package org.rhq.common.jbossas.client.controller;

import java.util.Map;
import javax.security.auth.login.AppConfigurationEntry;
import org.jboss.as.controller.client.ModelControllerClient;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.python.apache.xerces.impl.xs.SchemaSymbols;
import org.rhq.core.util.MessageDigestGenerator;
import org.richfaces.convert.seamtext.tags.TagFactory;

/* loaded from: input_file:lib/rhq-jboss-as-dmr-client-4.7.0.jar:org/rhq/common/jbossas/client/controller/SecurityDomainJBossASClient.class */
public class SecurityDomainJBossASClient extends JBossASClient {
    public static final String SUBSYSTEM_SECURITY = "security";
    public static final String SECURITY_DOMAIN = "security-domain";
    public static final String CACHE_TYPE = "cache-type";
    public static final String AUTHENTICATION = "authentication";
    public static final String LOGIN_MODULES = "login-modules";
    public static final String CLASSIC = "classic";
    public static final String CODE = "code";
    public static final String FLAG = "flag";
    public static final String MODULE_OPTIONS = "module-options";
    public static final String USERNAME = "username";
    public static final String PASSWORD = "password";
    public static final String DS_JNDI_NAME = "dsJndiName";
    public static final String PRINCIPALS_QUERY = "principalsQuery";
    public static final String ROLES_QUERY = "rolesQuery";
    public static final String HASH_ALGORITHM = "hashAlgorithm";
    public static final String HASH_ENCODING = "hashEncoding";

    /* loaded from: input_file:lib/rhq-jboss-as-dmr-client-4.7.0.jar:org/rhq/common/jbossas/client/controller/SecurityDomainJBossASClient$LoginModuleRequest.class */
    public static class LoginModuleRequest {
        private AppConfigurationEntry entry;

        public LoginModuleRequest(String str, AppConfigurationEntry.LoginModuleControlFlag loginModuleControlFlag, Map<String, String> map) {
            this.entry = new AppConfigurationEntry(str, loginModuleControlFlag, map);
        }

        public String getLoginModuleFQCN() {
            return this.entry.getLoginModuleName();
        }

        public AppConfigurationEntry.LoginModuleControlFlag getFlag() {
            return this.entry.getControlFlag();
        }

        public String getFlagString() {
            return AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT.equals(this.entry.getControlFlag()) ? "sufficient" : AppConfigurationEntry.LoginModuleControlFlag.REQUISITE.equals(this.entry.getControlFlag()) ? "requisite" : AppConfigurationEntry.LoginModuleControlFlag.REQUIRED.equals(this.entry.getControlFlag()) ? SchemaSymbols.ATTVAL_REQUIRED : SchemaSymbols.ATTVAL_OPTIONAL;
        }

        public Map<String, String> getModuleOptionProperties() {
            return this.entry.getOptions();
        }

        public String toString() {
            return "LoginModuleRequest [loginModuleFQCN=" + getLoginModuleFQCN() + ", flag=" + getFlag() + ", moduleOptionProperties=" + getModuleOptionProperties() + TagFactory.SEAM_LINK_END;
        }
    }

    public SecurityDomainJBossASClient(ModelControllerClient modelControllerClient) {
        super(modelControllerClient);
    }

    public boolean isSecurityDomain(String str) throws Exception {
        return null != findNodeInList(Address.root().add("subsystem", SUBSYSTEM_SECURITY), SECURITY_DOMAIN, str);
    }

    public void createNewSecureIdentitySecurityDomain72(String str, String str2, String str3) throws Exception {
        Address add = Address.root().add("subsystem", SUBSYSTEM_SECURITY, SECURITY_DOMAIN, str);
        ModelNode createRequest = createRequest("add", add);
        createRequest.get(CACHE_TYPE).set("default");
        Address add2 = add.m4163clone().add("authentication", CLASSIC);
        ModelNode createRequest2 = createRequest("add", add2);
        ModelNode createRequest3 = createRequest("add", add2.m4163clone().add("login-module", "SecureIdentity"));
        createRequest3.get(CODE).set("SecureIdentity");
        createRequest3.get(FLAG).set(SchemaSymbols.ATTVAL_REQUIRED);
        ModelNode modelNode = createRequest3.get(MODULE_OPTIONS);
        modelNode.setEmptyList();
        addPossibleExpression(modelNode, "username", str2);
        addPossibleExpression(modelNode, "password", str3);
        ModelNode execute = execute(createBatchRequest(createRequest, createRequest2, createRequest3));
        if (!isSuccess(execute)) {
            throw new FailureException(execute, "Failed to create security domain [" + str + TagFactory.SEAM_LINK_END);
        }
    }

