package org.jboss.as.domain.management.access;

import java.util.Arrays;
import java.util.List;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.ListAttributeDefinition;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.StringListAttributeDefinition;
import org.jboss.as.controller.access.CombinationPolicy;
import org.jboss.as.controller.access.management.AccessConstraintDefinition;
import org.jboss.as.controller.access.management.AccessConstraintUtilizationRegistry;
import org.jboss.as.controller.access.management.DelegatingConfigurableAuthorizer;
import org.jboss.as.controller.access.management.SensitiveTargetAccessConstraintDefinition;
import org.jboss.as.controller.access.management.WritableAuthorizerConfiguration;
import org.jboss.as.controller.operations.validation.EnumValidator;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.Resource;
import org.jboss.as.domain.management.ModelDescriptionConstants;
import org.jboss.as.domain.management._private.DomainManagementResolver;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;

/* loaded from: input_file:org/jboss/as/domain/management/access/AccessAuthorizationResourceDefinition.class */
public class AccessAuthorizationResourceDefinition extends SimpleResourceDefinition {
    public static final PathElement PATH_ELEMENT = PathElement.pathElement("access", ModelDescriptionConstants.AUTHORIZATION);
    public static final SimpleAttributeDefinition PERMISSION_COMBINATION_POLICY = new SimpleAttributeDefinitionBuilder("permission-combination-policy", ModelType.STRING, true).setDefaultValue(new ModelNode(CombinationPolicy.PERMISSIVE.toString())).setValidator(new EnumValidator(CombinationPolicy.class, true, false)).build();
    public static final SimpleAttributeDefinition PROVIDER = new SimpleAttributeDefinitionBuilder("provider", ModelType.STRING, true).setDefaultValue(new ModelNode(Provider.SIMPLE.toString())).setValidator(new EnumValidator(Provider.class, true, false)).build();
    static final ListAttributeDefinition STANDARD_ROLE_NAMES = new StringListAttributeDefinition.Builder("standard-role-names").setStorageRuntime().build();
    static final ListAttributeDefinition ALL_ROLE_NAMES = new StringListAttributeDefinition.Builder("all-role-names").setStorageRuntime().build();
    public static final List<AttributeDefinition> CONFIG_ATTRIBUTES = Arrays.asList(PROVIDER, PERMISSION_COMBINATION_POLICY);
    private final DelegatingConfigurableAuthorizer configurableAuthorizer;
    private final boolean isDomain;
    private final boolean isHostController;
    private final List<AccessConstraintDefinition> accessConstraints;

    /* loaded from: input_file:org/jboss/as/domain/management/access/AccessAuthorizationResourceDefinition$Provider.class */
    public enum Provider {
        SIMPLE("simple"),
        RBAC("rbac");

        private final String toString;

        Provider(String str) {
            this.toString = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.toString;
        }
    }

    public static AccessAuthorizationResourceDefinition forDomain(DelegatingConfigurableAuthorizer delegatingConfigurableAuthorizer) {
        return new AccessAuthorizationResourceDefinition(delegatingConfigurableAuthorizer, true, false);
    }

    public static AccessAuthorizationResourceDefinition forHost(DelegatingConfigurableAuthorizer delegatingConfigurableAuthorizer) {
        return new AccessAuthorizationResourceDefinition(delegatingConfigurableAuthorizer, true, true);
    }

    public static AccessAuthorizationResourceDefinition forDomainServer(DelegatingConfigurableAuthorizer delegatingConfigurableAuthorizer) {
        return new AccessAuthorizationResourceDefinition(delegatingConfigurableAuthorizer, true, false);
    }

    public static AccessAuthorizationResourceDefinition forStandaloneServer(DelegatingConfigurableAuthorizer delegatingConfigurableAuthorizer) {
        return new AccessAuthorizationResourceDefinition(delegatingConfigurableAuthorizer, false, false);
    }

