package org.jboss.as.domain.management.access;

import java.util.Arrays;
import java.util.List;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.ListAttributeDefinition;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.StringListAttributeDefinition;
import org.jboss.as.controller.access.CombinationPolicy;
import org.jboss.as.controller.access.management.AccessConstraintUtilizationRegistry;
import org.jboss.as.controller.access.management.DelegatingConfigurableAuthorizer;
import org.jboss.as.controller.access.management.SensitiveTargetAccessConstraintDefinition;
import org.jboss.as.controller.access.management.WritableAuthorizerConfiguration;
import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
import org.jboss.as.controller.operations.validation.EnumValidator;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.Resource;
import org.jboss.as.domain.management._private.DomainManagementResolver;
import org.jboss.as.naming.subsystem.NamingSubsystemModel;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;

/* loaded from: input_file:wildfly.zip:modules/system/layers/base/org/jboss/as/domain-management/main/wildfly-domain-management-15.0.1.Final.jar:org/jboss/as/domain/management/access/AccessAuthorizationResourceDefinition.class */
public class AccessAuthorizationResourceDefinition extends SimpleResourceDefinition {
    public static final PathElement PATH_ELEMENT = PathElement.pathElement("access", "authorization");
    public static final SimpleAttributeDefinition PERMISSION_COMBINATION_POLICY = new SimpleAttributeDefinitionBuilder(ModelDescriptionConstants.PERMISSION_COMBINATION_POLICY, ModelType.STRING, true).setDefaultValue(new ModelNode(CombinationPolicy.PERMISSIVE.toString())).setValidator(new EnumValidator(CombinationPolicy.class, true, false)).build();
    public static final SimpleAttributeDefinition PROVIDER = new SimpleAttributeDefinitionBuilder("provider", ModelType.STRING, true).setDefaultValue(new ModelNode(Provider.SIMPLE.toString())).setValidator(new EnumValidator(Provider.class, true, false)).build();
    public static final SimpleAttributeDefinition USE_IDENTITY_ROLES = new SimpleAttributeDefinitionBuilder(ModelDescriptionConstants.USE_IDENTITY_ROLES, ModelType.BOOLEAN, true).setDefaultValue(ModelNode.FALSE).build();
    static final ListAttributeDefinition STANDARD_ROLE_NAMES = ((StringListAttributeDefinition.Builder) ((StringListAttributeDefinition.Builder) new StringListAttributeDefinition.Builder(ModelDescriptionConstants.STANDARD_ROLE_NAMES).setStorageRuntime()).setRuntimeServiceNotRequired()).build();
    static final ListAttributeDefinition ALL_ROLE_NAMES = ((StringListAttributeDefinition.Builder) ((StringListAttributeDefinition.Builder) new StringListAttributeDefinition.Builder(ModelDescriptionConstants.ALL_ROLE_NAMES).setStorageRuntime()).setRuntimeServiceNotRequired()).build();
    public static final List<AttributeDefinition> CONFIG_ATTRIBUTES = Arrays.asList(PROVIDER, PERMISSION_COMBINATION_POLICY);
    private final DelegatingConfigurableAuthorizer configurableAuthorizer;
    private final boolean isDomain;

    /* loaded from: input_file:wildfly.zip:modules/system/layers/base/org/jboss/as/domain-management/main/wildfly-domain-management-15.0.1.Final.jar:org/jboss/as/domain/management/access/AccessAuthorizationResourceDefinition$Provider.class */
    public enum Provider {
        SIMPLE(NamingSubsystemModel.SIMPLE),
        RBAC("rbac");

        private final String toString;

        Provider(String str) {
            this.toString = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.toString;
        }
    }

    public static AccessAuthorizationResourceDefinition forDomain(DelegatingConfigurableAuthorizer delegatingConfigurableAuthorizer) {
        return new AccessAuthorizationResourceDefinition(delegatingConfigurableAuthorizer, true);
    }

    public static AccessAuthorizationResourceDefinition forDomainServer(DelegatingConfigurableAuthorizer delegatingConfigurableAuthorizer) {
        return new AccessAuthorizationResourceDefinition(delegatingConfigurableAuthorizer, true);
    }

    public static AccessAuthorizationResourceDefinition forStandaloneServer(DelegatingConfigurableAuthorizer delegatingConfigurableAuthorizer) {
        return new AccessAuthorizationResourceDefinition(delegatingConfigurableAuthorizer, false);
    }

    private AccessAuthorizationResourceDefinition(DelegatingConfigurableAuthorizer delegatingConfigurableAuthorizer, boolean z) {
        super(new SimpleResourceDefinition.Parameters(PATH_ELEMENT, DomainManagementResolver.getResolver("core.access-control")).setAccessConstraints(SensitiveTargetAccessConstraintDefinition.ACCESS_CONTROL));
        this.configurableAuthorizer = delegatingConfigurableAuthorizer;
        this.isDomain = z;
    }

