package org.wildfly.extension.elytron;

import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.util.stream.Stream;
import javax.crypto.SecretKey;
import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AbstractWriteAttributeHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.ReloadRequiredWriteAttributeHandler;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.capability.RuntimeCapability;
import org.jboss.as.controller.descriptions.ResourceDescriptionResolver;
import org.jboss.as.controller.descriptions.StandardResourceDescriptionResolver;
import org.jboss.as.controller.operations.validation.CharsetValidator;
import org.jboss.as.controller.operations.validation.StringAllowedValuesValidator;
import org.jboss.as.controller.registry.AttributeAccess;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.controller.registry.OperationEntry;
import org.jboss.as.controller.services.path.PathManager;
import org.jboss.as.controller.services.path.PathManagerService;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;
import org.jboss.msc.Service;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceController;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.ServiceRegistry;
import org.jboss.msc.service.ServiceTarget;
import org.jboss.msc.service.StartException;
import org.jboss.msc.value.InjectedValue;
import org.wildfly.common.function.ExceptionFunction;
import org.wildfly.common.function.ExceptionSupplier;
import org.wildfly.extension.elytron.FileAttributeDefinitions;
import org.wildfly.extension.elytron.TrivialService;
import org.wildfly.extension.elytron._private.ElytronSubsystemMessages;
import org.wildfly.security.auth.realm.FileSystemSecurityRealm;
import org.wildfly.security.auth.realm.FileSystemSecurityRealmBuilder;
import org.wildfly.security.auth.server.NameRewriter;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.credential.SecretKeyCredential;
import org.wildfly.security.credential.store.CredentialStore;
import org.wildfly.security.credential.store.CredentialStoreException;
import org.wildfly.security.password.spec.Encoding;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/extension/elytron/FileSystemRealmDefinition.class */
public class FileSystemRealmDefinition extends SimpleResourceDefinition {
    static final SimpleAttributeDefinition PATH = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PATH, FileAttributeDefinitions.PATH).setAttributeGroup(ElytronDescriptionConstants.FILE).setRequired(true).setRestartAllServices().build();
    static final SimpleAttributeDefinition RELATIVE_TO = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.RELATIVE_TO, FileAttributeDefinitions.RELATIVE_TO).setAttributeGroup(ElytronDescriptionConstants.FILE).setRestartAllServices().build();
    static final SimpleAttributeDefinition LEVELS = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.LEVELS, ModelType.INT, true).setDefaultValue(new ModelNode(2)).setAllowExpression(true).setRestartAllServices().build();
    static final SimpleAttributeDefinition ENCODED = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.ENCODED, ModelType.BOOLEAN, true).setDefaultValue(ModelNode.TRUE).setAllowExpression(true).setRestartAllServices().build();
    static final SimpleAttributeDefinition HASH_ENCODING = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.HASH_ENCODING, ModelType.STRING, true).setDefaultValue(new ModelNode(ElytronDescriptionConstants.BASE64)).setValidator(new StringAllowedValuesValidator(new String[]{ElytronDescriptionConstants.BASE64, ElytronDescriptionConstants.HEX})).setAllowExpression(true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition HASH_CHARSET = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.HASH_CHARSET, ModelType.STRING, true).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).setDefaultValue(new ModelNode(ElytronDescriptionConstants.UTF_8)).setValidator(new CharsetValidator()).setAllowExpression(true).build();
    static final SimpleAttributeDefinition CREDENTIAL_STORE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.CREDENTIAL_STORE, ModelType.STRING, false).setAllowExpression(true).setRequired(false).setRequires(new String[]{ElytronDescriptionConstants.SECRET_KEY}).setMinSize(1).setRestartAllServices().setCapabilityReference("org.wildfly.security.credential-store", "org.wildfly.security.security-realm").build();
    static final SimpleAttributeDefinition SECRET_KEY = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.SECRET_KEY, ModelType.STRING, false).setAllowExpression(true).setRequired(false).setRequires(new String[]{ElytronDescriptionConstants.CREDENTIAL_STORE}).setMinSize(1).setRestartAllServices().build();
    static final SimpleAttributeDefinition KEY_STORE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.KEY_STORE, ModelType.STRING, true).setAllowExpression(true).setRequires(new String[]{ElytronDescriptionConstants.KEY_STORE_ALIAS}).setMinSize(1).setRestartAllServices().setCapabilityReference("org.wildfly.security.key-store", Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY).setFlags(new AttributeAccess.Flag[]{AttributeAccess.Flag.RESTART_RESOURCE_SERVICES}).build();
    static final SimpleAttributeDefinition KEY_STORE_ALIAS = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.KEY_STORE_ALIAS, ModelType.STRING, true).setAllowExpression(true).setRequires(new String[]{ElytronDescriptionConstants.KEY_STORE}).setMinSize(1).setRestartAllServices().build();
    static final AttributeDefinition[] ATTRIBUTES = {PATH, RELATIVE_TO, LEVELS, ENCODED, HASH_ENCODING, HASH_CHARSET};
    static final AttributeDefinition[] INTEGRITY_ATTRIBUTES = {KEY_STORE, KEY_STORE_ALIAS};
    static final AttributeDefinition[] ENCRYPTION_ATTRIBUTES = {CREDENTIAL_STORE, SECRET_KEY};
    static final AttributeDefinition[] ALL_ATTRIBUTES = (AttributeDefinition[]) Stream.of((Object[]) new AttributeDefinition[]{ATTRIBUTES, INTEGRITY_ATTRIBUTES, ENCRYPTION_ATTRIBUTES}).flatMap((v0) -> {
        return Stream.of(v0);
    }).toArray(i -> {
        return new AttributeDefinition[i];
    });
    private static final AbstractAddStepHandler ADD = new RealmAddHandler();
    private static final OperationStepHandler REMOVE = new TrivialCapabilityServiceRemoveHandler(ADD, Capabilities.MODIFIABLE_SECURITY_REALM_RUNTIME_CAPABILITY, Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY);

