package org.wildfly.extension.elytron;

import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.AttributeMarshallers;
import org.jboss.as.controller.AttributeParsers;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.PropertiesAttributeDefinition;
import org.jboss.as.controller.ResourceDefinition;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.StringListAttributeDefinition;
import org.jboss.as.controller.operations.validation.StringAllowedValuesValidator;
import org.jboss.as.controller.services.path.PathManager;
import org.jboss.as.controller.services.path.PathManagerService;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.dmr.Property;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.StartException;
import org.jboss.msc.value.InjectedValue;
import org.wildfly.extension.elytron.FileAttributeDefinitions;
import org.wildfly.extension.elytron.TrivialService;
import org.wildfly.extension.elytron.capabilities.CredentialSecurityFactory;
import org.wildfly.security.asn1.OidsUtil;
import org.wildfly.security.mechanism.gssapi.GSSCredentialSecurityFactory;

/* loaded from: input_file:org/wildfly/extension/elytron/KerberosSecurityFactoryDefinition.class */
class KerberosSecurityFactoryDefinition {
    static final SimpleAttributeDefinition PATH = new SimpleAttributeDefinitionBuilder(FileAttributeDefinitions.PATH).setRequired(true).setRestartAllServices().build();
    static final SimpleAttributeDefinition PRINCIPAL = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PRINCIPAL, ModelType.STRING, false).setAllowExpression(true).setMinSize(1).setRestartAllServices().build();
    static final SimpleAttributeDefinition MINIMUM_REMAINING_LIFETIME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.MINIMUM_REMAINING_LIFETIME, ModelType.INT, true).setAllowExpression(true).setDefaultValue(ModelNode.ZERO).setRestartAllServices().build();
    static final SimpleAttributeDefinition REQUEST_LIFETIME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.REQUEST_LIFETIME, ModelType.INT, true).setAllowExpression(true).setDefaultValue(new ModelNode(Integer.MAX_VALUE)).setRestartAllServices().build();
    static final SimpleAttributeDefinition FAIL_CACHE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.FAIL_CACHE, ModelType.INT, true).setAllowExpression(true).setRestartAllServices().build();
    static final SimpleAttributeDefinition SERVER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.SERVER, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(ModelNode.TRUE).setRestartAllServices().build();
    static final SimpleAttributeDefinition OBTAIN_KERBEROS_TICKET = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.OBTAIN_KERBEROS_TICKET, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(ModelNode.FALSE).setRestartAllServices().build();
    static final SimpleAttributeDefinition DEBUG = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.DEBUG, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(ModelNode.FALSE).setRestartAllServices().build();
    static final SimpleAttributeDefinition WRAP_GSS_CREDENTIAL = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.WRAP_GSS_CREDENTIAL, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(ModelNode.FALSE).setRestartAllServices().build();
    static final SimpleAttributeDefinition REQUIRED = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.REQUIRED, ModelType.BOOLEAN, true).setDefaultValue(ModelNode.FALSE).setAllowExpression(true).setRestartAllServices().build();
    private static final ModelNode mechanismsDefault = new ModelNode();
    private static final String[] mechanismAllowedValues = {"KRB5LEGACY", "GENERIC", "KRB5", "KRB5V2", "SPNEGO"};
    static final StringListAttributeDefinition MECHANISM_NAMES;
    static final StringListAttributeDefinition MECHANISM_OIDS;
    static final PropertiesAttributeDefinition OPTIONS;

