package org.infinispan.server.configuration;

import java.io.File;
import java.io.FileInputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.util.function.Supplier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509TrustManager;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import org.infinispan.commons.CacheConfigurationException;
import org.infinispan.configuration.global.GlobalConfigurationBuilder;
import org.infinispan.configuration.internal.PrivateGlobalConfigurationBuilder;
import org.infinispan.configuration.parsing.ConfigurationBuilderHolder;
import org.infinispan.configuration.parsing.ConfigurationParser;
import org.infinispan.configuration.parsing.Namespace;
import org.infinispan.configuration.parsing.Namespaces;
import org.infinispan.configuration.parsing.ParseUtils;
import org.infinispan.configuration.parsing.ParserScope;
import org.infinispan.configuration.parsing.XMLExtendedStreamReader;
import org.infinispan.server.Server;
import org.infinispan.server.core.configuration.ProtocolServerConfigurationBuilder;
import org.infinispan.server.network.NetworkAddress;
import org.infinispan.server.security.HostnameVerificationPolicy;
import org.infinispan.server.security.KeyStoreUtils;
import org.infinispan.server.security.KeycloakRoleDecoder;
import org.infinispan.server.security.ServerSecurityRealm;
import org.infinispan.server.security.realm.KerberosSecurityRealm;
import org.infinispan.server.security.realm.PropertiesSecurityRealm;
import org.infinispan.util.logging.Log;
import org.infinispan.util.logging.LogFactory;
import org.wildfly.security.auth.permission.LoginPermission;
import org.wildfly.security.auth.realm.FileSystemSecurityRealm;
import org.wildfly.security.auth.realm.ldap.AttributeMapping;
import org.wildfly.security.auth.realm.ldap.DirContextFactory;
import org.wildfly.security.auth.realm.ldap.LdapSecurityRealmBuilder;
import org.wildfly.security.auth.realm.ldap.SimpleDirContextFactoryBuilder;
import org.wildfly.security.auth.realm.token.TokenSecurityRealm;
import org.wildfly.security.auth.realm.token.validator.JwtValidator;
import org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator;
import org.wildfly.security.auth.server.NameRewriter;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.keystore.AliasFilter;
import org.wildfly.security.keystore.FilteringKeyStore;
import org.wildfly.security.keystore.KeyStoreUtil;
import org.wildfly.security.permission.PermissionVerifier;
import org.wildfly.security.provider.util.ProviderUtil;
import org.wildfly.security.ssl.CipherSuiteSelector;
import org.wildfly.security.ssl.ProtocolSelector;
import org.wildfly.security.ssl.SSLContextBuilder;

@Namespaces({@Namespace(root = Server.DEFAULT_SERVER_ROOT_DIR), @Namespace(uri = "urn:infinispan:server:*", root = Server.DEFAULT_SERVER_ROOT_DIR)})
/* loaded from: input_file:org/infinispan/server/configuration/ServerConfigurationParser.class */
public class ServerConfigurationParser implements ConfigurationParser {
    private static Log coreLog = LogFactory.getLog(ServerConfigurationParser.class);
    public static String ENDPOINTS_SCOPE = "ENDPOINTS";

    public Namespace[] getNamespaces() {
        return ParseUtils.getNamespaceAnnotations(getClass());
    }

    public static Element nextElement(XMLStreamReader xMLStreamReader) throws XMLStreamException {
        if (xMLStreamReader.nextTag() == 2) {
            return null;
        }
        return Element.forName(xMLStreamReader.getLocalName());
    }

    public void readElement(XMLExtendedStreamReader xMLExtendedStreamReader, ConfigurationBuilderHolder configurationBuilderHolder) throws XMLStreamException {
        if (!configurationBuilderHolder.inScope(ParserScope.GLOBAL)) {
            throw coreLog.invalidScope(ParserScope.GLOBAL.name(), configurationBuilderHolder.getScope());
        }
        GlobalConfigurationBuilder globalConfigurationBuilder = configurationBuilderHolder.getGlobalConfigurationBuilder();
        switch (Element.forName(xMLExtendedStreamReader.getLocalName())) {
            case SERVER:
                globalConfigurationBuilder.addModule(PrivateGlobalConfigurationBuilder.class).serverMode(true);
                parseServerElements(xMLExtendedStreamReader, configurationBuilderHolder, (ServerConfigurationBuilder) globalConfigurationBuilder.addModule(ServerConfigurationBuilder.class));
                return;
            default:
                throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
        }
    }

    private void parseServerElements(XMLExtendedStreamReader xMLExtendedStreamReader, ConfigurationBuilderHolder configurationBuilderHolder, ServerConfigurationBuilder serverConfigurationBuilder) throws XMLStreamException {
        while (xMLExtendedStreamReader.hasNext() && xMLExtendedStreamReader.nextTag() != 2) {
            switch (Element.forName(xMLExtendedStreamReader.getLocalName())) {
                case INTERFACES:
                    parseInterfaces(xMLExtendedStreamReader, serverConfigurationBuilder);
                    break;
                case SOCKET_BINDINGS:
                    parseSocketBindings(xMLExtendedStreamReader, serverConfigurationBuilder);
                    break;
                case SECURITY:
                    parseSecurity(xMLExtendedStreamReader, serverConfigurationBuilder);
                    break;
                case ENDPOINTS:
                    parseEndpoints(xMLExtendedStreamReader, configurationBuilderHolder, serverConfigurationBuilder);
                    break;
                default:
                    throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
            }
        }
    }

