package org.wildfly.extension.elytron;

import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.function.Supplier;
import java.util.logging.Level;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.CapabilityServiceBuilder;
import org.jboss.as.controller.ModelVersion;
import org.jboss.as.controller.ObjectTypeAttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleMapAttributeDefinition;
import org.jboss.as.controller.SimpleOperationDefinition;
import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.descriptions.StandardResourceDescriptionResolver;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.OperationEntry;
import org.jboss.as.controller.registry.Resource;
import org.jboss.as.controller.security.CredentialReference;
import org.jboss.as.controller.services.path.PathManager;
import org.jboss.as.controller.services.path.PathManagerService;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.service.StartException;
import org.wildfly.common.function.ExceptionFunction;
import org.wildfly.common.function.ExceptionRunnable;
import org.wildfly.common.function.ExceptionSupplier;
import org.wildfly.extension.elytron.AbstractCredentialStoreResourceDefinition;
import org.wildfly.extension.elytron.FileAttributeDefinitions;
import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
import org.wildfly.security.EmptyProvider;
import org.wildfly.security.auth.server.IdentityCredentials;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.SecretKeyCredential;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.credential.store.CredentialStore;
import org.wildfly.security.credential.store.CredentialStoreException;
import org.wildfly.security.credential.store.impl.KeyStoreCredentialStore;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/extension/elytron/CredentialStoreResourceDefinition.class */
public final class CredentialStoreResourceDefinition extends AbstractCredentialStoreResourceDefinition {
    private static final String CS_KEY_STORE_TYPE_ATTRIBUTE = "keyStoreType";
    private static final List<String> filebasedKeystoreTypes = Collections.unmodifiableList(Arrays.asList("JKS", "JCEKS", "PKCS12"));
    static final SimpleAttributeDefinition LOCATION = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.LOCATION, ModelType.STRING, true).setAttributeGroup(ElytronDescriptionConstants.IMPLEMENTATION).setAllowExpression(true).setMinSize(1).setRestartAllServices().setDeprecated(ModelVersion.create(13)).setAlternatives(new String[]{ElytronDescriptionConstants.PATH}).build();
    static final SimpleAttributeDefinition MODIFIABLE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.MODIFIABLE, ModelType.BOOLEAN, true).setAttributeGroup(ElytronDescriptionConstants.IMPLEMENTATION).setDefaultValue(ModelNode.TRUE).setAllowExpression(false).setRestartAllServices().build();
    static final SimpleAttributeDefinition CREATE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.CREATE, ModelType.BOOLEAN, true).setAttributeGroup(ElytronDescriptionConstants.IMPLEMENTATION).setAllowExpression(false).setDefaultValue(ModelNode.FALSE).setRestartAllServices().build();
    static final SimpleMapAttributeDefinition IMPLEMENTATION_PROPERTIES = new SimpleMapAttributeDefinition.Builder(ElytronDescriptionConstants.IMPLEMENTATION_PROPERTIES, ModelType.STRING, true).setAttributeGroup(ElytronDescriptionConstants.IMPLEMENTATION).setAllowExpression(true).setRestartAllServices().build();
    static final ObjectTypeAttributeDefinition CREDENTIAL_REFERENCE = CredentialReference.getAttributeDefinition(true);
    static final SimpleAttributeDefinition TYPE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.TYPE, ModelType.STRING, true).setAttributeGroup(ElytronDescriptionConstants.IMPLEMENTATION).setAllowExpression(true).setMinSize(1).setRestartAllServices().build();
    static final SimpleAttributeDefinition PROVIDER_NAME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PROVIDER_NAME, ModelType.STRING, true).setAttributeGroup(ElytronDescriptionConstants.IMPLEMENTATION).setAllowExpression(true).setMinSize(1).setRestartAllServices().build();
