package org.jboss.as.domain.management.access;

import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.access.rbac.ConfigurableRoleMapper;
import org.jboss.as.domain.management.DomainManagementMessages;
import org.jboss.dmr.ModelNode;

/* loaded from: input_file:org/jboss/as/domain/management/access/PrincipalRemove.class */
public class PrincipalRemove implements OperationStepHandler {
    private final ConfigurableRoleMapper roleMapper;
    private final ConfigurableRoleMapper.MatchType matchType;

    private PrincipalRemove(ConfigurableRoleMapper configurableRoleMapper, ConfigurableRoleMapper.MatchType matchType) {
        this.roleMapper = configurableRoleMapper;
        this.matchType = matchType;
    }

    public static OperationStepHandler createForInclude(ConfigurableRoleMapper configurableRoleMapper) {
        return new PrincipalRemove(configurableRoleMapper, ConfigurableRoleMapper.MatchType.INCLUDE);
    }

    public static OperationStepHandler createForExclude(ConfigurableRoleMapper configurableRoleMapper) {
        return new PrincipalRemove(configurableRoleMapper, ConfigurableRoleMapper.MatchType.EXCLUDE);
    }

    public void execute(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
        ModelNode model = operationContext.readResource(PathAddress.EMPTY_ADDRESS).getModel();
        String roleName = RoleMappingResourceDefinition.getRoleName(modelNode);
        ConfigurableRoleMapper.PrincipalType principalType = PrincipalResourceDefinition.getPrincipalType(operationContext, model);
        String realm = PrincipalResourceDefinition.getRealm(operationContext, model);
        String name = PrincipalResourceDefinition.getName(operationContext, model);
        operationContext.removeResource(PathAddress.EMPTY_ADDRESS);
        if (this.matchType == ConfigurableRoleMapper.MatchType.INCLUDE) {
            RbacSanityCheckOperation.registerOperation(operationContext);
        }
        registerRuntimeRemove(operationContext, roleName, principalType, name, realm);
        operationContext.stepCompleted();
    }

    private void registerRuntimeRemove(OperationContext operationContext, final String str, final ConfigurableRoleMapper.PrincipalType principalType, final String str2, final String str3) {
        operationContext.addStep(new OperationStepHandler() { // from class: org.jboss.as.domain.management.access.PrincipalRemove.1
            public void execute(OperationContext operationContext2, ModelNode modelNode) throws OperationFailedException {
                if (PrincipalRemove.this.roleMapper.removePrincipal(str, principalType, PrincipalRemove.this.matchType, str2, str3)) {
                    PrincipalRemove.this.registerRollbackHandler(operationContext2, str, principalType, str2, str3);
                } else {
                    operationContext2.restartRequired();
                    throw DomainManagementMessages.MESSAGES.inconsistentRbacRuntimeState();
                }
            }
        }, OperationContext.Stage.RUNTIME);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void registerRollbackHandler(OperationContext operationContext, final String str, final ConfigurableRoleMapper.PrincipalType principalType, final String str2, final String str3) {
        operationContext.completeStep(new OperationContext.RollbackHandler() { // from class: org.jboss.as.domain.management.access.PrincipalRemove.2
            public void handleRollback(OperationContext operationContext2, ModelNode modelNode) {
                if (PrincipalRemove.this.roleMapper.addPrincipal(str, principalType, PrincipalRemove.this.matchType, str2, str3, false)) {
                    return;
                }
                operationContext2.restartRequired();
            }
        });
    }
}
