package org.jboss.migration.eap.task.subsystem.elytron;

import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.client.helpers.Operations;
import org.jboss.migration.core.task.TaskContext;
import org.jboss.migration.core.task.component.TaskSkipPolicy;
import org.jboss.migration.eap.task.subsystem.elytron.PropertiesRealmAddOperation;
import org.jboss.migration.eap.task.subsystem.elytron.SecurityDomainAddOperation;
import org.jboss.migration.wfly10.config.management.HostConfiguration;
import org.jboss.migration.wfly10.config.management.HostControllerConfiguration;
import org.jboss.migration.wfly10.config.management.ManageableServerConfiguration;
import org.jboss.migration.wfly10.config.management.ManageableServerConfigurationType;
import org.jboss.migration.wfly10.config.management.StandaloneServerConfiguration;
import org.jboss.migration.wfly10.config.management.SubsystemResource;
import org.jboss.migration.wfly10.config.task.management.resource.ManageableResourceBuildParameters;
import org.jboss.migration.wfly10.config.task.management.subsystem.AddSubsystemResourceSubtaskBuilder;
import org.jboss.migration.wfly10.config.task.management.subsystem.AddSubsystemResources;

/* loaded from: input_file:org/jboss/migration/eap/task/subsystem/elytron/AddElytronSubsystem.class */
public class AddElytronSubsystem<S> extends AddSubsystemResources<S> {

    /* loaded from: input_file:org/jboss/migration/eap/task/subsystem/elytron/AddElytronSubsystem$AddElytronSubsystemConfig.class */
    public static class AddElytronSubsystemConfig<S> extends AddSubsystemResourceSubtaskBuilder<S> {
        protected AddElytronSubsystemConfig() {
            super("elytron");
            skipPolicy(TaskSkipPolicy.skipIfDefaultTaskSkipPropertyIsSet());
        }

