package org.jboss.as.controller.security;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.StringTokenizer;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.AttributeMarshaller;
import org.jboss.as.controller.AttributeParser;
import org.jboss.as.controller.CapabilityReferenceRecorder;
import org.jboss.as.controller.ObjectTypeAttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.access.management.SensitiveTargetAccessConstraintDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.logging.ControllerLogger;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.ServiceRegistry;
import org.wildfly.common.function.ExceptionSupplier;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.source.CommandCredentialSource;
import org.wildfly.security.credential.source.CredentialSource;
import org.wildfly.security.credential.source.CredentialStoreCredentialSource;
import org.wildfly.security.credential.store.CredentialStore;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.util.PasswordBasedEncryptionUtil;

/* loaded from: input_file:org/jboss/as/controller/security/CredentialReference.class */
public final class CredentialReference {
    public static final String CREDENTIAL_STORE_CAPABILITY = "org.wildfly.security.credential-store";
    public static final String CREDENTIAL_REFERENCE = "credential-reference";
    public static final String STORE = "store";
    public static final String ALIAS = "alias";
    public static final String TYPE = "type";
    public static final String CLEAR_TEXT = "clear-text";
    private static final SimpleAttributeDefinition credentialStoreAttribute;
    private static final SimpleAttributeDefinition credentialAliasAttribute;
    private static final SimpleAttributeDefinition credentialTypeAttribute;
    private static final SimpleAttributeDefinition clearTextAttribute;
    private static final SimpleAttributeDefinition credentialStoreAttributeWithCapabilityReference;
    private static final ObjectTypeAttributeDefinition credentialReferenceAD;
    private static final ObjectTypeAttributeDefinition credentialReferenceADWithCapabilityReference;
    static final /* synthetic */ boolean $assertionsDisabled;

    private CredentialReference() {
    }

    public static ObjectTypeAttributeDefinition getAttributeDefinition() {
        return credentialReferenceAD;
    }

    public static ObjectTypeAttributeDefinition getAttributeDefinition(boolean z) {
        return z ? credentialReferenceADWithCapabilityReference : credentialReferenceAD;
    }

    public static ObjectTypeAttributeDefinition.Builder getAttributeBuilder(boolean z, boolean z2) {
        return getAttributeBuilder(CREDENTIAL_REFERENCE, CREDENTIAL_REFERENCE, z, z2 ? credentialStoreAttributeWithCapabilityReference : credentialStoreAttribute);
    }

    public static ObjectTypeAttributeDefinition.Builder getAttributeBuilder(String str, String str2, boolean z) {
        return getAttributeBuilder(str, str2, z, false);
    }

    public static ObjectTypeAttributeDefinition.Builder getAttributeBuilder(String str, String str2, boolean z, boolean z2) {
        return getAttributeBuilder(str, str2, z, z2 ? credentialStoreAttributeWithCapabilityReference : credentialStoreAttribute);
    }

    public static ObjectTypeAttributeDefinition.Builder getAttributeBuilder(String str, String str2, boolean z, CapabilityReferenceRecorder capabilityReferenceRecorder) {
        if (capabilityReferenceRecorder == null) {
            return getAttributeBuilder(str, str2, z, false);
        }
        if ($assertionsDisabled || CREDENTIAL_STORE_CAPABILITY.equals(capabilityReferenceRecorder.getBaseRequirementName())) {
            return getAttributeBuilder(str, str2, z, new SimpleAttributeDefinitionBuilder(credentialStoreAttribute).setCapabilityReference(capabilityReferenceRecorder).build());
        }
        throw new AssertionError();
    }

    private static ObjectTypeAttributeDefinition.Builder getAttributeBuilder(String str, String str2, boolean z, AttributeDefinition attributeDefinition) {
        return new ObjectTypeAttributeDefinition.Builder(str, attributeDefinition, credentialAliasAttribute, credentialTypeAttribute, clearTextAttribute).setXmlName(str2).setAttributeMarshaller(AttributeMarshaller.ATTRIBUTE_OBJECT).setAttributeParser(AttributeParser.OBJECT_PARSER).setRequired(!z).setAccessConstraints(SensitiveTargetAccessConstraintDefinition.CREDENTIAL);
    }

    public static String credentialReferencePartAsStringIfDefined(ModelNode modelNode, String str) throws OperationFailedException {
        if (!$assertionsDisabled && !modelNode.isDefined()) {
            throw new AssertionError(modelNode);
        }
        ModelNode modelNode2 = modelNode.get(str);
        if (modelNode2.isDefined()) {
            return modelNode2.asString();
        }
        return null;
    }