    public void updateSecureIdentitySecurityDomainCredentials(String str, String str2, String str3) throws Exception {
        Address add = Address.root().add("subsystem", SUBSYSTEM_SECURITY, SECURITY_DOMAIN, str, "authentication", CLASSIC);
        ModelNode modelNode = new ModelNode();
        modelNode.get(CODE).set("SecureIdentity");
        modelNode.get(FLAG).set(SchemaSymbols.ATTVAL_REQUIRED);
        ModelNode modelNode2 = modelNode.get(MODULE_OPTIONS);
        modelNode2.setEmptyList();
        addPossibleExpression(modelNode2, "username", str2);
        addPossibleExpression(modelNode2, "password", str3);
        ModelNode modelNode3 = new ModelNode();
        modelNode3.setEmptyList();
        modelNode3.add(modelNode);
        ModelNode createRequest = createRequest(JBossASClient.WRITE_ATTRIBUTE, add);
        createRequest.get("name").set(LOGIN_MODULES);
        createRequest.get("value").set(modelNode3);
        ModelNode execute = execute(createRequest);
        if (!isSuccess(execute)) {
            throw new FailureException(execute, "Failed to update credentials for security domain [" + str + TagFactory.SEAM_LINK_END);
        }
    }

    private void addPossibleExpression(ModelNode modelNode, String str, String str2) {
        if (str2 == null || !str2.contains("${")) {
            modelNode.add(str, str2);
        } else {
            modelNode.add(str, new ModelNode(ModelType.EXPRESSION).setExpression(str2));
        }
    }

    public ModelNode getSecureIdentitySecurityDomainModuleOptions(String str) throws Exception {
        for (ModelNode modelNode : readResource(Address.root().add("subsystem", SUBSYSTEM_SECURITY, SECURITY_DOMAIN, str, "authentication", CLASSIC)).get(LOGIN_MODULES).asList()) {
            if ("SecureIdentity".equals(modelNode.get(CODE).asString())) {
                return modelNode.get(MODULE_OPTIONS);
            }
        }
        return null;
    }

    public void createNewDatabaseServerSecurityDomain72(String str, String str2, String str3, String str4, String str5, String str6) throws Exception {
        Address add = Address.root().add("subsystem", SUBSYSTEM_SECURITY, SECURITY_DOMAIN, str);
        ModelNode createRequest = createRequest("add", add);
        createRequest.get(CACHE_TYPE).set("default");
        Address add2 = add.m4163clone().add("authentication", CLASSIC);
        ModelNode createRequest2 = createRequest("add", add2);
        ModelNode createRequest3 = createRequest("add", add2.m4163clone().add("login-module", "Database"));
        createRequest3.get(CODE).set("Database");
        createRequest3.get(FLAG).set(SchemaSymbols.ATTVAL_REQUIRED);
        ModelNode modelNode = createRequest3.get(MODULE_OPTIONS);
        modelNode.setEmptyList();
        modelNode.add(DS_JNDI_NAME, str2);
        modelNode.add(PRINCIPALS_QUERY, str3);
        modelNode.add(ROLES_QUERY, str4);
        modelNode.add(HASH_ALGORITHM, null == str5 ? MessageDigestGenerator.MD5 : str5);
        modelNode.add(HASH_ENCODING, null == str6 ? "base64" : str6);
        ModelNode execute = execute(createBatchRequest(createRequest, createRequest2, createRequest3));
        if (!isSuccess(execute)) {
            throw new FailureException(execute, "Failed to create security domain [" + str + TagFactory.SEAM_LINK_END);
        }
    }

    public void removeSecurityDomain(String str) throws Exception {
        if (isSecurityDomain(str)) {
            ModelNode execute = execute(createRequest("remove", Address.root().add("subsystem", SUBSYSTEM_SECURITY, SECURITY_DOMAIN, str)));
            if (!isSuccess(execute)) {
                throw new FailureException(execute, "Failed to remove security domain [" + str + TagFactory.SEAM_LINK_END);
            }
        }
    }

