package org.wso2.carbon.andes.authorization.andes;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.andes.server.security.Result;
import org.wso2.andes.server.security.access.ObjectProperties;
import org.wso2.carbon.andes.commons.CommonsUtil;
import org.wso2.carbon.andes.commons.registry.RegistryClient;
import org.wso2.carbon.andes.commons.registry.RegistryClientException;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.authorization.TreeNode;

/* loaded from: input_file:org/wso2/carbon/andes/authorization/andes/QpidAuthorizationHandler.class */
public class QpidAuthorizationHandler {
    private static final Log log = LogFactory.getLog(QpidAuthorizationHandler.class);
    private static final String DEFAULT_EXCHANGE = "default";
    private static final String DIRECT_EXCHANGE = "amq.direct";
    private static final String TOPIC_EXCHANGE = "amq.topic";
    private static final String PERMISSION_CHANGE_PERMISSION = "changePermission";
    private static final String AT_REPLACE_CHAR = "_";
    private static final String UI_EXECUTE = "ui.execute";
    private static final String PERMISSION_ADMIN_MANAGE_QUEUE_ADD_QUEUE = "/permission/admin/manage/queue/addQueue";
    private static final String PERMISSION_ADMIN_MANAGE_QUEUE_BROWSE_QUEUE = "/permission/admin/manage/queue/browseQueue";
    private static final String PERMISSION_ADMIN_MANAGE_QUEUE_DELETE_QUEUE = "/permission/admin/manage/queue/deleteQueue";
    private static final String PERMISSION_ADMIN_MANAGE_QUEUE_PURGE_QUEUE = "/permission/admin/manage/queue/purgeQueue";
    private static final String PERMISSION_ADMIN_MANAGE_TOPIC_ADD_TOPIC = "/permission/admin/manage/topic/addTopic";
    private static final String PERMISSION_ADMIN_MANAGE_TOPIC_DELETE_TOPIC = "/permission/admin/manage/topic/deleteTopic";
    private static final String PERMISSION_ADMIN_MANAGE_TOPIC_PURGE_TOPIC = "/permission/admin/manage/topic/purgeTopic";
    private static final String PERMISSION_ADMIN_MANAGE_DLC_BROWSE_DLC = "/permission/admin/manage/dlc/browseDlc";

    public static Result handleCreateQueue(String str, UserRealm userRealm, ObjectProperties objectProperties) throws QpidAuthorizationHandlerException {
        if (null != userRealm) {
            try {
                if (isAdminUser(str, userRealm) || userRealm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN_MANAGE_QUEUE_ADD_QUEUE, UI_EXECUTE) || userRealm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN_MANAGE_TOPIC_ADD_TOPIC, UI_EXECUTE)) {
                    String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
                    String rawQueueName = getRawQueueName((String) objectProperties.get(ObjectProperties.Property.NAME));
                    RegistryClient.createQueue(rawQueueName.replace("@", AT_REPLACE_CHAR), str);
                    String queueID = CommonsUtil.getQueueID(rawQueueName);
                    if (isOwnDomain(tenantDomain, rawQueueName) || isTopicSubscriberQueue(rawQueueName)) {
                        UserStoreManager userStoreManager = userRealm.getUserStoreManager();
                        String everyOneRoleName = userRealm.getRealmConfiguration().getEveryOneRoleName();
                        for (String str2 : userStoreManager.getRoleListOfUser(str)) {
                            if (!str2.equals(everyOneRoleName) && userStoreManager.isExistingRole(str2)) {
                                userRealm.getAuthorizationManager().authorizeRole(str2, queueID, TreeNode.Permission.CONSUME.toString().toLowerCase());
                                userRealm.getAuthorizationManager().authorizeRole(str2, queueID, TreeNode.Permission.PUBLISH.toString().toLowerCase());
                                userRealm.getAuthorizationManager().authorizeRole(str2, queueID, PERMISSION_CHANGE_PERMISSION);
                            }
                        }
                        return Result.ALLOWED;
                    }
                }
            } catch (UserStoreException e) {
                throw new QpidAuthorizationHandlerException("Error handling create queue.", e);
            } catch (RegistryClientException e2) {
                throw new QpidAuthorizationHandlerException("Error handling create queue.", e2);
            }
        }
        return Result.DENIED;
    }