    private void parseSocketBindings(XMLExtendedStreamReader xMLExtendedStreamReader, ServerConfigurationBuilder serverConfigurationBuilder) throws XMLStreamException {
        String[] requireAttributes = ParseUtils.requireAttributes(xMLExtendedStreamReader, new Enum[]{Attribute.DEFAULT_INTERFACE, Attribute.PORT_OFFSET});
        while (xMLExtendedStreamReader.hasNext() && xMLExtendedStreamReader.nextTag() != 2) {
            switch (Element.forName(xMLExtendedStreamReader.getLocalName())) {
                case SOCKET_BINDING:
                    parseSocketBinding(xMLExtendedStreamReader, serverConfigurationBuilder, requireAttributes[0], Integer.parseInt(requireAttributes[1]));
                default:
                    throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
            }
        }
    }

    private void parseSocketBinding(XMLExtendedStreamReader xMLExtendedStreamReader, ServerConfigurationBuilder serverConfigurationBuilder, String str, int i) throws XMLStreamException {
        String[] requireAttributes = ParseUtils.requireAttributes(xMLExtendedStreamReader, new Enum[]{Attribute.NAME, Attribute.PORT});
        String str2 = requireAttributes[0];
        int parseInt = Integer.parseInt(requireAttributes[1]);
        String str3 = str;
        for (int i2 = 0; i2 < xMLExtendedStreamReader.getAttributeCount(); i2++) {
            ParseUtils.requireNoNamespaceAttribute(xMLExtendedStreamReader, i2);
            String attributeValue = xMLExtendedStreamReader.getAttributeValue(i2);
            switch (Attribute.forName(xMLExtendedStreamReader.getAttributeLocalName(i2))) {
                case NAME:
                case PORT:
                    break;
                case INTERFACE:
                    str3 = attributeValue;
                    break;
                default:
                    throw ParseUtils.unexpectedAttribute(xMLExtendedStreamReader, i2);
            }
        }
        ParseUtils.requireNoContent(xMLExtendedStreamReader);
        serverConfigurationBuilder.addSocketBinding(str2, str3, parseInt + i);
    }

    private void parseInterfaces(XMLExtendedStreamReader xMLExtendedStreamReader, ServerConfigurationBuilder serverConfigurationBuilder) throws XMLStreamException {
        while (xMLExtendedStreamReader.hasNext() && xMLExtendedStreamReader.nextTag() != 2) {
            switch (Element.forName(xMLExtendedStreamReader.getLocalName())) {
                case INTERFACE:
                    parseInterface(xMLExtendedStreamReader, serverConfigurationBuilder);
                default:
                    throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
            }
        }
    }

    private void parseInterface(XMLExtendedStreamReader xMLExtendedStreamReader, ServerConfigurationBuilder serverConfigurationBuilder) throws XMLStreamException {
        String str = ParseUtils.requireAttributes(xMLExtendedStreamReader, new Enum[]{Attribute.NAME})[0];
        Element nextElement = nextElement(xMLExtendedStreamReader);
        if (nextElement == null) {
            throw ParseUtils.unexpectedEndElement(xMLExtendedStreamReader);
        }
        switch (nextElement) {
            case INET_ADDRESS:
                serverConfigurationBuilder.addNetworkInterface(NetworkAddress.fromString(str, ParseUtils.requireSingleAttribute(xMLExtendedStreamReader, Attribute.VALUE)));
                ParseUtils.requireNoContent(xMLExtendedStreamReader);
                break;
            case LINK_LOCAL:
                ParseUtils.requireNoAttributes(xMLExtendedStreamReader);
                ParseUtils.requireNoContent(xMLExtendedStreamReader);
                serverConfigurationBuilder.addNetworkInterface(NetworkAddress.linkLocalAddress(str));
                break;
            case GLOBAL:
                ParseUtils.requireNoAttributes(xMLExtendedStreamReader);
                ParseUtils.requireNoContent(xMLExtendedStreamReader);
                serverConfigurationBuilder.addNetworkInterface(NetworkAddress.globalAddress(str));
                break;
            case LOOPBACK:
                ParseUtils.requireNoAttributes(xMLExtendedStreamReader);
                ParseUtils.requireNoContent(xMLExtendedStreamReader);
                serverConfigurationBuilder.addNetworkInterface(NetworkAddress.loopback(str));
                break;
            case NON_LOOPBACK:
                ParseUtils.requireNoAttributes(xMLExtendedStreamReader);
                ParseUtils.requireNoContent(xMLExtendedStreamReader);
                serverConfigurationBuilder.addNetworkInterface(NetworkAddress.nonLoopback(str));
                break;
            case SITE_LOCAL:
                ParseUtils.requireNoAttributes(xMLExtendedStreamReader);
                ParseUtils.requireNoContent(xMLExtendedStreamReader);
                serverConfigurationBuilder.addNetworkInterface(NetworkAddress.siteLocal(str));
                break;
            case MATCH_INTERFACE:
                serverConfigurationBuilder.addNetworkInterface(NetworkAddress.matchInterface(str, ParseUtils.requireSingleAttribute(xMLExtendedStreamReader, Attribute.VALUE)));
                ParseUtils.requireNoContent(xMLExtendedStreamReader);
                break;
            case MATCH_ADDRESS:
                serverConfigurationBuilder.addNetworkInterface(NetworkAddress.matchAddress(str, ParseUtils.requireSingleAttribute(xMLExtendedStreamReader, Attribute.VALUE)));
                ParseUtils.requireNoContent(xMLExtendedStreamReader);
                break;
            case MATCH_HOST:
                serverConfigurationBuilder.addNetworkInterface(NetworkAddress.matchHost(str, ParseUtils.requireSingleAttribute(xMLExtendedStreamReader, Attribute.VALUE)));
                ParseUtils.requireNoContent(xMLExtendedStreamReader);
                break;
            default:
                throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
        }
        ParseUtils.requireNoContent(xMLExtendedStreamReader);
    }

