package org.wildfly.extension.elytron;

import java.security.AccessController;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.function.Predicate;
import java.util.function.Supplier;
import java.util.function.UnaryOperator;
import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.AttributeMarshaller;
import org.jboss.as.controller.AttributeParser;
import org.jboss.as.controller.ObjectListAttributeDefinition;
import org.jboss.as.controller.ObjectTypeAttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.StringListAttributeDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.descriptions.ResourceDescriptionResolver;
import org.jboss.as.controller.registry.AttributeAccess;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.OperationEntry;
import org.jboss.as.controller.registry.Resource;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.inject.Injector;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.ServiceRegistry;
import org.jboss.msc.service.ServiceTarget;
import org.jboss.msc.service.StartException;
import org.jboss.msc.value.InjectedValue;
import org.wildfly.extension.elytron.DomainService;
import org.wildfly.extension.elytron.TrivialService;
import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
import org.wildfly.extension.elytron.capabilities.PrincipalTransformer;
import org.wildfly.extension.elytron.capabilities._private.SecurityEventListener;
import org.wildfly.security.auth.server.PrincipalDecoder;
import org.wildfly.security.auth.server.RealmMapper;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.auth.server.ServerAuthenticationContext;
import org.wildfly.security.authz.PermissionMapper;
import org.wildfly.security.authz.RoleDecoder;
import org.wildfly.security.authz.RoleMapper;
import org.wildfly.security.authz.Roles;
import org.wildfly.security.manager.WildFlySecurityManager;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/extension/elytron/DomainDefinition.class */
public class DomainDefinition extends SimpleResourceDefinition {
    private static final ServiceUtil<SecurityRealm> REALM_SERVICE_UTIL = ServiceUtil.newInstance(Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY, null, SecurityRealm.class);
    static final SimpleAttributeDefinition DEFAULT_REALM = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.DEFAULT_REALM, ModelType.STRING, false).setAllowExpression(false).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition PRE_REALM_PRINCIPAL_TRANSFORMER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PRE_REALM_PRINCIPAL_TRANSFORMER, ModelType.STRING, true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setCapabilityReference("org.wildfly.security.principal-transformer", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition POST_REALM_PRINCIPAL_TRANSFORMER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.POST_REALM_PRINCIPAL_TRANSFORMER, ModelType.STRING, true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setCapabilityReference("org.wildfly.security.principal-transformer", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition PRINCIPAL_DECODER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PRINCIPAL_DECODER, ModelType.STRING, true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setCapabilityReference("org.wildfly.security.principal-decoder", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition PERMISSION_MAPPER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PERMISSION_MAPPER, ModelType.STRING, true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setCapabilityReference("org.wildfly.security.permission-mapper", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition REALM_MAPPER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.REALM_MAPPER, ModelType.STRING, true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setCapabilityReference("org.wildfly.security.realm-mapper", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition ROLE_MAPPER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ROLE_MAPPER, ModelType.STRING, true).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setCapabilityReference("org.wildfly.security.role-mapper", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition REALM_NAME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.REALM, ModelType.STRING, false).setXmlName(ElytronDescriptionConstants.NAME).setMinSize(1).setCapabilityReference("org.wildfly.security.security-realm", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition REALM_PRINCIPAL_TRANSFORMER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PRINCIPAL_TRANSFORMER, ModelType.STRING, true).setMinSize(1).setCapabilityReference("org.wildfly.security.principal-transformer", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition REALM_ROLE_DECODER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ROLE_DECODER, ModelType.STRING, true).setMinSize(1).setCapabilityReference("org.wildfly.security.role-decoder", "org.wildfly.security.security-domain", true).build();
    static final ObjectTypeAttributeDefinition REALM = new ObjectTypeAttributeDefinition.Builder(ElytronDescriptionConstants.REALM, new AttributeDefinition[]{REALM_NAME, REALM_PRINCIPAL_TRANSFORMER, REALM_ROLE_DECODER, ROLE_MAPPER}).setRequired(true).build();
    static final ObjectListAttributeDefinition REALMS = new ObjectListAttributeDefinition.Builder(ElytronDescriptionConstants.REALMS, REALM).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setAttributeParser(AttributeParser.UNWRAPPED_OBJECT_LIST_PARSER).setAttributeMarshaller(AttributeMarshaller.UNWRAPPED_OBJECT_LIST_MARSHALLER).build();
    static final StringListAttributeDefinition TRUSTED_SECURITY_DOMAINS = new StringListAttributeDefinition.Builder(ElytronDescriptionConstants.TRUSTED_SECURITY_DOMAINS).setRequired(false).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setCapabilityReference("org.wildfly.security.security-domain", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition OUTFLOW_ANONYMOUS = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.OUTFLOW_ANONYMOUS, ModelType.BOOLEAN, true).setAllowExpression(true).setDefaultValue(new ModelNode(false)).setRequires(new String[]{ElytronDescriptionConstants.OUTFLOW_SECURITY_DOMAINS}).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final StringListAttributeDefinition OUTFLOW_SECURITY_DOMAINS = new StringListAttributeDefinition.Builder(ElytronDescriptionConstants.OUTFLOW_SECURITY_DOMAINS).setRequired(false).setMinSize(1).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setCapabilityReference("org.wildfly.security.security-domain", "org.wildfly.security.security-domain", true).build();
    static final SimpleAttributeDefinition SECURITY_EVENT_LISTENER = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.SECURITY_EVENT_LISTENER, ModelType.STRING, true).setAllowExpression(false).setCapabilityReference("org.wildfly.security.security-event-listener", "org.wildfly.security.security-domain", true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    private static final AttributeDefinition[] ATTRIBUTES = {PRE_REALM_PRINCIPAL_TRANSFORMER, POST_REALM_PRINCIPAL_TRANSFORMER, PRINCIPAL_DECODER, REALM_MAPPER, ROLE_MAPPER, PERMISSION_MAPPER, DEFAULT_REALM, REALMS, TRUSTED_SECURITY_DOMAINS, OUTFLOW_ANONYMOUS, OUTFLOW_SECURITY_DOMAINS, SECURITY_EVENT_LISTENER};
    private static final DomainAddHandler ADD = new DomainAddHandler();
    private static final OperationStepHandler REMOVE = new DomainRemoveHandler(ADD);
    private static final WriteAttributeHandler WRITE = new WriteAttributeHandler(ElytronDescriptionConstants.SECURITY_DOMAIN);

