package org.wso2.andes.server.security;

import java.net.SocketAddress;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.log4j.Logger;
import org.wso2.andes.framing.AMQShortString;
import org.wso2.andes.server.configuration.plugins.ConfigurationPlugin;
import org.wso2.andes.server.configuration.plugins.ConfigurationPluginFactory;
import org.wso2.andes.server.exchange.Exchange;
import org.wso2.andes.server.plugins.PluginManager;
import org.wso2.andes.server.queue.AMQQueue;
import org.wso2.andes.server.security.access.ObjectProperties;
import org.wso2.andes.server.security.access.ObjectType;
import org.wso2.andes.server.security.access.Operation;

/* loaded from: input_file:org/wso2/andes/server/security/SecurityManager.class */
public class SecurityManager {
    private static final Logger _logger = Logger.getLogger(SecurityManager.class);
    private static final ThreadLocal<Subject> _subject = new ThreadLocal<>();
    private PluginManager _pluginManager;
    private Map<String, SecurityPluginFactory> _pluginFactories;
    private Map<String, SecurityPlugin> _globalPlugins;
    private Map<String, SecurityPlugin> _hostPlugins;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wso2/andes/server/security/SecurityManager$AccessCheck.class */
    public abstract class AccessCheck {
        private AccessCheck() {
        }

        abstract Result allowed(SecurityPlugin securityPlugin);
    }

    /* loaded from: input_file:org/wso2/andes/server/security/SecurityManager$SecurityConfiguration.class */
    public static class SecurityConfiguration extends ConfigurationPlugin {
        public static final ConfigurationPluginFactory FACTORY = new ConfigurationPluginFactory() { // from class: org.wso2.andes.server.security.SecurityManager.SecurityConfiguration.1
            @Override // org.wso2.andes.server.configuration.plugins.ConfigurationPluginFactory
            public ConfigurationPlugin newInstance(String str, Configuration configuration) throws ConfigurationException {
                SecurityConfiguration securityConfiguration = new SecurityConfiguration();
                securityConfiguration.setConfiguration(str, configuration);
                return securityConfiguration;
            }

            @Override // org.wso2.andes.server.configuration.plugins.ConfigurationPluginFactory
            public List<String> getParentPaths() {
                return Arrays.asList("security", "virtualhosts.virtualhost.security");
            }
        };

        @Override // org.wso2.andes.server.configuration.plugins.ConfigurationPlugin
        public String[] getElementsProcessed() {
            return new String[]{"security"};
        }

        @Override // org.wso2.andes.server.configuration.plugins.ConfigurationPlugin
        public void validateConfiguration() throws ConfigurationException {
            if (this._configuration.isEmpty()) {
                throw new ConfigurationException("security section is incomplete, no elements found.");
            }
        }
    }

    public SecurityManager(SecurityManager securityManager) throws ConfigurationException {
        this._pluginFactories = new HashMap();
        this._globalPlugins = new HashMap();
        this._hostPlugins = new HashMap();
        this._pluginManager = securityManager._pluginManager;
        this._pluginFactories = securityManager._pluginFactories;
        this._globalPlugins = securityManager._hostPlugins;
    }

    public SecurityManager(ConfigurationPlugin configurationPlugin, PluginManager pluginManager) throws ConfigurationException {
        this(configurationPlugin, pluginManager, null);
    }

    public SecurityManager(ConfigurationPlugin configurationPlugin, PluginManager pluginManager, SecurityPluginFactory securityPluginFactory) throws ConfigurationException {
        this._pluginFactories = new HashMap();
        this._globalPlugins = new HashMap();
        this._hostPlugins = new HashMap();
        this._pluginManager = pluginManager;
        if (pluginManager == null) {
            return;
        }
        this._pluginFactories = this._pluginManager.getSecurityPlugins();
        if (securityPluginFactory != null) {
            this._pluginFactories.put(securityPluginFactory.getPluginName(), securityPluginFactory);
        }
        configureHostPlugins(configurationPlugin);
    }

    public static Subject getThreadSubject() {
        return _subject.get();
    }

    public static void setThreadSubject(Subject subject) {
        _subject.set(subject);
    }

    public void configureHostPlugins(ConfigurationPlugin configurationPlugin) throws ConfigurationException {
        this._hostPlugins = configurePlugins(configurationPlugin);
    }

    public void configureGlobalPlugins(ConfigurationPlugin configurationPlugin) throws ConfigurationException {
        this._globalPlugins = configurePlugins(configurationPlugin);
    }