        protected void addConfiguration(ManageableResourceBuildParameters<S, SubsystemResource.Parent> manageableResourceBuildParameters, TaskContext taskContext) {
            ManageableServerConfiguration serverConfiguration = manageableResourceBuildParameters.getServerConfiguration();
            ManageableServerConfigurationType configurationType = serverConfiguration.getConfigurationType();
            PathAddress subsystemResourcePathAddress = manageableResourceBuildParameters.getResource().getSubsystemResourcePathAddress(getSubsystem());
            Operations.CompositeOperationBuilder create = Operations.CompositeOperationBuilder.create();
            create.addStep(new SubsystemAddOperation(subsystemResourcePathAddress).finalProviders("combined-providers").addDisallowedProvider("OracleUcrypto").toModelNode());
            create.addStep(new ProviderLoaderAddOperation(subsystemResourcePathAddress, "elytron").module("org.wildfly.security.elytron").toModelNode());
            create.addStep(new ProviderLoaderAddOperation(subsystemResourcePathAddress, "openssl").module("org.wildfly.openssl").toModelNode());
            create.addStep(new AggregateProvidersAddOperation(subsystemResourcePathAddress, "combined-providers").addProvider("elytron").addProvider("openssl").toModelNode());
            create.addStep(new FileAuditLogAddOperation(subsystemResourcePathAddress, "local-audit").path("audit.log").relativeTo(configurationType != HostConfiguration.RESOURCE_TYPE ? "jboss.server.log.dir" : "jboss.domain.log.dir").format("JSON").toModelNode());
            if (configurationType == StandaloneServerConfiguration.RESOURCE_TYPE || configurationType == HostControllerConfiguration.RESOURCE_TYPE) {
                SecurityDomainAddOperation addRealm = new SecurityDomainAddOperation(subsystemResourcePathAddress, "ApplicationDomain").permissionMapper("default-permission-mapper").defaultRealm("ApplicationRealm").securityEventListener("local-audit").addRealm(new SecurityDomainAddOperation.Realm("ApplicationRealm").roleDecoder("groups-to-roles"));
                if (configurationType == StandaloneServerConfiguration.RESOURCE_TYPE) {
                    addRealm.addRealm(new SecurityDomainAddOperation.Realm("local"));
                }
                create.addStep(addRealm.toModelNode());
            }
            if (configurationType == StandaloneServerConfiguration.RESOURCE_TYPE || configurationType == HostConfiguration.RESOURCE_TYPE) {
                create.addStep(new SecurityDomainAddOperation(subsystemResourcePathAddress, "ManagementDomain").permissionMapper("default-permission-mapper").defaultRealm("ManagementRealm").securityEventListener("local-audit").addRealm(new SecurityDomainAddOperation.Realm("ManagementRealm").roleDecoder("groups-to-roles")).addRealm(new SecurityDomainAddOperation.Realm("local").roleMapper("super-user-mapper")).toModelNode());
            }
            create.addStep(new IdentityRealmAddOperation(subsystemResourcePathAddress, "local").identity("$local").toModelNode());
            if (configurationType == StandaloneServerConfiguration.RESOURCE_TYPE || configurationType == HostControllerConfiguration.RESOURCE_TYPE) {
                create.addStep(new PropertiesRealmAddOperation(subsystemResourcePathAddress, "ApplicationRealm").usersProperties(new PropertiesRealmAddOperation.Properties("application-users.properties").relativeTo(configurationType == StandaloneServerConfiguration.RESOURCE_TYPE ? "jboss.server.config.dir" : "jboss.domain.config.dir").digestRealmName("ApplicationRealm")).groupsProperties(new PropertiesRealmAddOperation.Properties("application-roles.properties").relativeTo(configurationType == StandaloneServerConfiguration.RESOURCE_TYPE ? "jboss.server.config.dir" : "jboss.domain.config.dir")).toModelNode());
            }
            if (configurationType == StandaloneServerConfiguration.RESOURCE_TYPE || configurationType == HostConfiguration.RESOURCE_TYPE) {
                create.addStep(new PropertiesRealmAddOperation(subsystemResourcePathAddress, "ManagementRealm").usersProperties(new PropertiesRealmAddOperation.Properties("mgmt-users.properties").relativeTo(configurationType == StandaloneServerConfiguration.RESOURCE_TYPE ? "jboss.server.config.dir" : "jboss.domain.config.dir").digestRealmName("ManagementRealm")).groupsProperties(new PropertiesRealmAddOperation.Properties("mgmt-groups.properties").relativeTo(configurationType == StandaloneServerConfiguration.RESOURCE_TYPE ? "jboss.server.config.dir" : "jboss.domain.config.dir")).toModelNode());
            }
            create.addStep(new LogicalPermissionMapperAddOperation(subsystemResourcePathAddress, "default-permission-mapper").logicalOperation("unless").left("constant-permission-mapper").right("anonymous-permission-mapper").toModelNode());
            create.addStep(new SimplePermissionMapperAddOperation(subsystemResourcePathAddress, "anonymous-permission-mapper").addPermissionMapping(new PermissionMapping().addPrincipal("anonymous").addPermission(new Permission("org.wildfly.security.auth.permission.LoginPermission"))).toModelNode());
