package org.owasp.esapi.reference.accesscontrol;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Logger;
import org.owasp.esapi.errors.AccessControlException;
import org.owasp.esapi.errors.IntrusionException;

/* loaded from: input_file:org/owasp/esapi/reference/accesscontrol/FileBasedACRs.class */
public class FileBasedACRs {
    private Map urlMap = new HashMap();
    private Map functionMap = new HashMap();
    private Map dataMap = new HashMap();
    private Map fileMap = new HashMap();
    private Map serviceMap = new HashMap();
    private Rule deny = new Rule();
    private Logger logger = ESAPI.getLogger("FileBasedACRs");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/owasp/esapi/reference/accesscontrol/FileBasedACRs$Rule.class */
    public class Rule {
        protected String path = "";
        protected Set roles = new HashSet();
        protected boolean allow = false;
        protected Class clazz = null;
        protected List actions = new ArrayList();

        protected Rule() {
        }

        public String toString() {
            return "URL:" + this.path + " | " + this.roles + " | " + (this.allow ? "allow" : "deny");
        }
    }

    public boolean isAuthorizedForURL(String str) {
        if (this.urlMap == null || this.urlMap.isEmpty()) {
            this.urlMap = loadRules("URLAccessRules.txt");
        }
        return matchRule(this.urlMap, str);
    }

    public boolean isAuthorizedForFunction(String str) throws AccessControlException {
        if (this.functionMap == null || this.functionMap.isEmpty()) {
            this.functionMap = loadRules("FunctionAccessRules.txt");
        }
        return matchRule(this.functionMap, str);
    }

    public boolean isAuthorizedForData(String str, Object obj) throws AccessControlException {
        if (this.dataMap == null || this.dataMap.isEmpty()) {
            this.dataMap = loadDataRules("DataAccessRules.txt");
        }
        return matchRule(this.dataMap, (Class) obj, str);
    }

    public boolean isAuthorizedForFile(String str) throws AccessControlException {
        if (this.fileMap == null || this.fileMap.isEmpty()) {
            this.fileMap = loadRules("FileAccessRules.txt");
        }
        return matchRule(this.fileMap, str.replaceAll("\\\\", "/"));
    }

    public boolean isAuthorizedForService(String str) throws AccessControlException {
        if (this.serviceMap == null || this.serviceMap.isEmpty()) {
            this.serviceMap = loadRules("ServiceAccessRules.txt");
        }
        return matchRule(this.serviceMap, str);
    }

    private boolean matchRule(Map map, String str) {
        return searchForRule(map, ESAPI.authenticator().getCurrentUser().getRoles(), str).allow;
    }

    private boolean matchRule(Map map, Class cls, String str) {
        return searchForRule(map, ESAPI.authenticator().getCurrentUser().getRoles(), cls, str) != null;
    }

    private Rule searchForRule(Map map, Set set, String str) {
        String canonicalize = ESAPI.encoder().canonicalize(str);
        if (canonicalize == null) {
            canonicalize = "";
        }
        while (canonicalize.endsWith("/")) {
            canonicalize = canonicalize.substring(0, canonicalize.length() - 1);
        }
        if (canonicalize.indexOf("..") != -1) {
            throw new IntrusionException("Attempt to manipulate access control path", "Attempt to manipulate access control path: " + str);
        }
        int lastIndexOf = canonicalize.lastIndexOf(".");
        String substring = lastIndexOf != -1 ? canonicalize.substring(lastIndexOf + 1) : "";
        Rule rule = (Rule) map.get(canonicalize);
        if (rule == null) {
            rule = (Rule) map.get(canonicalize + "/*");
        }
        if (rule == null) {
            rule = (Rule) map.get("*." + substring);
        }
        if (rule != null && overlap(rule.roles, set)) {
            return rule;
        }
        if (canonicalize.lastIndexOf(47) == -1) {
            return this.deny;
        }
        String substring2 = canonicalize.substring(0, canonicalize.lastIndexOf(47));
        return substring2.length() <= 1 ? this.deny : searchForRule(map, set, substring2);
    }

    private Rule searchForRule(Map map, Set set, Class cls, String str) {
        Rule rule = (Rule) map.get(cls);
        if (rule != null && overlap(rule.actions, str) && overlap(rule.roles, set)) {
            return rule;
        }
        return null;
    }

    private boolean overlap(Set set, Set set2) {
        if (set.contains("any")) {
            return true;
        }
        Iterator it = set2.iterator();
        while (it.hasNext()) {
            if (set.contains((String) it.next())) {
                return true;
            }
        }
        return false;
    }

    private boolean overlap(List list, String str) {
        return list.contains(str);
    }

    private List validateRoles(List list) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < list.size(); i++) {
            String canonicalize = ESAPI.encoder().canonicalize(((String) list.get(i)).trim());
            if (ESAPI.validator().isValidInput("Validating user roles in FileBasedAccessController", canonicalize, "RoleName", 20, false)) {
                arrayList.add(canonicalize.trim());
            } else {
                this.logger.warning(Logger.SECURITY_FAILURE, "Role: " + ((String) list.get(i)).trim() + " is invalid, so was not added to the list of roles for this Rule.");
            }
        }
        return arrayList;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:27:0x0159
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private java.util.Map loadRules(java.lang.String r6) {
        /*
            Method dump skipped, instructions count: 384
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.owasp.esapi.reference.accesscontrol.FileBasedACRs.loadRules(java.lang.String):java.util.Map");
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:31:0x017f
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private java.util.Map loadDataRules(java.lang.String r6) {
        /*
            Method dump skipped, instructions count: 422
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.owasp.esapi.reference.accesscontrol.FileBasedACRs.loadDataRules(java.lang.String):java.util.Map");
    }

    private List commaSplit(String str) {
        return Arrays.asList(str.split(","));
    }
}