    static final SimpleAttributeDefinition PROVIDERS = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PROVIDERS, ModelType.STRING, true).setAttributeGroup(ElytronDescriptionConstants.IMPLEMENTATION).setAllowExpression(false).setMinSize(1).setRestartAllServices().setCapabilityReference("org.wildfly.security.providers", "org.wildfly.security.credential-store").build();
    static final SimpleAttributeDefinition OTHER_PROVIDERS = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.OTHER_PROVIDERS, ModelType.STRING, true).setAttributeGroup(ElytronDescriptionConstants.IMPLEMENTATION).setAllowExpression(false).setMinSize(1).setRestartAllServices().setCapabilityReference("org.wildfly.security.providers", "org.wildfly.security.credential-store").build();
    static final SimpleAttributeDefinition RELATIVE_TO = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.RELATIVE_TO, ModelType.STRING, true).setAllowExpression(false).setMinSize(1).setAttributeGroup(ElytronDescriptionConstants.FILE).setRestartAllServices().build();
    static final SimpleAttributeDefinition PATH = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PATH, ModelType.STRING, true).setAllowExpression(true).setMinSize(1).setAttributeGroup(ElytronDescriptionConstants.FILE).setRestartAllServices().setAlternatives(new String[]{ElytronDescriptionConstants.LOCATION}).build();
    private static final StandardResourceDescriptionResolver RESOURCE_RESOLVER = ElytronExtension.getResourceDescriptionResolver(ElytronDescriptionConstants.CREDENTIAL_STORE);
    static final SimpleAttributeDefinition KEY_SIZE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.KEY_SIZE, ModelType.INT, true).setMinSize(1).setDefaultValue(new ModelNode(256)).setAllowedValues(new int[]{128, 192, 256}).build();
    static final SimpleAttributeDefinition ADD_ENTRY_TYPE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ENTRY_TYPE, ModelType.STRING, true).setAllowedValues(new String[]{PasswordCredential.class.getCanonicalName()}).build();
    static final SimpleAttributeDefinition REMOVE_ENTRY_TYPE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ENTRY_TYPE, ModelType.STRING, true).setAllowedValues(new String[]{PasswordCredential.class.getCanonicalName(), PasswordCredential.class.getSimpleName(), SecretKeyCredential.class.getCanonicalName(), SecretKeyCredential.class.getSimpleName()}).setDefaultValue(new ModelNode(PasswordCredential.class.getSimpleName())).build();
    static final SimpleAttributeDefinition SECRET_VALUE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.SECRET_VALUE, ModelType.STRING, true).setMinSize(0).build();
    private static final SimpleOperationDefinition ADD_ALIAS = new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.ADD_ALIAS, OPERATION_RESOLVER).setParameters(new AttributeDefinition[]{ALIAS, ADD_ENTRY_TYPE, SECRET_VALUE}).setRuntimeOnly().build();
    private static final SimpleOperationDefinition REMOVE_ALIAS = new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.REMOVE_ALIAS, OPERATION_RESOLVER).setParameters(new AttributeDefinition[]{ALIAS, REMOVE_ENTRY_TYPE}).setRuntimeOnly().build();
    private static final SimpleOperationDefinition SET_SECRET = new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.SET_SECRET, OPERATION_RESOLVER).setParameters(new AttributeDefinition[]{ALIAS, ADD_ENTRY_TYPE, SECRET_VALUE}).setRuntimeOnly().build();
    private static final SimpleOperationDefinition GENERATE_SECRET_KEY = new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.GENERATE_SECRET_KEY, OPERATION_RESOLVER).setParameters(new AttributeDefinition[]{ALIAS, KEY_SIZE}).setRuntimeOnly().build();
    private static final AttributeDefinition[] CONFIG_ATTRIBUTES = {LOCATION, PATH, CREATE, MODIFIABLE, IMPLEMENTATION_PROPERTIES, CREDENTIAL_REFERENCE, TYPE, PROVIDER_NAME, PROVIDERS, OTHER_PROVIDERS, RELATIVE_TO};
    private static final CredentialStoreAddHandler ADD = new CredentialStoreAddHandler();
    private static final OperationStepHandler REMOVE = new TrivialCapabilityServiceRemoveHandler(ADD, Capabilities.CREDENTIAL_STORE_RUNTIME_CAPABILITY);

