package org.jboss.as.console.client.administration.accesscontrol.store;

import com.allen_sauer.gwt.log.client.Log;
import com.google.common.collect.Collections2;
import com.google.common.collect.Iterables;
import com.google.gwt.user.client.rpc.AsyncCallback;
import com.google.inject.Inject;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import org.jboss.as.console.client.administration.accesscontrol.store.AccessControlFunctions;
import org.jboss.as.console.client.administration.accesscontrol.store.Principal;
import org.jboss.as.console.client.administration.accesscontrol.store.Role;
import org.jboss.as.console.client.core.BootstrapContext;
import org.jboss.as.console.client.core.NameTokens;
import org.jboss.as.console.client.rbac.StandardRole;
import org.jboss.as.console.client.shared.flow.FunctionCallback;
import org.jboss.as.console.client.shared.flow.FunctionContext;
import org.jboss.as.console.client.v3.dmr.Composite;
import org.jboss.as.console.client.v3.dmr.Operation;
import org.jboss.as.console.client.v3.dmr.ResourceAddress;
import org.jboss.dmr.client.ModelNode;
import org.jboss.dmr.client.Property;
import org.jboss.dmr.client.dispatch.DispatchAsync;
import org.jboss.dmr.client.dispatch.impl.DMRAction;
import org.jboss.dmr.client.dispatch.impl.DMRResponse;
import org.jboss.gwt.circuit.ChangeSupport;
import org.jboss.gwt.circuit.Dispatcher;
import org.jboss.gwt.circuit.meta.Process;
import org.jboss.gwt.circuit.meta.Store;
import org.jboss.gwt.flow.client.Async;
import org.jboss.gwt.flow.client.Function;
import org.jboss.gwt.flow.client.Outcome;

@Store
/* loaded from: input_file:org/jboss/as/console/client/administration/accesscontrol/store/AccessControlStore.class */
public class AccessControlStore extends ChangeSupport {
    static final String LOCAL_USERNAME = "$local";
    private final DispatchAsync dispatcher;
    private final BootstrapContext bootstrapContext;
    private boolean rbacProvider = false;
    private final Roles roles = new Roles();
    private final Principals principals = new Principals();
    private final Assignments assignments = new Assignments();

    /* loaded from: input_file:org/jboss/as/console/client/administration/accesscontrol/store/AccessControlStore$ReloadCallback.class */
    class ReloadCallback implements AsyncCallback<DMRResponse> {
        private final Dispatcher.Channel channel;

        ReloadCallback(Dispatcher.Channel channel) {
            this.channel = channel;
        }

        public void onFailure(Throwable th) {
            this.channel.nack(th);
        }

        public void onSuccess(DMRResponse dMRResponse) {
            ModelNode modelNode = dMRResponse.get();
            if (!modelNode.hasDefined("outcome") || modelNode.isFailure()) {
                this.channel.nack(modelNode.getFailureDescription());
            } else {
                AccessControlStore.this.reload(new ReloadAccessControl(), this.channel);
            }
        }
    }

    /* loaded from: input_file:org/jboss/as/console/client/administration/accesscontrol/store/AccessControlStore$ReloadOutcome.class */
    class ReloadOutcome implements Outcome<FunctionContext> {
        private final Dispatcher.Channel channel;

        ReloadOutcome(Dispatcher.Channel channel) {
            this.channel = channel;
        }

        public void onFailure(FunctionContext functionContext) {
            this.channel.nack(functionContext.getError());
        }

        public void onSuccess(FunctionContext functionContext) {
            AccessControlStore.this.reload(new ReloadAccessControl(), this.channel);
        }
    }

    @Inject
    public AccessControlStore(DispatchAsync dispatchAsync, BootstrapContext bootstrapContext) {
        this.dispatcher = dispatchAsync;
        this.bootstrapContext = bootstrapContext;
    }