    private void parseSecurity(XMLExtendedStreamReader xMLExtendedStreamReader, ServerConfigurationBuilder serverConfigurationBuilder) throws XMLStreamException {
        while (xMLExtendedStreamReader.hasNext() && xMLExtendedStreamReader.nextTag() != 2) {
            switch (Element.forName(xMLExtendedStreamReader.getLocalName())) {
                case SECURITY_REALMS:
                    parseSecurityRealms(xMLExtendedStreamReader, serverConfigurationBuilder);
                default:
                    throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
            }
        }
    }

    private void parseSecurityRealms(XMLExtendedStreamReader xMLExtendedStreamReader, ServerConfigurationBuilder serverConfigurationBuilder) throws XMLStreamException {
        while (xMLExtendedStreamReader.hasNext() && xMLExtendedStreamReader.nextTag() != 2) {
            switch (Element.forName(xMLExtendedStreamReader.getLocalName())) {
                case SECURITY_REALM:
                    parseSecurityRealm(xMLExtendedStreamReader, serverConfigurationBuilder);
                default:
                    throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
            }
        }
    }

    private void parseSecurityRealm(XMLExtendedStreamReader xMLExtendedStreamReader, ServerConfigurationBuilder serverConfigurationBuilder) throws XMLStreamException {
        String str = ParseUtils.requireAttributes(xMLExtendedStreamReader, new Enum[]{Attribute.NAME})[0];
        SecurityDomain.Builder builder = SecurityDomain.builder();
        SSLContextBuilder sSLContextBuilder = null;
        Supplier supplier = () -> {
            return true;
        };
        while (xMLExtendedStreamReader.hasNext() && xMLExtendedStreamReader.nextTag() != 2) {
            switch (Element.forName(xMLExtendedStreamReader.getLocalName())) {
                case FILESYSTEM_REALM:
                    parseFileSystemRealm(xMLExtendedStreamReader, builder);
                    break;
                case KERBEROS_REALM:
                    parseKerberosRealm(xMLExtendedStreamReader, builder);
                    break;
                case LDAP_REALM:
                    parseLdapRealm(xMLExtendedStreamReader, builder);
                    break;
                case LOCAL_REALM:
                    parseLocalRealm(xMLExtendedStreamReader, builder);
                    break;
                case PROPERTIES_REALM:
                    PropertiesSecurityRealm parsePropertiesRealm = parsePropertiesRealm(xMLExtendedStreamReader, builder);
                    supplier = () -> {
                        return Boolean.valueOf(parsePropertiesRealm.isEmpty());
                    };
                    break;
                case SERVER_IDENTITIES:
                    sSLContextBuilder = parseServerIdentitities(xMLExtendedStreamReader);
                    break;
                case TOKEN_REALM:
                    parseTokenRealm(xMLExtendedStreamReader, serverConfigurationBuilder, builder);
                    break;
                case TRUSTSTORE_REALM:
                    parseTrustStoreRealm(xMLExtendedStreamReader, sSLContextBuilder);
                    break;
                default:
                    throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
            }
        }
        builder.setPermissionMapper((permissionMappable, roles) -> {
            return PermissionVerifier.from(new LoginPermission());
        });
        serverConfigurationBuilder.addSecurityRealm(str, new ServerSecurityRealm(str, builder.build(), supplier));
        if (sSLContextBuilder != null) {
            sSLContextBuilder.setWrap(false);
            try {
                serverConfigurationBuilder.addSSLContext(str, (SSLContext) sSLContextBuilder.build().create());
            } catch (GeneralSecurityException e) {
                throw new CacheConfigurationException(e);
            }
        }
    }

    private void parseFileSystemRealm(XMLExtendedStreamReader xMLExtendedStreamReader, SecurityDomain.Builder builder) throws XMLStreamException {
        String str = "filesystem";
        String str2 = ParseUtils.requireAttributes(xMLExtendedStreamReader, new Enum[]{Attribute.PATH})[0];
        String str3 = (String) xMLExtendedStreamReader.getProperty(Server.INFINISPAN_SERVER_DATA_PATH);
        boolean z = true;
        int i = 0;
        for (int i2 = 0; i2 < xMLExtendedStreamReader.getAttributeCount(); i2++) {
            ParseUtils.requireNoNamespaceAttribute(xMLExtendedStreamReader, i2);
            String attributeValue = xMLExtendedStreamReader.getAttributeValue(i2);
            switch (Attribute.forName(xMLExtendedStreamReader.getAttributeLocalName(i2))) {
                case NAME:
                    str = attributeValue;
                    break;
                case PORT:
                case INTERFACE:
                default:
                    throw ParseUtils.unexpectedAttribute(xMLExtendedStreamReader, i2);
                case ENCODED:
                    z = Boolean.parseBoolean(attributeValue);
                    break;
                case LEVELS:
                    i = Integer.parseInt(attributeValue);
                    break;
                case PATH:
                    break;
                case RELATIVE_TO:
                    str3 = ParseUtils.requireAttributeProperty(xMLExtendedStreamReader, i2);
                    break;
            }
        }
        ParseUtils.requireNoContent(xMLExtendedStreamReader);
        builder.addRealm(str, new FileSystemSecurityRealm(new File(ParseUtils.resolvePath(str2, str3)).toPath(), NameRewriter.IDENTITY_REWRITER, i, z)).build();
    }

