package org.wso2.carbon.andes.authorization.andes;

import java.util.HashMap;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.andes.kernel.AndesKernelBoot;
import org.wso2.andes.server.queue.DLCQueueUtils;
import org.wso2.andes.server.security.Result;
import org.wso2.andes.server.security.access.ObjectProperties;
import org.wso2.andes.server.security.access.Operation;
import org.wso2.carbon.andes.authorization.internal.AuthorizationServiceDataHolder;
import org.wso2.carbon.andes.commons.CommonsUtil;
import org.wso2.carbon.andes.commons.registry.RegistryClient;
import org.wso2.carbon.andes.commons.registry.RegistryClientException;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.Permission;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.authorization.TreeNode;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/andes/authorization/andes/AndesAuthorizationHandler.class */
public class AndesAuthorizationHandler {
    private static final String DEFAULT_EXCHANGE = "default";
    private static final String DIRECT_EXCHANGE = "amq.direct";
    private static final String TOPIC_EXCHANGE = "amq.topic";
    private static final String PERMISSION_CHANGE_PERMISSION = "changePermission";
    private static final String AT_REPLACE_CHAR = "_";
    private static final String UI_EXECUTE = "ui.execute";
    private static final String PERMISSION_ADMIN_MANAGE_QUEUE_ADD = "/permission/admin/manage/queue/add";
    private static final String PERMISSION_ADMIN_MANAGE_QUEUE_DELETE = "/permission/admin/manage/queue/delete";
    private static final String PERMISSION_ADMIN_MANAGE_QUEUE_PURGE = "/permission/admin/manage/queue/purge";
    private static final String PERMISSION_ADMIN_MANAGE_QUEUE_BROWSE = "/permission/admin/manage/queue/browse";
    private static final String PERMISSION_ADMIN_MANAGE_TOPIC_ADD = "/permission/admin/manage/topic/add";
    private static final String PERMISSION_ADMIN_MANAGE_TOPIC_DELETE = "/permission/admin/manage/topic/delete";
    private static final String QUEUE_ROLE_PREFIX = "Q_";
    private static final String TOPIC_ROLE_PREFIX = "T_";
    private static final String TEMP_QUEUE_SUFFIX = "tmp_";
    private static final String SPACE = " ";
    private static final String PARENT_RESOURCE_PATH = "\\bevent/topics/\\b";
    private static final Log log = LogFactory.getLog(AndesAuthorizationHandler.class);
    private static Map<String, String> temporaryQueueToTopicMap = new HashMap();

    public static Result handleCreateQueue(String str, UserRealm userRealm, ObjectProperties objectProperties, Operation operation) throws AndesAuthorizationHandlerException {
        Result result = Result.DENIED;
        if (null != userRealm) {
            try {
                if (!isOwnDomain((String) objectProperties.get(ObjectProperties.Property.NAME), userRealm, objectProperties)) {
                    result = Result.DENIED;
                } else if (isAdmin(str, userRealm)) {
                    registerAndAuthorizeQueue(str, userRealm, objectProperties);
                    result = Result.ALLOWED;
                } else if (userRealm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN_MANAGE_QUEUE_ADD, UI_EXECUTE)) {
                    registerAndAuthorizeQueue(str, userRealm, objectProperties);
                    result = Result.ALLOWED;
                } else if (userRealm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN_MANAGE_TOPIC_ADD, UI_EXECUTE)) {
                    registerAndAuthorizeQueue(str, userRealm, objectProperties);
                    result = Result.ALLOWED;
                } else if (Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue() && Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.EXCLUSIVE)).booleanValue()) {
                    registerAndAuthorizeQueue(str, userRealm, objectProperties);
                    result = Result.ALLOWED;
                } else if (isTopicSubscriberQueue((String) objectProperties.get(ObjectProperties.Property.NAME)) && !Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue()) {
                    registerAndAuthorizeQueue(str, userRealm, objectProperties);
                    result = Result.ALLOWED;
                }
            } catch (RegistryClientException | UserStoreException e) {
                throw new AndesAuthorizationHandlerException("Error handling create queue.", e);
            }
        }
        if (log.isDebugEnabled()) {
            log.debug(str + SPACE + result.toString().toLowerCase() + SPACE + operation.toString() + SPACE + ((String) objectProperties.get(ObjectProperties.Property.NAME)));
        }
        return result;
    }

    public static Result handleConsumeQueue(String str, UserRealm userRealm, ObjectProperties objectProperties, Operation operation) throws AndesAuthorizationHandlerException {
        Result result = Result.DENIED;
        if (null == userRealm) {
            result = Result.DENIED;
        } else {