    KerberosSecurityFactoryDefinition() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ResourceDefinition getKerberosSecurityFactoryDefinition() {
        return new TrivialResourceDefinition(ElytronDescriptionConstants.KERBEROS_SECURITY_FACTORY, new TrivialAddHandler<CredentialSecurityFactory>(CredentialSecurityFactory.class, Capabilities.SECURITY_FACTORY_CREDENTIAL_RUNTIME_CAPABILITY) { // from class: org.wildfly.extension.elytron.KerberosSecurityFactoryDefinition.1
            @Override // org.wildfly.extension.elytron.TrivialAddHandler
            protected TrivialService.ValueSupplier<CredentialSecurityFactory> getValueSupplier(ServiceBuilder<CredentialSecurityFactory> serviceBuilder, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
                HashMap hashMap;
                String asString = KerberosSecurityFactoryDefinition.PRINCIPAL.resolveModelAttribute(operationContext, modelNode).asString();
                int asInt = KerberosSecurityFactoryDefinition.MINIMUM_REMAINING_LIFETIME.resolveModelAttribute(operationContext, modelNode).asInt();
                int asInt2 = KerberosSecurityFactoryDefinition.REQUEST_LIFETIME.resolveModelAttribute(operationContext, modelNode).asInt();
                int asInt3 = KerberosSecurityFactoryDefinition.FAIL_CACHE.resolveModelAttribute(operationContext, modelNode).asInt(0);
                boolean asBoolean = KerberosSecurityFactoryDefinition.SERVER.resolveModelAttribute(operationContext, modelNode).asBoolean();
                boolean asBoolean2 = KerberosSecurityFactoryDefinition.OBTAIN_KERBEROS_TICKET.resolveModelAttribute(operationContext, modelNode).asBoolean();
                boolean asBoolean3 = KerberosSecurityFactoryDefinition.DEBUG.resolveModelAttribute(operationContext, modelNode).asBoolean();
                boolean asBoolean4 = KerberosSecurityFactoryDefinition.WRAP_GSS_CREDENTIAL.resolveModelAttribute(operationContext, modelNode).asBoolean();
                boolean asBoolean5 = KerberosSecurityFactoryDefinition.REQUIRED.resolveModelAttribute(operationContext, modelNode).asBoolean();
                Set set = (Set) Stream.concat(KerberosSecurityFactoryDefinition.MECHANISM_NAMES.unwrap(operationContext, modelNode).stream().map(str -> {
                    return OidsUtil.attributeNameToOid(OidsUtil.Category.GSS, str);
                }), KerberosSecurityFactoryDefinition.MECHANISM_OIDS.unwrap(operationContext, modelNode).stream()).map(str2 -> {
                    try {
                        return new Oid(str2);
                    } catch (GSSException e) {
                        throw new IllegalArgumentException((Throwable) e);
                    }
                }).collect(Collectors.toSet());
                InjectedValue injectedValue = new InjectedValue();
                String asString2 = KerberosSecurityFactoryDefinition.PATH.resolveModelAttribute(operationContext, modelNode).asString();
                String asStringOrNull = FileAttributeDefinitions.RELATIVE_TO.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                if (asStringOrNull != null) {
                    serviceBuilder.addDependency(PathManagerService.SERVICE_NAME, PathManager.class, injectedValue);
                    serviceBuilder.requires(FileAttributeDefinitions.pathName(asStringOrNull));
                }
                ModelNode resolveModelAttribute = KerberosSecurityFactoryDefinition.OPTIONS.resolveModelAttribute(operationContext, modelNode);
                if (resolveModelAttribute.isDefined()) {
                    hashMap = new HashMap();
                    for (Property property : resolveModelAttribute.asPropertyList()) {
                        hashMap.put(property.getName(), property.getValue().asString());
                    }
                } else {
                    hashMap = null;
                }
                HashMap hashMap2 = hashMap;
                return () -> {
                    FileAttributeDefinitions.PathResolver pathResolver = FileAttributeDefinitions.pathResolver();
                    pathResolver.path(asString2);
                    if (asStringOrNull != null) {
                        pathResolver.relativeTo(asStringOrNull, (PathManager) injectedValue.getValue());
                    }
                    GSSCredentialSecurityFactory.Builder options = GSSCredentialSecurityFactory.builder().setPrincipal(asString).setKeyTab(pathResolver.resolve()).setMinimumRemainingLifetime(asInt).setRequestLifetime(asInt2).setFailCache(asInt3).setIsServer(asBoolean).setObtainKerberosTicket(asBoolean2).setDebug(asBoolean3).setWrapGssCredential(asBoolean4).setCheckKeyTab(asBoolean5).setOptions(hashMap2);
                    Iterator it = set.iterator();
                    while (it.hasNext()) {
                        options.addMechanismOid((Oid) it.next());
                    }
                    try {
                        return CredentialSecurityFactory.from(options.build());
                    } catch (IOException e) {
                        throw new StartException(e);
                    }
                };
            }
        }, new AttributeDefinition[]{PRINCIPAL, FileAttributeDefinitions.RELATIVE_TO, PATH, MINIMUM_REMAINING_LIFETIME, REQUEST_LIFETIME, FAIL_CACHE, SERVER, OBTAIN_KERBEROS_TICKET, DEBUG, MECHANISM_NAMES, MECHANISM_OIDS, WRAP_GSS_CREDENTIAL, REQUIRED, OPTIONS}, Capabilities.SECURITY_FACTORY_CREDENTIAL_RUNTIME_CAPABILITY);
    }

    static {
        mechanismsDefault.add("KRB5");
        mechanismsDefault.add("SPNEGO");
        MECHANISM_NAMES = new StringListAttributeDefinition.Builder(ElytronDescriptionConstants.MECHANISM_NAMES).setAllowExpression(true).setRequired(false).setDefaultValue(mechanismsDefault).setAllowedValues(new String[]{"KRB5LEGACY", "GENERIC", "KRB5", "KRB5V2", "SPNEGO"}).setMinSize(1).setMaxSize(mechanismAllowedValues.length).setValidator(new StringAllowedValuesValidator(mechanismAllowedValues)).setRestartAllServices().build();
        MECHANISM_OIDS = new StringListAttributeDefinition.Builder(ElytronDescriptionConstants.MECHANISM_OIDS).setAllowExpression(true).setRequired(false).setRestartAllServices().build();
        OPTIONS = new PropertiesAttributeDefinition.Builder(ElytronDescriptionConstants.OPTIONS, true).setAttributeMarshaller(new AttributeMarshallers.PropertiesAttributeMarshaller((String) null, ElytronDescriptionConstants.OPTION, false)).setAttributeParser(new AttributeParsers.PropertiesParser((String) null, ElytronDescriptionConstants.OPTION, false)).setRestartAllServices().build();
    }
}