    private void parseTokenRealm(XMLExtendedStreamReader xMLExtendedStreamReader, ServerConfigurationBuilder serverConfigurationBuilder, SecurityDomain.Builder builder) throws XMLStreamException {
        String str = "token";
        TokenSecurityRealm.Builder builder2 = TokenSecurityRealm.builder();
        for (int i = 0; i < xMLExtendedStreamReader.getAttributeCount(); i++) {
            ParseUtils.requireNoNamespaceAttribute(xMLExtendedStreamReader, i);
            String attributeValue = xMLExtendedStreamReader.getAttributeValue(i);
            switch (Attribute.forName(xMLExtendedStreamReader.getAttributeLocalName(i))) {
                case NAME:
                    str = attributeValue;
                    break;
                case PRINCIPAL_CLAIM:
                    builder2.principalClaimName(attributeValue);
                    break;
                default:
                    throw ParseUtils.unexpectedAttribute(xMLExtendedStreamReader, i);
            }
        }
        while (xMLExtendedStreamReader.hasNext() && xMLExtendedStreamReader.nextTag() != 2) {
            switch (Element.forName(xMLExtendedStreamReader.getLocalName())) {
                case JWT:
                    parseJWT(xMLExtendedStreamReader, serverConfigurationBuilder, builder2);
                    break;
                case OAUTH2_INTROSPECTION:
                    parseOauth2Introspection(xMLExtendedStreamReader, serverConfigurationBuilder, builder2);
                    break;
                default:
                    throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
            }
        }
        builder.addRealm(str, builder2.build()).setRoleDecoder(new KeycloakRoleDecoder()).build();
    }

    private void parseJWT(XMLExtendedStreamReader xMLExtendedStreamReader, ServerConfigurationBuilder serverConfigurationBuilder, TokenSecurityRealm.Builder builder) throws XMLStreamException {
        JwtValidator.Builder builder2 = JwtValidator.builder();
        for (int i = 0; i < xMLExtendedStreamReader.getAttributeCount(); i++) {
            ParseUtils.requireNoNamespaceAttribute(xMLExtendedStreamReader, i);
            String attributeValue = xMLExtendedStreamReader.getAttributeValue(i);
            switch (Attribute.forName(xMLExtendedStreamReader.getAttributeLocalName(i))) {
                case ISSUER:
                    builder2.issuer(xMLExtendedStreamReader.getListAttributeValue(i));
                    break;
                case AUDIENCE:
                    builder2.audience(xMLExtendedStreamReader.getListAttributeValue(i));
                    break;
                case PUBLIC_KEY:
                    builder2.publicKey(attributeValue.getBytes(StandardCharsets.UTF_8));
                    break;
                case JKU_TIMEOUT:
                    builder2.setJkuTimeout(Long.parseLong(attributeValue));
                    break;
                case CLIENT_SSL_CONTEXT:
                    builder2.useSslContext(serverConfigurationBuilder.getSSLContext(attributeValue));
                    break;
                case HOST_NAME_VERIFICATION_POLICY:
                    builder2.useSslHostnameVerifier(HostnameVerificationPolicy.valueOf(attributeValue).getVerifier());
                    break;
                default:
                    throw ParseUtils.unexpectedAttribute(xMLExtendedStreamReader, i);
            }
        }
        ParseUtils.requireNoContent(xMLExtendedStreamReader);
        builder.validator(builder2.build());
    }

    private void parseOauth2Introspection(XMLExtendedStreamReader xMLExtendedStreamReader, ServerConfigurationBuilder serverConfigurationBuilder, TokenSecurityRealm.Builder builder) throws XMLStreamException {
        OAuth2IntrospectValidator.Builder builder2 = OAuth2IntrospectValidator.builder();
        String[] requireAttributes = ParseUtils.requireAttributes(xMLExtendedStreamReader, new Enum[]{Attribute.CLIENT_ID, Attribute.CLIENT_SECRET, Attribute.INTROSPECTION_URL});
        try {
            builder2.clientId(requireAttributes[0]).clientSecret(requireAttributes[1]).tokenIntrospectionUrl(new URL(requireAttributes[2]));
            for (int i = 0; i < xMLExtendedStreamReader.getAttributeCount(); i++) {
                ParseUtils.requireNoNamespaceAttribute(xMLExtendedStreamReader, i);
                String attributeValue = xMLExtendedStreamReader.getAttributeValue(i);
                switch (Attribute.forName(xMLExtendedStreamReader.getAttributeLocalName(i))) {
                    case CLIENT_SSL_CONTEXT:
                        builder2.useSslContext(serverConfigurationBuilder.getSSLContext(attributeValue));
                        break;
                    case HOST_NAME_VERIFICATION_POLICY:
                        builder2.useSslHostnameVerifier(HostnameVerificationPolicy.valueOf(attributeValue).getVerifier());
                        break;
                    case CLIENT_ID:
                    case CLIENT_SECRET:
                    case INTROSPECTION_URL:
                        break;
                    default:
                        throw ParseUtils.unexpectedAttribute(xMLExtendedStreamReader, i);
                }
            }
            ParseUtils.requireNoContent(xMLExtendedStreamReader);
            builder.validator(builder2.build());
        } catch (MalformedURLException e) {
            throw new XMLStreamException(e);
        }
    }

    private void parseKerberosRealm(XMLExtendedStreamReader xMLExtendedStreamReader, SecurityDomain.Builder builder) throws XMLStreamException {
        String str = ParseUtils.requireAttributes(xMLExtendedStreamReader, new Enum[]{Attribute.KEYTAB})[0];
        ParseUtils.requireNoContent(xMLExtendedStreamReader);
        builder.addRealm("kerberos", new KerberosSecurityRealm(new File(str))).build();
    }

