package org.jboss.as.security;

import java.security.Principal;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.jboss.as.cli.Util;
import org.jboss.as.controller.AbstractRuntimeOnlyHandler;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.ServiceRemoveStepHandler;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleOperationDefinition;
import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.access.constraint.ApplicationTypeConfig;
import org.jboss.as.controller.access.management.AccessConstraintDefinition;
import org.jboss.as.controller.access.management.ApplicationTypeAccessConstraintDefinition;
import org.jboss.as.controller.access.management.SensitiveTargetAccessConstraintDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.operations.validation.StringAllowedValuesValidator;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.OperationEntry;
import org.jboss.as.security.logging.SecurityLogger;
import org.jboss.as.security.plugins.SecurityDomainContext;
import org.jboss.as.security.service.SecurityDomainService;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.StabilityMonitor;
import org.jboss.security.CacheableManager;
import org.jboss.security.SimplePrincipal;
import org.wildfly.clustering.infinispan.spi.InfinispanCacheRequirement;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/jboss/as/security/SecurityDomainResourceDefinition.class */
public class SecurityDomainResourceDefinition extends SimpleResourceDefinition {
    static final String CACHE_CONTAINER_NAME = "security";
    private final boolean registerRuntimeOnly;
    private final List<AccessConstraintDefinition> accessConstraints;
    static final RuntimeCapability<Void> LEGACY_SECURITY_DOMAIN = RuntimeCapability.Builder.of("org.wildfly.security.legacy-security-domain", true).setServiceType(SecurityDomainContext.class).build();
    static final String INFINISPAN_CACHE_TYPE = "infinispan";
    public static final SimpleAttributeDefinition CACHE_TYPE = new SimpleAttributeDefinitionBuilder(Constants.CACHE_TYPE, ModelType.STRING, true).setAllowExpression(true).setValidator(new StringAllowedValuesValidator(new String[]{Util.DEFAULT, INFINISPAN_CACHE_TYPE})).build();

    /* loaded from: input_file:org/jboss/as/security/SecurityDomainResourceDefinition$FlushOperation.class */
    static final class FlushOperation extends AbstractRuntimeOnlyHandler {
        static final FlushOperation INSTANCE = new FlushOperation();
        static final SimpleOperationDefinition DEFINITION = new SimpleOperationDefinitionBuilder(Constants.FLUSH_CACHE, SecurityExtension.getResourceDescriptionResolver("security-domain")).setEntryType(OperationEntry.EntryType.PUBLIC).setRuntimeOnly().addParameter(new SimpleAttributeDefinitionBuilder(Constants.PRINCIPAL_ARGUMENT, ModelType.STRING).setRequired(false).build()).build();

        FlushOperation() {
        }

        protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            String value = PathAddress.pathAddress(modelNode.require("address")).getLastElement().getValue();
            String str = null;
            if (modelNode.hasDefined(Constants.PRINCIPAL_ARGUMENT)) {
                str = modelNode.get(Constants.PRINCIPAL_ARGUMENT).asString();
            }
            ServiceController securityDomainService = SecurityDomainResourceDefinition.getSecurityDomainService(operationContext, value);
            if (securityDomainService == null) {
                throw SecurityLogger.ROOT_LOGGER.noAuthenticationCacheAvailable(value);
            }
            SecurityDomainResourceDefinition.waitForService(securityDomainService);
            CacheableManager cacheableManager = (CacheableManager) ((SecurityDomainContext) securityDomainService.getValue()).getAuthenticationManager();
            if (str != null) {
                cacheableManager.flushCache(new SimplePrincipal(str));
            } else {
                cacheableManager.flushCache();
            }
            operationContext.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER);
        }
    }

    /* loaded from: input_file:org/jboss/as/security/SecurityDomainResourceDefinition$ListCachePrincipals.class */
    static class ListCachePrincipals extends AbstractRuntimeOnlyHandler {
        static final ListCachePrincipals INSTANCE = new ListCachePrincipals();
        static final SimpleOperationDefinition DEFINITION = new SimpleOperationDefinitionBuilder(Constants.LIST_CACHED_PRINCIPALS, SecurityExtension.getResourceDescriptionResolver(Constants.LIST_CACHED_PRINCIPALS)).setReadOnly().setRuntimeOnly().setReplyType(ModelType.LIST).setReplyValueType(ModelType.STRING).build();