    /* loaded from: input_file:org/wildfly/extension/elytron/CredentialStoreResourceDefinition$CredentialStoreAddHandler.class */
    private static class CredentialStoreAddHandler extends DoohickeyAddHandler<CredentialStore> {
        private CredentialStoreAddHandler() {
            super(Capabilities.CREDENTIAL_STORE_RUNTIME_CAPABILITY, "org.wildfly.security.credential-store-api");
        }

        protected void populateModel(OperationContext operationContext, ModelNode modelNode, Resource resource) throws OperationFailedException {
            super.populateModel(operationContext, modelNode, resource);
            CredentialReference.handleCredentialReferenceUpdate(operationContext, resource.getModel());
        }

        @Override // org.wildfly.extension.elytron.DoohickeyAddHandler
        protected ElytronDoohickey<CredentialStore> createDoohickey(PathAddress pathAddress) {
            return new CredentialStoreDoohickey(pathAddress);
        }

        protected void rollbackRuntime(OperationContext operationContext, ModelNode modelNode, Resource resource) {
            CredentialReference.rollbackCredentialStoreUpdate(CredentialStoreResourceDefinition.CREDENTIAL_REFERENCE, operationContext, resource);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/extension/elytron/CredentialStoreResourceDefinition$CredentialStoreDoohickey.class */
    public static class CredentialStoreDoohickey extends AbstractCredentialStoreResourceDefinition.AbstractCredentialStoreDoohickey {
        private final String name;
        private volatile String location;
        private volatile boolean modifiable;
        private volatile String type;
        private volatile String providers;
        private volatile String otherProviders;
        private volatile String providerName;
        private volatile String relativeTo;
        private volatile Map<String, String> credentialStoreAttributes;
        private volatile ModelNode model;
        private volatile ExceptionRunnable<GeneralSecurityException> reloader;

        protected CredentialStoreDoohickey(PathAddress pathAddress) {
            super(pathAddress);
            this.name = pathAddress.getLastElement().getValue();
        }

        @Override // org.wildfly.extension.elytron.ElytronDoohickey
        protected void resolveRuntime(ModelNode modelNode, OperationContext operationContext) throws OperationFailedException {
            this.location = CredentialStoreResourceDefinition.PATH.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
            if (this.location == null) {
                this.location = CredentialStoreResourceDefinition.LOCATION.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
            }
            this.credentialStoreAttributes = new HashMap();
            this.modifiable = CredentialStoreResourceDefinition.MODIFIABLE.resolveModelAttribute(operationContext, modelNode).asBoolean();
            this.credentialStoreAttributes.put(ElytronDescriptionConstants.MODIFIABLE, Boolean.toString(this.modifiable));
            this.credentialStoreAttributes.put(ElytronDescriptionConstants.CREATE, Boolean.toString(CredentialStoreResourceDefinition.CREATE.resolveModelAttribute(operationContext, modelNode).asBoolean()));
            ModelNode resolveModelAttribute = CredentialStoreResourceDefinition.IMPLEMENTATION_PROPERTIES.resolveModelAttribute(operationContext, modelNode);
            if (resolveModelAttribute.isDefined()) {
                for (String str : resolveModelAttribute.keys()) {
                    this.credentialStoreAttributes.put(str, resolveModelAttribute.require(str).asString());
                }
            }
            this.type = CredentialStoreResourceDefinition.TYPE.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
            this.providers = CredentialStoreResourceDefinition.PROVIDERS.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
            this.otherProviders = CredentialStoreResourceDefinition.OTHER_PROVIDERS.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
            this.providerName = CredentialStoreResourceDefinition.PROVIDER_NAME.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
            this.relativeTo = CredentialStoreResourceDefinition.RELATIVE_TO.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
            if (this.type == null || this.type.equals(KeyStoreCredentialStore.KEY_STORE_CREDENTIAL_STORE)) {
                this.credentialStoreAttributes.putIfAbsent(CredentialStoreResourceDefinition.CS_KEY_STORE_TYPE_ATTRIBUTE, "JCEKS");
            }
            String str2 = this.credentialStoreAttributes.get(CredentialStoreResourceDefinition.CS_KEY_STORE_TYPE_ATTRIBUTE);
            if (this.location == null && str2 != null && CredentialStoreResourceDefinition.filebasedKeystoreTypes.contains(str2.toUpperCase(Locale.ENGLISH))) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.filebasedKeystoreLocationMissing(str2);
            }
            this.model = modelNode;
        }