    private void parseLdapRealm(XMLExtendedStreamReader xMLExtendedStreamReader, SecurityDomain.Builder builder) throws XMLStreamException {
        String str = "ldap";
        SimpleDirContextFactoryBuilder builder2 = SimpleDirContextFactoryBuilder.builder();
        LdapSecurityRealmBuilder builder3 = LdapSecurityRealmBuilder.builder();
        LdapSecurityRealmBuilder.IdentityMappingBuilder identityMapping = builder3.identityMapping();
        for (int i = 0; i < xMLExtendedStreamReader.getAttributeCount(); i++) {
            ParseUtils.requireNoNamespaceAttribute(xMLExtendedStreamReader, i);
            String attributeValue = xMLExtendedStreamReader.getAttributeValue(i);
            switch (Attribute.forName(xMLExtendedStreamReader.getAttributeLocalName(i))) {
                case NAME:
                    str = attributeValue;
                    break;
                case PORT:
                case INTERFACE:
                case ENCODED:
                case LEVELS:
                case PATH:
                case RELATIVE_TO:
                case PRINCIPAL_CLAIM:
                case ISSUER:
                case AUDIENCE:
                case PUBLIC_KEY:
                case JKU_TIMEOUT:
                case CLIENT_SSL_CONTEXT:
                case HOST_NAME_VERIFICATION_POLICY:
                case CLIENT_ID:
                case CLIENT_SECRET:
                case INTROSPECTION_URL:
                default:
                    throw ParseUtils.unexpectedAttribute(xMLExtendedStreamReader, i);
                case URL:
                    builder2.setProviderUrl(attributeValue);
                    break;
                case PRINCIPAL:
                    builder2.setSecurityPrincipal(attributeValue);
                    break;
                case CREDENTIAL:
                    builder2.setSecurityCredential(attributeValue);
                    break;
                case DIRECT_VERIFICATION:
                    builder3.addDirectEvidenceVerification(Boolean.parseBoolean(attributeValue));
                    break;
                case PAGE_SIZE:
                    builder3.setPageSize(Integer.parseInt(attributeValue));
                    break;
                case SEARCH_DN:
                    identityMapping.setSearchDn(attributeValue);
                    break;
                case RDN_IDENTIFIER:
                    identityMapping.setRdnIdentifier(attributeValue);
                    break;
            }
        }
        while (xMLExtendedStreamReader.hasNext() && xMLExtendedStreamReader.nextTag() != 2) {
            switch (Element.forName(xMLExtendedStreamReader.getLocalName())) {
                case IDENTITY_MAPPING:
                    parseLdapIdentityMapping(xMLExtendedStreamReader, builder3, identityMapping);
                default:
                    throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
            }
        }
        identityMapping.build();
        DirContextFactory build = builder2.build();
        builder3.setDirContextSupplier(() -> {
            return build.obtainDirContext(DirContextFactory.ReferralMode.FOLLOW);
        });
        builder.addRealm(str, builder3.build()).build();
        if (builder.getDefaultRealmName() == null) {
            builder.setDefaultRealmName(str);
        }
    }

    private void parseLdapIdentityMapping(XMLExtendedStreamReader xMLExtendedStreamReader, LdapSecurityRealmBuilder ldapSecurityRealmBuilder, LdapSecurityRealmBuilder.IdentityMappingBuilder identityMappingBuilder) throws XMLStreamException {
        for (int i = 0; i < xMLExtendedStreamReader.getAttributeCount(); i++) {
            ParseUtils.requireNoNamespaceAttribute(xMLExtendedStreamReader, i);
            String attributeValue = xMLExtendedStreamReader.getAttributeValue(i);
            switch (Attribute.forName(xMLExtendedStreamReader.getAttributeLocalName(i))) {
                case SEARCH_DN:
                    identityMappingBuilder.setSearchDn(attributeValue);
                    break;
                case RDN_IDENTIFIER:
                    identityMappingBuilder.setRdnIdentifier(attributeValue);
                    break;
                default:
                    throw ParseUtils.unexpectedAttribute(xMLExtendedStreamReader, i);
            }
        }
        while (xMLExtendedStreamReader.hasNext() && xMLExtendedStreamReader.nextTag() != 2) {
            switch (Element.forName(xMLExtendedStreamReader.getLocalName())) {
                case ATTRIBUTE_MAPPING:
                    parseLdapAttributeMapping(xMLExtendedStreamReader, ldapSecurityRealmBuilder);
                    break;
                case USER_PASSWORD_MAPPER:
                    parseLdapUserPasswordMapper(xMLExtendedStreamReader, ldapSecurityRealmBuilder);
                    break;
                default:
                    throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
            }
        }
    }

    private void parseLdapUserPasswordMapper(XMLExtendedStreamReader xMLExtendedStreamReader, LdapSecurityRealmBuilder ldapSecurityRealmBuilder) throws XMLStreamException {
        LdapSecurityRealmBuilder.UserPasswordCredentialLoaderBuilder userPasswordCredentialLoader = ldapSecurityRealmBuilder.userPasswordCredentialLoader();
        for (int i = 0; i < xMLExtendedStreamReader.getAttributeCount(); i++) {
            ParseUtils.requireNoNamespaceAttribute(xMLExtendedStreamReader, i);
            String attributeValue = xMLExtendedStreamReader.getAttributeValue(i);
            switch (Attribute.forName(xMLExtendedStreamReader.getAttributeLocalName(i))) {
                case FROM:
                    userPasswordCredentialLoader.setUserPasswordAttribute(attributeValue);
                    break;
                case WRITABLE:
                    if (Boolean.parseBoolean(attributeValue)) {
                        userPasswordCredentialLoader.enablePersistence();
                        break;
                    } else {
                        break;
                    }
                case VERIFIABLE:
                    if (Boolean.parseBoolean(attributeValue)) {
                        break;
                    } else {
                        userPasswordCredentialLoader.disableVerification();
                        break;
                    }
                default:
                    throw ParseUtils.unexpectedAttribute(xMLExtendedStreamReader, i);
            }
        }
        ParseUtils.requireNoContent(xMLExtendedStreamReader);
        userPasswordCredentialLoader.build();
    }