        ListCachePrincipals() {
        }

        protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            String value = PathAddress.pathAddress(modelNode.require("address")).getLastElement().getValue();
            ServiceController securityDomainService = SecurityDomainResourceDefinition.getSecurityDomainService(operationContext, value);
            if (securityDomainService == null) {
                throw SecurityLogger.ROOT_LOGGER.noAuthenticationCacheAvailable(value);
            }
            SecurityDomainResourceDefinition.waitForService(securityDomainService);
            Set cachedKeys = ((CacheableManager) ((SecurityDomainContext) securityDomainService.getValue()).getAuthenticationManager()).getCachedKeys();
            ModelNode result = operationContext.getResult();
            Iterator it = cachedKeys.iterator();
            while (it.hasNext()) {
                result.add(((Principal) it.next()).getName());
            }
            if (!result.isDefined()) {
                result.setEmptyList();
            }
            operationContext.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityDomainResourceDefinition(boolean z) {
        super(new SimpleResourceDefinition.Parameters(SecurityExtension.SECURITY_DOMAIN_PATH, SecurityExtension.getResourceDescriptionResolver("security-domain")).setAddHandler(SecurityDomainAdd.INSTANCE).setRemoveHandler(new ServiceRemoveStepHandler(SecurityDomainService.SERVICE_NAME, SecurityDomainAdd.INSTANCE) { // from class: org.jboss.as.security.SecurityDomainResourceDefinition.1
            protected void performRuntime(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2) {
                super.performRuntime(operationContext, modelNode, modelNode2);
                if (operationContext.isResourceServiceRestartAllowed()) {
                    String authenticationCacheType = SecurityDomainAdd.getAuthenticationCacheType(modelNode2);
                    String currentAddressValue = operationContext.getCurrentAddressValue();
                    if (SecurityDomainResourceDefinition.INFINISPAN_CACHE_TYPE.equals(authenticationCacheType)) {
                        Iterator it = EnumSet.allOf(InfinispanCacheRequirement.class).iterator();
                        while (it.hasNext()) {
                            operationContext.removeService(((InfinispanCacheRequirement) it.next()).getServiceName(operationContext, "security", currentAddressValue));
                        }
                    }
                }
            }
        }).setCapabilities(new RuntimeCapability[]{LEGACY_SECURITY_DOMAIN}));
        this.registerRuntimeOnly = z;
        this.accessConstraints = Arrays.asList(SensitiveTargetAccessConstraintDefinition.SECURITY_DOMAIN, new ApplicationTypeAccessConstraintDefinition(new ApplicationTypeConfig("security", "security-domain")));
        setDeprecated(SecurityExtension.DEPRECATED_SINCE);
    }

    public void registerAttributes(ManagementResourceRegistration managementResourceRegistration) {
        managementResourceRegistration.registerReadWriteAttribute(CACHE_TYPE, (OperationStepHandler) null, new SecurityDomainReloadWriteHandler(CACHE_TYPE));
    }

    public void registerOperations(ManagementResourceRegistration managementResourceRegistration) {
        super.registerOperations(managementResourceRegistration);
        if (this.registerRuntimeOnly) {
            managementResourceRegistration.registerOperationHandler(ListCachePrincipals.DEFINITION, ListCachePrincipals.INSTANCE);
            managementResourceRegistration.registerOperationHandler(FlushOperation.DEFINITION, FlushOperation.INSTANCE);
        }
    }

    public List<AccessConstraintDefinition> getAccessConstraints() {
        return this.accessConstraints;
    }

    public static ServiceName getSecurityDomainServiceName(PathAddress pathAddress) {
        PathAddress parentAddressByKey = org.jboss.as.controller.operations.common.Util.getParentAddressByKey(pathAddress, "security-domain");
        if (parentAddressByKey == null) {
            throw SecurityLogger.ROOT_LOGGER.addressDidNotContainSecurityDomain();
        }
        return SecurityDomainService.SERVICE_NAME.append(parentAddressByKey.getLastElement().getValue());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ServiceController<SecurityDomainContext> getSecurityDomainService(OperationContext operationContext, String str) {
        return operationContext.getServiceRegistry(false).getRequiredService(SecurityDomainService.SERVICE_NAME.append(str));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void waitForService(ServiceController<?> serviceController) throws OperationFailedException {
        if (serviceController.getState() == ServiceController.State.UP) {
            return;
        }
        StabilityMonitor stabilityMonitor = new StabilityMonitor();
        stabilityMonitor.addController(serviceController);
        try {
            try {
                stabilityMonitor.awaitStability(100L, TimeUnit.MILLISECONDS);
                stabilityMonitor.removeController(serviceController);
                if (serviceController.getState() != ServiceController.State.UP) {
                    throw SecurityLogger.ROOT_LOGGER.requiredSecurityDomainServiceNotAvailable(serviceController.getName().getSimpleName());
                }
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                throw SecurityLogger.ROOT_LOGGER.interruptedWaitingForSecurityDomain(serviceController.getName().getSimpleName());
            }
        } catch (Throwable th) {
            stabilityMonitor.removeController(serviceController);
            throw th;
        }
    }
}
