package org.wildfly.extension.undertow;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.util.EnumSet;
import java.util.List;
import java.util.Optional;
import java.util.ServiceLoader;
import java.util.function.BiFunction;
import java.util.function.Supplier;
import java.util.function.UnaryOperator;
import javax.net.ssl.SSLContext;
import org.jboss.as.clustering.controller.CommonServiceDescriptor;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.ResourceDefinition;
import org.jboss.as.controller.ServiceNameFactory;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.access.management.AccessConstraintDefinition;
import org.jboss.as.controller.access.management.SensitiveTargetAccessConstraintDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.capability.UnaryCapabilityNameResolver;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.security.CredentialReference;
import org.jboss.as.controller.security.CredentialReferenceWriteAttributeHandler;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.wildfly.clustering.web.container.SecurityDomainSingleSignOnManagementConfiguration;
import org.wildfly.clustering.web.container.SecurityDomainSingleSignOnManagementProvider;
import org.wildfly.extension.undertow.logging.UndertowLogger;
import org.wildfly.extension.undertow.sso.elytron.NonDistributableSingleSignOnManagementProvider;
import org.wildfly.extension.undertow.sso.elytron.SingleSignOnIdentifierFactory;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.http.util.sso.DefaultSingleSignOnSessionFactory;
import org.wildfly.security.http.util.sso.SingleSignOnConfiguration;
import org.wildfly.security.http.util.sso.SingleSignOnManager;
import org.wildfly.security.http.util.sso.SingleSignOnSessionFactory;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.service.descriptor.UnaryServiceDescriptor;
import org.wildfly.subsystem.resource.AttributeDefinitionProvider;
import org.wildfly.subsystem.resource.ManagementResourceRegistrationContext;
import org.wildfly.subsystem.resource.ResourceDescriptor;
import org.wildfly.subsystem.resource.capability.CapabilityReferenceRecorder;
import org.wildfly.subsystem.resource.operation.ResourceOperationRuntimeHandler;
import org.wildfly.subsystem.service.ResourceServiceConfigurator;
import org.wildfly.subsystem.service.ResourceServiceInstaller;
import org.wildfly.subsystem.service.ServiceDependency;
import org.wildfly.subsystem.service.capability.CapabilityServiceInstaller;

/* loaded from: input_file:org/wildfly/extension/undertow/ApplicationSecurityDomainSingleSignOnDefinition.class */
public class ApplicationSecurityDomainSingleSignOnDefinition extends SingleSignOnDefinition {
    static final UnaryServiceDescriptor<SingleSignOnConfiguration> SSO_CONFIGURATION = UnaryServiceDescriptor.of("org.wildfly.undertow.application-security-domain.sso.configuration", SingleSignOnConfiguration.class);
    static final UnaryServiceDescriptor<SingleSignOnSessionFactory> SSO_SESSION_FACTORY = UnaryServiceDescriptor.of("org.wildfly.undertow.application-security-domain.sso.factory", SingleSignOnSessionFactory.class);
    private static final UnaryServiceDescriptor<SingleSignOnManager> SSO_MANAGER = UnaryServiceDescriptor.of("org.wildfly.undertow.application-security-domain.sso.manager", SingleSignOnManager.class);
    private static final RuntimeCapability<Void> CONFIGURATION_CAPABILITY = RuntimeCapability.Builder.of(SSO_CONFIGURATION).setDynamicNameMapper(UnaryCapabilityNameResolver.PARENT).build();
    private static final RuntimeCapability<Void> SESSION_FACTORY_CAPABILITY = RuntimeCapability.Builder.of(SSO_SESSION_FACTORY).setDynamicNameMapper(UnaryCapabilityNameResolver.PARENT).build();
    private final SecurityDomainSingleSignOnManagementProvider provider;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/extension/undertow/ApplicationSecurityDomainSingleSignOnDefinition$Attribute.class */
    public enum Attribute implements AttributeDefinitionProvider {
        CREDENTIAL(CredentialReference.getAttributeBuilder("credential-reference", "credential-reference", false, CapabilityReferenceRecorder.builder(ApplicationSecurityDomainSingleSignOnDefinition.CONFIGURATION_CAPABILITY, CommonServiceDescriptor.CREDENTIAL_STORE).build()).setAccessConstraints(new AccessConstraintDefinition[]{SensitiveTargetAccessConstraintDefinition.CREDENTIAL}).build()),
        KEY_ALIAS("key-alias", ModelType.STRING, simpleAttributeDefinitionBuilder -> {
            return simpleAttributeDefinitionBuilder.setAllowExpression(true).addAccessConstraint(SensitiveTargetAccessConstraintDefinition.SSL_REF);
        }),
        KEY_STORE("key-store", ModelType.STRING, simpleAttributeDefinitionBuilder2 -> {
            return simpleAttributeDefinitionBuilder2.setCapabilityReference(CapabilityReferenceRecorder.builder(ApplicationSecurityDomainSingleSignOnDefinition.CONFIGURATION_CAPABILITY, CommonServiceDescriptor.KEY_STORE).build()).addAccessConstraint(SensitiveTargetAccessConstraintDefinition.SSL_REF);
        }),
        SSL_CONTEXT("client-ssl-context", ModelType.STRING, simpleAttributeDefinitionBuilder3 -> {
            return simpleAttributeDefinitionBuilder3.setRequired(false).setCapabilityReference(CapabilityReferenceRecorder.builder(ApplicationSecurityDomainSingleSignOnDefinition.CONFIGURATION_CAPABILITY, CommonServiceDescriptor.SSL_CONTEXT).build()).setAccessConstraints(new AccessConstraintDefinition[]{SensitiveTargetAccessConstraintDefinition.SSL_REF});
        });

