package org.jboss.migration.eap.task.subsystem.elytron;

import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.client.helpers.Operations;
import org.jboss.migration.wfly10.config.management.HostConfiguration;
import org.jboss.migration.wfly10.config.management.HostControllerConfiguration;
import org.jboss.migration.wfly10.config.management.ManageableServerConfiguration;
import org.jboss.migration.wfly10.config.management.ManageableServerConfigurationType;
import org.jboss.migration.wfly10.config.management.StandaloneServerConfiguration;
import org.jboss.migration.wfly11.task.subsystem.elytron.ConstantRealmMapperAddOperation;
import org.jboss.migration.wfly11.task.subsystem.elytron.ConstantRoleMapperAddOperation;
import org.jboss.migration.wfly11.task.subsystem.elytron.Permission;
import org.jboss.migration.wfly11.task.subsystem.elytron.PermissionMapping;
import org.jboss.migration.wfly11.task.subsystem.elytron.SecurityDomainAddOperation;
import org.jboss.migration.wfly11.task.subsystem.elytron.SimplePermissionMapperAddOperation;
import org.jboss.migration.wfly11.task.subsystem.elytron.SimpleRoleDecoderAddOperation;

/* loaded from: input_file:org/jboss/migration/eap/task/subsystem/elytron/AddElytronSubsystemConfig.class */
public class AddElytronSubsystemConfig<S> extends org.jboss.migration.wfly11.task.subsystem.elytron.AddElytronSubsystemConfig<S> {
    protected void addSecurityDomains(ManageableServerConfiguration manageableServerConfiguration, PathAddress pathAddress, Operations.CompositeOperationBuilder compositeOperationBuilder) {
        ManageableServerConfigurationType configurationType = manageableServerConfiguration.getConfigurationType();
        if (configurationType == StandaloneServerConfiguration.RESOURCE_TYPE || configurationType == HostControllerConfiguration.RESOURCE_TYPE) {
            SecurityDomainAddOperation addRealm = new SecurityDomainAddOperation(pathAddress, "ApplicationDomain").permissionMapper("default-permission-mapper").defaultRealm("ApplicationRealm").addRealm(new SecurityDomainAddOperation.Realm("ApplicationRealm").roleDecoder("groups-to-roles"));
            if (configurationType == StandaloneServerConfiguration.RESOURCE_TYPE) {
                addRealm.addRealm(new SecurityDomainAddOperation.Realm("local"));
            }
            compositeOperationBuilder.addStep(addRealm.toModelNode());
        }
        if (configurationType == StandaloneServerConfiguration.RESOURCE_TYPE || configurationType == HostConfiguration.RESOURCE_TYPE) {
            compositeOperationBuilder.addStep(new SecurityDomainAddOperation(pathAddress, "ManagementDomain").permissionMapper("default-permission-mapper").defaultRealm("ManagementRealm").addRealm(new SecurityDomainAddOperation.Realm("ManagementRealm").roleDecoder("groups-to-roles")).addRealm(new SecurityDomainAddOperation.Realm("local").roleMapper("super-user-mapper")).toModelNode());
        }
    }

    protected void addMappers(ManageableServerConfiguration manageableServerConfiguration, PathAddress pathAddress, Operations.CompositeOperationBuilder compositeOperationBuilder) {
        ManageableServerConfigurationType configurationType = manageableServerConfiguration.getConfigurationType();
        PermissionMapping addPrincipal = new PermissionMapping().addPrincipal("anonymous");
        if (configurationType == StandaloneServerConfiguration.RESOURCE_TYPE || configurationType == HostControllerConfiguration.RESOURCE_TYPE) {
            addPrincipal.addPermission(new Permission("org.wildfly.extension.batch.jberet.deployment.BatchPermission").module("org.wildfly.extension.batch.jberet").targetName("*")).addPermission(new Permission("org.wildfly.transaction.client.RemoteTransactionPermission").module("org.wildfly.transaction.client")).addPermission(new Permission("org.jboss.ejb.client.RemoteEJBPermission").module("org.jboss.ejb-client"));
        }
        PermissionMapping addPermission = new PermissionMapping().matchAll(true).addPermission(new Permission("org.wildfly.security.auth.permission.LoginPermission"));
        if (configurationType == StandaloneServerConfiguration.RESOURCE_TYPE || configurationType == HostControllerConfiguration.RESOURCE_TYPE) {
            addPermission.addPermission(new Permission("org.wildfly.extension.batch.jberet.deployment.BatchPermission").module("org.wildfly.extension.batch.jberet").targetName("*")).addPermission(new Permission("org.wildfly.transaction.client.RemoteTransactionPermission").module("org.wildfly.transaction.client")).addPermission(new Permission("org.jboss.ejb.client.RemoteEJBPermission").module("org.jboss.ejb-client"));
        }
        compositeOperationBuilder.addStep(new SimplePermissionMapperAddOperation(pathAddress, "default-permission-mapper").mappingMode("first").addPermissionMapping(addPrincipal).addPermissionMapping(addPermission).toModelNode());
        compositeOperationBuilder.addStep(new ConstantRealmMapperAddOperation(pathAddress, "local").realmName("local").toModelNode());
        compositeOperationBuilder.addStep(new SimpleRoleDecoderAddOperation(pathAddress, "groups-to-roles").attribute("groups").toModelNode());
        compositeOperationBuilder.addStep(new ConstantRoleMapperAddOperation(pathAddress, "super-user-mapper").addRole("SuperUser").toModelNode());
    }
}
