package org.apache.karaf.shell.impl.console.osgi.secured;

import java.nio.file.Path;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import javax.security.auth.Subject;
import org.apache.felix.gogo.runtime.Closure;
import org.apache.felix.gogo.runtime.CommandNotFoundException;
import org.apache.felix.gogo.runtime.CommandSessionImpl;
import org.apache.felix.service.command.Converter;
import org.apache.felix.service.command.Function;
import org.apache.felix.service.threadio.ThreadIO;
import org.apache.karaf.jaas.boot.principal.RolePrincipal;
import org.apache.karaf.service.guard.tools.ACLConfigurationParser;
import org.apache.karaf.shell.api.console.Command;
import org.apache.karaf.shell.api.console.Session;
import org.apache.karaf.shell.impl.console.SessionFactoryImpl;
import org.apache.karaf.util.tracker.SingleServiceTracker;
import org.osgi.framework.BundleContext;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.framework.ServiceReference;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.cm.ConfigurationEvent;
import org.osgi.service.cm.ConfigurationListener;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/karaf/shell/impl/console/osgi/secured/SecuredSessionFactoryImpl.class */
public class SecuredSessionFactoryImpl extends SessionFactoryImpl implements ConfigurationListener {
    private static final String PROXY_COMMAND_ACL_PID_PREFIX = "org.apache.karaf.command.acl.";
    private static final String CONFIGURATION_FILTER = "(service.pid=org.apache.karaf.command.acl.*)";
    private static final String SHELL_SCOPE = "shell";
    private static final String SHELL_INVOKE = ".invoke";
    private static final String SHELL_REDIRECT = ".redirect";
    private static final Logger LOGGER = LoggerFactory.getLogger(SecuredSessionFactoryImpl.class);
    private BundleContext bundleContext;
    private Map<String, Dictionary<String, Object>> scopes;
    private SingleServiceTracker<ConfigurationAdmin> configAdminTracker;
    private ServiceRegistration<ConfigurationListener> registration;
    private ThreadLocal<Map<Object, Boolean>> serviceVisibleMap;
    private Map<Thread, Map<Object, Boolean>> serviceVisibleMapForAllThreads;

    public SecuredSessionFactoryImpl(BundleContext bundleContext, ThreadIO threadIO) throws InvalidSyntaxException {
        super(threadIO);
        this.scopes = new HashMap();
        this.serviceVisibleMap = new ThreadLocal<>();
        this.serviceVisibleMapForAllThreads = new WeakHashMap();
        this.bundleContext = bundleContext;
        this.registration = bundleContext.registerService(ConfigurationListener.class, this, (Dictionary) null);
        this.configAdminTracker = new SingleServiceTracker<>(bundleContext, ConfigurationAdmin.class, this::update);
        this.configAdminTracker.open();
    }

    @Override // org.apache.karaf.shell.impl.console.SessionFactoryImpl
    public void stop() {
        this.registration.unregister();
        this.configAdminTracker.close();
        super.stop();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.karaf.shell.impl.console.SessionFactoryImpl
    public Object invoke(CommandSessionImpl commandSessionImpl, Object obj, String str, List<Object> list) throws Exception {
        checkSecurity(SHELL_SCOPE, SHELL_INVOKE, Arrays.asList(obj, str, list));
        return super.invoke(commandSessionImpl, obj, str, list);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.karaf.shell.impl.console.SessionFactoryImpl
    public Path redirect(CommandSessionImpl commandSessionImpl, Path path, int i) {
        checkSecurity(SHELL_SCOPE, SHELL_REDIRECT, Arrays.asList(path, Integer.valueOf(i)));
        return super.redirect(commandSessionImpl, path, i);
    }

    @Override // org.apache.karaf.shell.impl.console.SessionFactoryImpl
    protected Function wrap(Command command) {
        return new SecuredCommand(this, command);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.karaf.shell.impl.console.RegistryImpl
    public boolean isVisible(Object obj) {
        if (this.serviceVisibleMap.get() == null) {
            this.serviceVisibleMap.set(new HashMap());
            this.serviceVisibleMapForAllThreads.put(Thread.currentThread(), this.serviceVisibleMap.get());
        }
        if (this.serviceVisibleMap.get().get(obj) != null) {
            return this.serviceVisibleMap.get().get(obj).booleanValue();
        }
        if (!(obj instanceof Command)) {
            boolean isVisible = super.isVisible(obj);
            this.serviceVisibleMap.get().put(obj, Boolean.valueOf(isVisible));
            return isVisible;
        }
        Command command = (Command) obj;
        boolean isVisible2 = isVisible(command.getScope(), command.getName());
        this.serviceVisibleMap.get().put(obj, Boolean.valueOf(isVisible2));
        return isVisible2;
    }

