package org.apache.qpid.server.security.access.config;

import java.net.InetAddress;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedMap;
import java.util.TreeMap;
import java.util.WeakHashMap;
import javax.security.auth.Subject;
import org.apache.commons.lang.BooleanUtils;
import org.apache.log4j.Logger;
import org.apache.qpid.server.logging.actors.CurrentActor;
import org.apache.qpid.server.security.Result;
import org.apache.qpid.server.security.access.ObjectProperties;
import org.apache.qpid.server.security.access.ObjectType;
import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.security.access.Permission;
import org.apache.qpid.server.security.access.logging.AccessControlMessages;

/* loaded from: input_file:org/apache/qpid/server/security/access/config/RuleSet.class */
public class RuleSet {
    private static final String AT = "@";
    private static final String SLASH = "/";
    private final SortedMap<Integer, Rule> _rules = new TreeMap();
    private final Map<Subject, Map<Operation, Map<ObjectType, List<Rule>>>> _cache = new WeakHashMap();
    private final Map<String, Boolean> _config = new HashMap();
    private static final Logger _logger = Logger.getLogger(RuleSet.class);
    public static final String DEFAULT_ALLOW = "defaultallow";
    public static final String DEFAULT_DENY = "defaultdeny";
    public static final List<String> CONFIG_PROPERTIES = Arrays.asList(DEFAULT_ALLOW, DEFAULT_DENY);
    private static final Integer _increment = 10;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.qpid.server.security.access.config.RuleSet$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/qpid/server/security/access/config/RuleSet$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$qpid$server$security$access$Permission = new int[Permission.values().length];

        static {
            try {
                $SwitchMap$org$apache$qpid$server$security$access$Permission[Permission.ALLOW_LOG.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$qpid$server$security$access$Permission[Permission.ALLOW.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$qpid$server$security$access$Permission[Permission.DENY_LOG.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$qpid$server$security$access$Permission[Permission.DENY.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public RuleSet() {
        configure(DEFAULT_DENY, Boolean.TRUE);
    }

    public void clear() {
        this._rules.clear();
        this._cache.clear();
        this._config.clear();
    }

    public int getRuleCount() {
        return this._rules.size();
    }

    public List<Rule> getRules(Subject subject, Operation operation, ObjectType objectType) {
        Map<ObjectType, List<Rule>> objectToRuleCache = getObjectToRuleCache(subject, operation);
        if (!objectToRuleCache.containsKey(objectType)) {
            Set<Principal> principals = subject.getPrincipals();
            boolean z = false;
            LinkedList linkedList = new LinkedList();
            for (Rule rule : this._rules.values()) {
                Action action = rule.getAction();
                if (rule.isEnabled() && (action.getOperation() == Operation.ALL || action.getOperation() == operation)) {
                    if (action.getObjectType() == ObjectType.ALL || action.getObjectType() == objectType) {
                        z = true;
                        if (isRelevant(principals, rule)) {
                            linkedList.add(rule);
                        }
                    }
                }
            }
            if (linkedList.isEmpty() && !z) {
                linkedList = null;
            }
            objectToRuleCache.put(objectType, linkedList);
            if (_logger.isDebugEnabled()) {
                _logger.debug("Cached " + objectType + " RulesList: " + linkedList);
            }
        }
        List<Rule> list = objectToRuleCache.get(objectType);
        if (_logger.isDebugEnabled()) {
            _logger.debug("Returning RuleList: " + list);
        }
        return list;
    }

    public boolean isValidNumber(Integer num) {
        return !this._rules.containsKey(num);
    }

    public void grant(Integer num, String str, Permission permission, Operation operation) {
        addRule(num, str, permission, new AclAction(operation));
    }

    public void grant(Integer num, String str, Permission permission, Operation operation, ObjectType objectType, ObjectProperties objectProperties) {
        addRule(num, str, permission, new AclAction(operation, objectType, objectProperties));
    }

    public void grant(Integer num, String str, Permission permission, Operation operation, ObjectType objectType, AclRulePredicates aclRulePredicates) {
        addRule(num, str, permission, new AclAction(operation, objectType, aclRulePredicates));
    }

    public boolean ruleExists(String str, AclAction aclAction) {
        for (Rule rule : this._rules.values()) {
            if (rule.getIdentity().equals(str) && rule.getAclAction().equals(aclAction)) {
                return true;
            }
        }
        return false;
    }

    public void addRule(Integer num, String str, Permission permission, AclAction aclAction) {
        this._cache.clear();
        if (!aclAction.isAllowed()) {
            throw new IllegalArgumentException("Action is not allowed: " + aclAction);
        }
        if (ruleExists(str, aclAction)) {
            return;
        }
        Rule rule = new Rule(num, str, aclAction, permission);
        if (rule.getNumber() == null) {
            if (this._rules.isEmpty()) {
                rule.setNumber(0);
            } else {
                rule.setNumber(Integer.valueOf(this._rules.lastKey().intValue() + _increment.intValue()));
            }
        }
        this._cache.remove(str);
        this._rules.put(rule.getNumber(), rule);
    }

