package org.wildfly.extension.elytron;

import java.io.File;
import java.security.GeneralSecurityException;
import java.util.HashMap;
import java.util.function.Supplier;
import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.CapabilityServiceBuilder;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleOperationDefinition;
import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.descriptions.StandardResourceDescriptionResolver;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.OperationEntry;
import org.jboss.as.controller.services.path.PathManager;
import org.jboss.as.controller.services.path.PathManagerService;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.service.StartException;
import org.wildfly.common.function.ExceptionRunnable;
import org.wildfly.common.function.ExceptionSupplier;
import org.wildfly.extension.elytron.AbstractCredentialStoreResourceDefinition;
import org.wildfly.extension.elytron.FileAttributeDefinitions;
import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
import org.wildfly.security.credential.SecretKeyCredential;
import org.wildfly.security.credential.store.CredentialStore;
import org.wildfly.security.encryption.SecretKeyUtil;

/* loaded from: input_file:org/wildfly/extension/elytron/SecretKeyCredentialStoreDefinition.class */
class SecretKeyCredentialStoreDefinition extends AbstractCredentialStoreResourceDefinition {
    private static final String CREDENTIAL_STORE_TYPE = "PropertiesCredentialStore";
    static final SimpleAttributeDefinition PATH = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PATH, FileAttributeDefinitions.PATH).setAttributeGroup(ElytronDescriptionConstants.FILE).setRequired(true).setRestartAllServices().build();
    static final SimpleAttributeDefinition CREATE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.CREATE, ModelType.BOOLEAN, true).setAttributeGroup(ElytronDescriptionConstants.IMPLEMENTATION).setAllowExpression(true).setDefaultValue(ModelNode.TRUE).setRestartAllServices().build();
    static final SimpleAttributeDefinition POPULATE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.POPULATE, ModelType.BOOLEAN, true).setAttributeGroup(ElytronDescriptionConstants.IMPLEMENTATION).setAllowExpression(true).setDefaultValue(ModelNode.TRUE).setRestartAllServices().build();
    static final SimpleAttributeDefinition KEY_SIZE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.KEY_SIZE, ModelType.INT, true).setAttributeGroup(ElytronDescriptionConstants.IMPLEMENTATION).setAllowExpression(true).setDefaultValue(new ModelNode(256)).setAllowedValues(new int[]{128, 192, 256}).setRestartAllServices().build();
    static final SimpleAttributeDefinition DEFAULT_ALIAS = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.DEFAULT_ALIAS, ModelType.STRING, true).setAttributeGroup(ElytronDescriptionConstants.IMPLEMENTATION).setAllowExpression(true).setDefaultValue(new ModelNode(ElytronDescriptionConstants.KEY)).setRestartAllServices().build();
    private static final StandardResourceDescriptionResolver RESOURCE_RESOLVER = ElytronExtension.getResourceDescriptionResolver(ElytronDescriptionConstants.SECRET_KEY_CREDENTIAL_STORE);
    static final AttributeDefinition[] CONFIG_ATTRIBUTES = {FileAttributeDefinitions.RELATIVE_TO, PATH, CREATE, POPULATE, KEY_SIZE, DEFAULT_ALIAS};
    private static final AbstractAddStepHandler ADD = new SecretKeyCredentialStoreAddHandler();
    private static final OperationStepHandler REMOVE = new TrivialCapabilityServiceRemoveHandler(ADD, Capabilities.CREDENTIAL_STORE_RUNTIME_CAPABILITY);
    private static final SimpleOperationDefinition REMOVE_ALIAS = new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.REMOVE_ALIAS, OPERATION_RESOLVER).setParameters(new AttributeDefinition[]{ALIAS}).setRuntimeOnly().build();
    private static final SimpleAttributeDefinition KEY_SIZE_PARAMETER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.KEY_SIZE, ModelType.INT, true).setAllowExpression(true).setAllowedValues(new int[]{128, 192, 256}).setRestartAllServices().build();
    private static final SimpleOperationDefinition GENERATE_SECRET_KEY = new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.GENERATE_SECRET_KEY, OPERATION_RESOLVER).setParameters(new AttributeDefinition[]{ALIAS, KEY_SIZE_PARAMETER}).setRuntimeOnly().build();

    /* loaded from: input_file:org/wildfly/extension/elytron/SecretKeyCredentialStoreDefinition$SecretKeyCredentialStoreAddHandler.class */
    static class SecretKeyCredentialStoreAddHandler extends DoohickeyAddHandler<CredentialStore> {
        private SecretKeyCredentialStoreAddHandler() {
            super(Capabilities.CREDENTIAL_STORE_RUNTIME_CAPABILITY, SecretKeyCredentialStoreDefinition.CONFIG_ATTRIBUTES, "org.wildfly.security.credential-store-api");
        }