    @Process(actionType = ReloadAccessControl.class)
    public void reload(ReloadAccessControl reloadAccessControl, final Dispatcher.Channel channel) {
        ResourceAddress root = AddressHelper.root();
        Operation build = new Operation.Builder("read-attribute", root).param("name", "provider").build();
        Operation build2 = new Operation.Builder("read-attribute", root).param("name", "standard-role-names").build();
        Operation build3 = new Operation.Builder("read-children-resources", root).param("child-type", "host-scoped-role").param("recursive", true).build();
        Operation build4 = new Operation.Builder("read-children-resources", root).param("child-type", "server-group-scoped-role").param("recursive", true).build();
        Operation build5 = new Operation.Builder("read-children-resources", root).param("child-type", "role-mapping").param("recursive", true).build();
        this.dispatcher.execute(new DMRAction(this.bootstrapContext.isStandalone() ? new Composite(build, build2, build5) : new Composite(build, build2, build3, build4, build5)), new AsyncCallback<DMRResponse>() { // from class: org.jboss.as.console.client.administration.accesscontrol.store.AccessControlStore.1
            public void onFailure(Throwable th) {
                channel.nack(th);
            }

            public void onSuccess(DMRResponse dMRResponse) {
                ModelNode modelNode = dMRResponse.get();
                if (!modelNode.hasDefined("outcome") || modelNode.isFailure()) {
                    channel.nack(modelNode.getFailureDescription());
                }
                AccessControlStore.this.reset();
                ModelNode modelNode2 = modelNode.get("result");
                ModelNode modelNode3 = modelNode2.get("step-1").get("result");
                AccessControlStore.this.rbacProvider = modelNode3.isDefined() && NameTokens.RbacFinder.equals(modelNode3.asString());
                int i = 1 + 1;
                Iterator it = modelNode2.get("step-" + i).get("result").asList().iterator();
                while (it.hasNext()) {
                    AccessControlStore.this.roles.add(new Role(StandardRole.add(((ModelNode) it.next()).asString())));
                }
                int i2 = i + 1;
                if (!AccessControlStore.this.bootstrapContext.isStandalone()) {
                    Iterator it2 = modelNode2.get("step-" + i2).get("result").asPropertyList().iterator();
                    while (it2.hasNext()) {
                        AccessControlStore.this.addScopedRole((Property) it2.next(), NameTokens.HostMgmtPresenter, Role.Type.HOST);
                    }
                    int i3 = i2 + 1;
                    Iterator it3 = modelNode2.get("step-" + i3).get("result").asPropertyList().iterator();
                    while (it3.hasNext()) {
                        AccessControlStore.this.addScopedRole((Property) it3.next(), "server-groups", Role.Type.SERVER_GROUP);
                    }
                    i2 = i3 + 1;
                }
                for (Property property : modelNode2.get("step-" + i2).get("result").asPropertyList()) {
                    Role role = AccessControlStore.this.roles.get(property.getName());
                    if (role != null) {
                        ModelNode value = property.getValue();
                        if (value.hasDefined("include-all")) {
                            role.setIncludeAll(value.get("include-all").asBoolean());
                        }
                        if (value.hasDefined("include")) {
                            Iterator it4 = value.get("include").asPropertyList().iterator();
                            while (it4.hasNext()) {
                                AccessControlStore.this.addAssignment((Property) it4.next(), role, true);
                            }
                        }
                        if (value.hasDefined("exclude")) {
                            Iterator it5 = value.get("exclude").asPropertyList().iterator();
                            while (it5.hasNext()) {
                                AccessControlStore.this.addAssignment((Property) it5.next(), role, false);
                            }
                        }
                    } else {
                        Log.error("Cannot add assignment for role " + property.getName() + ": No matching role found!");
                    }
                }
                channel.ack();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void addScopedRole(Property property, String str, Role.Type type) {
        ModelNode value = property.getValue();
        String asString = value.get("base-role").asString();
        ArrayList arrayList = new ArrayList();
        Iterator it = value.get(str).asList().iterator();
        while (it.hasNext()) {
            arrayList.add(((ModelNode) it.next()).asString());
        }
        this.roles.add(new Role(property.getName(), property.getName(), StandardRole.matchId(asString), type, arrayList));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void addAssignment(Property property, Role role, boolean z) {
        String name = property.getName();
        ModelNode value = property.getValue();
        String asString = value.get("name").asString();
        if (LOCAL_USERNAME.equals(asString)) {
            return;
        }
        Principal persistentPrincipal = Principal.persistentPrincipal(Principal.Type.valueOf(value.get("type").asString().toUpperCase()), name, asString, value.hasDefined("realm") ? value.get("realm").asString() : null);
        this.principals.add(persistentPrincipal);
        this.assignments.add(new Assignment(persistentPrincipal, role, z));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void reset() {
        StandardRole.clearValues();
        this.roles.clear();
        this.principals.clear();
        this.assignments.clear();
    }