    public boolean isVisible(String str, String str2) {
        boolean z = true;
        Dictionary<String, Object> scopeConfig = getScopeConfig(str);
        if (scopeConfig != null) {
            z = false;
            ArrayList arrayList = new ArrayList();
            ACLConfigurationParser.getRolesForInvocation(str2, null, null, scopeConfig, arrayList);
            if (arrayList.isEmpty()) {
                z = true;
            } else {
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    if (currentUserHasRole((String) it.next())) {
                        z = true;
                    }
                }
            }
        }
        AliasCommand findAlias = findAlias(str, str2);
        if (findAlias != null) {
            z = z && isAliasVisible(findAlias.getScope(), findAlias.getName());
        }
        return z;
    }

    public boolean isAliasVisible(String str, String str2) {
        Dictionary<String, Object> scopeConfig = getScopeConfig(str);
        if (scopeConfig == null) {
            return true;
        }
        ArrayList arrayList = new ArrayList();
        ACLConfigurationParser.getRolesForInvocationForAlias(str2, null, null, scopeConfig, arrayList);
        if (arrayList.isEmpty()) {
            return true;
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            if (currentUserHasRole((String) it.next())) {
                return true;
            }
        }
        return false;
    }

    private AliasCommand findAlias(String str, String str2) {
        int indexOf;
        if (this.session == null) {
            return null;
        }
        for (String str3 : (Set) this.session.get(null)) {
            Object obj = this.session.get(str3);
            if (obj != null && "org.apache.felix.gogo.runtime.Closure".equals(obj.getClass().getName()) && (indexOf = str3.indexOf(":")) > 0) {
                String substring = str3.substring(0, indexOf);
                String substring2 = str3.substring(indexOf + 1);
                String obj2 = obj.toString();
                int indexOf2 = obj2.indexOf(" ");
                Object obj3 = indexOf2 > 0 ? ((Closure) obj).get(obj2.substring(0, indexOf2)) : null;
                if ((obj3 instanceof SecuredCommand) && ((SecuredCommand) obj3).getScope().equals(str) && ((SecuredCommand) obj3).getName().equals(str2)) {
                    return new AliasCommand(substring, substring2);
                }
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkSecurity(String str, String str2, List<Object> list) {
        Dictionary<String, Object> scopeConfig = getScopeConfig(str);
        boolean z = false;
        if (scopeConfig == null) {
            ArrayList arrayList = new ArrayList();
            ACLConfigurationParser.getCompulsoryRoles(arrayList);
            if (arrayList.size() == 0) {
                z = true;
            }
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                if (currentUserHasRole((String) it.next())) {
                    z = true;
                }
            }
            if (!z) {
                throw new SecurityException("Insufficient credentials.");
            }
        } else {
            if (!isVisible(str, str2)) {
                throw new CommandNotFoundException(str + ":" + str2);
            }
            ArrayList arrayList2 = new ArrayList();
            if (ACLConfigurationParser.getRolesForInvocation(str2, new Object[]{list.toString()}, null, scopeConfig, arrayList2) == ACLConfigurationParser.Specificity.NO_MATCH) {
                z = true;
            }
            Iterator it2 = arrayList2.iterator();
            while (it2.hasNext()) {
                if (currentUserHasRole((String) it2.next())) {
                    z = true;
                }
            }
            if (!z) {
                throw new SecurityException("Insufficient credentials.");
            }
        }
        AliasCommand findAlias = findAlias(str, str2);
        if (findAlias == null || scopeConfig == null) {
            return;
        }
        if (!isAliasVisible(findAlias.getScope(), findAlias.getName())) {
            throw new CommandNotFoundException(findAlias.getScope() + ":" + findAlias.getName());
        }
        ArrayList arrayList3 = new ArrayList();
        if (ACLConfigurationParser.getRolesForInvocationForAlias(findAlias.getName(), new Object[]{list.toString()}, null, scopeConfig, arrayList3) == ACLConfigurationParser.Specificity.NO_MATCH) {
            return;
        }
        Iterator it3 = arrayList3.iterator();
        while (it3.hasNext()) {
            if (currentUserHasRole((String) it3.next())) {
                return;
            }
        }
        throw new SecurityException("Insufficient credentials.");
    }