        @Override // org.wildfly.extension.elytron.ElytronDoohickey
        protected ExceptionSupplier<CredentialStore, StartException> prepareServiceSupplier(OperationContext operationContext, CapabilityServiceBuilder<?> capabilityServiceBuilder) throws OperationFailedException {
            Supplier supplier;
            if (this.relativeTo != null) {
                supplier = capabilityServiceBuilder.requires(PathManagerService.SERVICE_NAME);
                capabilityServiceBuilder.requires(FileAttributeDefinitions.pathName(this.relativeTo));
            } else {
                supplier = null;
            }
            Supplier requires = this.providers != null ? capabilityServiceBuilder.requires(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.providers", this.providers), Provider[].class)) : null;
            Supplier requires2 = this.otherProviders != null ? capabilityServiceBuilder.requires(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.providers", this.otherProviders), Provider[].class)) : null;
            final ExceptionSupplier credentialSourceSupplier = CredentialReference.getCredentialSourceSupplier(operationContext, CredentialStoreResourceDefinition.CREDENTIAL_REFERENCE, this.model, capabilityServiceBuilder);
            final Supplier supplier2 = supplier;
            final Supplier supplier3 = requires;
            final Supplier supplier4 = requires2;
            return new ExceptionSupplier<CredentialStore, StartException>() { // from class: org.wildfly.extension.elytron.CredentialStoreResourceDefinition.CredentialStoreDoohickey.1
                /* renamed from: get, reason: merged with bridge method [inline-methods] */
                public CredentialStore m29get() throws StartException {
                    try {
                        if (CredentialStoreDoohickey.this.location != null) {
                            FileAttributeDefinitions.PathResolver pathResolver = FileAttributeDefinitions.pathResolver();
                            pathResolver.path(CredentialStoreDoohickey.this.location);
                            if (CredentialStoreDoohickey.this.relativeTo != null) {
                                pathResolver.relativeTo(CredentialStoreDoohickey.this.relativeTo, (PathManager) supplier2.get());
                            }
                            File resolve = pathResolver.resolve();
                            pathResolver.clear();
                            CredentialStoreDoohickey.this.credentialStoreAttributes.put(ElytronDescriptionConstants.LOCATION, resolve.getAbsolutePath());
                        } else {
                            CredentialStoreDoohickey.this.credentialStoreAttributes.put(ElytronDescriptionConstants.LOCATION, null);
                        }
                        ElytronSubsystemMessages.ROOT_LOGGER.tracef("starting CredentialStore:  name = %s", CredentialStoreDoohickey.this.name);
                        final CredentialStore credentialStoreInstance = CredentialStoreDoohickey.this.getCredentialStoreInstance(supplier3 != null ? (Provider[]) supplier3.get() : null);
                        final Provider[] providerArr = supplier4 != null ? (Provider[]) supplier4.get() : null;
                        if (ElytronSubsystemMessages.ROOT_LOGGER.isTraceEnabled()) {
                            ElytronSubsystemMessages.ROOT_LOGGER.tracef("initializing CredentialStore:  name = %s  type = %s  provider = %s  otherProviders = %s  attributes = %s", new Object[]{CredentialStoreDoohickey.this.name, CredentialStoreDoohickey.this.type, CredentialStoreDoohickey.this.providerName, Arrays.toString(providerArr), CredentialStoreDoohickey.this.credentialStoreAttributes});
                        }
                        final CredentialStore.CredentialSourceProtectionParameter resolveCredentialStoreProtectionParameter = CredentialStoreDoohickey.resolveCredentialStoreProtectionParameter(CredentialStoreDoohickey.this.name, credentialSourceSupplier != null ? (CredentialSource) credentialSourceSupplier.get() : null);
                        CredentialStoreDoohickey.this.reloader = new ExceptionRunnable<GeneralSecurityException>() { // from class: org.wildfly.extension.elytron.CredentialStoreResourceDefinition.CredentialStoreDoohickey.1.1
                            public void run() throws GeneralSecurityException {
                                synchronized (EmptyProvider.getInstance()) {
                                    credentialStoreInstance.initialize(CredentialStoreDoohickey.this.credentialStoreAttributes, resolveCredentialStoreProtectionParameter, providerArr);
                                }
                            }
                        };
                        CredentialStoreDoohickey.this.reloader.run();
                        return credentialStoreInstance;
                    } catch (Exception e) {
                        throw ElytronSubsystemMessages.ROOT_LOGGER.unableToStartService(e);
                    }
                }
            };
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.wildfly.extension.elytron.ElytronDoohickey
        public CredentialStore createImmediately(OperationContext operationContext) throws OperationFailedException {
            if (this.location != null) {
                this.credentialStoreAttributes.put(ElytronDescriptionConstants.LOCATION, resolveRelativeToImmediately(this.location, this.relativeTo, operationContext).getAbsolutePath());
            }
            Provider[] providerArr = null;
            if (this.providers != null) {
                providerArr = (Provider[]) ((ExceptionFunction) operationContext.getCapabilityRuntimeAPI("org.wildfly.security.providers-api", this.providers, ExceptionFunction.class)).apply(operationContext);
            }
            Provider[] providerArr2 = this.otherProviders != null ? (Provider[]) ((ExceptionFunction) operationContext.getCapabilityRuntimeAPI("org.wildfly.security.providers-api", this.otherProviders, ExceptionFunction.class)).apply(operationContext) : null;
            CredentialSource credentialSource = CredentialReference.getCredentialSource(operationContext, CredentialStoreResourceDefinition.CREDENTIAL_REFERENCE, this.model);
            try {
                final CredentialStore credentialStoreInstance = getCredentialStoreInstance(providerArr);
                final CredentialStore.CredentialSourceProtectionParameter resolveCredentialStoreProtectionParameter = resolveCredentialStoreProtectionParameter(this.name, credentialSource);
                final Provider[] providerArr3 = providerArr2;
                this.reloader = new ExceptionRunnable<GeneralSecurityException>() { // from class: org.wildfly.extension.elytron.CredentialStoreResourceDefinition.CredentialStoreDoohickey.2
                    public void run() throws GeneralSecurityException {
                        synchronized (EmptyProvider.getInstance()) {
                            credentialStoreInstance.initialize(CredentialStoreDoohickey.this.credentialStoreAttributes, resolveCredentialStoreProtectionParameter, providerArr3);
                        }
                    }
                };
                this.reloader.run();
                return credentialStoreInstance;
            } catch (IOException | GeneralSecurityException e) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.unableToInitialiseCredentialStore(e);
            }
        }

