package org.jboss.as.ejb3.subsystem;

import java.security.Policy;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.function.Function;
import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.ReloadRequiredWriteAttributeHandler;
import org.jboss.as.controller.ServiceRemoveStepHandler;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.StringListAttributeDefinition;
import org.jboss.as.controller.access.constraint.ApplicationTypeConfig;
import org.jboss.as.controller.access.constraint.SensitivityClassification;
import org.jboss.as.controller.access.management.AccessConstraintDefinition;
import org.jboss.as.controller.access.management.ApplicationTypeAccessConstraintDefinition;
import org.jboss.as.controller.access.management.SensitiveTargetAccessConstraintDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.operations.validation.StringLengthValidator;
import org.jboss.as.controller.registry.AttributeAccess;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.Resource;
import org.jboss.as.ejb3.security.ApplicationSecurityDomainConfig;
import org.jboss.as.ejb3.subsystem.ApplicationSecurityDomainService;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.service.Service;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.wildfly.security.auth.server.SecurityDomain;

/* loaded from: input_file:org/jboss/as/ejb3/subsystem/ApplicationSecurityDomainDefinition.class */
public class ApplicationSecurityDomainDefinition extends SimpleResourceDefinition {
    private static final String JACC_POLICY_CAPABILITY = "org.wildfly.security.jacc-policy";
    public static final String APPLICATION_SECURITY_DOMAIN_CAPABILITY = "org.wildfly.ejb3.application-security-domain";
    static final RuntimeCapability<Void> APPLICATION_SECURITY_DOMAIN_RUNTIME_CAPABILITY = RuntimeCapability.Builder.of(APPLICATION_SECURITY_DOMAIN_CAPABILITY, true, ApplicationSecurityDomainService.ApplicationSecurityDomain.class).build();
    private static final String SECURITY_DOMAIN_CAPABILITY = "org.wildfly.security.security-domain";
    static final SimpleAttributeDefinition SECURITY_DOMAIN = new SimpleAttributeDefinitionBuilder(EJB3SubsystemModel.SECURITY_DOMAIN, ModelType.STRING, false).setValidator(new StringLengthValidator(1)).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_ALL_SERVICES}).setCapabilityReference(SECURITY_DOMAIN_CAPABILITY, APPLICATION_SECURITY_DOMAIN_CAPABILITY, true).setAccessConstraints(new AccessConstraintDefinition[]{SensitiveTargetAccessConstraintDefinition.ELYTRON_SECURITY_DOMAIN_REF}).build();
    private static StringListAttributeDefinition REFERENCING_DEPLOYMENTS = new StringListAttributeDefinition.Builder(EJB3SubsystemModel.REFERENCING_DEPLOYMENTS).setStorageRuntime().build();
    static final SimpleAttributeDefinition ENABLE_JACC = new SimpleAttributeDefinitionBuilder(EJB3SubsystemModel.ENABLE_JACC, ModelType.BOOLEAN, true).setDefaultValue(ModelNode.FALSE).setMinSize(1).setRestartAllServices().build();
    private static final AttributeDefinition[] ATTRIBUTES = {SECURITY_DOMAIN, ENABLE_JACC};
    static final ApplicationSecurityDomainDefinition INSTANCE = new ApplicationSecurityDomainDefinition();
    private static final Set<ApplicationSecurityDomainConfig> knownApplicationSecurityDomains = Collections.synchronizedSet(new HashSet());

    /* loaded from: input_file:org/jboss/as/ejb3/subsystem/ApplicationSecurityDomainDefinition$AddHandler.class */
    private static class AddHandler extends AbstractAddStepHandler {
        private AddHandler() {
            super(ApplicationSecurityDomainDefinition.ATTRIBUTES);
        }

        protected void populateModel(OperationContext operationContext, ModelNode modelNode, Resource resource) throws OperationFailedException {
            super.populateModel(operationContext, modelNode, resource);
            ModelNode model = resource.getModel();
            boolean z = false;
            if (model.hasDefined(ApplicationSecurityDomainDefinition.ENABLE_JACC.getName())) {
                z = ApplicationSecurityDomainDefinition.ENABLE_JACC.resolveModelAttribute(operationContext, model).asBoolean();
            }
            ApplicationSecurityDomainDefinition.knownApplicationSecurityDomains.add(new ApplicationSecurityDomainConfig(operationContext.getCurrentAddressValue(), z));
        }

        protected void performRuntime(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
            String asString = ApplicationSecurityDomainDefinition.SECURITY_DOMAIN.resolveModelAttribute(operationContext, modelNode2).asString();
            boolean asBoolean = ApplicationSecurityDomainDefinition.ENABLE_JACC.resolveModelAttribute(operationContext, modelNode2).asBoolean();
            ServiceName capabilityServiceName = ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_RUNTIME_CAPABILITY.fromBaseCapability(operationContext.getCurrentAddressValue()).getCapabilityServiceName(ApplicationSecurityDomainService.ApplicationSecurityDomain.class);
            ApplicationSecurityDomainService applicationSecurityDomainService = new ApplicationSecurityDomainService(asBoolean);
            ServiceBuilder initialMode = operationContext.getServiceTarget().addService(capabilityServiceName, applicationSecurityDomainService).setInitialMode(ServiceController.Mode.LAZY);
            initialMode.addDependency(operationContext.getCapabilityServiceName(ApplicationSecurityDomainDefinition.SECURITY_DOMAIN_CAPABILITY, asString, SecurityDomain.class), SecurityDomain.class, applicationSecurityDomainService.getSecurityDomainInjector());
            if (modelNode2.hasDefined(ApplicationSecurityDomainDefinition.ENABLE_JACC.getName()) && ApplicationSecurityDomainDefinition.ENABLE_JACC.resolveModelAttribute(operationContext, modelNode2).asBoolean()) {
                initialMode.requires(operationContext.getCapabilityServiceName(ApplicationSecurityDomainDefinition.JACC_POLICY_CAPABILITY, Policy.class));
            }
            initialMode.install();
        }
    }