            ConstantPermissionMapperAddOperation addPermission = new ConstantPermissionMapperAddOperation(subsystemResourcePathAddress, "constant-permission-mapper").addPermission(new Permission("org.wildfly.security.auth.permission.LoginPermission"));
            if (configurationType == StandaloneServerConfiguration.RESOURCE_TYPE || configurationType == HostControllerConfiguration.RESOURCE_TYPE) {
                addPermission.addPermission(new Permission("org.wildfly.extension.batch.jberet.deployment.BatchPermission").module("org.wildfly.extension.batch.jberet").targetName("*")).addPermission(new Permission("org.wildfly.transaction.client.RemoteTransactionPermission").module("org.wildfly.transaction.client")).addPermission(new Permission("org.jboss.ejb.client.RemoteEJBPermission").module("org.jboss.ejb-client"));
            }
            create.addStep(addPermission.toModelNode());
            create.addStep(new ConstantRealmMapperAddOperation(subsystemResourcePathAddress, "local").realmName("local").toModelNode());
            create.addStep(new SimpleRoleDecoderAddOperation(subsystemResourcePathAddress, "groups-to-roles").attribute("groups").toModelNode());
            create.addStep(new ConstantRoleMapperAddOperation(subsystemResourcePathAddress, "super-user-mapper").addRole("SuperUser").toModelNode());
            if (configurationType == StandaloneServerConfiguration.RESOURCE_TYPE) {
                create.addStep(new HttpAuthenticationFactoryAddOperation(subsystemResourcePathAddress, "management-http-authentication").securityDomain("ManagementDomain").httpServerMechanismFactory("global").addMechanismConfiguration(new MechanismConfiguration("DIGEST").addMechanismRealmConfiguration(new MechanismRealmConfiguration("ManagementRealm"))).toModelNode());
            } else if (configurationType == HostConfiguration.RESOURCE_TYPE) {
                create.addStep(new HttpAuthenticationFactoryAddOperation(subsystemResourcePathAddress, "management-http-authentication").securityDomain("ManagementDomain").httpServerMechanismFactory("global").addMechanismConfiguration(new MechanismConfiguration("BASIC").addMechanismRealmConfiguration(new MechanismRealmConfiguration("Management Realm"))).toModelNode());
            }
            if (configurationType == StandaloneServerConfiguration.RESOURCE_TYPE || configurationType == HostControllerConfiguration.RESOURCE_TYPE) {
                create.addStep(new HttpAuthenticationFactoryAddOperation(subsystemResourcePathAddress, "application-http-authentication").securityDomain("ApplicationDomain").httpServerMechanismFactory("global").addMechanismConfiguration(new MechanismConfiguration("BASIC").addMechanismRealmConfiguration(new MechanismRealmConfiguration("Application Realm"))).addMechanismConfiguration(new MechanismConfiguration("FORM")).toModelNode());
            }
            create.addStep(new ProviderHttpServerMechanismFactoryAddOperation(subsystemResourcePathAddress, "global").toModelNode());
            if (configurationType == StandaloneServerConfiguration.RESOURCE_TYPE || configurationType == HostConfiguration.RESOURCE_TYPE) {
                create.addStep(new SaslAuthenticationFactoryAddOperation(subsystemResourcePathAddress, "management-sasl-authentication").securityDomain("ManagementDomain").saslServerFactory("configured").addMechanismConfiguration(new MechanismConfiguration("JBOSS-LOCAL-USER").realmMapper("local")).addMechanismConfiguration(new MechanismConfiguration("DIGEST-MD5").addMechanismRealmConfiguration(new MechanismRealmConfiguration("ManagementRealm"))).toModelNode());
            }
            if (configurationType == StandaloneServerConfiguration.RESOURCE_TYPE || configurationType == HostControllerConfiguration.RESOURCE_TYPE) {
                create.addStep(new SaslAuthenticationFactoryAddOperation(subsystemResourcePathAddress, "application-sasl-authentication").securityDomain("ApplicationDomain").saslServerFactory("configured").addMechanismConfiguration(new MechanismConfiguration("JBOSS-LOCAL-USER").realmMapper("local")).addMechanismConfiguration(new MechanismConfiguration("DIGEST-MD5").addMechanismRealmConfiguration(new MechanismRealmConfiguration("ApplicationRealm"))).toModelNode());
            }
            create.addStep(new ProviderSaslServerFactoryAddOperation(subsystemResourcePathAddress, "global").toModelNode());
            create.addStep(new MechanismProviderFilteringSaslServerFactoryAddOperation(subsystemResourcePathAddress, "elytron").saslServerFactory("global").addFilter("WildFlyElytron").toModelNode());
            create.addStep(new ConfigurableSaslServerFactoryAddOperation(subsystemResourcePathAddress, "configured").saslServerFactory("elytron").addProperty("wildfly.sasl.local-user.default-user", "$local").toModelNode());
            serverConfiguration.executeManagementOperation(create.build().getOperation());
        }
    }

    public AddElytronSubsystem() {
        super("org.wildfly.extension.elytron", new AddElytronSubsystemConfig());
    }
}