        @Override // org.wildfly.extension.elytron.AbstractCredentialStoreResourceDefinition.AbstractCredentialStoreDoohickey
        protected void reload(OperationContext operationContext) throws GeneralSecurityException, OperationFailedException {
            if (this.reloader != null) {
                this.reloader.run();
            } else {
                super.apply(operationContext);
            }
        }

        private CredentialStore getCredentialStoreInstance(Provider[] providerArr) throws CredentialStoreException, NoSuchAlgorithmException, NoSuchProviderException {
            String str = this.type != null ? this.type : KeyStoreCredentialStore.KEY_STORE_CREDENTIAL_STORE;
            if (this.providerName != null) {
                return CredentialStore.getInstance(str, this.providerName);
            }
            if (ElytronSubsystemMessages.ROOT_LOGGER.isTraceEnabled()) {
                ElytronSubsystemMessages.ROOT_LOGGER.tracef("obtaining CredentialStore %s from providers %s", this.name, Arrays.toString(providerArr));
            }
            if (providerArr == null) {
                return CredentialStore.getInstance(str);
            }
            for (Provider provider : providerArr) {
                try {
                    return CredentialStore.getInstance(str, provider);
                } catch (NoSuchAlgorithmException e) {
                }
            }
            throw ElytronSubsystemMessages.ROOT_LOGGER.providerLoaderCannotSupplyProvider(this.providers, str);
        }