    public Map<String, SecurityPlugin> configurePlugins(ConfigurationPlugin configurationPlugin) throws ConfigurationException {
        HashMap hashMap = new HashMap();
        SecurityConfiguration securityConfiguration = (SecurityConfiguration) configurationPlugin.getConfiguration(SecurityConfiguration.class.getName());
        if (securityConfiguration != null) {
            for (SecurityPluginFactory securityPluginFactory : this._pluginFactories.values()) {
                SecurityPlugin securityPlugin = (SecurityPlugin) securityPluginFactory.newInstance(securityConfiguration);
                if (securityPlugin != null) {
                    hashMap.put(securityPluginFactory.getPluginName(), securityPlugin);
                }
            }
        }
        return hashMap;
    }

    public void addHostPlugin(SecurityPlugin securityPlugin) {
        this._hostPlugins.put(securityPlugin.getClass().getName(), securityPlugin);
    }

    public static Logger getLogger() {
        return _logger;
    }

    private boolean checkAllPlugins(AccessCheck accessCheck) {
        HashMap hashMap = new HashMap(this._globalPlugins);
        for (Map.Entry<String, SecurityPlugin> entry : this._hostPlugins.entrySet()) {
            SecurityPlugin securityPlugin = (SecurityPlugin) hashMap.get(entry.getKey());
            if (securityPlugin != null) {
                hashMap.remove(entry.getKey());
            }
            Result allowed = accessCheck.allowed(entry.getValue());
            if (allowed == Result.DENIED) {
                return false;
            }
            if (allowed != Result.ALLOWED) {
                if (securityPlugin == null) {
                    if (allowed == Result.DEFER) {
                        allowed = entry.getValue().getDefault();
                    }
                    if (allowed == Result.DENIED) {
                        return false;
                    }
                } else {
                    Result allowed2 = accessCheck.allowed(securityPlugin);
                    if (allowed2 == Result.DEFER) {
                        allowed2 = securityPlugin.getDefault();
                    }
                    if (allowed2 == Result.ABSTAIN && allowed == Result.DEFER) {
                        allowed2 = entry.getValue().getDefault();
                    }
                    if (allowed2 == Result.DENIED) {
                        return false;
                    }
                }
            }
        }
        for (SecurityPlugin securityPlugin2 : hashMap.values()) {
            Result allowed3 = accessCheck.allowed(securityPlugin2);
            if (allowed3 == Result.DEFER) {
                allowed3 = securityPlugin2.getDefault();
            }
            if (allowed3 == Result.DENIED) {
                return false;
            }
        }
        return true;
    }

    public boolean authoriseBind(final Exchange exchange, final AMQQueue aMQQueue, final AMQShortString aMQShortString) {
        return checkAllPlugins(new AccessCheck() { // from class: org.wso2.andes.server.security.SecurityManager.1
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.wso2.andes.server.security.SecurityManager.AccessCheck
            Result allowed(SecurityPlugin securityPlugin) {
                return securityPlugin.authorise(Operation.BIND, ObjectType.EXCHANGE, new ObjectProperties(exchange, aMQQueue, aMQShortString));
            }
        });
    }

    public boolean authoriseObject(final String str, final String str2) {
        return checkAllPlugins(new AccessCheck() { // from class: org.wso2.andes.server.security.SecurityManager.2
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.wso2.andes.server.security.SecurityManager.AccessCheck
            Result allowed(SecurityPlugin securityPlugin) {
                ObjectProperties objectProperties = new ObjectProperties();
                objectProperties.put(ObjectProperties.Property.PACKAGE, str);
                objectProperties.put(ObjectProperties.Property.CLASS, str2);
                return securityPlugin.authorise(Operation.ACCESS, ObjectType.OBJECT, objectProperties);
            }
        });
    }

    public boolean authoriseMethod(final Operation operation, final String str, final String str2) {
        return checkAllPlugins(new AccessCheck() { // from class: org.wso2.andes.server.security.SecurityManager.3
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.wso2.andes.server.security.SecurityManager.AccessCheck
            Result allowed(SecurityPlugin securityPlugin) {
                ObjectProperties objectProperties = new ObjectProperties();
                objectProperties.setName(str2);
                if (str != null) {
                    objectProperties.put(ObjectProperties.Property.COMPONENT, str);
                }
                return securityPlugin.authorise(operation, ObjectType.METHOD, objectProperties);
            }
        });
    }

    public boolean accessVirtualhost(String str, final SocketAddress socketAddress) {
        return checkAllPlugins(new AccessCheck() { // from class: org.wso2.andes.server.security.SecurityManager.4
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.wso2.andes.server.security.SecurityManager.AccessCheck
            Result allowed(SecurityPlugin securityPlugin) {
                return securityPlugin.access(ObjectType.VIRTUALHOST, socketAddress);
            }
        });
    }