    /* loaded from: input_file:org/wildfly/extension/elytron/DomainDefinition$DomainAddHandler.class */
    private static class DomainAddHandler extends BaseAddHandler {
        private DomainAddHandler() {
            super(Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY, DomainDefinition.ATTRIBUTES);
        }

        protected void populateModel(OperationContext operationContext, ModelNode modelNode, Resource resource) throws OperationFailedException {
            super.populateModel(operationContext, modelNode, resource);
            operationContext.addStep(new DomainValidationHandler(), OperationContext.Stage.MODEL);
        }

        protected void performRuntime(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
            DomainDefinition.installService(operationContext, Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.fromBaseCapability(operationContext.getCurrentAddressValue()).getCapabilityServiceName(SecurityDomain.class), modelNode2);
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/DomainDefinition$DomainRemoveHandler.class */
    private static class DomainRemoveHandler extends TrivialCapabilityServiceRemoveHandler {
        DomainRemoveHandler(AbstractAddStepHandler abstractAddStepHandler) {
            super(abstractAddStepHandler, Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY);
        }

        protected void performRuntime(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2) {
            super.performRuntime(operationContext, modelNode, modelNode2);
            if (operationContext.isResourceServiceRestartAllowed()) {
                PathAddress currentAddress = operationContext.getCurrentAddress();
                operationContext.removeService(serviceName(currentAddress.getLastElement().getValue(), currentAddress).append(new String[]{ElytronDescriptionConstants.INITIAL}));
            }
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/DomainDefinition$DomainValidationHandler.class */
    private static class DomainValidationHandler implements OperationStepHandler {
        private DomainValidationHandler() {
        }