        private final AttributeDefinition definition;

        Attribute(String str, ModelType modelType, UnaryOperator unaryOperator) {
            this.definition = ((SimpleAttributeDefinitionBuilder) unaryOperator.apply(new SimpleAttributeDefinitionBuilder(str, modelType).setRequired(true))).build();
        }

        Attribute(AttributeDefinition attributeDefinition) {
            this.definition = attributeDefinition;
        }

        /* renamed from: get, reason: merged with bridge method [inline-methods] */
        public AttributeDefinition m14get() {
            return this.definition;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ApplicationSecurityDomainSingleSignOnDefinition(final ResourceOperationRuntimeHandler resourceOperationRuntimeHandler) {
        super(ResourceDefinition::builder, new BiFunction<ResourceDescriptor.Builder, ResourceServiceConfigurator, ResourceDescriptor.Builder>() { // from class: org.wildfly.extension.undertow.ApplicationSecurityDomainSingleSignOnDefinition.1
            @Override // java.util.function.BiFunction
            public ResourceDescriptor.Builder apply(ResourceDescriptor.Builder builder, ResourceServiceConfigurator resourceServiceConfigurator) {
                return builder.provideAttributes(EnumSet.complementOf(EnumSet.of(Attribute.CREDENTIAL))).addAttribute(Attribute.CREDENTIAL.m14get(), new CredentialReferenceWriteAttributeHandler(Attribute.CREDENTIAL.m14get())).addCapabilities(List.of(ApplicationSecurityDomainSingleSignOnDefinition.CONFIGURATION_CAPABILITY, ApplicationSecurityDomainSingleSignOnDefinition.SESSION_FACTORY_CAPABILITY)).withRuntimeHandler(ResourceOperationRuntimeHandler.combine(new ResourceOperationRuntimeHandler[]{ResourceOperationRuntimeHandler.configureService(resourceServiceConfigurator), ResourceOperationRuntimeHandler.restartParent(resourceOperationRuntimeHandler)}));
            }
        });
        this.provider = (SecurityDomainSingleSignOnManagementProvider) ServiceLoader.load(SecurityDomainSingleSignOnManagementProvider.class, SecurityDomainSingleSignOnManagementProvider.class.getClassLoader()).findFirst().orElse(NonDistributableSingleSignOnManagementProvider.INSTANCE);
    }

