package org.jboss.as.security;

import org.jboss.as.controller.AbstractBoottimeAddStepHandler;
import org.jboss.as.controller.AbstractWriteAttributeHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.ReloadRequiredRemoveStepHandler;
import org.jboss.as.controller.ReloadRequiredWriteAttributeHandler;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.access.constraint.SensitivityClassification;
import org.jboss.as.controller.access.management.AccessConstraintDefinition;
import org.jboss.as.controller.access.management.SensitiveTargetAccessConstraintDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.Resource;
import org.jboss.as.controller.registry.RuntimePackageDependency;
import org.jboss.as.security.logging.SecurityLogger;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;

/* loaded from: input_file:org/jboss/as/security/SecuritySubsystemRootResourceDefinition.class */
class SecuritySubsystemRootResourceDefinition extends SimpleResourceDefinition {
    private static final RuntimeCapability<Void> SECURITY_SUBSYSTEM = RuntimeCapability.Builder.of("org.wildfly.legacy-security").build();
    private static final RuntimeCapability<Void> SERVER_SECURITY_MANAGER = RuntimeCapability.Builder.of("org.wildfly.legacy-security.server-security-manager").build();
    private static final RuntimeCapability<Void> SUBJECT_FACTORY_CAP = RuntimeCapability.Builder.of("org.wildfly.legacy-security.subject-factory").build();
    private static final RuntimeCapability<Void> JACC_CAPABILITY = RuntimeCapability.Builder.of("org.wildfly.legacy-security.jacc").build();
    private static final RuntimeCapability<Void> JACC_CAPABILITY_TOMBSTONE = RuntimeCapability.Builder.of("org.wildfly.legacy-security.jacc.tombstone").build();
    private static final SensitiveTargetAccessConstraintDefinition MISC_SECURITY_SENSITIVITY = new SensitiveTargetAccessConstraintDefinition(new SensitivityClassification(SecurityExtension.SUBSYSTEM_NAME, "misc-security", false, true, true));
    static final SecuritySubsystemRootResourceDefinition INSTANCE = new SecuritySubsystemRootResourceDefinition();
    static final SimpleAttributeDefinition DEEP_COPY_SUBJECT_MODE = new SimpleAttributeDefinitionBuilder(Constants.DEEP_COPY_SUBJECT_MODE, ModelType.BOOLEAN, true).setAccessConstraints(new AccessConstraintDefinition[]{MISC_SECURITY_SENSITIVITY}).setDefaultValue(ModelNode.FALSE).setAllowExpression(true).build();
    static final SimpleAttributeDefinition INITIALIZE_JACC = new SimpleAttributeDefinitionBuilder(Constants.INITIALIZE_JACC, ModelType.BOOLEAN, true).setDefaultValue(ModelNode.TRUE).setRestartJVM().setAllowExpression(true).build();

    /* loaded from: input_file:org/jboss/as/security/SecuritySubsystemRootResourceDefinition$SecuritySubsystemAdd.class */
    private static class SecuritySubsystemAdd extends AbstractBoottimeAddStepHandler {
        public static final OperationStepHandler INSTANCE = new SecuritySubsystemAdd();

        private SecuritySubsystemAdd() {
        }

        protected void populateModel(ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
            SecuritySubsystemRootResourceDefinition.DEEP_COPY_SUBJECT_MODE.validateAndSet(modelNode, modelNode2);
            SecuritySubsystemRootResourceDefinition.INITIALIZE_JACC.validateAndSet(modelNode, modelNode2);
        }

        protected void recordCapabilitiesAndRequirements(OperationContext operationContext, ModelNode modelNode, Resource resource) throws OperationFailedException {
            super.recordCapabilitiesAndRequirements(operationContext, modelNode, resource);
            if (SecuritySubsystemRootResourceDefinition.INITIALIZE_JACC.resolveModelAttribute(operationContext, resource.getModel()).asBoolean()) {
                operationContext.registerCapability(SecuritySubsystemRootResourceDefinition.JACC_CAPABILITY);
                if (operationContext.isBooting()) {
                    operationContext.registerCapability(SecuritySubsystemRootResourceDefinition.JACC_CAPABILITY_TOMBSTONE);
                }
            }
        }
    }