            String queueID = CommonsUtil.getQueueID(getRawQueueName((String) objectProperties.get(ObjectProperties.Property.NAME)));
            try {
                if (!isOwnDomain((String) objectProperties.get(ObjectProperties.Property.NAME), userRealm, objectProperties)) {
                    result = Result.DENIED;
                } else if (isAdmin(str, userRealm)) {
                    if (Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue() && Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.EXCLUSIVE)).booleanValue()) {
                        if (userRealm.getAuthorizationManager().isUserAuthorized(str, queueID, TreeNode.Permission.CONSUME.toString().toLowerCase())) {
                            result = Result.ALLOWED;
                        }
                    } else if (!isTopicSubscriberQueue((String) objectProperties.get(ObjectProperties.Property.NAME)) || Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue()) {
                        result = Result.ALLOWED;
                    } else if (userRealm.getAuthorizationManager().isUserAuthorized(str, queueID, TreeNode.Permission.CONSUME.toString().toLowerCase())) {
                        result = Result.ALLOWED;
                    }
                } else if (userRealm.getAuthorizationManager().isUserAuthorized(str, queueID, TreeNode.Permission.CONSUME.toString().toLowerCase())) {
                    result = Result.ALLOWED;
                } else if (isTopicSubscriberQueue((String) objectProperties.get(ObjectProperties.Property.NAME)) && !Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue()) {
                    String str2 = temporaryQueueToTopicMap.get(objectProperties.get(ObjectProperties.Property.NAME));
                    if (null != str2 && isAuthorizeToParentInHierarchy(str, userRealm, CommonsUtil.getTopicID(RegistryClient.getTenantBasedTopicName(str2)), TreeNode.Permission.SUBSCRIBE)) {
                        result = Result.ALLOWED;
                    }
                } else if (Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue() && Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.EXCLUSIVE)).booleanValue()) {
                    result = Result.ALLOWED;
                }
            } catch (UserStoreException | RegistryClientException e) {
                throw new AndesAuthorizationHandlerException("Error handling consume queue.", e);
            }
        }
        if (log.isDebugEnabled()) {
            if (!isTopicSubscriberQueue((String) objectProperties.get(ObjectProperties.Property.NAME)) || Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue()) {
                log.debug(str + SPACE + result.toString().toLowerCase() + SPACE + operation.toString() + SPACE + ((String) objectProperties.get(ObjectProperties.Property.NAME)));
            } else {
                log.debug(str + SPACE + result.toString().toLowerCase() + SPACE + operation.toString() + SPACE + temporaryQueueToTopicMap.get(objectProperties.get(ObjectProperties.Property.NAME)));
            }
        }
        return result;
    }

    public static Result handleBrowseQueue(String str, UserRealm userRealm, ObjectProperties objectProperties, Operation operation) throws AndesAuthorizationHandlerException {
        Result result = Result.DENIED;
        if (null == userRealm) {
            Result result2 = Result.DENIED;
            if (log.isDebugEnabled()) {
                log.debug(str + SPACE + result2.toString().toLowerCase() + SPACE + operation.toString() + SPACE + ((String) objectProperties.get(ObjectProperties.Property.NAME)));
            }
            return result2;
        }
        try {
            if (!isOwnDomain((String) objectProperties.get(ObjectProperties.Property.NAME), userRealm, objectProperties)) {
                result = Result.DENIED;
            } else if (isAdmin(str, userRealm)) {
                result = Result.ALLOWED;
            } else if (userRealm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN_MANAGE_QUEUE_BROWSE, UI_EXECUTE)) {
                result = Result.ALLOWED;
            }
            return result;
        } catch (UserStoreException e) {
            throw new AndesAuthorizationHandlerException("Error handling browse queue.", e);
        }
    }

    public static Result handleBindQueue(String str, UserRealm userRealm, ObjectProperties objectProperties, Operation operation) throws AndesAuthorizationHandlerException {
        Result result = Result.DENIED;
        if (null != userRealm) {
            try {
                String rawExchangeName = getRawExchangeName((String) objectProperties.get(ObjectProperties.Property.NAME));
                String rawQueueName = getRawQueueName((String) objectProperties.get(ObjectProperties.Property.QUEUE_NAME));
                String rawRoutingKey = getRawRoutingKey((String) objectProperties.get(ObjectProperties.Property.ROUTING_KEY));
                String queueID = CommonsUtil.getQueueID(rawQueueName);
