package org.jboss.loom.migrators.security;

import java.io.File;
import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import org.apache.commons.lang.StringUtils;
import org.eclipse.persistence.config.TargetDatabase;
import org.eclipse.persistence.internal.helper.Helper;
import org.eclipse.persistence.internal.oxm.Constants;
import org.fusesource.jansi.AnsiRenderer;
import org.jboss.dmr.ModelNode;
import org.jboss.loom.actions.CliCommandAction;
import org.jboss.loom.actions.CopyFileAction;
import org.jboss.loom.actions.ModuleCreationAction;
import org.jboss.loom.conf.Configuration;
import org.jboss.loom.conf.GlobalConfiguration;
import org.jboss.loom.ctx.MigrationContext;
import org.jboss.loom.ctx.MigratorData;
import org.jboss.loom.ex.CliScriptException;
import org.jboss.loom.ex.CopyException;
import org.jboss.loom.ex.LoadMigrationException;
import org.jboss.loom.ex.MigrationException;
import org.jboss.loom.migrators.AbstractMigrator;
import org.jboss.loom.migrators.security.jaxb.ApplicationPolicyBean;
import org.jboss.loom.migrators.security.jaxb.LoginModuleAS5Bean;
import org.jboss.loom.migrators.security.jaxb.LoginModuleAS7Bean;
import org.jboss.loom.migrators.security.jaxb.ModuleOptionAS5Bean;
import org.jboss.loom.migrators.security.jaxb.ModuleOptionAS7Bean;
import org.jboss.loom.migrators.security.jaxb.SecurityAS5Bean;
import org.jboss.loom.migrators.security.jaxb.SecurityDomainBean;
import org.jboss.loom.spi.IConfigFragment;
import org.jboss.loom.spi.ann.ConfigPartDescriptor;
import org.jboss.loom.utils.Utils;
import org.jboss.loom.utils.as7.CliAddScriptBuilder;
import org.jboss.loom.utils.as7.CliApiCommandBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ConfigPartDescriptor(name = "Security (JAAS) configuration", docLink = "https://access.redhat.com/site/documentation//en-US/JBoss_Enterprise_Application_Platform/5/html/Security_Guide/index.html")
/* loaded from: input_file:org/jboss/loom/migrators/security/SecurityMigrator.class */
public class SecurityMigrator extends AbstractMigrator {
    private static final Logger log = LoggerFactory.getLogger(SecurityMigrator.class);
    private static final String AS7_CONFIG_DIR_PLACEHOLDER = "${jboss.server.config.dir}";

    @Override // org.jboss.loom.migrators.AbstractMigrator
    protected String getConfigPropertyModuleName() {
        return "security";
    }

    public SecurityMigrator(GlobalConfiguration globalConfiguration) {
        super(globalConfiguration);
    }

    @Override // org.jboss.loom.spi.IMigrator
    public void loadSourceServerConfig(MigrationContext migrationContext) throws LoadMigrationException {
        try {
            File file = new File(getGlobalConfig().getAS5Config().getConfDir(), "login-config.xml");
            if (!file.canRead()) {
                throw new LoadMigrationException("Can't read: " + file.getAbsolutePath());
            }
            SecurityAS5Bean securityAS5Bean = (SecurityAS5Bean) JAXBContext.newInstance(new Class[]{SecurityAS5Bean.class}).createUnmarshaller().unmarshal(file);
            MigratorData migratorData = new MigratorData();
            migratorData.getConfigFragments().addAll(securityAS5Bean.getApplicationPolicies());
            migrationContext.getMigrationData().put(SecurityMigrator.class, migratorData);
        } catch (JAXBException e) {
            throw new LoadMigrationException((Throwable) e);
        }
    }

    @Override // org.jboss.loom.spi.IMigrator
    public void createActions(MigrationContext migrationContext) throws MigrationException {
        SecurityMigResource securityMigResource = new SecurityMigResource();
        for (IConfigFragment iConfigFragment : migrationContext.getMigrationData().get(SecurityMigrator.class).getConfigFragments()) {
            if (!(iConfigFragment instanceof ApplicationPolicyBean)) {
                throw new MigrationException("Config fragment unrecognized by " + getClass().getSimpleName() + ": " + iConfigFragment);
            }
            try {
                migrationContext.getActions().addAll(createSecurityDomainCliAction(migrateAppPolicy((ApplicationPolicyBean) iConfigFragment, migrationContext, securityMigResource)));
            } catch (CliScriptException e) {
                throw new MigrationException("Migration of application-policy failed: " + e.getMessage(), e);
            }
        }
    }