        private static CredentialStore.CredentialSourceProtectionParameter resolveCredentialStoreProtectionParameter(String str, CredentialSource credentialSource) throws IOException {
            if (credentialSource == null) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.credentialStoreProtectionParameterCannotBeResolved(str);
            }
            Credential credential = credentialSource.getCredential(PasswordCredential.class);
            ElytronSubsystemMessages.ROOT_LOGGER.tracef("resolving CredentialStore %s ProtectionParameter from %s", str, credential);
            return credentialToCredentialSourceProtectionParameter(credential);
        }

        private static CredentialStore.CredentialSourceProtectionParameter credentialToCredentialSourceProtectionParameter(Credential credential) {
            return new CredentialStore.CredentialSourceProtectionParameter(IdentityCredentials.NONE.withCredential(credential));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CredentialStoreResourceDefinition() {
        super(new SimpleResourceDefinition.Parameters(PathElement.pathElement(ElytronDescriptionConstants.CREDENTIAL_STORE), RESOURCE_RESOLVER).setAddHandler(ADD).setRemoveHandler(REMOVE).setAddRestartLevel(OperationEntry.Flag.RESTART_NONE).setRemoveRestartLevel(OperationEntry.Flag.RESTART_NONE).setCapabilities(new RuntimeCapability[]{Capabilities.CREDENTIAL_STORE_RUNTIME_CAPABILITY}));
    }

    @Override // org.wildfly.extension.elytron.AbstractCredentialStoreResourceDefinition
    protected AttributeDefinition[] getAttributeDefinitions() {
        return CONFIG_ATTRIBUTES;
    }

    public void registerOperations(ManagementResourceRegistration managementResourceRegistration) {
        super.registerOperations(managementResourceRegistration);
        boolean isServerOrHostController = ElytronExtension.isServerOrHostController(managementResourceRegistration);
        HashMap hashMap = new HashMap();
        hashMap.put(ElytronDescriptionConstants.READ_ALIASES, this::readAliasesOperation);
        if (isServerOrHostController) {
            hashMap.put(ElytronDescriptionConstants.ADD_ALIAS, this::addAliasOperation);
            hashMap.put(ElytronDescriptionConstants.REMOVE_ALIAS, this::removeAliasOperation);
            hashMap.put(ElytronDescriptionConstants.SET_SECRET, this::setSecretOperation);
            hashMap.put(ElytronDescriptionConstants.EXPORT_SECRET_KEY, this::exportSecretKeyOperation);
            hashMap.put(ElytronDescriptionConstants.GENERATE_SECRET_KEY, this::generateSecretKeyOperation);
            hashMap.put(ElytronDescriptionConstants.IMPORT_SECRET_KEY, this::importSecretKeyOperation);
        }
        AbstractCredentialStoreResourceDefinition.CredentialStoreRuntimeHandler credentialStoreRuntimeHandler = new AbstractCredentialStoreResourceDefinition.CredentialStoreRuntimeHandler(this, hashMap);
        managementResourceRegistration.registerOperationHandler(READ_ALIASES, credentialStoreRuntimeHandler);
        if (isServerOrHostController) {
            managementResourceRegistration.registerOperationHandler(ADD_ALIAS, credentialStoreRuntimeHandler);
            managementResourceRegistration.registerOperationHandler(REMOVE_ALIAS, credentialStoreRuntimeHandler);
            managementResourceRegistration.registerOperationHandler(SET_SECRET, credentialStoreRuntimeHandler);
            managementResourceRegistration.registerOperationHandler(GENERATE_SECRET_KEY, credentialStoreRuntimeHandler);
            managementResourceRegistration.registerOperationHandler(EXPORT_SECRET_KEY, credentialStoreRuntimeHandler);
            managementResourceRegistration.registerOperationHandler(IMPORT_SECRET_KEY, credentialStoreRuntimeHandler);
            managementResourceRegistration.registerOperationHandler(RELOAD, RELOAD_HANDLER);
        }
    }