    /* loaded from: input_file:org/wildfly/extension/elytron/FileSystemRealmDefinition$EncryptionWriteAttributeDisabledHandler.class */
    private static class EncryptionWriteAttributeDisabledHandler extends ReloadRequiredWriteAttributeHandler {
        public EncryptionWriteAttributeDisabledHandler(AttributeDefinition... attributeDefinitionArr) {
            super(attributeDefinitionArr);
        }

        protected boolean applyUpdateToRuntime(OperationContext operationContext, ModelNode modelNode, String str, ModelNode modelNode2, ModelNode modelNode3, AbstractWriteAttributeHandler.HandbackHolder<Void> handbackHolder) throws OperationFailedException {
            FileSystemSecurityRealm fileSystemSecurityRealm = (FileSystemSecurityRealm) ((TrivialService) FileSystemRealmDefinition.getFileSystemService(operationContext)).getValue();
            try {
                if (modelNode3.isDefined() || !fileSystemSecurityRealm.getRealmIdentityIterator().hasNext()) {
                    return super.applyUpdateToRuntime(operationContext, modelNode, str, modelNode2, modelNode3, handbackHolder);
                }
                throw ElytronSubsystemMessages.ROOT_LOGGER.addSecretKeyToInitializedFilesystemRealm();
            } catch (RealmUnavailableException e) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.addSecretKeyToInitializedFilesystemRealm();
            }
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/FileSystemRealmDefinition$IntegrityWriteAttributeDisabledHandler.class */
    private static class IntegrityWriteAttributeDisabledHandler extends ReloadRequiredWriteAttributeHandler {
        public IntegrityWriteAttributeDisabledHandler(AttributeDefinition... attributeDefinitionArr) {
            super(attributeDefinitionArr);
        }