    public SecurityDomainBean migrateAppPolicy(ApplicationPolicyBean applicationPolicyBean, MigrationContext migrationContext, SecurityMigResource securityMigResource) throws MigrationException {
        HashSet hashSet = new HashSet();
        SecurityDomainBean securityDomainBean = new SecurityDomainBean();
        securityDomainBean.setSecurityDomainName(applicationPolicyBean.getApplicationPolicyName());
        securityDomainBean.setCacheType("default");
        if (applicationPolicyBean.getLoginModules() != null) {
            Iterator<LoginModuleAS5Bean> it = applicationPolicyBean.getLoginModules().iterator();
            while (it.hasNext()) {
                hashSet.add(createLoginModule(it.next(), securityMigResource, migrationContext));
            }
        }
        securityDomainBean.setLoginModules(hashSet);
        return securityDomainBean;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:15:0x008d. Please report as an issue. */
    private LoginModuleAS7Bean createLoginModule(LoginModuleAS5Bean loginModuleAS5Bean, SecurityMigResource securityMigResource, MigrationContext migrationContext) throws MigrationException {
        String moduleValue;
        CopyFileAction createCopyActionForFile;
        ModuleCreationAction createModuleActionForLogMod;
        LoginModuleAS7Bean loginModuleAS7Bean = new LoginModuleAS7Bean();
        loginModuleAS7Bean.setLoginModuleFlag(loginModuleAS5Bean.getLoginModuleFlag());
        String deriveLoginModuleName = deriveLoginModuleName(loginModuleAS5Bean.getLoginModule());
        loginModuleAS7Bean.setLoginModuleCode(deriveLoginModuleName);
        if (deriveLoginModuleName.equals(loginModuleAS5Bean.getLoginModule()) && (createModuleActionForLogMod = createModuleActionForLogMod(loginModuleAS7Bean, deriveLoginModuleName, securityMigResource)) != null) {
            migrationContext.getActions().add(createModuleActionForLogMod);
        }
        HashSet hashSet = new HashSet();
        if (loginModuleAS5Bean.getModuleOptions() == null) {
            return loginModuleAS7Bean;
        }
        for (ModuleOptionAS5Bean moduleOptionAS5Bean : loginModuleAS5Bean.getModuleOptions()) {
            String moduleName = moduleOptionAS5Bean.getModuleName();
            boolean z = -1;
            switch (moduleName.hashCode()) {
                case -1114083376:
                    if (moduleName.equals("rolesProperties")) {
                        z = false;
                        break;
                    }
                    break;
                case 823266651:
                    if (moduleName.equals("usersProperties")) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                case true:
                    String name = new File(moduleOptionAS5Bean.getModuleValue()).getName();
                    moduleValue = "${jboss.server.config.dir}/" + name;
                    if (securityMigResource.getFileNames().add(name) && (createCopyActionForFile = createCopyActionForFile(securityMigResource, name)) != null) {
                        migrationContext.getActions().add(createCopyActionForFile);
                        break;
                    }
                    break;
                default:
                    moduleValue = moduleOptionAS5Bean.getModuleValue();
                    break;
            }
            hashSet.add(new ModuleOptionAS7Bean(moduleOptionAS5Bean.getModuleName(), moduleValue));
        }
        loginModuleAS7Bean.setModuleOptions((Set<ModuleOptionAS7Bean>) hashSet);
        return loginModuleAS7Bean;
    }

    private CopyFileAction createCopyActionForFile(SecurityMigResource securityMigResource, String str) {
        if (!securityMigResource.getFileNames().add(str)) {
            return null;
        }
        try {
            File next = Utils.searchForFile(str, getGlobalConfig().getAS5Config().getProfileDir()).iterator().next();
            return new CopyFileAction(getClass(), next, Utils.createPath(getGlobalConfig().getAS7Config().getConfigDir(), next.getName(), new String[0]), CopyFileAction.IfExists.WARN);
        } catch (CopyException e) {
            log.warn("Couldn't find file referenced in AS 5 security config: " + str);
            return null;
        }
    }

    private ModuleCreationAction createModuleActionForLogMod(LoginModuleAS7Bean loginModuleAS7Bean, String str, SecurityMigResource securityMigResource) throws MigrationException {
        try {
            File findJarFileWithClass = Utils.findJarFileWithClass(str, getGlobalConfig().getAS5Config().getDir(), getGlobalConfig().getAS5Config().getProfileName());
            if (securityMigResource.getModules().containsKey(findJarFileWithClass)) {
                loginModuleAS7Bean.setModule(securityMigResource.getModules().get(findJarFileWithClass));
                return null;
            }
            String str2 = "security.loginModule" + securityMigResource.getIncrement();
            loginModuleAS7Bean.setModule(str2);
            securityMigResource.getModules().put(findJarFileWithClass, str2);
            return new ModuleCreationAction(getClass(), str2, new String[]{"javax.api", "org.picketbox", null}, findJarFileWithClass, Configuration.IfExists.OVERWRITE);
        } catch (IOException e) {
            throw new MigrationException("Failed finding jar with class " + str + ": " + e.getMessage(), e);
        }
    }