        public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            ModelNode model = operationContext.readResource(PathAddress.EMPTY_ADDRESS).getModel();
            List asList = DomainDefinition.REALMS.resolveModelAttribute(operationContext, model).asList();
            HashSet<String> hashSet = new HashSet(asList.size());
            Iterator it = asList.iterator();
            while (it.hasNext()) {
                String asString = DomainDefinition.REALM_NAME.resolveModelAttribute(operationContext, (ModelNode) it.next()).asString();
                if (!hashSet.add(asString)) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.realmRefererencedTwice(asString);
                }
            }
            String asString2 = DomainDefinition.DEFAULT_REALM.resolveModelAttribute(operationContext, model).asString();
            if (hashSet.contains(asString2)) {
                return;
            }
            StringBuilder sb = new StringBuilder();
            for (String str : hashSet) {
                if (sb.length() != 0) {
                    sb.append(", ");
                }
                sb.append(str);
            }
            throw ElytronSubsystemMessages.ROOT_LOGGER.defaultRealmNotReferenced(asString2, sb.toString());
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/DomainDefinition$ReadSecurityDomainIdentityHandler.class */
    static class ReadSecurityDomainIdentityHandler extends ElytronRuntimeOnlyHandler {
        public static final SimpleAttributeDefinition NAME = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.NAME, ModelType.STRING, false).setAllowExpression(false).build();

        static void register(ManagementResourceRegistration managementResourceRegistration, ResourceDescriptionResolver resourceDescriptionResolver) {
            managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.READ_IDENTITY, resourceDescriptionResolver).setParameters(new AttributeDefinition[]{NAME}).setRuntimeOnly().setReadOnly().build(), new ReadSecurityDomainIdentityHandler());
        }

        private ReadSecurityDomainIdentityHandler() {
        }

        protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            ServiceRegistry serviceRegistry = operationContext.getServiceRegistry(true);
            ServiceName capabilityServiceName = Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.fromBaseCapability(operationContext.getCurrentAddressValue()).getCapabilityServiceName(SecurityDomain.class);
            ServerAuthenticationContext createNewAuthenticationContext = ((SecurityDomain) ElytronExtension.getRequiredService(serviceRegistry, capabilityServiceName, SecurityDomain.class).getValue()).createNewAuthenticationContext();
            String asString = NAME.resolveModelAttribute(operationContext, modelNode).asString();
            try {
                createNewAuthenticationContext.setAuthenticationName(asString);
                if (!createNewAuthenticationContext.exists()) {
                    operationContext.getFailureDescription().set(ElytronSubsystemMessages.ROOT_LOGGER.identityNotFound(asString));
                    return;
                }
                if (!createNewAuthenticationContext.authorize(asString)) {
                    operationContext.getFailureDescription().set(ElytronSubsystemMessages.ROOT_LOGGER.identityNotAuthorized(asString));
                    return;
                }
                SecurityIdentity authorizedIdentity = createNewAuthenticationContext.getAuthorizedIdentity();
                ModelNode result = operationContext.getResult();
                result.get(ElytronDescriptionConstants.NAME).set(asString);
                ModelNode modelNode2 = result.get(ElytronDescriptionConstants.ATTRIBUTES);
                authorizedIdentity.getAttributes().entries().forEach(entry -> {
                    ModelNode emptyList = modelNode2.get(entry.getKey()).setEmptyList();
                    emptyList.getClass();
                    entry.forEach(emptyList::add);
                });
                ModelNode modelNode3 = result.get(ElytronDescriptionConstants.ROLES);
                Roles roles = authorizedIdentity.getRoles();
                modelNode3.getClass();
                roles.forEach(modelNode3::add);
            } catch (RealmUnavailableException e) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.couldNotReadIdentity(asString, capabilityServiceName, e);
            }
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/DomainDefinition$WriteAttributeHandler.class */
    private static class WriteAttributeHandler extends ElytronRestartParentWriteAttributeHandler {
        WriteAttributeHandler(String str) {
            super(str, DomainDefinition.ATTRIBUTES);
        }

        protected ServiceName getParentServiceName(PathAddress pathAddress) {
            return Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY.fromBaseCapability(pathAddress.getLastElement().getValue()).getCapabilityServiceName(SecurityDomain.class);
        }

        protected void removeServices(OperationContext operationContext, ServiceName serviceName, ModelNode modelNode) throws OperationFailedException {
            operationContext.removeService(serviceName.append(new String[]{ElytronDescriptionConstants.INITIAL}));
            super.removeServices(operationContext, serviceName, modelNode);
        }

        protected void recreateParentService(OperationContext operationContext, PathAddress pathAddress, ModelNode modelNode) throws OperationFailedException {
            DomainDefinition.installService(operationContext, getParentServiceName(pathAddress), modelNode);
        }

