package com.sun.enterprise.security.cli;

import com.sun.enterprise.config.serverbeans.AdminService;
import com.sun.enterprise.config.serverbeans.AuthRealm;
import com.sun.enterprise.config.serverbeans.Config;
import com.sun.enterprise.config.serverbeans.Domain;
import com.sun.enterprise.config.serverbeans.SecureAdmin;
import com.sun.enterprise.config.serverbeans.SecurityService;
import com.sun.enterprise.security.auth.realm.BadRealmException;
import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
import com.sun.enterprise.security.auth.realm.Realm;
import com.sun.enterprise.security.auth.realm.RealmsManager;
import com.sun.enterprise.security.auth.realm.file.FileRealm;
import com.sun.enterprise.util.LocalStringManagerImpl;
import java.beans.PropertyVetoException;
import java.io.File;
import java.util.ArrayList;
import java.util.List;
import javax.inject.Inject;
import javax.inject.Named;
import org.eclipse.persistence.internal.helper.Helper;
import org.eclipse.persistence.jpa.rs.ReservedWords;
import org.glassfish.api.ActionReport;
import org.glassfish.api.I18n;
import org.glassfish.api.Param;
import org.glassfish.api.admin.AccessRequired;
import org.glassfish.api.admin.AdminCommand;
import org.glassfish.api.admin.AdminCommandContext;
import org.glassfish.api.admin.AdminCommandSecurity;
import org.glassfish.api.admin.ExecuteOn;
import org.glassfish.api.admin.RestEndpoint;
import org.glassfish.api.admin.RestEndpoints;
import org.glassfish.api.admin.RestParam;
import org.glassfish.api.admin.RuntimeType;
import org.glassfish.api.admin.ServerEnvironment;
import org.glassfish.config.support.CommandTarget;
import org.glassfish.config.support.TargetType;
import org.glassfish.hk2.api.PerLookup;
import org.jvnet.hk2.annotations.Service;
import org.jvnet.hk2.config.ConfigSupport;
import org.jvnet.hk2.config.SingleConfigCode;
import org.jvnet.hk2.config.TransactionFailure;
import org.jvnet.hk2.config.types.Property;

@Service(name = "create-file-user")
@TargetType({CommandTarget.DAS, CommandTarget.STANDALONE_INSTANCE, CommandTarget.CLUSTER, CommandTarget.CONFIG, CommandTarget.DEPLOYMENT_GROUP})
@I18n("create.file.user")
@PerLookup
@ExecuteOn({RuntimeType.INSTANCE, RuntimeType.DAS})
@RestEndpoints({@RestEndpoint(configBean = AuthRealm.class, opType = RestEndpoint.OpType.POST, path = "create-user", description = "Create", params = {@RestParam(name = "authrealmname", value = "$parent")})})
/* loaded from: input_file:MICRO-INF/runtime/security.jar:com/sun/enterprise/security/cli/CreateFileUser.class */
public class CreateFileUser implements AdminCommand, AdminCommandSecurity.Preauthorization {
    private static final LocalStringManagerImpl localStrings = new LocalStringManagerImpl(CreateFileUser.class);

    @Param(name = "groups", optional = true, separator = ':')
    private List<String> groups = new ArrayList(0);

    @Param(name = "userpassword", password = true)
    private String userpassword;

    @Param(name = "authrealmname", optional = true)
    private String authRealmName;

    @Param(name = "target", optional = true, defaultValue = "server")
    private String target;

    @Param(name = "username", primary = true)
    private String userName;

    @Inject
    @Named(ServerEnvironment.DEFAULT_INSTANCE_NAME)
    private Config config;

    @Inject
    private Domain domain;

    @Inject
    private RealmsManager realmsManager;

    @Inject
    private AdminService adminService;
    private SecureAdmin secureAdmin;

    @AccessRequired.To({ReservedWords.JPARS_REL_UPDATE})
    private AuthRealm fileAuthRealm;
    private SecurityService securityService;

    @Override // org.glassfish.api.admin.AdminCommandSecurity.Preauthorization
    public boolean preAuthorization(AdminCommandContext adminCommandContext) {
        this.config = CLIUtil.chooseConfig(this.domain, this.target, adminCommandContext.getActionReport());
        if (this.config == null) {
            adminCommandContext.getActionReport().setActionExitCode(ActionReport.ExitCode.SUCCESS);
            return false;
        }
        this.securityService = this.config.getSecurityService();
        this.fileAuthRealm = CLIUtil.findRealm(this.securityService, this.authRealmName);
        if (this.fileAuthRealm != null) {
            this.authRealmName = this.fileAuthRealm.getName();
            return true;
        }
        ActionReport actionReport = adminCommandContext.getActionReport();
        actionReport.setMessage(localStrings.getLocalString("create.file.user.filerealmnotfound", "File realm {0} does not exist", this.authRealmName));
        actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
        return false;
    }