    private AccessAuthorizationResourceDefinition(DelegatingConfigurableAuthorizer delegatingConfigurableAuthorizer, boolean z, boolean z2) {
        super(PATH_ELEMENT, DomainManagementResolver.getResolver("core.access-control"));
        this.configurableAuthorizer = delegatingConfigurableAuthorizer;
        this.isDomain = z;
        this.isHostController = z2;
        this.accessConstraints = SensitiveTargetAccessConstraintDefinition.ACCESS_CONTROL.wrapAsList();
    }

    public void registerAttributes(ManagementResourceRegistration managementResourceRegistration) {
        super.registerAttributes(managementResourceRegistration);
        if (this.isHostController) {
            return;
        }
        WritableAuthorizerConfiguration writableAuthorizerConfiguration = this.configurableAuthorizer.getWritableAuthorizerConfiguration();
        managementResourceRegistration.registerReadWriteAttribute(PROVIDER, (OperationStepHandler) null, new AccessAuthorizationProviderWriteAttributeHander(this.configurableAuthorizer));
        managementResourceRegistration.registerReadWriteAttribute(PERMISSION_COMBINATION_POLICY, (OperationStepHandler) null, new AccessAuthorizationCombinationPolicyWriteAttributeHandler(writableAuthorizerConfiguration));
        managementResourceRegistration.registerReadOnlyAttribute(STANDARD_ROLE_NAMES, AccessAuthorizationRolesHandler.getStandardRolesHandler(writableAuthorizerConfiguration));
        managementResourceRegistration.registerReadOnlyAttribute(ALL_ROLE_NAMES, AccessAuthorizationRolesHandler.getAllRolesHandler(writableAuthorizerConfiguration));
    }

    public void registerChildren(ManagementResourceRegistration managementResourceRegistration) {
        if (!this.isHostController) {
            managementResourceRegistration.registerSubModel(RoleMappingResourceDefinition.create(this.configurableAuthorizer, this.isDomain));
        }
        if (this.isDomain) {
            WritableAuthorizerConfiguration writableAuthorizerConfiguration = this.configurableAuthorizer.getWritableAuthorizerConfiguration();
            managementResourceRegistration.registerSubModel(new ServerGroupScopedRoleResourceDefinition(writableAuthorizerConfiguration));
            if (!this.isHostController) {
                managementResourceRegistration.registerSubModel(new HostScopedRolesResourceDefinition(writableAuthorizerConfiguration));
            }
        }
        if (this.isHostController) {
            return;
        }
        managementResourceRegistration.registerSubModel(ApplicationClassificationParentResourceDefinition.INSTANCE);
        managementResourceRegistration.registerSubModel(SensitivityClassificationParentResourceDefinition.INSTANCE);
        managementResourceRegistration.registerSubModel(SensitivityResourceDefinition.createVaultExpressionConfiguration());
    }

    public void registerOperations(ManagementResourceRegistration managementResourceRegistration) {
        super.registerOperations(managementResourceRegistration);
        if (this.isDomain) {
            managementResourceRegistration.registerOperationHandler(AccessAuthorizationDomainSlaveConfigHandler.DEFINITION, new AccessAuthorizationDomainSlaveConfigHandler(this.configurableAuthorizer));
        }
    }

    public List<AccessConstraintDefinition> getAccessConstraints() {
        return this.accessConstraints;
    }

    public static Resource createResource(AccessConstraintUtilizationRegistry accessConstraintUtilizationRegistry) {
        Resource create = Resource.Factory.create();
        create.registerChild(AccessConstraintResources.APPLICATION_PATH_ELEMENT, AccessConstraintResources.getApplicationConfigResource(accessConstraintUtilizationRegistry));
        create.registerChild(AccessConstraintResources.SENSITIVITY_PATH_ELEMENT, AccessConstraintResources.getSensitivityResource(accessConstraintUtilizationRegistry));
        create.registerChild(AccessConstraintResources.VAULT_PATH_ELEMENT, AccessConstraintResources.VAULT_RESOURCE);
        return create;
    }
}