    static boolean currentUserHasRole(String str) {
        String name;
        String str2;
        Subject subject;
        int indexOf = str.indexOf(58);
        if (indexOf > 0) {
            name = str.substring(0, indexOf);
            str2 = str.substring(indexOf + 1);
        } else {
            name = RolePrincipal.class.getName();
            str2 = str;
        }
        AccessControlContext context = AccessController.getContext();
        if (context == null || (subject = Subject.getSubject(context)) == null) {
            return false;
        }
        for (Principal principal : subject.getPrincipals()) {
            if (name.equals(principal.getClass().getName()) && str2.equals(principal.getName())) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:16:0x003b. Please report as an issue. */
    public void configurationEvent(ConfigurationEvent configurationEvent) {
        if (configurationEvent.getPid().startsWith(PROXY_COMMAND_ACL_PID_PREFIX)) {
            try {
                synchronized (this.serviceVisibleMap) {
                    if (this.serviceVisibleMap.get() != null) {
                        this.serviceVisibleMap.get().clear();
                    }
                }
                switch (configurationEvent.getType()) {
                    case Converter.LINE /* 1 */:
                        try {
                            addScopeConfig(((ConfigurationAdmin) this.bundleContext.getService(configurationEvent.getReference())).getConfiguration(configurationEvent.getPid(), (String) null));
                            this.bundleContext.ungetService(configurationEvent.getReference());
                            return;
                        } catch (Throwable th) {
                            this.bundleContext.ungetService(configurationEvent.getReference());
                            throw th;
                        }
                    case Converter.PART /* 2 */:
                        removeScopeConfig(configurationEvent.getPid().substring(PROXY_COMMAND_ACL_PID_PREFIX.length()));
                        return;
                    default:
                        return;
                }
            } catch (Exception e) {
                LOGGER.error("Problem processing Configuration Event {}", configurationEvent, e);
            }
        }
    }

    @Override // org.apache.karaf.shell.impl.console.SessionFactoryImpl, org.apache.karaf.shell.impl.console.RegistryImpl, org.apache.karaf.shell.api.console.Registry
    public void unregister(Object obj) {
        synchronized (this.services) {
            super.unregister(obj);
            removeUnregisteredSeriveForAllShell(obj);
        }
    }

    private void removeUnregisteredSeriveForAllShell(Object obj) {
        synchronized (this.serviceVisibleMapForAllThreads) {
            Iterator<Map<Object, Boolean>> it = this.serviceVisibleMapForAllThreads.values().iterator();
            while (it.hasNext()) {
                it.next().remove(obj);
            }
        }
    }

    private void addScopeConfig(Configuration configuration) {
        if (configuration.getPid().startsWith(PROXY_COMMAND_ACL_PID_PREFIX)) {
            String substring = configuration.getPid().substring(PROXY_COMMAND_ACL_PID_PREFIX.length());
            if (substring.indexOf(46) >= 0) {
                return;
            }
            String trim = substring.trim();
            synchronized (this.scopes) {
                if (trim.endsWith(Session.SCOPE_GLOBAL)) {
                    trim = "star";
                }
                this.scopes.put(trim, configuration.getProcessedProperties((ServiceReference) null));
            }
        }
    }

    private void removeScopeConfig(String str) {
        synchronized (this.scopes) {
            this.scopes.remove(str);
        }
    }

    private Dictionary<String, Object> getScopeConfig(String str) {
        Dictionary<String, Object> dictionary;
        synchronized (this.scopes) {
            if (str.equals(Session.SCOPE_GLOBAL)) {
                str = "star";
            }
            dictionary = this.scopes.get(str);
        }
        return dictionary;
    }

    protected void update(ConfigurationAdmin configurationAdmin, ConfigurationAdmin configurationAdmin2) {
        try {
            Configuration[] listConfigurations = configurationAdmin2.listConfigurations(CONFIGURATION_FILTER);
            if (listConfigurations != null) {
                for (Configuration configuration : listConfigurations) {
                    addScopeConfig(configuration);
                }
            }
        } catch (Exception e) {
        }
    }
}