    private void parseLdapAttributeMapping(XMLExtendedStreamReader xMLExtendedStreamReader, LdapSecurityRealmBuilder ldapSecurityRealmBuilder) throws XMLStreamException {
        ParseUtils.requireNoAttributes(xMLExtendedStreamReader);
        while (xMLExtendedStreamReader.hasNext() && xMLExtendedStreamReader.nextTag() != 2) {
            switch (Element.forName(xMLExtendedStreamReader.getLocalName())) {
                case ATTRIBUTE:
                    parseLdapAttribute(xMLExtendedStreamReader, ldapSecurityRealmBuilder);
                default:
                    throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
            }
        }
    }

    private void parseLdapAttribute(XMLExtendedStreamReader xMLExtendedStreamReader, LdapSecurityRealmBuilder ldapSecurityRealmBuilder) throws XMLStreamException {
        AttributeMapping.Builder fromFilter = AttributeMapping.fromFilter(ParseUtils.requireAttributes(xMLExtendedStreamReader, new Enum[]{Attribute.FILTER})[0]);
        for (int i = 0; i < xMLExtendedStreamReader.getAttributeCount(); i++) {
            ParseUtils.requireNoNamespaceAttribute(xMLExtendedStreamReader, i);
            String attributeValue = xMLExtendedStreamReader.getAttributeValue(i);
            switch (Attribute.forName(xMLExtendedStreamReader.getAttributeLocalName(i))) {
                case FROM:
                    fromFilter.from(attributeValue);
                    break;
                case WRITABLE:
                case VERIFIABLE:
                default:
                    throw ParseUtils.unexpectedAttribute(xMLExtendedStreamReader, i);
                case TO:
                    fromFilter.to(attributeValue);
                    break;
                case FILTER:
                    break;
                case FILTER_DN:
                    fromFilter.searchDn(attributeValue);
                    break;
            }
        }
        ldapSecurityRealmBuilder.identityMapping().map(new AttributeMapping[]{fromFilter.build()});
        ParseUtils.requireNoContent(xMLExtendedStreamReader);
    }

    private void parseLocalRealm(XMLExtendedStreamReader xMLExtendedStreamReader, SecurityDomain.Builder builder) throws XMLStreamException {
        ParseUtils.requireNoContent(xMLExtendedStreamReader);
        if (builder.getDefaultRealmName() == null) {
            builder.setDefaultRealmName("local");
        }
    }

    private PropertiesSecurityRealm parsePropertiesRealm(XMLExtendedStreamReader xMLExtendedStreamReader, SecurityDomain.Builder builder) throws XMLStreamException {
        File file = null;
        File file2 = null;
        boolean z = false;
        String str = "properties";
        String str2 = "groups";
        for (int i = 0; i < xMLExtendedStreamReader.getAttributeCount(); i++) {
            ParseUtils.requireNoNamespaceAttribute(xMLExtendedStreamReader, i);
            String attributeValue = xMLExtendedStreamReader.getAttributeValue(i);
            switch (Attribute.forName(xMLExtendedStreamReader.getAttributeLocalName(i))) {
                case GROUPS_ATTRIBUTE:
                    str2 = attributeValue;
                default:
                    throw ParseUtils.unexpectedAttribute(xMLExtendedStreamReader, i);
            }
        }
        Element nextElement = nextElement(xMLExtendedStreamReader);
        if (nextElement == Element.USER_PROPERTIES) {
            String str3 = ParseUtils.requireAttributes(xMLExtendedStreamReader, new Enum[]{Attribute.PATH})[0];
            String str4 = (String) xMLExtendedStreamReader.getProperty(Server.INFINISPAN_SERVER_CONFIG_PATH);
            for (int i2 = 0; i2 < xMLExtendedStreamReader.getAttributeCount(); i2++) {
                ParseUtils.requireNoNamespaceAttribute(xMLExtendedStreamReader, i2);
                String attributeValue2 = xMLExtendedStreamReader.getAttributeValue(i2);
                switch (Attribute.forName(xMLExtendedStreamReader.getAttributeLocalName(i2))) {
                    case PATH:
                        break;
                    case RELATIVE_TO:
                        str4 = ParseUtils.requireAttributeProperty(xMLExtendedStreamReader, i2);
                        break;
                    case DIGEST_REALM_NAME:
                        str = attributeValue2;
                        break;
                    case PLAIN_TEXT:
                        z = Boolean.parseBoolean(attributeValue2);
                        break;
                    default:
                        throw ParseUtils.unexpectedAttribute(xMLExtendedStreamReader, i2);
                }
            }
            file = new File(ParseUtils.resolvePath(str3, str4));
            ParseUtils.requireNoContent(xMLExtendedStreamReader);
            nextElement = nextElement(xMLExtendedStreamReader);
        }
        if (nextElement == Element.GROUP_PROPERTIES) {
            String str5 = ParseUtils.requireAttributes(xMLExtendedStreamReader, new Enum[]{Attribute.PATH})[0];
            String str6 = (String) xMLExtendedStreamReader.getProperty(Server.INFINISPAN_SERVER_CONFIG_PATH);
            for (int i3 = 0; i3 < xMLExtendedStreamReader.getAttributeCount(); i3++) {
                ParseUtils.requireNoNamespaceAttribute(xMLExtendedStreamReader, i3);
                switch (Attribute.forName(xMLExtendedStreamReader.getAttributeLocalName(i3))) {
                    case PATH:
                        break;
                    case RELATIVE_TO:
                        str6 = ParseUtils.requireAttributeProperty(xMLExtendedStreamReader, i3);
                        break;
                    default:
                        throw ParseUtils.unexpectedAttribute(xMLExtendedStreamReader, i3);
                }
            }
            file2 = new File(ParseUtils.resolvePath(str5, str6));
            ParseUtils.requireNoContent(xMLExtendedStreamReader);
            nextElement = nextElement(xMLExtendedStreamReader);
        }
        if (nextElement != null) {
            throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
        }
        PropertiesSecurityRealm propertiesSecurityRealm = new PropertiesSecurityRealm(file, file2, z, str2, str);
        builder.addRealm("properties", propertiesSecurityRealm).build();
        if (builder.getDefaultRealmName() == null) {
            builder.setDefaultRealmName("properties");
        }
        return propertiesSecurityRealm;
    }