        protected boolean applyUpdateToRuntime(OperationContext operationContext, ModelNode modelNode, String str, ModelNode modelNode2, ModelNode modelNode3, AbstractWriteAttributeHandler.HandbackHolder<Void> handbackHolder) throws OperationFailedException {
            FileSystemSecurityRealm fileSystemSecurityRealm = (FileSystemSecurityRealm) ((TrivialService) FileSystemRealmDefinition.getFileSystemService(operationContext)).getValue();
            try {
                if (modelNode3.isDefined() || !fileSystemSecurityRealm.getRealmIdentityIterator().hasNext()) {
                    return super.applyUpdateToRuntime(operationContext, modelNode, str, modelNode2, modelNode3, handbackHolder);
                }
                throw ElytronSubsystemMessages.ROOT_LOGGER.addKeypairToInitializedFilesystemRealm();
            } catch (RealmUnavailableException e) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.addKeypairToInitializedFilesystemRealm();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/extension/elytron/FileSystemRealmDefinition$RealmAddHandler.class */
    public static class RealmAddHandler extends BaseAddHandler {
        private RealmAddHandler() {
            super(Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY, FileSystemRealmDefinition.ALL_ATTRIBUTES);
        }

        private static SecretKey getSecretKey(OperationContext operationContext, String str, String str2) throws OperationFailedException {
            try {
                SecretKeyCredential retrieve = ((CredentialStore) ((ExceptionFunction) operationContext.getCapabilityRuntimeAPI("org.wildfly.security.credential-store-api", str, ExceptionFunction.class)).apply(operationContext)).retrieve(str2, SecretKeyCredential.class);
                if (retrieve == null) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.credentialDoesNotExist(str2, SecretKeyCredential.class.getSimpleName());
                }
                return retrieve.getSecretKey();
            } catch (CredentialStoreException e) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.unableToLoadCredentialStore(e);
            }
        }

        private static char[] getKeyStorePassword(KeyStoreService keyStoreService) throws RuntimeException {
            try {
                return keyStoreService.resolveKeyPassword((ExceptionSupplier) new InjectedValue().getOptionalValue());
            } catch (Exception e) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.unableToGetKeyStorePassword();
            }
        }

        protected void performRuntime(OperationContext operationContext, ModelNode modelNode, ModelNode modelNode2) throws OperationFailedException {
            ServiceTarget serviceTarget = operationContext.getServiceTarget();
            String currentAddressValue = operationContext.getCurrentAddressValue();
            ServiceName capabilityServiceName = Capabilities.MODIFIABLE_SECURITY_REALM_RUNTIME_CAPABILITY.fromBaseCapability(currentAddressValue).getCapabilityServiceName();
            ServiceName capabilityServiceName2 = Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY.fromBaseCapability(currentAddressValue).getCapabilityServiceName();
            final int asInt = FileSystemRealmDefinition.LEVELS.resolveModelAttribute(operationContext, modelNode2).asInt();
            final boolean asBoolean = FileSystemRealmDefinition.ENCODED.resolveModelAttribute(operationContext, modelNode2).asBoolean();
            final String asString = FileSystemRealmDefinition.PATH.resolveModelAttribute(operationContext, modelNode2).asString();
            final String asStringOrNull = FileSystemRealmDefinition.RELATIVE_TO.resolveModelAttribute(operationContext, modelNode2).asStringOrNull();
            final String asString2 = FileSystemRealmDefinition.HASH_ENCODING.resolveModelAttribute(operationContext, modelNode2).asString();
            final String asString3 = FileSystemRealmDefinition.HASH_CHARSET.resolveModelAttribute(operationContext, modelNode2).asString();
            String asStringOrNull2 = FileSystemRealmDefinition.CREDENTIAL_STORE.resolveModelAttribute(operationContext, modelNode2).asStringOrNull();
            String asStringOrNull3 = FileSystemRealmDefinition.SECRET_KEY.resolveModelAttribute(operationContext, modelNode2).asStringOrNull();
            final String asStringOrNull4 = FileSystemRealmDefinition.KEY_STORE.resolveModelAttribute(operationContext, modelNode2).asStringOrNull();
            final String asStringOrNull5 = FileSystemRealmDefinition.KEY_STORE_ALIAS.resolveModelAttribute(operationContext, modelNode2).asStringOrNull();
            final InjectedValue injectedValue = new InjectedValue();
            final InjectedValue injectedValue2 = new InjectedValue();
            final InjectedValue injectedValue3 = new InjectedValue();
            SecretKey secretKey = null;
            if (asStringOrNull2 != null && asStringOrNull3 != null) {
                secretKey = getSecretKey(operationContext, asStringOrNull2, asStringOrNull3);
            }
            final SecretKey secretKey2 = secretKey;
            final ServiceRegistry serviceRegistry = operationContext.getServiceRegistry(true);
            ServiceBuilder addAliases = serviceTarget.addService(capabilityServiceName, new TrivialService(new TrivialService.ValueSupplier<SecurityRealm>() { // from class: org.wildfly.extension.elytron.FileSystemRealmDefinition.RealmAddHandler.1
                private FileAttributeDefinitions.PathResolver pathResolver;
                ModifiableKeyStoreService keyStoreService;