    public static Result handleConsumeQueue(String str, UserRealm userRealm, ObjectProperties objectProperties) throws QpidAuthorizationHandlerException {
        if (null != userRealm) {
            try {
                if (isAdminUser(str, userRealm) || userRealm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN_MANAGE_QUEUE_BROWSE_QUEUE, UI_EXECUTE) || userRealm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN_MANAGE_DLC_BROWSE_DLC, UI_EXECUTE)) {
                    String rawQueueName = getRawQueueName((String) objectProperties.get(ObjectProperties.Property.NAME));
                    String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
                    String queueID = CommonsUtil.getQueueID(rawQueueName);
                    if (isAdminUser(str, userRealm)) {
                        if (isOwnDomain(tenantDomain, rawQueueName)) {
                            return Result.ALLOWED;
                        }
                    }
                    if (userRealm.getAuthorizationManager().isUserAuthorized(str, queueID, TreeNode.Permission.CONSUME.toString().toLowerCase())) {
                        return Result.ALLOWED;
                    }
                }
            } catch (UserStoreException e) {
                throw new QpidAuthorizationHandlerException("Error handling consume queue.", e);
            }
        }
        return Result.DENIED;
    }

    public static Result handleBindQueue(String str, UserRealm userRealm, ObjectProperties objectProperties) throws QpidAuthorizationHandlerException {
        if (null != userRealm) {
            try {
                String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
                String rawExchangeName = getRawExchangeName((String) objectProperties.get(ObjectProperties.Property.NAME));
                String rawQueueName = getRawQueueName((String) objectProperties.get(ObjectProperties.Property.QUEUE_NAME));
                String rawRoutingKey = getRawRoutingKey((String) objectProperties.get(ObjectProperties.Property.ROUTING_KEY));
                if (DEFAULT_EXCHANGE.equals(rawExchangeName)) {
                    String queueID = CommonsUtil.getQueueID(rawQueueName);
                    if ((!isAdminUser(str, userRealm) || !isOwnDomain(tenantDomain, rawQueueName)) && !userRealm.getAuthorizationManager().isUserAuthorized(str, queueID, TreeNode.Permission.CONSUME.toString().toLowerCase())) {
                    }
                    return Result.ALLOWED;
                }
                if (DIRECT_EXCHANGE.equals(rawExchangeName)) {
                    String queueID2 = CommonsUtil.getQueueID(rawQueueName);
                    if ((!isAdminUser(str, userRealm) || !isOwnDomain(tenantDomain, rawQueueName)) && !userRealm.getAuthorizationManager().isUserAuthorized(str, queueID2, TreeNode.Permission.CONSUME.toString().toLowerCase())) {
                    }
                    return Result.ALLOWED;
                }
                if (TOPIC_EXCHANGE.equals(rawExchangeName)) {
                    String topicID = CommonsUtil.getTopicID(rawRoutingKey);
                    String replace = rawRoutingKey.replace("@", AT_REPLACE_CHAR);
                    String replace2 = rawQueueName.replace("@", AT_REPLACE_CHAR);
                    if (isAdminUser(str, userRealm) && (isOwnDomain(tenantDomain, rawQueueName) || isTopicSubscriberQueue(rawQueueName))) {
                        RegistryClient.createSubscription(replace, replace2, str);
                        return Result.ALLOWED;
                    }
                    if (userRealm.getAuthorizationManager().isUserAuthorized(str, topicID, TreeNode.Permission.SUBSCRIBE.toString().toLowerCase())) {
                        RegistryClient.createSubscription(replace, replace2, str);
                        return Result.ALLOWED;
                    }
                }
            } catch (RegistryClientException e) {
                throw new QpidAuthorizationHandlerException("Error hanlding bind queue.", e);
            } catch (UserStoreException e2) {
                throw new QpidAuthorizationHandlerException("Error hanlding bind queue.", e2);
            }
        }
        return Result.DENIED;
    }

    public static Result handlePublishToExchange(String str, UserRealm userRealm, ObjectProperties objectProperties) throws QpidAuthorizationHandlerException {
        if (null != userRealm) {
            try {
                String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
                String rawExchangeName = getRawExchangeName((String) objectProperties.get(ObjectProperties.Property.NAME));
                String rawRoutingKey = getRawRoutingKey((String) objectProperties.get(ObjectProperties.Property.ROUTING_KEY));
                if (DIRECT_EXCHANGE.equals(rawExchangeName)) {
                    String queueID = CommonsUtil.getQueueID(rawRoutingKey);
                    if ((!isAdminUser(str, userRealm) || !isOwnDomain(tenantDomain, rawRoutingKey)) && !userRealm.getAuthorizationManager().isUserAuthorized(str, queueID, TreeNode.Permission.PUBLISH.toString().toLowerCase())) {
                    }
                    return Result.ALLOWED;
                }
                if (TOPIC_EXCHANGE.equals(rawExchangeName)) {
                    String topicID = CommonsUtil.getTopicID(rawRoutingKey);
                    if (!isAdminUser(str, userRealm) && !userRealm.getAuthorizationManager().isUserAuthorized(str, topicID, TreeNode.Permission.PUBLISH.toString().toLowerCase())) {
                    }
                    return Result.ALLOWED;
                }
                if (DEFAULT_EXCHANGE.equals(rawExchangeName)) {
                    String queueID2 = CommonsUtil.getQueueID(rawRoutingKey);
                    if (isAdminUser(str, userRealm)) {
                        if (isOwnDomain(tenantDomain, rawRoutingKey)) {
                            return Result.ALLOWED;
                        }
                    }
                    if (userRealm.getAuthorizationManager().isUserAuthorized(str, queueID2, TreeNode.Permission.PUBLISH.toString().toLowerCase())) {
                        return Result.ALLOWED;
                    }
                }
            } catch (UserStoreException e) {
                throw new QpidAuthorizationHandlerException("Error handling publish to exchange.", e);
            }
        }
        return Result.DENIED;
    }