    public void createNewSecurityDomain(String str, LoginModuleRequest... loginModuleRequestArr) throws Exception {
        if (new CoreJBossASClient(getModelControllerClient()).getAppServerVersion().startsWith("7.2")) {
            createNewSecurityDomain72(str, loginModuleRequestArr);
        } else {
            createNewSecurityDomain71(str, loginModuleRequestArr);
        }
    }

    private void createNewSecurityDomain71(String str, LoginModuleRequest... loginModuleRequestArr) throws Exception {
        if (isSecurityDomain(str)) {
            removeSecurityDomain(str);
        }
        Address add = Address.root().add("subsystem", SUBSYSTEM_SECURITY, SECURITY_DOMAIN, str);
        ModelNode createRequest = createRequest("add", add);
        createRequest.get(CACHE_TYPE).set("default");
        ModelNode createRequest2 = createRequest("add", add.m4163clone().add("authentication", CLASSIC));
        ModelNode modelNode = createRequest2.get(LOGIN_MODULES);
        int length = loginModuleRequestArr.length;
        for (int i = 0; i < length; i++) {
            ModelNode modelNode2 = new ModelNode();
            modelNode2.get(CODE).set(loginModuleRequestArr[i].getLoginModuleFQCN());
            modelNode2.get(FLAG).set(loginModuleRequestArr[i].getFlagString());
            ModelNode modelNode3 = modelNode2.get(MODULE_OPTIONS);
            modelNode3.setEmptyList();
            Map<String, String> moduleOptionProperties = loginModuleRequestArr[i].getModuleOptionProperties();
            if (null != moduleOptionProperties) {
                for (String str2 : moduleOptionProperties.keySet()) {
                    String str3 = moduleOptionProperties.get(str2);
                    if (null != str3) {
                        modelNode3.add(str2, str3);
                    }
                }
            }
            modelNode.add(modelNode2);
        }
        ModelNode execute = execute(createBatchRequest(createRequest, createRequest2));
        if (!isSuccess(execute)) {
            throw new FailureException(execute, "Failed to create security domain [" + str + TagFactory.SEAM_LINK_END);
        }
    }

    private void createNewSecurityDomain72(String str, LoginModuleRequest... loginModuleRequestArr) throws Exception {
        if (isSecurityDomain(str)) {
            removeSecurityDomain(str);
        }
        Address add = Address.root().add("subsystem", SUBSYSTEM_SECURITY, SECURITY_DOMAIN, str);
        ModelNode createRequest = createRequest("add", add);
        createRequest.get(CACHE_TYPE).set("default");
        Address add2 = add.m4163clone().add("authentication", CLASSIC);
        ModelNode createRequest2 = createRequest("add", add2);
        ModelNode[] modelNodeArr = new ModelNode[loginModuleRequestArr.length + 2];
        modelNodeArr[0] = createRequest;
        modelNodeArr[1] = createRequest2;
        for (int i = 0; i < loginModuleRequestArr.length; i++) {
            LoginModuleRequest loginModuleRequest = loginModuleRequestArr[i];
            ModelNode createRequest3 = createRequest("add", add2.m4163clone().add("login-module", loginModuleRequest.getLoginModuleFQCN()));
            createRequest3.get(CODE).set(loginModuleRequest.getLoginModuleFQCN());
            createRequest3.get(FLAG).set(loginModuleRequest.getFlagString());
            ModelNode modelNode = createRequest3.get(MODULE_OPTIONS);
            modelNode.setEmptyList();
            Map<String, String> moduleOptionProperties = loginModuleRequest.getModuleOptionProperties();
            if (null != moduleOptionProperties) {
                for (String str2 : moduleOptionProperties.keySet()) {
                    String str3 = moduleOptionProperties.get(str2);
                    if (null != str3) {
                        modelNode.add(str2, str3);
                    }
                }
            }
            modelNodeArr[i + 2] = createRequest3;
        }
        ModelNode execute = execute(createBatchRequest(modelNodeArr));
        if (!isSuccess(execute)) {
            throw new FailureException(execute, "Failed to create security domain [" + str + TagFactory.SEAM_LINK_END);
        }
    }
}