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.wildfly.extension.elytron.TrivialService.ValueSupplier
                public SecurityRealm get() throws StartException {
                    this.pathResolver = FileAttributeDefinitions.pathResolver();
                    Path path = this.pathResolver.path(asString).relativeTo(asStringOrNull, (PathManager) injectedValue2.getOptionalValue()).resolve().toPath();
                    NameRewriter nameRewriter = (NameRewriter) injectedValue3.getOptionalValue();
                    Charset forName = Charset.forName(asString3);
                    Encoding encoding = ElytronDescriptionConstants.HEX.equals(asString2) ? Encoding.HEX : Encoding.BASE64;
                    if (nameRewriter == null) {
                        nameRewriter = NameRewriter.IDENTITY_REWRITER;
                    }
                    KeyStore keyStore = (KeyStore) injectedValue.getOptionalValue();
                    PrivateKey privateKey = null;
                    PublicKey publicKey = null;
                    if (keyStore != null) {
                        try {
                            this.keyStoreService = KeyStoreServiceUtil.getModifiableKeyStoreService(serviceRegistry, asStringOrNull4);
                            char[] keyStorePassword = RealmAddHandler.getKeyStorePassword((KeyStoreService) this.keyStoreService);
                            if (!keyStore.containsAlias(asStringOrNull5)) {
                                throw ElytronSubsystemMessages.ROOT_LOGGER.keyStoreMissingAlias(asStringOrNull5);
                            }
                            privateKey = (PrivateKey) keyStore.getKey(asStringOrNull5, keyStorePassword);
                            publicKey = keyStore.getCertificate(asStringOrNull5).getPublicKey();
                            if (privateKey == null) {
                                throw ElytronSubsystemMessages.ROOT_LOGGER.missingPrivateKey(asStringOrNull4, asStringOrNull5);
                            }
                            if (publicKey == null) {
                                throw ElytronSubsystemMessages.ROOT_LOGGER.missingPublicKey(asStringOrNull4, asStringOrNull5);
                            }
                        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | OperationFailedException e) {
                            throw ElytronSubsystemMessages.ROOT_LOGGER.unableToAccessEntryFromKeyStore(asStringOrNull5, asStringOrNull4);
                        }
                    }
                    FileSystemSecurityRealmBuilder hashCharset = FileSystemSecurityRealm.builder().setRoot(path).setNameRewriter(nameRewriter).setLevels(asInt).setEncoded(asBoolean).setHashEncoding(encoding).setHashCharset(forName);
                    if (secretKey2 != null) {
                        hashCharset.setSecretKey(secretKey2);
                    }
                    if (privateKey != null && publicKey != null) {
                        hashCharset.setPrivateKey(privateKey);
                        hashCharset.setPublicKey(publicKey);
                    }
                    return hashCharset.build();
                }

