package org.apache.qpid.server.management;

import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.security.AccessController;
import java.security.Principal;
import java.util.Properties;
import java.util.Set;
import javax.management.JMException;
import javax.management.MBeanInfo;
import javax.management.MBeanOperationInfo;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.management.remote.JMXPrincipal;
import javax.management.remote.MBeanServerForwarder;
import javax.security.auth.Subject;
import org.apache.log4j.Logger;
import org.apache.qpid.server.security.access.management.UserManagement;

/* loaded from: input_file:org/apache/qpid/server/management/MBeanInvocationHandlerImpl.class */
public class MBeanInvocationHandlerImpl implements InvocationHandler {
    public static final String ADMIN = "admin";
    public static final String READWRITE = "readwrite";
    public static final String READONLY = "readonly";
    private static final String DELEGATE = "JMImplementation:type=MBeanServerDelegate";
    private MBeanServer mbs;
    private static final Logger _logger = Logger.getLogger(MBeanInvocationHandlerImpl.class);
    private static Properties _userRoles = new Properties();

    public static MBeanServerForwarder newProxyInstance() {
        return (MBeanServerForwarder) MBeanServerForwarder.class.cast(Proxy.newProxyInstance(MBeanServerForwarder.class.getClassLoader(), new Class[]{MBeanServerForwarder.class}, new MBeanInvocationHandlerImpl()));
    }

    @Override // java.lang.reflect.InvocationHandler
    public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
        String name = method.getName();
        if (name.equals("getMBeanServer")) {
            return this.mbs;
        }
        if (name.equals("setMBeanServer")) {
            if (objArr[0] == null) {
                throw new IllegalArgumentException("Null MBeanServer");
            }
            if (this.mbs != null) {
                throw new IllegalArgumentException("MBeanServer object already initialized");
            }
            this.mbs = (MBeanServer) objArr[0];
            return null;
        }
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (subject == null) {
            return method.invoke(this.mbs, objArr);
        }
        if (objArr == null || DELEGATE.equals(objArr[0])) {
            return method.invoke(this.mbs, objArr);
        }
        if (name.equals("createMBean") || name.equals("unregisterMBean")) {
            _logger.debug("User trying to create or unregister an MBean");
            throw new SecurityException("Access denied");
        }
        Set principals = subject.getPrincipals(JMXPrincipal.class);
        if (principals == null || principals.isEmpty()) {
            throw new SecurityException("Access denied");
        }
        String name2 = ((Principal) principals.iterator().next()).getName();
        if (isAdminMethod(objArr)) {
            if (isAdmin(name2)) {
                return method.invoke(this.mbs, objArr);
            }
            throw new SecurityException("Access denied");
        }
        if (isAllowedToModify(name2)) {
            return method.invoke(this.mbs, objArr);
        }
        if (isReadOnlyUser(name2) && isReadOnlyMethod(method, objArr)) {
            return method.invoke(this.mbs, objArr);
        }
        throw new SecurityException("Access denied");
    }

    private boolean isAdminMethod(Object[] objArr) {
        if (objArr[0] instanceof ObjectName) {
            return UserManagement.TYPE.equals(((ObjectName) objArr[0]).getKeyProperty("type"));
        }
        return false;
    }

    public static void setAccessRights(Properties properties) {
        _userRoles = properties;
    }

    private boolean isAdmin(String str) {
        return ADMIN.equals(_userRoles.getProperty(str));
    }

    private boolean isAllowedToModify(String str) {
        return ADMIN.equals(_userRoles.getProperty(str)) || READWRITE.equals(_userRoles.getProperty(str));
    }

    private boolean isReadOnlyUser(String str) {
        return READONLY.equals(_userRoles.getProperty(str));
    }

    private boolean isReadOnlyMethod(Method method, Object[] objArr) {
        String name = method.getName();
        if (name.startsWith("query") || name.startsWith("get")) {
            return true;
        }
        if (name.startsWith("set") || !(objArr[0] instanceof ObjectName) || !name.equals("invoke")) {
            return false;
        }
        String str = objArr.length > 1 ? (String) objArr[1] : null;
        if (str == null) {
            return false;
        }
        try {
            MBeanInfo mBeanInfo = this.mbs.getMBeanInfo((ObjectName) objArr[0]);
            if (mBeanInfo != null) {
                for (MBeanOperationInfo mBeanOperationInfo : mBeanInfo.getOperations()) {
                    if (mBeanOperationInfo.getName().equals(str) && mBeanOperationInfo.getImpact() == 0) {
                        return true;
                    }
                }
            }
            return false;
        } catch (JMException e) {
            e.printStackTrace();
            return false;
        }
    }
}