                String topicID = CommonsUtil.getTopicID(RegistryClient.getTenantBasedTopicName(rawRoutingKey));
                boolean z = -1;
                switch (rawExchangeName.hashCode()) {
                    case -1118031822:
                        if (rawExchangeName.equals(DIRECT_EXCHANGE)) {
                            z = true;
                            break;
                        }
                        break;
                    case 394529734:
                        if (rawExchangeName.equals(TOPIC_EXCHANGE)) {
                            z = 2;
                            break;
                        }
                        break;
                    case 1544803905:
                        if (rawExchangeName.equals(DEFAULT_EXCHANGE)) {
                            z = false;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        if (!isOwnDomain(rawRoutingKey, userRealm, objectProperties)) {
                            result = Result.DENIED;
                        } else if (isAdmin(str, userRealm)) {
                            result = Result.ALLOWED;
                        } else if (userRealm.getAuthorizationManager().isUserAuthorized(str, queueID, TreeNode.Permission.CONSUME.toString().toLowerCase())) {
                            result = Result.ALLOWED;
                        } else if (Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue() && Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.EXCLUSIVE)).booleanValue()) {
                            result = Result.ALLOWED;
                        } else if (isTopicSubscriberQueue(rawQueueName) && !Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue()) {
                            result = Result.ALLOWED;
                        }
                        if (log.isDebugEnabled()) {
                            log.debug(str + SPACE + result.toString().toLowerCase() + SPACE + operation.toString() + SPACE + ((String) objectProperties.get(ObjectProperties.Property.QUEUE_NAME)));
                            break;
                        }
                        break;
                    case true:
                        if (!isOwnDomain(rawRoutingKey, userRealm, objectProperties)) {
                            result = Result.DENIED;
                        } else if (isAdmin(str, userRealm)) {
                            result = Result.ALLOWED;
                        } else if (userRealm.getAuthorizationManager().isUserAuthorized(str, queueID, TreeNode.Permission.CONSUME.toString().toLowerCase())) {
                            result = Result.ALLOWED;
                        }
                        if (log.isDebugEnabled()) {
                            log.debug(str + SPACE + result.toString().toLowerCase() + SPACE + operation.toString() + SPACE + ((String) objectProperties.get(ObjectProperties.Property.QUEUE_NAME)));
                            break;
                        }
                        break;
                    case true:
                        String replace = rawRoutingKey.replace("@", AT_REPLACE_CHAR);
                        String addInternalDomainName = replace.contains(".") ? UserCoreUtil.addInternalDomainName(TOPIC_ROLE_PREFIX + replace.substring(0, replace.indexOf("."))) : replace.contains("/") ? UserCoreUtil.addInternalDomainName(TOPIC_ROLE_PREFIX + replace.substring(0, replace.indexOf("/"))) : UserCoreUtil.addInternalDomainName(TOPIC_ROLE_PREFIX + replace);
                        UserStoreManager userStoreManager = userRealm.getUserStoreManager();
                        String replace2 = rawQueueName.replace("@", AT_REPLACE_CHAR);
                        if (!isOwnDomain(rawRoutingKey, userRealm, objectProperties)) {
                            result = Result.DENIED;
                        } else if (isAdmin(str, userRealm)) {
                            RegistryClient.createSubscription(replace, replace2, str);
                            temporaryQueueToTopicMap.put(rawQueueName, rawRoutingKey);
                            String[] roleListOfUser = userRealm.getUserStoreManager().getRoleListOfUser(str);
                            String adminRoleName = userRealm.getRealmConfiguration().getAdminRoleName();
                            String str2 = null;
                            int length = roleListOfUser.length;
                            int i = 0;
                            while (true) {
                                if (i < length) {
                                    String str3 = roleListOfUser[i];
                                    if (str3.equals(adminRoleName)) {
                                        str2 = str3;
                                    } else {
                                        i++;
                                    }
                                }
                            }
                            userRealm.getAuthorizationManager().authorizeRole(str2, queueID, TreeNode.Permission.CONSUME.toString().toLowerCase());