                @Override // org.wildfly.extension.elytron.TrivialService.ValueSupplier
                public void dispose() {
                    if (this.pathResolver != null) {
                        this.pathResolver.clear();
                        this.pathResolver = null;
                    }
                }
            })).addAliases(new ServiceName[]{capabilityServiceName2});
            if (asStringOrNull2 != null) {
                addAliases.requires(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.credential-store", asStringOrNull2), CredentialStore.class));
            }
            if (asStringOrNull4 != null) {
                addAliases.addDependency(operationContext.getCapabilityServiceName(RuntimeCapability.buildDynamicCapabilityName("org.wildfly.security.key-store", asStringOrNull4), KeyStore.class), KeyStore.class, injectedValue);
            }
            if (asStringOrNull != null) {
                addAliases.addDependency(PathManagerService.SERVICE_NAME, PathManager.class, injectedValue2);
                addAliases.requires(FileAttributeDefinitions.pathName(asStringOrNull));
            }
            addAliases.install();
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/FileSystemRealmDefinition$UpdateKeyPairHandler.class */
    static class UpdateKeyPairHandler extends ElytronRuntimeOnlyHandler {
        UpdateKeyPairHandler() {
        }

        static void register(ManagementResourceRegistration managementResourceRegistration, ResourceDescriptionResolver resourceDescriptionResolver) {
            managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.UPDATE_KEY_PAIR, resourceDescriptionResolver).setRuntimeOnly().build(), new UpdateKeyPairHandler());
        }

        protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            FileSystemSecurityRealm fileSystemSecurityRealm = (FileSystemSecurityRealm) ((TrivialService) FileSystemRealmDefinition.getFileSystemService(operationContext)).getValue();
            try {
                if (!fileSystemSecurityRealm.hasIntegrityEnabled()) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.filesystemMissingKeypair();
                }
                fileSystemSecurityRealm.updateRealmKeyPair();
            } catch (IOException e) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.unableToVerifyIntegrity(e, e.getLocalizedMessage());
            }
        }
    }

    /* loaded from: input_file:org/wildfly/extension/elytron/FileSystemRealmDefinition$VerifyRealmIntegrity.class */
    static class VerifyRealmIntegrity extends ElytronRuntimeOnlyHandler {
        VerifyRealmIntegrity() {
        }

        static void register(ManagementResourceRegistration managementResourceRegistration, ResourceDescriptionResolver resourceDescriptionResolver) {
            managementResourceRegistration.registerOperationHandler(new SimpleOperationDefinitionBuilder(ElytronDescriptionConstants.VERIFY_INTEGRITY, resourceDescriptionResolver).setRuntimeOnly().build(), new VerifyRealmIntegrity());
        }