    @Process(actionType = AddPrincipal.class)
    public void addPrincipal(AddPrincipal addPrincipal, Dispatcher.Channel channel) {
        Principal principal = addPrincipal.getPrincipal();
        if (this.principals.contains(principal)) {
            channel.nack(new DuplicateResourceException(principal.getName()));
        } else {
            this.principals.add(principal);
            channel.ack();
        }
    }

    @Process(actionType = RemovePrincipal.class)
    public void removePrincipal(RemovePrincipal removePrincipal, Dispatcher.Channel channel) {
        Principal principal = removePrincipal.getPrincipal();
        if (principal.isTransient()) {
            this.principals.remove(principal);
            channel.ack();
            return;
        }
        ArrayList arrayList = new ArrayList();
        Iterator<Assignment> it = this.assignments.iterator();
        while (it.hasNext()) {
            Assignment next = it.next();
            if (next.getPrincipal().equals(principal)) {
                arrayList.add(new Operation.Builder("remove", AddressHelper.assignment(next)).build());
            }
        }
        this.dispatcher.execute(new DMRAction(new Composite(arrayList)), new ReloadCallback(channel));
    }

    @Process(actionType = ModifyStandardRole.class)
    public void modifyStandardRole(ModifyStandardRole modifyStandardRole, Dispatcher.Channel channel) {
        Role role = modifyStandardRole.getRole();
        new Async().waterfall(new FunctionContext(), new ReloadOutcome(channel), new Function[]{new AccessControlFunctions.CheckAssignment(this.dispatcher, role), new AccessControlFunctions.AddAssignment(this.dispatcher, role, num -> {
            return num.intValue() == 404;
        }), new AccessControlFunctions.ModifyIncludeAll(this.dispatcher, role)});
    }

    @Process(actionType = AddScopedRole.class)
    public void addScopedRole(AddScopedRole addScopedRole, Dispatcher.Channel channel) {
        Role role = addScopedRole.getRole();
        Operation build = new Operation.Builder("add", AddressHelper.scopedRole(role)).param("base-role", role.getBaseRole().getId()).param(role.getType() == Role.Type.HOST ? NameTokens.HostMgmtPresenter : "server-groups", Collections2.transform(role.getScope(), str -> {
            return new ModelNode().set(str);
        })).build();
        if (role.isIncludeAll()) {
            new Async().waterfall(new FunctionContext(), new ReloadOutcome(channel), new Function[]{control -> {
                this.dispatcher.execute(new DMRAction(build), new FunctionCallback(control));
            }, new AccessControlFunctions.CheckAssignment(this.dispatcher, role), new AccessControlFunctions.AddAssignment(this.dispatcher, role, num -> {
                return num.intValue() == 404;
            }), new AccessControlFunctions.ModifyIncludeAll(this.dispatcher, role)});
        } else {
            this.dispatcher.execute(new DMRAction(build), new ReloadCallback(channel));
        }
    }

    @Process(actionType = ModifyScopedRole.class)
    public void modifyScopedRole(ModifyScopedRole modifyScopedRole, Dispatcher.Channel channel) {
        Role role = modifyScopedRole.getRole();
        ResourceAddress scopedRole = AddressHelper.scopedRole(role);
        Composite composite = new Composite(new Operation.Builder("write-attribute", scopedRole).param("name", "base-role").param("value", role.getBaseRole().getId()).build(), new Operation.Builder("write-attribute", scopedRole).param("name", role.getType() == Role.Type.HOST ? NameTokens.HostMgmtPresenter : "server-groups").param("value", Collections2.transform(role.getScope(), str -> {
            return new ModelNode().set(str);
        })).build());
        new Async().waterfall(new FunctionContext(), new ReloadOutcome(channel), new Function[]{control -> {
            this.dispatcher.execute(new DMRAction(composite), new FunctionCallback(control));
        }, new AccessControlFunctions.CheckAssignment(this.dispatcher, role), new AccessControlFunctions.AddAssignment(this.dispatcher, role, num -> {
            return num.intValue() == 404;
        }), new AccessControlFunctions.ModifyIncludeAll(this.dispatcher, role)});
    }