    private SecuritySubsystemRootResourceDefinition() {
        super(new SimpleResourceDefinition.Parameters(SecurityExtension.PATH_SUBSYSTEM, SecurityExtension.getResourceDescriptionResolver(SecurityExtension.SUBSYSTEM_NAME)).setAddHandler(SecuritySubsystemAdd.INSTANCE).setRemoveHandler(new ReloadRequiredRemoveStepHandler() { // from class: org.jboss.as.security.SecuritySubsystemRootResourceDefinition.1
            protected void recordCapabilitiesAndRequirements(OperationContext operationContext, ModelNode modelNode, Resource resource) throws OperationFailedException {
                super.recordCapabilitiesAndRequirements(operationContext, modelNode, resource);
                operationContext.deregisterCapability(SecuritySubsystemRootResourceDefinition.JACC_CAPABILITY.getName());
            }
        }).setCapabilities(new RuntimeCapability[]{SECURITY_SUBSYSTEM, SERVER_SECURITY_MANAGER, SUBJECT_FACTORY_CAP}));
        setDeprecated(SecurityExtension.DEPRECATED_SINCE);
    }

    public void registerAttributes(ManagementResourceRegistration managementResourceRegistration) {
        managementResourceRegistration.registerReadWriteAttribute(DEEP_COPY_SUBJECT_MODE, (OperationStepHandler) null, new ReloadRequiredWriteAttributeHandler(new AttributeDefinition[]{DEEP_COPY_SUBJECT_MODE}));
        managementResourceRegistration.registerReadWriteAttribute(INITIALIZE_JACC, (OperationStepHandler) null, new ReloadRequiredWriteAttributeHandler(INITIALIZE_JACC) { // from class: org.jboss.as.security.SecuritySubsystemRootResourceDefinition.2
            protected boolean applyUpdateToRuntime(OperationContext operationContext, ModelNode modelNode, String str, ModelNode modelNode2, ModelNode modelNode3, AbstractWriteAttributeHandler.HandbackHolder<Void> handbackHolder) throws OperationFailedException {
                boolean hasCapability = operationContext.getCapabilityServiceSupport().hasCapability("org.wildfly.security.jacc-policy");
                if (modelNode2.asBoolean() && hasCapability) {
                    throw SecurityLogger.ROOT_LOGGER.unableToEnableJaccSupport();
                }
                return super.applyUpdateToRuntime(operationContext, modelNode, str, modelNode2, modelNode3, handbackHolder);
            }

            protected void recordCapabilitiesAndRequirements(OperationContext operationContext, AttributeDefinition attributeDefinition, ModelNode modelNode, ModelNode modelNode2) {
                super.recordCapabilitiesAndRequirements(operationContext, attributeDefinition, modelNode, modelNode2);
                boolean resolveValue = resolveValue(operationContext, attributeDefinition, modelNode);
                boolean resolveValue2 = resolveValue(operationContext, attributeDefinition, modelNode2);
                if (!resolveValue) {
                    operationContext.deregisterCapability(SecuritySubsystemRootResourceDefinition.JACC_CAPABILITY.getName());
                }
                if (resolveValue2 || !resolveValue) {
                    return;
                }
                operationContext.registerCapability(SecuritySubsystemRootResourceDefinition.JACC_CAPABILITY);
            }

            private boolean resolveValue(OperationContext operationContext, AttributeDefinition attributeDefinition, ModelNode modelNode) {
                try {
                    return attributeDefinition.resolveValue(operationContext, modelNode).asBoolean();
                } catch (OperationFailedException e) {
                    throw new IllegalStateException((Throwable) e);
                }
            }
        });
    }

    public void registerAdditionalRuntimePackages(ManagementResourceRegistration managementResourceRegistration) {
        managementResourceRegistration.registerAdditionalRuntimePackages(new RuntimePackageDependency[]{RuntimePackageDependency.required("jakarta.security.auth.message.api")});
    }
}