        protected void validateUpdatedModel(OperationContext operationContext, Resource resource) throws OperationFailedException {
            operationContext.addStep(new DomainValidationHandler(), OperationContext.Stage.MODEL);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DomainDefinition() {
        super(new SimpleResourceDefinition.Parameters(PathElement.pathElement(ElytronDescriptionConstants.SECURITY_DOMAIN), ElytronExtension.getResourceDescriptionResolver(ElytronDescriptionConstants.SECURITY_DOMAIN)).setAddHandler(ADD).setRemoveHandler(REMOVE).setAddRestartLevel(OperationEntry.Flag.RESTART_RESOURCE_SERVICES).setRemoveRestartLevel(OperationEntry.Flag.RESTART_RESOURCE_SERVICES).setCapabilities(new RuntimeCapability[]{Capabilities.SECURITY_DOMAIN_RUNTIME_CAPABILITY}));
    }

    public void registerAttributes(ManagementResourceRegistration managementResourceRegistration) {
        for (AttributeDefinition attributeDefinition : ATTRIBUTES) {
            managementResourceRegistration.registerReadWriteAttribute(attributeDefinition, (OperationStepHandler) null, WRITE);
        }
    }

    public void registerOperations(ManagementResourceRegistration managementResourceRegistration) {
        super.registerOperations(managementResourceRegistration);
        ReadSecurityDomainIdentityHandler.register(managementResourceRegistration, getResourceDescriptionResolver());
    }