    @Override // org.jboss.as.controller.SimpleResourceDefinition, org.jboss.as.controller.ResourceDefinition
    public void registerAttributes(ManagementResourceRegistration managementResourceRegistration) {
        super.registerAttributes(managementResourceRegistration);
        WritableAuthorizerConfiguration writableAuthorizerConfiguration = this.configurableAuthorizer.getWritableAuthorizerConfiguration();
        managementResourceRegistration.registerReadWriteAttribute(PROVIDER, null, new AccessAuthorizationProviderWriteAttributeHander(this.configurableAuthorizer));
        managementResourceRegistration.registerReadWriteAttribute(USE_IDENTITY_ROLES, null, new AccessAuthorizationUseIdentityRolesWriteAttributeHander(this.configurableAuthorizer.getWritableAuthorizerConfiguration()));
        managementResourceRegistration.registerReadWriteAttribute(PERMISSION_COMBINATION_POLICY, null, new AccessAuthorizationCombinationPolicyWriteAttributeHandler(writableAuthorizerConfiguration));
        managementResourceRegistration.registerReadOnlyAttribute(STANDARD_ROLE_NAMES, AccessAuthorizationRolesHandler.getStandardRolesHandler(writableAuthorizerConfiguration));
        managementResourceRegistration.registerReadOnlyAttribute(ALL_ROLE_NAMES, AccessAuthorizationRolesHandler.getAllRolesHandler(writableAuthorizerConfiguration));
    }

    @Override // org.jboss.as.controller.SimpleResourceDefinition, org.jboss.as.controller.ResourceDefinition
    public void registerChildren(ManagementResourceRegistration managementResourceRegistration) {
        managementResourceRegistration.registerSubModel(RoleMappingResourceDefinition.create(this.configurableAuthorizer, this.isDomain));
        if (this.isDomain) {
            WritableAuthorizerConfiguration writableAuthorizerConfiguration = this.configurableAuthorizer.getWritableAuthorizerConfiguration();
            managementResourceRegistration.registerSubModel(new ServerGroupScopedRoleResourceDefinition(writableAuthorizerConfiguration));
            managementResourceRegistration.registerSubModel(new HostScopedRolesResourceDefinition(writableAuthorizerConfiguration));
        }
        managementResourceRegistration.registerSubModel(ApplicationClassificationParentResourceDefinition.INSTANCE);
        managementResourceRegistration.registerSubModel(SensitivityClassificationParentResourceDefinition.INSTANCE);
        managementResourceRegistration.registerSubModel(SensitivityResourceDefinition.createVaultExpressionConfiguration());
    }

    @Override // org.jboss.as.controller.SimpleResourceDefinition, org.jboss.as.controller.ResourceDefinition
    public void registerOperations(ManagementResourceRegistration managementResourceRegistration) {
        super.registerOperations(managementResourceRegistration);
        if (this.isDomain) {
            managementResourceRegistration.registerOperationHandler(AccessAuthorizationDomainSlaveConfigHandler.DEFINITION, new AccessAuthorizationDomainSlaveConfigHandler(this.configurableAuthorizer));
        }
    }

    public static Resource createResource(AccessConstraintUtilizationRegistry accessConstraintUtilizationRegistry) {
        Resource create = Resource.Factory.create();
        create.registerChild(AccessConstraintResources.APPLICATION_PATH_ELEMENT, AccessConstraintResources.getApplicationConfigResource(accessConstraintUtilizationRegistry));
        create.registerChild(AccessConstraintResources.SENSITIVITY_PATH_ELEMENT, AccessConstraintResources.getSensitivityResource(accessConstraintUtilizationRegistry));
        create.registerChild(AccessConstraintResources.VAULT_PATH_ELEMENT, AccessConstraintResources.VAULT_RESOURCE);
        return create;
    }
}