    public ResourceServiceInstaller configure(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        ResourceServiceInstaller build = CapabilityServiceInstaller.builder(CONFIGURATION_CAPABILITY, m68resolve(operationContext, modelNode)).build();
        final String value = operationContext.getCurrentAddress().getParent().getLastElement().getValue();
        final SingleSignOnIdentifierFactory singleSignOnIdentifierFactory = new SingleSignOnIdentifierFactory();
        ResourceServiceInstaller serviceInstaller = this.provider.getServiceInstaller(operationContext, ServiceNameFactory.resolveServiceName(SSO_MANAGER, value), new SecurityDomainSingleSignOnManagementConfiguration() { // from class: org.wildfly.extension.undertow.ApplicationSecurityDomainSingleSignOnDefinition.2
            public String getSecurityDomainName() {
                return value;
            }

            public Supplier<String> getIdentifierGenerator() {
                return singleSignOnIdentifierFactory;
            }
        });
        final ServiceDependency on = ServiceDependency.on(SSO_MANAGER, value);
        final ServiceDependency on2 = ServiceDependency.on(CommonServiceDescriptor.KEY_STORE, Attribute.KEY_STORE.resolveModelAttribute(operationContext, modelNode).asString());
        final String asString = Attribute.KEY_ALIAS.resolveModelAttribute(operationContext, modelNode).asString();
        final ServiceDependency from = ServiceDependency.from(CredentialReference.getCredentialSourceDependency(operationContext, Attribute.CREDENTIAL.m14get(), modelNode));
        String asStringOrNull = Attribute.SSL_CONTEXT.resolveModelAttribute(operationContext, modelNode).asStringOrNull();
        final ServiceDependency on3 = asStringOrNull != null ? ServiceDependency.on(CommonServiceDescriptor.SSL_CONTEXT, asStringOrNull) : ServiceDependency.of((Object) null);
        return ResourceServiceInstaller.combine(new ResourceServiceInstaller[]{build, serviceInstaller, ((CapabilityServiceInstaller.Builder) ((CapabilityServiceInstaller.Builder) CapabilityServiceInstaller.builder(SESSION_FACTORY_CAPABILITY, new Supplier<SingleSignOnSessionFactory>() { // from class: org.wildfly.extension.undertow.ApplicationSecurityDomainSingleSignOnDefinition.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public SingleSignOnSessionFactory get() {
                KeyStore keyStore = (KeyStore) on2.get();
                CredentialSource credentialSource = (CredentialSource) from.get();
                try {
                    if (!keyStore.containsAlias(asString)) {
                        throw UndertowLogger.ROOT_LOGGER.missingKeyStoreEntry(asString);
                    }
                    if (!keyStore.entryInstanceOf(asString, KeyStore.PrivateKeyEntry.class)) {
                        throw UndertowLogger.ROOT_LOGGER.keyStoreEntryNotPrivate(asString);
                    }
                    PasswordCredential credential = credentialSource.getCredential(PasswordCredential.class);
                    if (credential == null) {
                        throw UndertowLogger.ROOT_LOGGER.missingCredential(credentialSource.toString());
                    }
                    ClearPassword password = credential.getPassword(ClearPassword.class);
                    if (password == null) {
                        throw UndertowLogger.ROOT_LOGGER.credentialNotClearPassword(credential.toString());
                    }
                    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(asString, new KeyStore.PasswordProtection(password.getPassword()));
                    KeyPair keyPair = new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
                    Optional ofNullable = Optional.ofNullable((SSLContext) on3.get());
                    return new DefaultSingleSignOnSessionFactory((SingleSignOnManager) on.get(), keyPair, httpsURLConnection -> {
                        ofNullable.ifPresent(sSLContext -> {
                            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
                        });
                    });
                } catch (IOException | GeneralSecurityException e) {
                    throw new IllegalArgumentException(e);
                }
            }
        }).blocking()).requires(List.of(on, on2, from, on3))).build()});
    }

    @Override // org.wildfly.extension.undertow.SingleSignOnDefinition
    /* renamed from: resolve */
    public /* bridge */ /* synthetic */ SingleSignOnConfiguration m68resolve(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        return super.m68resolve(operationContext, modelNode);
    }

    @Override // org.wildfly.extension.undertow.SingleSignOnDefinition
    public /* bridge */ /* synthetic */ ManagementResourceRegistration register(ManagementResourceRegistration managementResourceRegistration, ManagementResourceRegistrationContext managementResourceRegistrationContext) {
        return super.register(managementResourceRegistration, managementResourceRegistrationContext);
    }
}