    public static ExceptionSupplier<CredentialSource, Exception> getCredentialSourceSupplier(OperationContext operationContext, ObjectTypeAttributeDefinition objectTypeAttributeDefinition, ModelNode modelNode, ServiceBuilder<?> serviceBuilder) throws OperationFailedException {
        String str;
        String str2;
        String str3;
        String str4;
        ServiceName serviceName;
        ServiceRegistry serviceRegistry;
        ModelNode resolveModelAttribute = objectTypeAttributeDefinition.resolveModelAttribute(operationContext, modelNode);
        if (resolveModelAttribute.isDefined()) {
            str = credentialReferencePartAsStringIfDefined(resolveModelAttribute, STORE);
            str2 = credentialReferencePartAsStringIfDefined(resolveModelAttribute, "alias");
            str3 = credentialReferencePartAsStringIfDefined(resolveModelAttribute, "type");
            str4 = credentialReferencePartAsStringIfDefined(resolveModelAttribute, CLEAR_TEXT);
        } else {
            str = null;
            str2 = null;
            str3 = null;
            str4 = null;
        }
        if (str2 != null) {
            serviceName = operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName(CREDENTIAL_STORE_CAPABILITY, str), CredentialStore.class);
            if (serviceBuilder != null) {
                serviceBuilder.requires(serviceName);
            }
            serviceRegistry = operationContext.getServiceRegistry(false);
        } else {
            serviceName = null;
            serviceRegistry = null;
        }
        final String str5 = str2;
        final ServiceRegistry serviceRegistry2 = serviceRegistry;
        final ServiceName serviceName2 = serviceName;
        final String str6 = str3;
        final String str7 = str4;
        return new ExceptionSupplier<CredentialSource, Exception>() { // from class: org.jboss.as.controller.security.CredentialReference.1
            private String[] parseCommand(String str8, String str9) {
                String[] split = str8.split("(?<!\\\\)" + str9);
                for (int i = 0; i < split.length; i++) {
                    if (split[i].indexOf(92) != -1) {
                        split[i] = split[i].replaceAll("\\\\" + str9, str9);
                    }
                }
                return split;
            }

            private String stripType(String str8) {
                StringTokenizer stringTokenizer = new StringTokenizer(str8, "{}");
                stringTokenizer.nextToken();
                return stringTokenizer.nextToken();
            }

            /* renamed from: get, reason: merged with bridge method [inline-methods] */
            public CredentialSource m348get() throws Exception {
                if (str5 != null) {
                    ServiceRegistry serviceRegistry3 = serviceRegistry2;
                    ServiceName serviceName3 = serviceName2;
                    return new CredentialStoreCredentialSource(() -> {
                        ServiceController service = serviceRegistry3.getService(serviceName3);
                        if (service != null) {
                            return (CredentialStore) service.getService().getValue();
                        }
                        return null;
                    }, str5);
                }
                if (str6 == null || !str6.equalsIgnoreCase("COMMAND")) {
                    if (str7 != null && str7.startsWith("MASK-")) {
                        return new CredentialSource() { // from class: org.jboss.as.controller.security.CredentialReference.1.1
                            public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str8, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
                                return cls == PasswordCredential.class ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
                            }

                            public <C extends Credential> C getCredential(Class<C> cls, String str8, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
                                String[] split = str7.substring(5).split(";");
                                if (split.length != 3) {
                                    throw ControllerLogger.ROOT_LOGGER.wrongMaskedPasswordFormat();
                                }
                                String str9 = split[1];
                                try {
                                    try {
                                        return cls.cast(new PasswordCredential(ClearPassword.createRaw("clear", new PasswordBasedEncryptionUtil.Builder().picketBoxCompatibility().salt(str9).iteration(Integer.parseInt(split[2])).decryptMode().build().decodeAndDecrypt(split[0]))));
                                    } catch (GeneralSecurityException e) {
                                        throw new IOException(e);
                                    }
                                } catch (NumberFormatException e2) {
                                    throw ControllerLogger.ROOT_LOGGER.wrongMaskedPasswordFormat();
                                }
                            }
                        };
                    }
                    if (str7 != null) {
                        return new CredentialSource() { // from class: org.jboss.as.controller.security.CredentialReference.1.2
                            public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str8, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
                                return cls == PasswordCredential.class ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
                            }

                            public <C extends Credential> C getCredential(Class<C> cls, String str8, AlgorithmParameterSpec algorithmParameterSpec) throws IOException {
                                return cls.cast(new PasswordCredential(ClearPassword.createRaw("clear", str7.toCharArray())));
                            }
                        };
                    }
                    return null;
                }
                CommandCredentialSource.Builder builder = CommandCredentialSource.builder();
                String trim = str7.trim();
                for (String str8 : trim.startsWith("{EXT") ? parseCommand(stripType(trim), " ") : trim.startsWith("{CMD") ? parseCommand(stripType(trim), ",") : parseCommand(trim, " ")) {
                    builder.addCommand(str8);
                }
                return builder.build();
            }
        };
    }

    static {
        $assertionsDisabled = !CredentialReference.class.desiredAssertionStatus();
        credentialStoreAttribute = new SimpleAttributeDefinitionBuilder(STORE, ModelType.STRING, true).setXmlName(STORE).setRequires("alias").setAlternatives(CLEAR_TEXT).build();
        credentialAliasAttribute = new SimpleAttributeDefinitionBuilder("alias", ModelType.STRING, true).setXmlName("alias").setAllowExpression(true).setRequires(STORE).build();
        credentialTypeAttribute = new SimpleAttributeDefinitionBuilder("type", ModelType.STRING, true).setXmlName("type").setAllowExpression(true).build();
        clearTextAttribute = new SimpleAttributeDefinitionBuilder(CLEAR_TEXT, ModelType.STRING, true).setXmlName(CLEAR_TEXT).setAllowExpression(true).setAlternatives(STORE).build();
        credentialReferenceAD = getAttributeBuilder(CREDENTIAL_REFERENCE, CREDENTIAL_REFERENCE, false, false).setRestartAllServices().build();
        credentialStoreAttributeWithCapabilityReference = new SimpleAttributeDefinitionBuilder(credentialStoreAttribute).setCapabilityReference(CREDENTIAL_STORE_CAPABILITY).build();
        credentialReferenceADWithCapabilityReference = getAttributeBuilder(CREDENTIAL_REFERENCE, CREDENTIAL_REFERENCE, false, true).setRestartAllServices().build();
    }
}
