDENTIAL.resolveModelAttribute(operationContext, resolveModelAttribute).asString()).setConnectionProperties(properties).build());
        }

        private void configureIdentityMapping(OperationContext operationContext, ModelNode modelNode, LdapSecurityRealmBuilder ldapSecurityRealmBuilder) throws OperationFailedException {
            ModelNode resolveModelAttribute = IdentityMappingObjectDefinition.OBJECT_DEFINITION.resolveModelAttribute(operationContext, modelNode);
            LdapSecurityRealmBuilder.IdentityMappingBuilder identityMapping = ldapSecurityRealmBuilder.identityMapping();
            identityMapping.setRdnIdentifier(IdentityMappingObjectDefinition.RDN_IDENTIFIER.resolveModelAttribute(operationContext, resolveModelAttribute).asString());
            ModelNode resolveModelAttribute2 = IdentityMappingObjectDefinition.SEARCH_BASE_DN.resolveModelAttribute(operationContext, resolveModelAttribute);
            if (resolveModelAttribute2.isDefined()) {
                identityMapping.setSearchDn(resolveModelAttribute2.asString());
            }
            if (IdentityMappingObjectDefinition.USE_RECURSIVE_SEARCH.resolveModelAttribute(operationContext, resolveModelAttribute).asBoolean()) {
                identityMapping.searchRecursive();
            }
            ModelNode resolveModelAttribute3 = IdentityMappingObjectDefinition.ATTRIBUTE_MAPPINGS.resolveModelAttribute(operationContext, resolveModelAttribute);
            if (resolveModelAttribute3.isDefined()) {
                for (ModelNode modelNode2 : resolveModelAttribute3.asList()) {
                    ModelNode resolveModelAttribute4 = AttributeMappingObjectDefinition.FROM.resolveModelAttribute(operationContext, modelNode2);
                    ModelNode resolveModelAttribute5 = AttributeMappingObjectDefinition.FILTER.resolveModelAttribute(operationContext, modelNode2);
                    ModelNode resolveModelAttribute6 = AttributeMappingObjectDefinition.FILTER_BASE_DN.resolveModelAttribute(operationContext, modelNode2);
                    AttributeMapping fromFilter = resolveModelAttribute6.isDefined() ? AttributeMapping.fromFilter(resolveModelAttribute6.asString(), resolveModelAttribute5.asString(), resolveModelAttribute4.asString()) : resolveModelAttribute5.isDefined() ? AttributeMapping.fromFilter(resolveModelAttribute5.asString(), resolveModelAttribute4.asString()) : AttributeMapping.from(resolveModelAttribute4.asString());
                    ModelNode resolveModelAttribute7 = AttributeMappingObjectDefinition.TO.resolveModelAttribute(operationContext, modelNode2);
                    if (resolveModelAttribute7.isDefined()) {
                        fromFilter.to(resolveModelAttribute7.asString());
                    }
                    ModelNode resolveModelAttribute8 = AttributeMappingObjectDefinition.AS_RDN.resolveModelAttribute(operationContext, modelNode2);
                    if (resolveModelAttribute8.isDefined()) {
                        fromFilter.asRdn(resolveModelAttribute8.asString());
                    }
                    identityMapping.map(new AttributeMapping[]{fromFilter});
                }
            }
            identityMapping.build();
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/LdapRealmDefinition$WriteAttributeHandler.class */
    private static class WriteAttributeHandler extends RestartParentWriteAttributeHandler {
        WriteAttributeHandler() {
            super(ElytronDescriptionConstants.LDAP_REALM, LdapRealmDefinition.ATTRIBUTES);
        }

        protected ServiceName getParentServiceName(PathAddress pathAddress) {
            return Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY.fromBaseCapability(pathAddress.getLastElement().getValue()).getCapabilityServiceName(SecurityRealm.class);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LdapRealmDefinition() {
        super(new SimpleResourceDefinition.Parameters(PathElement.pathElement(ElytronDescriptionConstants.LDAP_REALM), ElytronExtension.getResourceDescriptionResolver(ElytronDescriptionConstants.LDAP_REALM)).setAddHandler(ADD).setRemoveHandler(REMOVE).setAddRestartLevel(OperationEntry.Flag.RESTART_RESOURCE_SERVICES).setRemoveRestartLevel(OperationEntry.Flag.RESTART_RESOURCE_SERVICES));
    }

    public void registerAttributes(ManagementResourceRegistration managementResourceRegistration) {
        for (AttributeDefinition attributeDefinition : ATTRIBUTES) {
            managementResourceRegistration.registerReadWriteAttribute(attributeDefinition, (OperationStepHandler) null, WRITE);
        }
    }

    public void registerCapabilities(ManagementResourceRegistration managementResourceRegistration) {
        managementResourceRegistration.registerCapability(Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY);
    }
}