    private static String deriveLoginModuleName(String str) {
        String substringAfterLast = StringUtils.substringAfterLast(str, ".");
        boolean z = -1;
        switch (substringAfterLast.hashCode()) {
            case -1884407140:
                if (substringAfterLast.equals("CertRolesLoginModule")) {
                    z = 2;
                    break;
                }
                break;
            case -1843987980:
                if (substringAfterLast.equals("LdapUsersLoginModule")) {
                    z = 15;
                    break;
                }
                break;
            case -1814452394:
                if (substringAfterLast.equals("DatabaseCertLoginModule")) {
                    z = 4;
                    break;
                }
                break;
            case -1783939988:
                if (substringAfterLast.equals("AdvancedLdapLoginModule")) {
                    z = 18;
                    break;
                }
                break;
            case -1499088000:
                if (substringAfterLast.equals("PropertiesUsersLoginModule")) {
                    z = 13;
                    break;
                }
                break;
            case -1276628928:
                if (substringAfterLast.equals("SimpleServerLoginModule")) {
                    z = 10;
                    break;
                }
                break;
            case -1223455936:
                if (substringAfterLast.equals("BaseCertLoginModule")) {
                    z = true;
                    break;
                }
                break;
            case -903120368:
                if (substringAfterLast.equals("AdvancedADLoginModule")) {
                    z = 19;
                    break;
                }
                break;
            case -721382913:
                if (substringAfterLast.equals("SimpleUsersLoginModule")) {
                    z = 14;
                    break;
                }
                break;
            case -601484736:
                if (substringAfterLast.equals("UsersRolesLoginModule")) {
                    z = 20;
                    break;
                }
                break;
            case -578238902:
                if (substringAfterLast.equals("ClientLoginModule")) {
                    z = false;
                    break;
                }
                break;
            case -415413385:
                if (substringAfterLast.equals("IdentityLoginModule")) {
                    z = 5;
                    break;
                }
                break;
            case -105764675:
                if (substringAfterLast.equals("RoleMappingLoginModule")) {
                    z = 8;
                    break;
                }
                break;
            case 178154232:
                if (substringAfterLast.equals("RunAsLoginModule")) {
                    z = 9;
                    break;
                }
                break;
            case 298922779:
                if (substringAfterLast.equals("Krb5loginModule")) {
                    z = 16;
                    break;
                }
                break;
            case 330437849:
                if (substringAfterLast.equals("SPNEGOLoginModule")) {
                    z = 17;
                    break;
                }
                break;
            case 740639639:
                if (substringAfterLast.equals("DatabaseServerLoginModule")) {
                    z = 3;
                    break;
                }
                break;
            case 1281578222:
                if (substringAfterLast.equals("LdapLoginModule")) {
                    z = 6;
                    break;
                }
                break;
            case 1522996864:
                if (substringAfterLast.equals("SecureIdentityLoginModule")) {
                    z = 12;
                    break;
                }
                break;
            case 1601006681:
                if (substringAfterLast.equals("ConfiguredIdentityLoginModule")) {
                    z = 11;
                    break;
                }
                break;
            case 2011034107:
                if (substringAfterLast.equals("LdapExtLoginModule")) {
                    z = 7;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return "Client";
            case true:
                return "Certificate";
            case true:
                return "CertificateRoles";
            case true:
                return TargetDatabase.Database;
            case true:
                return "DatabaseCertificate";
            case true:
                return "Identity";
            case true:
                return "Ldap";
            case true:
                return "LdapExtended";
            case true:
                return "RoleMapping";
            case true:
                return "RunAs";
            case true:
                return "Simple";
            case true:
                return "ConfiguredIdentity";
            case true:
                return "SecureIdentity";
            case true:
                return "PropertiesUsers";
            case true:
                return "SimpleUsers";
            case true:
                return "LdapUsers";
            case true:
                return "Kerberos";
            case true:
                return "SPNEGOUsers";
            case true:
                return "AdvancedLdap";
            case true:
                return "AdvancedADldap";
            case true:
                return "UsersRoles";
            default:
                return str;
        }
    }

    public List<CliCommandAction> createSecurityDomainCliAction(SecurityDomainBean securityDomainBean) throws CliScriptException {
        Utils.throwIfBlank(securityDomainBean.getSecurityDomainName(), " in security-domain must be set.", "Security name");
        LinkedList linkedList = new LinkedList();
        ModelNode modelNode = new ModelNode();
        modelNode.get("operation").set("add");
        modelNode.get("address").add("subsystem", "security");
        modelNode.get("address").add("security-domain", securityDomainBean.getSecurityDomainName());
        CliCommandAction cliCommandAction = new CliCommandAction(SecurityMigrator.class, createSecurityDomainScript(securityDomainBean), modelNode);
        cliCommandAction.setIfExists(getIfExists());
        linkedList.add(cliCommandAction);
        if (securityDomainBean.getLoginModules() != null) {
            Iterator<LoginModuleAS7Bean> it = securityDomainBean.getLoginModules().iterator();
            while (it.hasNext()) {
                linkedList.add(createLoginModuleCliAction(securityDomainBean, it.next()));
            }
        }
        return linkedList;
    }