    public boolean authoriseConsume(final AMQQueue aMQQueue) {
        return checkAllPlugins(new AccessCheck() { // from class: org.wso2.andes.server.security.SecurityManager.5
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.wso2.andes.server.security.SecurityManager.AccessCheck
            Result allowed(SecurityPlugin securityPlugin) {
                return securityPlugin.authorise(Operation.CONSUME, ObjectType.QUEUE, new ObjectProperties(aMQQueue));
            }
        });
    }

    public boolean authoriseConsume(final boolean z, final boolean z2, final boolean z3, final boolean z4, final AMQQueue aMQQueue) {
        return checkAllPlugins(new AccessCheck() { // from class: org.wso2.andes.server.security.SecurityManager.6
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.wso2.andes.server.security.SecurityManager.AccessCheck
            Result allowed(SecurityPlugin securityPlugin) {
                return securityPlugin.authorise(Operation.CONSUME, ObjectType.QUEUE, new ObjectProperties(Boolean.valueOf(z), Boolean.valueOf(z2), Boolean.valueOf(z3), Boolean.valueOf(z4), aMQQueue));
            }
        });
    }

    public boolean authoriseCreateExchange(final Boolean bool, final Boolean bool2, final AMQShortString aMQShortString, final Boolean bool3, final Boolean bool4, final Boolean bool5, final AMQShortString aMQShortString2) {
        return checkAllPlugins(new AccessCheck() { // from class: org.wso2.andes.server.security.SecurityManager.7
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.wso2.andes.server.security.SecurityManager.AccessCheck
            Result allowed(SecurityPlugin securityPlugin) {
                return securityPlugin.authorise(Operation.CREATE, ObjectType.EXCHANGE, new ObjectProperties(bool, bool2, aMQShortString, bool3, bool4, bool5, aMQShortString2));
            }
        });
    }

    public boolean authoriseCreateQueue(final Boolean bool, final Boolean bool2, final Boolean bool3, final Boolean bool4, final Boolean bool5, final AMQShortString aMQShortString, final String str) {
        return checkAllPlugins(new AccessCheck() { // from class: org.wso2.andes.server.security.SecurityManager.8
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.wso2.andes.server.security.SecurityManager.AccessCheck
            Result allowed(SecurityPlugin securityPlugin) {
                return securityPlugin.authorise(Operation.CREATE, ObjectType.QUEUE, new ObjectProperties(bool, bool2, bool3, bool4, bool5, aMQShortString, str));
            }
        });
    }

    public boolean authoriseDelete(final AMQQueue aMQQueue) {
        return checkAllPlugins(new AccessCheck() { // from class: org.wso2.andes.server.security.SecurityManager.9
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.wso2.andes.server.security.SecurityManager.AccessCheck
            Result allowed(SecurityPlugin securityPlugin) {
                return securityPlugin.authorise(Operation.DELETE, ObjectType.QUEUE, new ObjectProperties(aMQQueue));
            }
        });
    }

    public boolean authoriseDelete(final Exchange exchange) {
        return checkAllPlugins(new AccessCheck() { // from class: org.wso2.andes.server.security.SecurityManager.10
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.wso2.andes.server.security.SecurityManager.AccessCheck
            Result allowed(SecurityPlugin securityPlugin) {
                return securityPlugin.authorise(Operation.DELETE, ObjectType.EXCHANGE, new ObjectProperties(exchange.getName()));
            }
        });
    }

    public boolean authorisePublish(final boolean z, final String str, final String str2) {
        return checkAllPlugins(new AccessCheck() { // from class: org.wso2.andes.server.security.SecurityManager.11
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.wso2.andes.server.security.SecurityManager.AccessCheck
            Result allowed(SecurityPlugin securityPlugin) {
                return securityPlugin.authorise(Operation.PUBLISH, ObjectType.EXCHANGE, new ObjectProperties(str2, str, Boolean.valueOf(z)));
            }
        });
    }

    public boolean authorisePurge(final AMQQueue aMQQueue) {
        return checkAllPlugins(new AccessCheck() { // from class: org.wso2.andes.server.security.SecurityManager.12
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.wso2.andes.server.security.SecurityManager.AccessCheck
            Result allowed(SecurityPlugin securityPlugin) {
                return securityPlugin.authorise(Operation.PURGE, ObjectType.QUEUE, new ObjectProperties(aMQQueue));
            }
        });
    }

    public boolean authoriseUnbind(final Exchange exchange, final AMQShortString aMQShortString, final AMQQueue aMQQueue) {
        return checkAllPlugins(new AccessCheck() { // from class: org.wso2.andes.server.security.SecurityManager.13
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.wso2.andes.server.security.SecurityManager.AccessCheck
            Result allowed(SecurityPlugin securityPlugin) {
                return securityPlugin.authorise(Operation.UNBIND, ObjectType.EXCHANGE, new ObjectProperties(exchange, aMQQueue, aMQShortString));
            }
        });
    }
}