    private static ServiceController<SecurityDomain> installInitialService(OperationContext operationContext, ServiceName serviceName, ModelNode modelNode, Predicate<SecurityDomain> predicate, UnaryOperator<SecurityIdentity> unaryOperator) throws OperationFailedException {
        ServiceTarget serviceTarget = operationContext.getServiceTarget();
        String asString = DEFAULT_REALM.resolveModelAttribute(operationContext, modelNode).asString();
        List<ModelNode> asList = REALMS.resolveModelAttribute(operationContext, modelNode).asList();
        String asStringIfDefined = ElytronExtension.asStringIfDefined(operationContext, PRE_REALM_PRINCIPAL_TRANSFORMER, modelNode);
        String asStringIfDefined2 = ElytronExtension.asStringIfDefined(operationContext, POST_REALM_PRINCIPAL_TRANSFORMER, modelNode);
        String asStringIfDefined3 = ElytronExtension.asStringIfDefined(operationContext, PRINCIPAL_DECODER, modelNode);
        String asStringIfDefined4 = ElytronExtension.asStringIfDefined(operationContext, PERMISSION_MAPPER, modelNode);
        String asStringIfDefined5 = ElytronExtension.asStringIfDefined(operationContext, REALM_MAPPER, modelNode);
        String asStringIfDefined6 = ElytronExtension.asStringIfDefined(operationContext, ROLE_MAPPER, modelNode);
        String asStringIfDefined7 = ElytronExtension.asStringIfDefined(operationContext, SECURITY_EVENT_LISTENER, modelNode);
        DomainService domainService = new DomainService(asString, predicate, unaryOperator);
        ServiceBuilder<?> initialMode = serviceTarget.addService(serviceName, domainService).setInitialMode(ServiceController.Mode.ACTIVE);
        if (asStringIfDefined != null) {
            injectPrincipalTransformer(asStringIfDefined, operationContext, initialMode, domainService.createPreRealmPrincipalTransformerInjector(asStringIfDefined));
        }
        if (asStringIfDefined2 != null) {
            injectPrincipalTransformer(asStringIfDefined2, operationContext, initialMode, domainService.createPostRealmPrincipalTransformerInjector(asStringIfDefined2));
        }
        if (asStringIfDefined3 != null) {
            initialMode.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.principal-decoder", asStringIfDefined3), PrincipalDecoder.class), PrincipalDecoder.class, domainService.getPrincipalDecoderInjector());
        }
        if (asStringIfDefined4 != null) {
            initialMode.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.permission-mapper", asStringIfDefined4), PermissionMapper.class), PermissionMapper.class, domainService.getPermissionMapperInjector());
        }
        if (asStringIfDefined5 != null) {
            initialMode.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.realm-mapper", asStringIfDefined5), RealmMapper.class), RealmMapper.class, domainService.getRealmMapperInjector());
        }
        if (asStringIfDefined6 != null) {
            injectRoleMapper(asStringIfDefined6, operationContext, initialMode, domainService.createDomainRoleMapperInjector(asStringIfDefined6));
        }
        if (asStringIfDefined7 != null) {
            initialMode.addDependency(operationContext.getCapabilityServiceName("org.wildfly.security.security-event-listener", asStringIfDefined7, SecurityEventListener.class), SecurityEventListener.class, domainService.getSecurityEventListenerInjector());
        }
        for (ModelNode modelNode2 : asList) {
            String asString2 = REALM_NAME.resolveModelAttribute(operationContext, modelNode2).asString();
            ServiceName capabilityServiceName = operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.security-realm", asString2), SecurityRealm.class);
            DomainService.RealmDependency createRealmDependency = domainService.createRealmDependency(asString2);
            REALM_SERVICE_UTIL.addInjection(initialMode, createRealmDependency.getSecurityRealmInjector(), capabilityServiceName);
            String asStringIfDefined8 = ElytronExtension.asStringIfDefined(operationContext, REALM_PRINCIPAL_TRANSFORMER, modelNode2);
            if (asStringIfDefined8 != null) {
                injectPrincipalTransformer(asStringIfDefined8, operationContext, initialMode, createRealmDependency.getPrincipalTransformerInjector(asStringIfDefined8));
            }
            String asStringIfDefined9 = ElytronExtension.asStringIfDefined(operationContext, ROLE_MAPPER, modelNode2);
            if (asStringIfDefined9 != null) {
                injectRoleMapper(asStringIfDefined9, operationContext, initialMode, createRealmDependency.getRoleMapperInjector(asStringIfDefined9));
            }
            String asStringIfDefined10 = ElytronExtension.asStringIfDefined(operationContext, REALM_ROLE_DECODER, modelNode2);
            if (asStringIfDefined10 != null) {
                injectRoleDecoder(asStringIfDefined10, operationContext, initialMode, createRealmDependency.getRoleDecoderInjector(asStringIfDefined10));
            }
        }
        ElytronDefinition.commonDependencies(initialMode);
        return initialMode.install();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ServiceController<SecurityDomain> installService(OperationContext operationContext, ServiceName serviceName, ModelNode modelNode) throws OperationFailedException {
        ServiceName append = serviceName.append(new String[]{ElytronDescriptionConstants.INITIAL});
        final InjectedValue injectedValue = new InjectedValue();
        List<String> unwrap = TRUSTED_SECURITY_DOMAINS.unwrap(operationContext, modelNode);
        final ArrayList arrayList = new ArrayList(unwrap.size());
        final HashSet hashSet = new HashSet();
        List<String> unwrap2 = OUTFLOW_SECURITY_DOMAINS.unwrap(operationContext, modelNode);
        boolean asBoolean = OUTFLOW_ANONYMOUS.resolveModelAttribute(operationContext, modelNode).asBoolean();
        final ArrayList arrayList2 = new ArrayList(unwrap2.size());
        final HashSet hashSet2 = new HashSet();
        hashSet.getClass();
        installInitialService(operationContext, append, modelNode, (v1) -> {
            return r3.contains(v1);
        }, unwrap2.size() > 0 ? securityIdentity -> {
            return outflow(securityIdentity, asBoolean, hashSet2);
        } : UnaryOperator.identity());
        TrivialService trivialService = new TrivialService();
        trivialService.setValueSupplier(new TrivialService.ValueSupplier<SecurityDomain>() { // from class: org.wildfly.extension.elytron.DomainDefinition.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.wildfly.extension.elytron.TrivialService.ValueSupplier
            public SecurityDomain get() throws StartException {
                List list = arrayList;
                Set set = hashSet;
                list.forEach(injectedValue2 -> {
                    set.add(injectedValue2.getValue());
                });
                List list2 = arrayList2;
                Set set2 = hashSet2;
                list2.forEach(injectedValue3 -> {
                    set2.add(injectedValue3.getValue());
                });
                return (SecurityDomain) injectedValue.getValue();
            }