    @Override // org.glassfish.api.admin.AdminCommand
    public void execute(AdminCommandContext adminCommandContext) {
        final ActionReport actionReport = adminCommandContext.getActionReport();
        String classname = this.fileAuthRealm.getClassname();
        if (classname != null && !classname.equals("com.sun.enterprise.security.auth.realm.file.FileRealm")) {
            actionReport.setMessage(localStrings.getLocalString("create.file.user.realmnotsupported", "Configured file realm {0} is not supported.", classname));
            actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
            return;
        }
        String str = null;
        for (Property property : this.fileAuthRealm.getProperty()) {
            if (property.getName().equals("file")) {
                str = property.getValue();
            }
        }
        String str2 = str;
        if (str == null) {
            actionReport.setMessage(localStrings.getLocalString("create.file.user.keyfilenotfound", "There is no physical file associated with this file realm {0} ", this.authRealmName));
            actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
            return;
        }
        if (!new File(str2).exists()) {
            actionReport.setMessage(localStrings.getLocalString("file.realm.keyfilenonexistent", "The specified physical file {0} associated with the file realm {1} does not exist.", str2, this.authRealmName));
            actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
            return;
        }
        final String str3 = this.userpassword;
        if (str3 == null) {
            actionReport.setMessage(localStrings.getLocalString("create.file.user.keyfilenotreadable", "Password for user {0} has to be specified in --userpassword option or supplied through AS_ADMIN_USERPASSWORD property in the file specified in --passwordfile option", this.userName));
            actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
            return;
        }
        this.secureAdmin = this.domain.getSecureAdmin();
        if (SecureAdmin.Util.isEnabled(this.secureAdmin) && this.authRealmName.equals(this.adminService.getAuthRealmName()) && str3.isEmpty()) {
            actionReport.setMessage(localStrings.getLocalString("null_empty_password", "The admin user password is null or empty"));
            actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
            return;
        }
        try {
            ConfigSupport.apply(new SingleConfigCode<SecurityService>() { // from class: com.sun.enterprise.security.cli.CreateFileUser.1
                @Override // org.jvnet.hk2.config.SingleConfigCode
                public Object run(SecurityService securityService) throws PropertyVetoException, TransactionFailure {
                    try {
                        CreateFileUser.this.realmsManager.createRealms(CreateFileUser.this.config);
                        CreateFileUser.refreshRealm(CreateFileUser.this.config.getName(), CreateFileUser.this.authRealmName);
                        FileRealm fileRealm = (FileRealm) CreateFileUser.this.realmsManager.getFromLoadedRealms(CreateFileUser.this.config.getName(), CreateFileUser.this.authRealmName);
                        CreateFileUser.handleAdminGroup(CreateFileUser.this.authRealmName, CreateFileUser.this.groups);
                        fileRealm.addUser(CreateFileUser.this.userName, str3.toCharArray(), (String[]) CreateFileUser.this.groups.toArray(new String[CreateFileUser.this.groups.size()]));
                        fileRealm.persist();
                        actionReport.setActionExitCode(ActionReport.ExitCode.SUCCESS);
                        return null;
                    } catch (Exception e) {
                        actionReport.setMessage(CreateFileUser.localStrings.getLocalString("create.file.user.useraddfailed", "Adding User {0} to the file realm {1} failed", CreateFileUser.this.userName, CreateFileUser.this.authRealmName) + Helper.INDENT + (e.getLocalizedMessage() == null ? "" : e.getLocalizedMessage()));
                        actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
                        actionReport.setFailureCause(e);
                        return null;
                    }
                }
            }, this.securityService);
        } catch (Exception e) {
            actionReport.setMessage(localStrings.getLocalString("create.file.user.useraddfailed", "Adding User {0} to the file realm {1} failed", this.userName, this.authRealmName) + Helper.INDENT + e.getLocalizedMessage());
            actionReport.setActionExitCode(ActionReport.ExitCode.FAILURE);
            actionReport.setFailureCause(e);
        }
    }

    public static void refreshRealm(String str, String str2) {
        if (str2 == null || str2.length() <= 0) {
            return;
        }
        try {
            Realm realm = Realm.getInstance(str, str2);
            if (realm != null) {
                realm.refresh(str);
            }
        } catch (BadRealmException | NoSuchRealmException e) {
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void handleAdminGroup(String str, List<String> list) {
        if (!"admin-realm".equals(str) || list == null) {
            return;
        }
        list.clear();
        list.add("asadmin");
    }
}
