package org.apache.cassandra.auth.jmx;

import java.lang.reflect.InvocationHandler;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.AccessController;
import javax.management.InstanceNotFoundException;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.security.auth.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/cassandra/auth/jmx/AuthorizationProxy.class */
public class AuthorizationProxy implements InvocationHandler {
    private static final Logger logger;
    private MBeanServer mbs;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // java.lang.reflect.InvocationHandler
    public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
        String name = method.getName();
        if ("getMBeanServer".equals(name)) {
            throw new SecurityException("Access denied");
        }
        if (name.equals("invoke") && objArr.length == 4) {
            checkVulnerableMethods(objArr);
        }
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (!"setMBeanServer".equals(name)) {
            return invoke(method, objArr);
        }
        if (subject != null) {
            throw new SecurityException("Access denied");
        }
        if (objArr[0] == null) {
            throw new IllegalArgumentException("Null MBeanServer");
        }
        if (this.mbs != null) {
            throw new IllegalArgumentException("MBeanServer already initialized");
        }
        this.mbs = (MBeanServer) objArr[0];
        return null;
    }

    private Object invoke(Method method, Object[] objArr) throws Throwable {
        try {
            return method.invoke(this.mbs, objArr);
        } catch (InvocationTargetException e) {
            throw e.getCause();
        }
    }

    private void checkVulnerableMethods(Object[] objArr) {
        if (!$assertionsDisabled && objArr.length != 4) {
            throw new AssertionError();
        }
        try {
            ObjectName objectName = (ObjectName) objArr[0];
            String str = (String) objArr[1];
            checkCompilerDirectiveAddMethods(objectName, str);
            checkJvmtiLoad(objectName, str);
            checkMLetMethods(objectName, str);
        } catch (ClassCastException e) {
            logger.warn("Could not interpret arguments to check vulnerable MBean invocations; did the MBeanServer interface change?", e);
        }
    }

    private void checkCompilerDirectiveAddMethods(ObjectName objectName, String str) {
        if (objectName.getCanonicalName().equals("com.sun.management:type=DiagnosticCommand") && str.equals("compilerDirectivesAdd")) {
            throw new SecurityException("Access is denied!");
        }
    }

    private void checkJvmtiLoad(ObjectName objectName, String str) {
        if (objectName.getCanonicalName().equals("com.sun.management:type=DiagnosticCommand") && str.equals("jvmtiAgentLoad")) {
            throw new SecurityException("Access is denied!");
        }
    }

    private void checkMLetMethods(ObjectName objectName, String str) {
        if (str == null) {
            return;
        }
        try {
            if (this.mbs.isInstanceOf(objectName, "javax.management.loading.MLet")) {
                if (str.equals("addURL") || str.equals("getMBeansFromURL")) {
                    throw new SecurityException("Access is denied!");
                }
            }
        } catch (InstanceNotFoundException e) {
        }
    }

    static {
        $assertionsDisabled = !AuthorizationProxy.class.desiredAssertionStatus();
        logger = LoggerFactory.getLogger(AuthorizationProxy.class);
    }
}