    @Process(actionType = RemoveScopedRole.class)
    public void removeScopedRole(RemoveScopedRole removeScopedRole, Dispatcher.Channel channel) {
        Role role = removeScopedRole.getRole();
        if (!role.isScoped()) {
            channel.nack(new IllegalArgumentException("Standard roles cannot be removed!"));
        }
        int i = 0;
        Iterator<Assignment> it = this.assignments.iterator();
        while (it.hasNext()) {
            if (it.next().getRole().equals(role)) {
                i++;
            }
        }
        if (i > 0) {
            channel.nack(new RoleInUseException(i));
            return;
        }
        Operation build = new Operation.Builder("remove", AddressHelper.scopedRole(role)).build();
        new Async().waterfall(new FunctionContext(), new ReloadOutcome(channel), new Function[]{new AccessControlFunctions.CheckAssignment(this.dispatcher, role), new AccessControlFunctions.RemoveAssignment(this.dispatcher, role, num -> {
            return num.intValue() == 200;
        }), control -> {
            this.dispatcher.execute(new DMRAction(build), new FunctionCallback(control));
        }});
    }

    @Process(actionType = AddAssignment.class)
    public void addAssignment(AddAssignment addAssignment, Dispatcher.Channel channel) {
        Assignment assignment = addAssignment.getAssignment();
        Operation.Builder param = new Operation.Builder("add", AddressHelper.assignment(assignment)).param("name", assignment.getPrincipal().getName()).param("type", assignment.getPrincipal().getType().name());
        if (assignment.getPrincipal().getRealm() != null) {
            param.param("realm", assignment.getPrincipal().getRealm());
        }
        Operation build = param.build();
        new Async().waterfall(new FunctionContext(), new ReloadOutcome(channel), new Function[]{new AccessControlFunctions.CheckAssignment(this.dispatcher, assignment.getRole()), new AccessControlFunctions.AddAssignment(this.dispatcher, assignment.getRole(), num -> {
            return num.intValue() == 404;
        }), control -> {
            this.dispatcher.execute(new DMRAction(build), new FunctionCallback(control));
        }});
    }

    @Process(actionType = RemoveAssignment.class)
    public void removeAssignment(RemoveAssignment removeAssignment, Dispatcher.Channel channel) {
        this.dispatcher.execute(new DMRAction(new Operation.Builder("remove", AddressHelper.assignment(removeAssignment.getAssignment())).build()), new ReloadCallback(channel));
    }

    public boolean isRbacProvider() {
        return this.rbacProvider;
    }

    public Principals getPrincipals() {
        return this.principals;
    }

    public Iterable<Principal> getPrincipals(Role role, boolean z) {
        ArrayList arrayList = new ArrayList();
        Iterator<Assignment> it = getAssignments(role, z).iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getPrincipal());
        }
        return arrayList;
    }

    public Roles getRoles() {
        return this.roles;
    }

    public Iterable<Assignment> getAssignments(Principal principal) {
        return principal == null ? Collections.emptyList() : Iterables.filter(this.assignments, assignment -> {
            return assignment.getPrincipal().equals(principal);
        });
    }

    public Iterable<Assignment> getAssignments(Principal principal, boolean z) {
        return principal == null ? Collections.emptyList() : Iterables.filter(this.assignments, assignment -> {
            return assignment.getPrincipal().equals(principal) && assignment.isInclude() == z;
        });
    }

    public Iterable<Assignment> getAssignments(Role role) {
        return role == null ? Collections.emptyList() : Iterables.filter(this.assignments, assignment -> {
            return assignment.getRole().equals(role);
        });
    }

    public Iterable<Assignment> getAssignments(Role role, boolean z) {
        return role == null ? Collections.emptyList() : Iterables.filter(this.assignments, assignment -> {
            return assignment.getRole().equals(role) && assignment.isInclude() == z;
        });
    }
}