            @Override // org.wildfly.extension.elytron.TrivialService.ValueSupplier
            public void dispose() {
                hashSet.clear();
            }
        });
        ServiceBuilder initialMode = operationContext.getServiceTarget().addService(serviceName, trivialService).setInitialMode(ServiceController.Mode.ACTIVE);
        initialMode.addDependency(append, SecurityDomain.class, injectedValue);
        for (String str : unwrap) {
            InjectedValue injectedValue2 = new InjectedValue();
            initialMode.addDependency(operationContext.getCapabilityServiceName("org.wildfly.security.security-domain", str, SecurityDomain.class).append(new String[]{ElytronDescriptionConstants.INITIAL}), SecurityDomain.class, injectedValue2);
            arrayList.add(injectedValue2);
        }
        for (String str2 : unwrap2) {
            InjectedValue injectedValue3 = new InjectedValue();
            initialMode.addDependency(operationContext.getCapabilityServiceName("org.wildfly.security.security-domain", str2, SecurityDomain.class).append(new String[]{ElytronDescriptionConstants.INITIAL}), SecurityDomain.class, injectedValue3);
            arrayList2.add(injectedValue3);
        }
        return initialMode.install();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SecurityIdentity outflow(final SecurityIdentity securityIdentity, final boolean z, final Set<SecurityDomain> set) {
        return securityIdentity.withSecurityIdentitySupplier(new Supplier<SecurityIdentity[]>() { // from class: org.wildfly.extension.elytron.DomainDefinition.2
            private volatile SecurityIdentity[] outflowIdentities = null;

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public SecurityIdentity[] get() {
                SecurityIdentity[] securityIdentityArr = this.outflowIdentities;
                if (securityIdentityArr == null) {
                    synchronized (this) {
                        securityIdentityArr = this.outflowIdentities;
                        if (securityIdentityArr == null) {
                            if (WildFlySecurityManager.isChecking()) {
                                SecurityIdentity securityIdentity2 = securityIdentity;
                                boolean z2 = z;
                                Set set2 = set;
                                securityIdentityArr = (SecurityIdentity[]) AccessController.doPrivileged(() -> {
                                    return DomainDefinition.performOutflow(securityIdentity2, z2, set2);
                                });
                            } else {
                                securityIdentityArr = DomainDefinition.performOutflow(securityIdentity, z, set);
                            }
                            this.outflowIdentities = securityIdentityArr;
                        }
                    }
                }
                return securityIdentityArr;
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SecurityIdentity[] performOutflow(SecurityIdentity securityIdentity, boolean z, Set<SecurityDomain> set) {
        ArrayList arrayList = new ArrayList(set.size());
        set.forEach(securityDomain -> {
            ServerAuthenticationContext createNewAuthenticationContext = securityDomain.createNewAuthenticationContext();
            try {
                if (createNewAuthenticationContext.importIdentity(securityIdentity)) {
                    arrayList.add(createNewAuthenticationContext.getAuthorizedIdentity());
                } else if (z) {
                    arrayList.add(securityDomain.getAnonymousSecurityIdentity());
                }
            } catch (RealmUnavailableException e) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.unableToPerformOutflow(securityIdentity.getPrincipal().getName(), e);
            }
        });
        return (SecurityIdentity[]) arrayList.toArray(new SecurityIdentity[arrayList.size()]);
    }

    private static void injectPrincipalTransformer(String str, OperationContext operationContext, ServiceBuilder<SecurityDomain> serviceBuilder, Injector<PrincipalTransformer> injector) {
        if (str == null || injector == null) {
            return;
        }
        serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.principal-transformer", str), PrincipalTransformer.class), PrincipalTransformer.class, injector);
    }

    private static void injectRoleMapper(String str, OperationContext operationContext, ServiceBuilder<SecurityDomain> serviceBuilder, Injector<RoleMapper> injector) {
        if (str == null || injector == null) {
            return;
        }
        serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.role-mapper", str), RoleMapper.class), RoleMapper.class, injector);
    }

    private static void injectRoleDecoder(String str, OperationContext operationContext, ServiceBuilder<SecurityDomain> serviceBuilder, Injector<RoleDecoder> injector) {
        if (str == null || injector == null) {
            return;
        }
        serviceBuilder.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.role-decoder", str), RoleDecoder.class), RoleDecoder.class, injector);
    }
}