    public static Result handleUnbindQueue(ObjectProperties objectProperties) throws QpidAuthorizationHandlerException {
        try {
            String rawExchangeName = getRawExchangeName((String) objectProperties.get(ObjectProperties.Property.NAME));
            String rawQueueName = getRawQueueName((String) objectProperties.get(ObjectProperties.Property.QUEUE_NAME));
            String replace = getRawRoutingKey((String) objectProperties.get(ObjectProperties.Property.ROUTING_KEY)).replace("@", AT_REPLACE_CHAR);
            String replace2 = rawQueueName.replace("@", AT_REPLACE_CHAR);
            if (TOPIC_EXCHANGE.equals(rawExchangeName)) {
                RegistryClient.deleteSubscription(replace, replace2);
            }
            return Result.ALLOWED;
        } catch (RegistryClientException e) {
            throw new QpidAuthorizationHandlerException("Error handling unbind queue.", e);
        }
    }

    public static Result handleDeleteQueue(String str, UserRealm userRealm, ObjectProperties objectProperties) throws QpidAuthorizationHandlerException {
        try {
            if (!isAdminUser(str, userRealm) && !userRealm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN_MANAGE_QUEUE_DELETE_QUEUE, UI_EXECUTE) && !userRealm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN_MANAGE_TOPIC_DELETE_TOPIC, UI_EXECUTE)) {
                return Result.DENIED;
            }
            RegistryClient.deleteQueue(getRawQueueName((String) objectProperties.get(ObjectProperties.Property.NAME)).replace("@", AT_REPLACE_CHAR));
            return Result.ALLOWED;
        } catch (UserStoreException e) {
            throw new QpidAuthorizationHandlerException("Error handling delete queue.", e);
        } catch (RegistryClientException e2) {
            throw new QpidAuthorizationHandlerException("Error handling delete queue.", e2);
        }
    }

    public static Result handlePurgeQueue(String str, UserRealm userRealm, ObjectProperties objectProperties) throws QpidAuthorizationHandlerException {
        try {
            return (isAdminUser(str, userRealm) || userRealm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN_MANAGE_QUEUE_PURGE_QUEUE, UI_EXECUTE) || userRealm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN_MANAGE_TOPIC_PURGE_TOPIC, UI_EXECUTE)) ? Result.ALLOWED : Result.DENIED;
        } catch (UserStoreException e) {
            throw new QpidAuthorizationHandlerException("Error handling purge queue.", e);
        }
    }

    private static String getRawQueueName(String str) {
        if (str.contains(";")) {
            str = str.substring(0, str.indexOf(";"));
        }
        return str.substring(str.indexOf(":") + 1, str.length());
    }

    private static String getRawRoutingKey(String str) {
        return str.substring(str.indexOf("carbon:") + 1, str.length());
    }

    private static String getRawExchangeName(String str) {
        return str.equals("<<default>>") ? DEFAULT_EXCHANGE : str;
    }

    private static boolean isAdminUser(String str, UserRealm userRealm) {
        try {
            String[] roleListOfUser = userRealm.getUserStoreManager().getRoleListOfUser(str);
            String adminRoleName = userRealm.getRealmConfiguration().getAdminRoleName();
            for (String str2 : roleListOfUser) {
                if (adminRoleName.equals(str2)) {
                    return true;
                }
            }
            return false;
        } catch (UserStoreException e) {
            log.error("Error while retrieving roles for user " + str, e);
            return false;
        }
    }

    private static boolean isOwnDomain(String str, String str2) {
        boolean z = false;
        if (str != null) {
            if (str2.length() >= str.length() + 1 && str2.substring(0, str.length() + 1).equals(str + "/")) {
                z = true;
            } else if (str.equalsIgnoreCase("carbon.super") && !str2.contains("/")) {
                z = true;
            }
        } else if (!str2.contains("/")) {
            z = true;
        }
        return z;
    }

    private static boolean isTopicSubscriberQueue(String str) {
        return str.startsWith("tmp_");
    }
}