    /* loaded from: input_file:org/jboss/as/ejb3/subsystem/ApplicationSecurityDomainDefinition$ReferencingDeploymentsHandler.class */
    private static class ReferencingDeploymentsHandler implements OperationStepHandler {
        private ReferencingDeploymentsHandler() {
        }

        public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            if (operationContext.isDefaultRequiresRuntime()) {
                operationContext.addStep((operationContext2, modelNode2) -> {
                    ServiceController requiredService = operationContext.getServiceRegistry(false).getRequiredService(ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_RUNTIME_CAPABILITY.fromBaseCapability(operationContext.getCurrentAddressValue()).getCapabilityServiceName(ApplicationSecurityDomainService.ApplicationSecurityDomain.class));
                    ModelNode modelNode2 = new ModelNode();
                    if (requiredService.getState() == ServiceController.State.UP) {
                        Service service = requiredService.getService();
                        if (service instanceof ApplicationSecurityDomainService) {
                            for (String str : ((ApplicationSecurityDomainService) service).getDeployments()) {
                                modelNode2.add(str);
                            }
                        }
                    }
                    operationContext.getResult().set(modelNode2);
                }, OperationContext.Stage.RUNTIME);
            }
        }
    }

    /* loaded from: input_file:org/jboss/as/ejb3/subsystem/ApplicationSecurityDomainDefinition$RemoveHandler.class */
    private static class RemoveHandler extends ServiceRemoveStepHandler {
        protected RemoveHandler(AbstractAddStepHandler abstractAddStepHandler) {
            super(abstractAddStepHandler);
        }

        protected void performRemove(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
            HashSet hashSet;
            super.performRemove(operationContext, modelNode, modelNode2);
            synchronized (ApplicationSecurityDomainDefinition.knownApplicationSecurityDomains) {
                hashSet = new HashSet(ApplicationSecurityDomainDefinition.knownApplicationSecurityDomains);
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                ApplicationSecurityDomainConfig applicationSecurityDomainConfig = (ApplicationSecurityDomainConfig) it.next();
                if (applicationSecurityDomainConfig.isSameDomain(operationContext.getCurrentAddressValue())) {
                    ApplicationSecurityDomainDefinition.knownApplicationSecurityDomains.remove(applicationSecurityDomainConfig);
                }
            }
        }

        protected ServiceName serviceName(String str) {
            return ApplicationSecurityDomainDefinition.APPLICATION_SECURITY_DOMAIN_RUNTIME_CAPABILITY.fromBaseCapability(str).getCapabilityServiceName(ApplicationSecurityDomainService.ApplicationSecurityDomain.class);
        }
    }

    private ApplicationSecurityDomainDefinition() {
        this(new SimpleResourceDefinition.Parameters(PathElement.pathElement(EJB3SubsystemModel.APPLICATION_SECURITY_DOMAIN), EJB3Extension.getResourceDescriptionResolver(EJB3SubsystemModel.APPLICATION_SECURITY_DOMAIN)).setCapabilities(new RuntimeCapability[]{APPLICATION_SECURITY_DOMAIN_RUNTIME_CAPABILITY}).addAccessConstraints(new AccessConstraintDefinition[]{new SensitiveTargetAccessConstraintDefinition(new SensitivityClassification("ejb3", EJB3SubsystemModel.APPLICATION_SECURITY_DOMAIN, false, false, false)), new ApplicationTypeAccessConstraintDefinition(new ApplicationTypeConfig("ejb3", EJB3SubsystemModel.APPLICATION_SECURITY_DOMAIN))}), new AddHandler());
    }

    private ApplicationSecurityDomainDefinition(SimpleResourceDefinition.Parameters parameters, AbstractAddStepHandler abstractAddStepHandler) {
        super(parameters.setAddHandler(abstractAddStepHandler).setRemoveHandler(new RemoveHandler(abstractAddStepHandler)));
    }

    public void registerAttributes(ManagementResourceRegistration managementResourceRegistration) {
        knownApplicationSecurityDomains.clear();
        ReloadRequiredWriteAttributeHandler reloadRequiredWriteAttributeHandler = new ReloadRequiredWriteAttributeHandler(ATTRIBUTES);
        for (AttributeDefinition attributeDefinition : ATTRIBUTES) {
            managementResourceRegistration.registerReadWriteAttribute(attributeDefinition, (OperationStepHandler) null, reloadRequiredWriteAttributeHandler);
        }
        if (managementResourceRegistration.getProcessType().isServer()) {
            managementResourceRegistration.registerReadOnlyAttribute(REFERENCING_DEPLOYMENTS, new ReferencingDeploymentsHandler());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Function<String, ApplicationSecurityDomainConfig> getKnownSecurityDomainFunction() {
        return str -> {
            synchronized (knownApplicationSecurityDomains) {
                for (ApplicationSecurityDomainConfig applicationSecurityDomainConfig : knownApplicationSecurityDomains) {
                    if (applicationSecurityDomainConfig.isSameDomain(str)) {
                        return applicationSecurityDomainConfig;
                    }
                }
                return null;
            }
        };
    }
}