        protected void executeRuntimeStep(OperationContext operationContext, ModelNode modelNode) throws OperationFailedException {
            FileSystemSecurityRealm fileSystemSecurityRealm = (FileSystemSecurityRealm) ((TrivialService) FileSystemRealmDefinition.getFileSystemService(operationContext)).getValue();
            try {
                if (!fileSystemSecurityRealm.hasIntegrityEnabled()) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.filesystemMissingKeypair();
                }
                FileSystemSecurityRealm.IntegrityResult verifyRealmIntegrity = fileSystemSecurityRealm.verifyRealmIntegrity();
                if (!verifyRealmIntegrity.isValid()) {
                    throw ElytronSubsystemMessages.ROOT_LOGGER.filesystemIntegrityInvalid(verifyRealmIntegrity.getIdentityNames());
                }
            } catch (IOException e) {
                throw ElytronSubsystemMessages.ROOT_LOGGER.unableToVerifyIntegrity(e, e.getLocalizedMessage());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public FileSystemRealmDefinition() {
        super(new SimpleResourceDefinition.Parameters(PathElement.pathElement(ElytronDescriptionConstants.FILESYSTEM_REALM), ElytronExtension.getResourceDescriptionResolver(ElytronDescriptionConstants.FILESYSTEM_REALM)).setAddHandler(ADD).setRemoveHandler(REMOVE).setAddRestartLevel(OperationEntry.Flag.RESTART_RESOURCE_SERVICES).setRemoveRestartLevel(OperationEntry.Flag.RESTART_RESOURCE_SERVICES).setCapabilities(new RuntimeCapability[]{Capabilities.MODIFIABLE_SECURITY_REALM_RUNTIME_CAPABILITY, Capabilities.SECURITY_REALM_RUNTIME_CAPABILITY}));
    }

    public void registerAttributes(ManagementResourceRegistration managementResourceRegistration) {
        ElytronReloadRequiredWriteAttributeHandler elytronReloadRequiredWriteAttributeHandler = new ElytronReloadRequiredWriteAttributeHandler(ATTRIBUTES);
        IntegrityWriteAttributeDisabledHandler integrityWriteAttributeDisabledHandler = new IntegrityWriteAttributeDisabledHandler(INTEGRITY_ATTRIBUTES);
        EncryptionWriteAttributeDisabledHandler encryptionWriteAttributeDisabledHandler = new EncryptionWriteAttributeDisabledHandler(ENCRYPTION_ATTRIBUTES);
        for (AttributeDefinition attributeDefinition : ATTRIBUTES) {
            managementResourceRegistration.registerReadWriteAttribute(attributeDefinition, (OperationStepHandler) null, elytronReloadRequiredWriteAttributeHandler);
        }
        for (AttributeDefinition attributeDefinition2 : INTEGRITY_ATTRIBUTES) {
            managementResourceRegistration.registerReadWriteAttribute(attributeDefinition2, (OperationStepHandler) null, integrityWriteAttributeDisabledHandler);
        }
        for (AttributeDefinition attributeDefinition3 : ENCRYPTION_ATTRIBUTES) {
            managementResourceRegistration.registerReadWriteAttribute(attributeDefinition3, (OperationStepHandler) null, encryptionWriteAttributeDisabledHandler);
        }
    }

    public void registerOperations(ManagementResourceRegistration managementResourceRegistration) {
        super.registerOperations(managementResourceRegistration);
        StandardResourceDescriptionResolver resourceDescriptionResolver = ElytronExtension.getResourceDescriptionResolver(ElytronDescriptionConstants.FILESYSTEM_REALM);
        if (ElytronExtension.isServerOrHostController(managementResourceRegistration)) {
            UpdateKeyPairHandler.register(managementResourceRegistration, resourceDescriptionResolver);
            VerifyRealmIntegrity.register(managementResourceRegistration, resourceDescriptionResolver);
        }
    }

    private static Service getFileSystemService(OperationContext operationContext) throws OperationFailedException {
        ServiceRegistry serviceRegistry = operationContext.getServiceRegistry(true);
        ServiceName capabilityServiceName = Capabilities.MODIFIABLE_SECURITY_REALM_RUNTIME_CAPABILITY.fromBaseCapability(operationContext.getCurrentAddress().getLastElement().getValue()).getCapabilityServiceName();
        ServiceController requiredService = ElytronExtension.getRequiredService(serviceRegistry, capabilityServiceName, SecurityRealm.class);
        ServiceController.State state = requiredService.getState();
        if (state != ServiceController.State.UP) {
            throw ElytronSubsystemMessages.ROOT_LOGGER.requiredServiceNotUp(capabilityServiceName, state);
        }
        return requiredService.getService();
    }
}