    public static CliCommandAction createLoginModuleCliAction(SecurityDomainBean securityDomainBean, LoginModuleAS7Bean loginModuleAS7Bean) {
        ModelNode modelNode = new ModelNode();
        modelNode.get("operation").set("add");
        modelNode.get("address").add("subsystem", "security");
        modelNode.get("address").add("security-domain", securityDomainBean.getSecurityDomainName());
        modelNode.get("address").add("authentication", "classic");
        ModelNode modelNode2 = new ModelNode();
        ModelNode modelNode3 = new ModelNode();
        if (loginModuleAS7Bean.getModuleOptions() != null) {
            ModelNode modelNode4 = new ModelNode();
            for (ModuleOptionAS7Bean moduleOptionAS7Bean : loginModuleAS7Bean.getModuleOptions()) {
                modelNode4.get(moduleOptionAS7Bean.getModuleOptionName()).set(moduleOptionAS7Bean.getModuleOptionValue());
            }
            modelNode2.get("module-options").set(modelNode4);
        }
        CliApiCommandBuilder cliApiCommandBuilder = new CliApiCommandBuilder(modelNode2);
        cliApiCommandBuilder.addPropertyIfSet("flag", loginModuleAS7Bean.getLoginModuleFlag());
        cliApiCommandBuilder.addPropertyIfSet("code", loginModuleAS7Bean.getLoginModuleCode());
        modelNode3.add(cliApiCommandBuilder.getCommand());
        modelNode.get("login-modules").set(modelNode3);
        return new CliCommandAction(SecurityMigrator.class, createLoginModuleScript(securityDomainBean, loginModuleAS7Bean), modelNode);
    }

    private static String createSecurityDomainScript(SecurityDomainBean securityDomainBean) throws CliScriptException {
        Utils.throwIfBlank(securityDomainBean.getSecurityDomainName(), " in security-domain must be set.", "Security name");
        CliAddScriptBuilder cliAddScriptBuilder = new CliAddScriptBuilder();
        StringBuilder sb = new StringBuilder("/subsystem=security/security-domain=");
        sb.append(securityDomainBean.getSecurityDomainName()).append(":add(");
        cliAddScriptBuilder.addProperty("cache-type", securityDomainBean.getCacheType());
        sb.append(cliAddScriptBuilder.asString()).append(")");
        return sb.toString();
    }

    private static String createLoginModuleScript(SecurityDomainBean securityDomainBean, LoginModuleAS7Bean loginModuleAS7Bean) {
        StringBuilder sb = new StringBuilder("/subsystem=security/security-domain=" + securityDomainBean.getSecurityDomainName());
        sb.append("/authentication=classic:add(login-modules=[{");
        if (loginModuleAS7Bean.getLoginModuleCode() != null && !loginModuleAS7Bean.getLoginModuleCode().isEmpty()) {
            sb.append("\"code\"=>\"").append(loginModuleAS7Bean.getLoginModuleCode()).append(Helper.DEFAULT_DATABASE_DELIMITER);
        }
        if (loginModuleAS7Bean.getLoginModuleFlag() != null && !loginModuleAS7Bean.getLoginModuleFlag().isEmpty()) {
            sb.append(", \"flag\"=>\"").append(loginModuleAS7Bean.getLoginModuleFlag()).append(Helper.DEFAULT_DATABASE_DELIMITER);
        }
        if (loginModuleAS7Bean.getModuleOptions() != null && !loginModuleAS7Bean.getModuleOptions().isEmpty()) {
            StringBuilder sb2 = new StringBuilder();
            for (ModuleOptionAS7Bean moduleOptionAS7Bean : loginModuleAS7Bean.getModuleOptions()) {
                sb2.append(", (\"").append(moduleOptionAS7Bean.getModuleOptionName()).append("\"=>");
                sb2.append(Helper.DEFAULT_DATABASE_DELIMITER).append(moduleOptionAS7Bean.getModuleOptionValue()).append("\")");
            }
            String replaceFirst = sb2.toString().replaceFirst(AnsiRenderer.CODE_LIST_SEPARATOR, "").replaceFirst(AnsiRenderer.CODE_TEXT_SEPARATOR, "");
            if (!replaceFirst.isEmpty()) {
                sb.append(", \"module-option\"=>[").append(replaceFirst).append(Constants.XPATH_INDEX_CLOSED);
            }
        }
        return sb.toString();
    }
}