    private SSLContextBuilder parseServerIdentitities(XMLExtendedStreamReader xMLExtendedStreamReader) throws XMLStreamException {
        SSLContextBuilder sSLContextBuilder = new SSLContextBuilder();
        while (xMLExtendedStreamReader.hasNext() && xMLExtendedStreamReader.nextTag() != 2) {
            switch (Element.forName(xMLExtendedStreamReader.getLocalName())) {
                case SSL:
                    parseSSL(xMLExtendedStreamReader, sSLContextBuilder);
                default:
                    throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
            }
        }
        return sSLContextBuilder;
    }

    private void parseSSL(XMLExtendedStreamReader xMLExtendedStreamReader, SSLContextBuilder sSLContextBuilder) throws XMLStreamException {
        while (xMLExtendedStreamReader.hasNext() && xMLExtendedStreamReader.nextTag() != 2) {
            switch (Element.forName(xMLExtendedStreamReader.getLocalName())) {
                case ENGINE:
                    parseSSLEngine(xMLExtendedStreamReader, sSLContextBuilder);
                    break;
                case KEYSTORE:
                    parseKeyStore(xMLExtendedStreamReader, sSLContextBuilder);
                    break;
                default:
                    throw ParseUtils.unexpectedElement(xMLExtendedStreamReader);
            }
        }
    }

    private void parseSSLEngine(XMLExtendedStreamReader xMLExtendedStreamReader, SSLContextBuilder sSLContextBuilder) throws XMLStreamException {
        for (int i = 0; i < xMLExtendedStreamReader.getAttributeCount(); i++) {
            ParseUtils.requireNoNamespaceAttribute(xMLExtendedStreamReader, i);
            switch (Attribute.forName(xMLExtendedStreamReader.getAttributeLocalName(i))) {
                case ENABLED_PROTOCOLS:
                    ProtocolSelector empty = ProtocolSelector.empty();
                    for (String str : xMLExtendedStreamReader.getListAttributeValue(i)) {
                        empty.add(str);
                    }
                    sSLContextBuilder.setProtocolSelector(empty);
                    break;
                case ENABLED_CIPHERSUITES:
                    sSLContextBuilder.setCipherSuiteSelector(CipherSuiteSelector.fromString(xMLExtendedStreamReader.getAttributeValue(i)));
                    break;
                default:
                    throw ParseUtils.unexpectedAttribute(xMLExtendedStreamReader, i);
            }
        }
        ParseUtils.requireNoContent(xMLExtendedStreamReader);
    }

    private void parseKeyStore(XMLExtendedStreamReader xMLExtendedStreamReader, SSLContextBuilder sSLContextBuilder) throws XMLStreamException {
        String str = ParseUtils.requireAttributes(xMLExtendedStreamReader, new Enum[]{Attribute.PATH})[0];
        String str2 = (String) xMLExtendedStreamReader.getProperty(Server.INFINISPAN_SERVER_CONFIG_PATH);
        String str3 = null;
        char[] cArr = null;
        String str4 = null;
        char[] cArr2 = null;
        String str5 = null;
        for (int i = 0; i < xMLExtendedStreamReader.getAttributeCount(); i++) {
            ParseUtils.requireNoNamespaceAttribute(xMLExtendedStreamReader, i);
            String attributeValue = xMLExtendedStreamReader.getAttributeValue(i);
            switch (Attribute.forName(xMLExtendedStreamReader.getAttributeLocalName(i))) {
                case PATH:
                    break;
                case RELATIVE_TO:
                    str2 = ParseUtils.requireAttributeProperty(xMLExtendedStreamReader, i);
                    break;
                case PROVIDER:
                    str3 = attributeValue;
                    break;
                case KEYSTORE_PASSWORD:
                    cArr = attributeValue.toCharArray();
                    break;
                case ALIAS:
                    str4 = attributeValue;
                    break;
                case KEY_PASSWORD:
                    cArr2 = attributeValue.toCharArray();
                    break;
                case GENERATE_SELF_SIGNED_CERTIFICATE_HOST:
                    str5 = attributeValue;
                    break;
                default:
                    throw ParseUtils.unexpectedAttribute(xMLExtendedStreamReader, i);
            }
        }
        ParseUtils.requireNoContent(xMLExtendedStreamReader);
        String resolvePath = ParseUtils.resolvePath(str, str2);
        try {
            if (!new File(resolvePath).exists() && str5 != null) {
                KeyStoreUtils.generateSelfSignedCertificate(resolvePath, str3, cArr, cArr2, str4, str5);
            }
            KeyStore loadKeyStore = KeyStoreUtil.loadKeyStore(ProviderUtil.INSTALLED_PROVIDERS, str3, new FileInputStream(resolvePath), resolvePath, cArr);
            if (str4 != null) {
                loadKeyStore = FilteringKeyStore.filteringKeyStore(loadKeyStore, AliasFilter.fromString(str4));
            }
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(loadKeyStore, cArr2 != null ? cArr2 : cArr);
            for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
                if (keyManager instanceof X509ExtendedKeyManager) {
                    sSLContextBuilder.setKeyManager((X509ExtendedKeyManager) keyManager);
                    return;
                }
            }
            throw Server.log.noDefaultKeyManager();
        } catch (Exception e) {
            throw new CacheConfigurationException(e);
        }
    }

