package org.wildfly.extension.security.manager;

import java.security.Permission;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.jboss.as.controller.AbstractBoottimeAddStepHandler;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.registry.Resource;
import org.jboss.as.server.AbstractDeploymentChainStep;
import org.jboss.as.server.DeploymentProcessorTarget;
import org.jboss.as.server.deployment.Phase;
import org.jboss.dmr.ModelNode;
import org.jboss.modules.Module;
import org.jboss.modules.security.FactoryPermissionCollection;
import org.jboss.modules.security.PermissionFactory;
import org.wildfly.extension.security.manager.DeferredPermissionFactory;
import org.wildfly.extension.security.manager.deployment.PermissionsParserProcessor;
import org.wildfly.extension.security.manager.deployment.PermissionsValidationProcessor;
import org.wildfly.extension.security.manager.logging.SecurityManagerLogger;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/extension/security/manager/SecurityManagerSubsystemAdd.class */
public class SecurityManagerSubsystemAdd extends AbstractBoottimeAddStepHandler {
    static final SecurityManagerSubsystemAdd INSTANCE = new SecurityManagerSubsystemAdd();

    private SecurityManagerSubsystemAdd() {
    }

    protected void populateModel(ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
    }

    protected void performBoottime(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
        ModelNode modelNode3 = Resource.Tools.readModel(operationContext.readResource(PathAddress.EMPTY_ADDRESS)).get(DeploymentPermissionsResourceDefinition.DEPLOYMENT_PERMISSIONS_PATH.getKeyValuePair());
        final List<PermissionFactory> retrievePermissionSet = retrievePermissionSet(DeferredPermissionFactory.Type.MINIMUM_SET, operationContext, DeploymentPermissionsResourceDefinition.MINIMUM_PERMISSIONS.resolveModelAttribute(operationContext, modelNode3));
        ModelNode resolveModelAttribute = DeploymentPermissionsResourceDefinition.MAXIMUM_PERMISSIONS.resolveModelAttribute(operationContext, modelNode3);
        if (!resolveModelAttribute.isDefined()) {
            resolveModelAttribute = DeploymentPermissionsResourceDefinition.DEFAULT_MAXIMUM_SET;
        }
        final List<PermissionFactory> retrievePermissionSet2 = retrievePermissionSet(DeferredPermissionFactory.Type.MAXIMUM_SET, operationContext, resolveModelAttribute);
        FactoryPermissionCollection factoryPermissionCollection = new FactoryPermissionCollection((PermissionFactory[]) retrievePermissionSet2.toArray(new PermissionFactory[retrievePermissionSet2.size()]));
        StringBuilder sb = new StringBuilder();
        Iterator<PermissionFactory> it = retrievePermissionSet.iterator();
        while (it.hasNext()) {
            Permission construct = it.next().construct();
            if (construct != null && !factoryPermissionCollection.implies(construct)) {
                sb.append("\n\t\t").append(construct);
            }
        }
        if (sb.length() > 0) {
            throw SecurityManagerLogger.ROOT_LOGGER.invalidSubsystemConfiguration(sb);
        }
        operationContext.addStep(new AbstractDeploymentChainStep() { // from class: org.wildfly.extension.security.manager.SecurityManagerSubsystemAdd.1
            protected void execute(DeploymentProcessorTarget deploymentProcessorTarget) {
                deploymentProcessorTarget.addDeploymentProcessor(Constants.SUBSYSTEM_NAME, Phase.PARSE, 12544, new PermissionsParserProcessor(retrievePermissionSet));
                deploymentProcessorTarget.addDeploymentProcessor(Constants.SUBSYSTEM_NAME, Phase.POST_MODULE, 14080, new PermissionsValidationProcessor(retrievePermissionSet2));
            }
        }, OperationContext.Stage.RUNTIME);
    }

    private List<PermissionFactory> retrievePermissionSet(DeferredPermissionFactory.Type type, OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        ArrayList arrayList = new ArrayList();
        if (modelNode != null && modelNode.isDefined()) {
            for (ModelNode modelNode2 : modelNode.asList()) {
                String asString = DeploymentPermissionsResourceDefinition.CLASS.resolveModelAttribute(operationContext, modelNode2).asString();
                String asString2 = modelNode2.hasDefined(Constants.PERMISSION_NAME) ? DeploymentPermissionsResourceDefinition.NAME.resolveModelAttribute(operationContext, modelNode2).asString() : null;
                String asString3 = modelNode2.hasDefined(Constants.PERMISSION_ACTIONS) ? DeploymentPermissionsResourceDefinition.ACTIONS.resolveModelAttribute(operationContext, modelNode2).asString() : null;
                String str = null;
                if (modelNode2.hasDefined(Constants.PERMISSION_MODULE)) {
                    str = DeploymentPermissionsResourceDefinition.MODULE.resolveModelAttribute(operationContext, modelNode2).asString();
                }
                arrayList.add(new DeferredPermissionFactory(type, Module.getBootModuleLoader(), str, asString, asString2, asString3));
            }
        }
        return arrayList;
    }
}