        @Override // org.wildfly.extension.elytron.DoohickeyAddHandler
        protected ElytronDoohickey<CredentialStore> createDoohickey(PathAddress pathAddress) {
            return new SecretKeyDoohickey(pathAddress);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/extension/elytron/SecretKeyCredentialStoreDefinition$SecretKeyDoohickey.class */
    public static class SecretKeyDoohickey extends AbstractCredentialStoreResourceDefinition.AbstractCredentialStoreDoohickey {
        private volatile String relativeTo;
        private volatile String path;
        private volatile boolean create;
        private volatile boolean populate;
        private volatile int keySize;
        private volatile String defaultAlias;
        private volatile ExceptionRunnable<GeneralSecurityException> reloader;

        protected SecretKeyDoohickey(PathAddress pathAddress) {
            super(pathAddress);
        }

        @Override // org.wildfly.extension.elytron.ElytronDoohickey
        protected void resolveRuntime(ModelNode modelNode, OperationContext operationContext) throws OperationFailedException {
            this.relativeTo = FileAttributeDefinitions.RELATIVE_TO.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
            this.path = SecretKeyCredentialStoreDefinition.PATH.resolveModelAttribute(operationContext, modelNode).asString();
            this.create = SecretKeyCredentialStoreDefinition.CREATE.resolveModelAttribute(operationContext, modelNode).asBoolean();
            this.populate = SecretKeyCredentialStoreDefinition.POPULATE.resolveModelAttribute(operationContext, modelNode).asBoolean();
            this.keySize = SecretKeyCredentialStoreDefinition.KEY_SIZE.resolveModelAttribute(operationContext, modelNode).asInt();
            this.defaultAlias = SecretKeyCredentialStoreDefinition.DEFAULT_ALIAS.resolveModelAttribute(operationContext, modelNode).asString();
        }

        @Override // org.wildfly.extension.elytron.ElytronDoohickey
        protected ExceptionSupplier<CredentialStore, StartException> prepareServiceSupplier(OperationContext operationContext, CapabilityServiceBuilder<?> capabilityServiceBuilder) {
            Supplier supplier;
            if (this.relativeTo != null) {
                supplier = capabilityServiceBuilder.requires(PathManagerService.SERVICE_NAME);
                capabilityServiceBuilder.requires(FileAttributeDefinitions.pathName(this.relativeTo));
            } else {
                supplier = null;
            }
            final Supplier supplier2 = supplier;
            return new ExceptionSupplier<CredentialStore, StartException>() { // from class: org.wildfly.extension.elytron.SecretKeyCredentialStoreDefinition.SecretKeyDoohickey.1
                /* renamed from: get, reason: merged with bridge method [inline-methods] */
                public CredentialStore m137get() throws StartException {
                    try {
                        FileAttributeDefinitions.PathResolver pathResolver = FileAttributeDefinitions.pathResolver();
                        pathResolver.path(SecretKeyDoohickey.this.path);
                        if (SecretKeyDoohickey.this.relativeTo != null) {
                            pathResolver.relativeTo(SecretKeyDoohickey.this.relativeTo, (PathManager) supplier2.get());
                        }
                        File resolve = pathResolver.resolve();
                        pathResolver.clear();
                        return SecretKeyDoohickey.this.createCredentialStore(resolve);
                    } catch (GeneralSecurityException e) {
                        throw ElytronSubsystemMessages.ROOT_LOGGER.unableToStartService(e);
                    }
                }
            };
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.wildfly.extension.elytron.ElytronDoohickey
        public CredentialStore createImmediately(OperationContext operationContext) throws OperationFailedException {
            try {
                return createCredentialStore(resolveRelativeToImmediately(this.path, this.relativeTo, operationContext));
            } catch (GeneralSecurityException e) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.unableToCreateCredentialStoreImmediately(e);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public CredentialStore createCredentialStore(File file) throws GeneralSecurityException {
            final CredentialStore credentialStore = CredentialStore.getInstance(SecretKeyCredentialStoreDefinition.CREDENTIAL_STORE_TYPE);
            final HashMap hashMap = new HashMap();
            hashMap.put(ElytronDescriptionConstants.LOCATION, file.getAbsolutePath());
            if (this.create) {
                hashMap.put(ElytronDescriptionConstants.CREATE, Boolean.TRUE.toString());
            }
            this.reloader = new ExceptionRunnable<GeneralSecurityException>() { // from class: org.wildfly.extension.elytron.SecretKeyCredentialStoreDefinition.SecretKeyDoohickey.2
                public void run() throws GeneralSecurityException {
                    credentialStore.initialize(hashMap);
                }
            };
            this.reloader.run();
            if (this.populate && !credentialStore.getAliases().contains(this.defaultAlias)) {
                credentialStore.store(this.defaultAlias, new SecretKeyCredential(SecretKeyUtil.generateSecretKey(this.keySize)));
                credentialStore.flush();
            }
            return credentialStore;
        }