    public void enableRule(int i) {
        this._rules.get(Integer.valueOf(i)).enable();
    }

    public void disableRule(int i) {
        this._rules.get(Integer.valueOf(i)).disable();
    }

    protected boolean checkName(String str) {
        for (int i = 0; i < str.length(); i++) {
            Character valueOf = Character.valueOf(str.charAt(i));
            if (!Character.isLetterOrDigit(valueOf.charValue()) && valueOf.charValue() != '-' && valueOf.charValue() != '_' && valueOf.charValue() != '@' && valueOf.charValue() != '.' && valueOf.charValue() != '/') {
                return false;
            }
        }
        return true;
    }

    protected boolean isvalidUserName(String str) {
        int indexOf = str.indexOf(AT);
        int indexOf2 = str.indexOf(SLASH);
        boolean z = indexOf != -1 && indexOf == str.lastIndexOf(AT);
        boolean z2 = indexOf2 != -1 && indexOf2 == str.lastIndexOf(SLASH);
        if (z && indexOf > str.length() - 2) {
            return false;
        }
        if (!z2 || indexOf2 <= str.length() - 2) {
            return (z && z2 && indexOf >= indexOf2 - 1) ? false : true;
        }
        return false;
    }

    public Result check(Subject subject, Operation operation, ObjectType objectType, ObjectProperties objectProperties) {
        return check(subject, operation, objectType, objectProperties, null);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:22:0x00b5. Please report as an issue. */
    public Result check(Subject subject, Operation operation, ObjectType objectType, ObjectProperties objectProperties, InetAddress inetAddress) {
        ClientAction clientAction = new ClientAction(operation, objectType, objectProperties);
        if (_logger.isDebugEnabled()) {
            _logger.debug("Checking action: " + clientAction);
        }
        List<Rule> rules = getRules(subject, operation, objectType);
        if (rules == null) {
            if (_logger.isDebugEnabled()) {
                _logger.debug("No rules found, returning default result");
            }
            return getDefault();
        }
        for (Rule rule : rules) {
            if (_logger.isDebugEnabled()) {
                _logger.debug("Checking against rule: " + rule);
            }
            if (clientAction.matches(rule.getAclAction(), inetAddress)) {
                switch (AnonymousClass1.$SwitchMap$org$apache$qpid$server$security$access$Permission[rule.getPermission().ordinal()]) {
                    case 1:
                        CurrentActor.get().message(AccessControlMessages.ALLOWED(clientAction.getOperation().toString(), clientAction.getObjectType().toString(), clientAction.getProperties().toString()));
                    case 2:
                        return Result.ALLOWED;
                    case 3:
                        CurrentActor.get().message(AccessControlMessages.DENIED(clientAction.getOperation().toString(), clientAction.getObjectType().toString(), clientAction.getProperties().toString()));
                    case 4:
                        return Result.DENIED;
                    default:
                        return Result.DENIED;
                }
            }
        }
        return Result.DEFER;
    }

    public Result getDefault() {
        return isSet(DEFAULT_ALLOW) ? Result.ALLOWED : isSet(DEFAULT_DENY) ? Result.DENIED : Result.ABSTAIN;
    }

    protected boolean isSet(String str) {
        return BooleanUtils.isTrue(this._config.get(str));
    }

    public void configure(Map<String, Boolean> map) {
        this._config.putAll(map);
    }

    public void configure(String str, Boolean bool) {
        this._config.put(str, bool);
    }

    public Map<Integer, Rule> getAllRules() {
        return Collections.unmodifiableMap(this._rules);
    }

    private boolean isRelevant(Set<Principal> set, Rule rule) {
        if (rule.getIdentity().equalsIgnoreCase(Rule.ALL)) {
            return true;
        }
        Iterator<Principal> it = set.iterator();
        while (it.hasNext()) {
            if (rule.getIdentity().equalsIgnoreCase(it.next().getName())) {
                return true;
            }
        }
        return false;
    }

    private Map<ObjectType, List<Rule>> getObjectToRuleCache(Subject subject, Operation operation) {
        Map<Operation, Map<ObjectType, List<Rule>>> map = this._cache.get(subject);
        if (map == null) {
            map = new EnumMap(Operation.class);
            this._cache.put(subject, map);
        }
        Map<ObjectType, List<Rule>> map2 = map.get(operation);
        if (map2 == null) {
            map2 = new EnumMap(ObjectType.class);
            map.put(operation, map2);
        }
        return map2;
    }
}