    void addAliasOperation(OperationContext operationContext, ModelNode modelNode, CredentialStore credentialStore) throws OperationFailedException {
        try {
            try {
                String asString = ALIAS.resolveModelAttribute(operationContext, modelNode).asString();
                String asStringOrNull = ADD_ENTRY_TYPE.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                String asStringOrNull2 = SECRET_VALUE.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                if (asStringOrNull != null && !asStringOrNull.equals(PasswordCredential.class.getCanonicalName())) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.credentialStoreEntryTypeNotSupported(credentialStoreName(modelNode), asStringOrNull);
                }
                if (credentialStore.exists(asString, PasswordCredential.class)) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.credentialAlreadyExists(asString, PasswordCredential.class.getName());
                }
                storeSecret(credentialStore, asString, asStringOrNull2);
            } catch (CredentialStoreException e) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.unableToCompleteOperation(e, dumpCause(e));
            }
        } catch (RuntimeException e2) {
            throw new OperationFailedException(e2);
        }
    }

    void removeAliasOperation(OperationContext operationContext, ModelNode modelNode, CredentialStore credentialStore) throws OperationFailedException {
        super.removeAliasOperation(operationContext, modelNode, credentialStore, fromEntryType(REMOVE_ENTRY_TYPE.resolveModelAttribute(operationContext, modelNode).asString()));
    }

    void setSecretOperation(OperationContext operationContext, ModelNode modelNode, CredentialStore credentialStore) throws OperationFailedException {
        try {
            try {
                String asString = ALIAS.resolveModelAttribute(operationContext, modelNode).asString();
                String asStringOrNull = ADD_ENTRY_TYPE.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                String asStringOrNull2 = SECRET_VALUE.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
                if (asStringOrNull != null && !asStringOrNull.equals(PasswordCredential.class.getCanonicalName())) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.credentialStoreEntryTypeNotSupported(credentialStoreName(modelNode), asStringOrNull);
                }
                if (!credentialStore.exists(asString, PasswordCredential.class)) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.credentialDoesNotExist(asString, PasswordCredential.class.getName());
                }
                storeSecret(credentialStore, asString, asStringOrNull2);
                operationContext.addResponseWarning(Level.WARNING, ElytronSubsystemMessages.ROOT_LOGGER.reloadDependantServices());
            } catch (CredentialStoreException e) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.unableToCompleteOperation(e, dumpCause(e));
            }
        } catch (RuntimeException e2) {
            throw new OperationFailedException(e2);
        }
    }

    protected void generateSecretKeyOperation(OperationContext operationContext, ModelNode modelNode, CredentialStore credentialStore) throws OperationFailedException {
        generateSecretKeyOperation(operationContext, modelNode, credentialStore, KEY_SIZE.resolveModelAttribute(operationContext, modelNode).asInt());
    }

    static String credentialStoreName(ModelNode modelNode) {
        String str = null;
        PathAddress pathAddress = PathAddress.pathAddress(modelNode.require("address"));
        int size = pathAddress.size() - 1;
        while (true) {
            if (size <= 0) {
                break;
            }
            PathElement element = pathAddress.getElement(size);
            if (ElytronDescriptionConstants.CREDENTIAL_STORE.equals(element.getKey())) {
                str = element.getValue();
                break;
            }
            size--;
        }
        if (str == null) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.operationAddressMissingKey(ElytronDescriptionConstants.CREDENTIAL_STORE);
        }
        return str;
    }

    private static Class<? extends Credential> fromEntryType(String str) {
        if (PasswordCredential.class.getCanonicalName().equals(str) || PasswordCredential.class.getSimpleName().equals(str)) {
            return PasswordCredential.class;
        }
        if (SecretKeyCredential.class.getCanonicalName().equals(str) || SecretKeyCredential.class.getSimpleName().equals(str)) {
            return SecretKeyCredential.class;
        }
        return null;
    }
}