    private void parseTrustStoreRealm(XMLExtendedStreamReader xMLExtendedStreamReader, SSLContextBuilder sSLContextBuilder) throws XMLStreamException {
        if (sSLContextBuilder == null) {
            throw Server.log.trustStoreWithoutServerIdentity();
        }
        String str = ParseUtils.requireAttributes(xMLExtendedStreamReader, new Enum[]{Attribute.PATH})[0];
        String str2 = (String) xMLExtendedStreamReader.getProperty(Server.INFINISPAN_SERVER_CONFIG_PATH);
        String str3 = null;
        char[] cArr = null;
        for (int i = 0; i < xMLExtendedStreamReader.getAttributeCount(); i++) {
            ParseUtils.requireNoNamespaceAttribute(xMLExtendedStreamReader, i);
            String attributeValue = xMLExtendedStreamReader.getAttributeValue(i);
            switch (Attribute.forName(xMLExtendedStreamReader.getAttributeLocalName(i))) {
                case PATH:
                    break;
                case RELATIVE_TO:
                    str2 = ParseUtils.requireAttributeProperty(xMLExtendedStreamReader, i);
                    break;
                case PROVIDER:
                    str3 = attributeValue;
                    break;
                case KEYSTORE_PASSWORD:
                    cArr = attributeValue.toCharArray();
                    break;
                default:
                    throw ParseUtils.unexpectedAttribute(xMLExtendedStreamReader, i);
            }
        }
        ParseUtils.requireNoContent(xMLExtendedStreamReader);
        String resolvePath = ParseUtils.resolvePath(str, str2);
        try {
            KeyStore loadKeyStore = KeyStoreUtil.loadKeyStore(ProviderUtil.INSTALLED_PROVIDERS, str3, new FileInputStream(resolvePath), resolvePath, cArr);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(loadKeyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    sSLContextBuilder.setTrustManager((X509TrustManager) trustManager);
                    return;
                }
            }
            throw Server.log.noDefaultKeyManager();
        } catch (Exception e) {
            throw new CacheConfigurationException(e);
        }
    }

    private void parseEndpoints(XMLExtendedStreamReader xMLExtendedStreamReader, ConfigurationBuilderHolder configurationBuilderHolder, ServerConfigurationBuilder serverConfigurationBuilder) throws XMLStreamException {
        configurationBuilderHolder.pushScope(ENDPOINTS_SCOPE);
        serverConfigurationBuilder.applySocketBinding(ParseUtils.requireAttributes(xMLExtendedStreamReader, new Enum[]{Attribute.SOCKET_BINDING})[0], serverConfigurationBuilder.endpoint());
        for (int i = 0; i < xMLExtendedStreamReader.getAttributeCount(); i++) {
            ParseUtils.requireNoNamespaceAttribute(xMLExtendedStreamReader, i);
            Attribute forName = Attribute.forName(xMLExtendedStreamReader.getAttributeLocalName(i));
            String attributeValue = xMLExtendedStreamReader.getAttributeValue(i);
            switch (forName) {
                case SOCKET_BINDING:
                    break;
                case SECURITY_REALM:
                    serverConfigurationBuilder.endpoint().securityRealm(serverConfigurationBuilder.getSecurityRealm(attributeValue));
                    break;
            }
            parseCommonConnectorAttributes(xMLExtendedStreamReader, i, serverConfigurationBuilder, serverConfigurationBuilder.endpoint());
        }
        while (xMLExtendedStreamReader.hasNext() && xMLExtendedStreamReader.nextTag() != 2) {
            xMLExtendedStreamReader.handleAny(configurationBuilderHolder);
        }
        configurationBuilderHolder.popScope();
    }

    public static void parseCommonConnectorAttributes(XMLExtendedStreamReader xMLExtendedStreamReader, int i, ServerConfigurationBuilder serverConfigurationBuilder, ProtocolServerConfigurationBuilder<?, ?> protocolServerConfigurationBuilder) throws XMLStreamException {
        String attributeValue = xMLExtendedStreamReader.getAttributeValue(i);
        switch (Attribute.forName(xMLExtendedStreamReader.getAttributeLocalName(i))) {
            case SECURITY_REALM:
                if (serverConfigurationBuilder.hasSSLContext(attributeValue)) {
                    protocolServerConfigurationBuilder.ssl().enable().sslContext(serverConfigurationBuilder.getSSLContext(attributeValue));
                    return;
                }
                return;
            case CACHE_CONTAINER:
                return;
            case IDLE_TIMEOUT:
                protocolServerConfigurationBuilder.idleTimeout(Integer.parseInt(attributeValue));
                return;
            case IO_THREADS:
                protocolServerConfigurationBuilder.ioThreads(Integer.parseInt(attributeValue));
                return;
            case RECEIVE_BUFFER_SIZE:
                protocolServerConfigurationBuilder.recvBufSize(Integer.parseInt(attributeValue));
                return;
            case REQUIRE_SSL_CLIENT_AUTH:
                protocolServerConfigurationBuilder.ssl().requireClientAuth(Boolean.parseBoolean(attributeValue));
                return;
            case SEND_BUFFER_SIZE:
                protocolServerConfigurationBuilder.sendBufSize(Integer.parseInt(attributeValue));
                return;
            case TCP_KEEPALIVE:
                protocolServerConfigurationBuilder.tcpKeepAlive(Boolean.parseBoolean(attributeValue));
                return;
            case TCP_NODELAY:
                protocolServerConfigurationBuilder.tcpNoDelay(Boolean.parseBoolean(attributeValue));
                return;
            case WORKER_THREADS:
                protocolServerConfigurationBuilder.workerThreads(Integer.parseInt(attributeValue));
                return;
            default:
                throw ParseUtils.unexpectedAttribute(xMLExtendedStreamReader, i);
        }
    }
}