        @Override // org.wildfly.extension.elytron.AbstractCredentialStoreResourceDefinition.AbstractCredentialStoreDoohickey
        protected void reload(OperationContext operationContext) throws GeneralSecurityException, OperationFailedException {
            if (this.reloader != null) {
                this.reloader.run();
            } else {
                super.apply(operationContext);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecretKeyCredentialStoreDefinition() {
        super(new SimpleResourceDefinition.Parameters(PathElement.pathElement(ElytronDescriptionConstants.SECRET_KEY_CREDENTIAL_STORE), RESOURCE_RESOLVER).setAddHandler(ADD).setRemoveHandler(REMOVE).setAddRestartLevel(OperationEntry.Flag.RESTART_NONE).setRemoveRestartLevel(OperationEntry.Flag.RESTART_NONE).setCapabilities(new RuntimeCapability[]{Capabilities.CREDENTIAL_STORE_RUNTIME_CAPABILITY}));
    }

    @Override // org.wildfly.extension.elytron.AbstractCredentialStoreResourceDefinition
    protected AttributeDefinition[] getAttributeDefinitions() {
        return CONFIG_ATTRIBUTES;
    }

    public void registerOperations(ManagementResourceRegistration managementResourceRegistration) {
        super.registerOperations(managementResourceRegistration);
        boolean isServerOrHostController = ElytronExtension.isServerOrHostController(managementResourceRegistration);
        HashMap hashMap = new HashMap();
        hashMap.put(ElytronDescriptionConstants.READ_ALIASES, this::readAliasesOperation);
        if (isServerOrHostController) {
            hashMap.put(ElytronDescriptionConstants.REMOVE_ALIAS, this::removeAliasOperation);
            hashMap.put(ElytronDescriptionConstants.EXPORT_SECRET_KEY, this::exportSecretKeyOperation);
            hashMap.put(ElytronDescriptionConstants.GENERATE_SECRET_KEY, this::generateSecretKeyOperation);
            hashMap.put(ElytronDescriptionConstants.IMPORT_SECRET_KEY, this::importSecretKeyOperation);
        }
        AbstractCredentialStoreResourceDefinition.CredentialStoreRuntimeHandler credentialStoreRuntimeHandler = new AbstractCredentialStoreResourceDefinition.CredentialStoreRuntimeHandler(hashMap);
        managementResourceRegistration.registerOperationHandler(READ_ALIASES, credentialStoreRuntimeHandler);
        if (isServerOrHostController) {
            managementResourceRegistration.registerOperationHandler(REMOVE_ALIAS, credentialStoreRuntimeHandler);
            managementResourceRegistration.registerOperationHandler(EXPORT_SECRET_KEY, credentialStoreRuntimeHandler);
            managementResourceRegistration.registerOperationHandler(GENERATE_SECRET_KEY, credentialStoreRuntimeHandler);
            managementResourceRegistration.registerOperationHandler(IMPORT_SECRET_KEY, credentialStoreRuntimeHandler);
            managementResourceRegistration.registerOperationHandler(RELOAD, RELOAD_HANDLER);
        }
    }

    void removeAliasOperation(OperationContext operationContext, ModelNode modelNode, CredentialStore credentialStore) throws OperationFailedException {
        super.removeAliasOperation(operationContext, modelNode, credentialStore, SecretKeyCredential.class);
    }

    protected void generateSecretKeyOperation(OperationContext operationContext, ModelNode modelNode, CredentialStore credentialStore) throws OperationFailedException {
        int asInt;
        ModelNode resolveModelAttribute = KEY_SIZE_PARAMETER.resolveModelAttribute(operationContext, modelNode);
        if (resolveModelAttribute.isDefined()) {
            asInt = resolveModelAttribute.asInt();
        } else {
            asInt = KEY_SIZE.resolveModelAttribute(operationContext, operationContext.readResource(PathAddress.EMPTY_ADDRESS).getModel()).asInt();
        }
        generateSecretKeyOperation(operationContext, modelNode, credentialStore, asInt);
    }
}