                            grantPermissionToHierarchyLevel(str, userRealm, topicID, str2);
                            result = Result.ALLOWED;
                        } else if (!userStoreManager.isExistingRole(addInternalDomainName) && !userRealm.getAuthorizationManager().isUserAuthorized(str, topicID, TreeNode.Permission.SUBSCRIBE.toString().toLowerCase()) && userRealm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN_MANAGE_TOPIC_ADD, UI_EXECUTE)) {
                            if (!(RegistryClient.isResourceExist(CommonsUtil.getTopicID(replace)))) {
                                RegistryClient.createSubscription(replace, replace2, str);
                                authorizeTopicPermissionsToLoggedInUser(str, replace, topicID, rawQueueName, userRealm);
                                result = Result.ALLOWED;
                            }
                        } else if (userRealm.getAuthorizationManager().isUserAuthorized(str, topicID, TreeNode.Permission.SUBSCRIBE.toString().toLowerCase())) {
                            RegistryClient.createSubscription(replace, replace2, str);
                            if (!isTopicSubscriberQueue(rawQueueName) || Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue()) {
                                for (String str4 : userRealm.getUserStoreManager().getRoleListOfUser(str)) {
                                    if (userRealm.getAuthorizationManager().isRoleAuthorized(str4, topicID, TreeNode.Permission.SUBSCRIBE.toString().toLowerCase())) {
                                        userRealm.getAuthorizationManager().authorizeRole(str4, queueID, TreeNode.Permission.CONSUME.toString().toLowerCase());
                                        userRealm.getAuthorizationManager().authorizeRole(str4, queueID, TreeNode.Permission.PUBLISH.toString().toLowerCase());
                                        userRealm.getAuthorizationManager().authorizeRole(str4, queueID, PERMISSION_CHANGE_PERMISSION);
                                    }
                                }
                            } else {
                                temporaryQueueToTopicMap.put(rawQueueName, rawRoutingKey);
                            }
                            result = Result.ALLOWED;
                        }
                        if (log.isDebugEnabled()) {
                            log.debug(str + SPACE + result.toString().toLowerCase() + SPACE + operation.toString() + SPACE + ((String) objectProperties.get(ObjectProperties.Property.ROUTING_KEY)));
                            break;
                        }
                        break;
                }
            } catch (UserStoreException | RegistryClientException e) {
                throw new AndesAuthorizationHandlerException("Error handling bind queue.", e);
            }
        }
        return result;
    }

    public static Result handlePublishToExchange(String str, UserRealm userRealm, ObjectProperties objectProperties, Operation operation) throws AndesAuthorizationHandlerException {
        Result result = Result.DENIED;
        if (null != userRealm) {
            try {
                String rawExchangeName = getRawExchangeName((String) objectProperties.get(ObjectProperties.Property.NAME));
                String rawRoutingKey = getRawRoutingKey((String) objectProperties.get(ObjectProperties.Property.ROUTING_KEY));
                String queueID = CommonsUtil.getQueueID(rawRoutingKey);
                String topicID = CommonsUtil.getTopicID(RegistryClient.getTenantBasedTopicName(rawRoutingKey));
                boolean z = -1;
                switch (rawExchangeName.hashCode()) {
                    case -1118031822:
                        if (rawExchangeName.equals(DIRECT_EXCHANGE)) {
                            z = false;
                            break;
                        }
                        break;
                    case 394529734:
                        if (rawExchangeName.equals(TOPIC_EXCHANGE)) {
                            z = true;
                            break;
                        }
                        break;
                    case 1544803905:
                        if (rawExchangeName.equals(DEFAULT_EXCHANGE)) {
                            z = 2;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        if (!isOwnDomain(rawRoutingKey, userRealm, objectProperties)) {
                            result = Result.DENIED;
                            break;
                        } else if (!isAdmin(str, userRealm)) {
                            if (userRealm.getAuthorizationManager().isUserAuthorized(str, queueID, TreeNode.Permission.PUBLISH.toString().toLowerCase())) {
                                result = Result.ALLOWED;
                                break;
                            }
                        } else {
                            result = Result.ALLOWED;
                            break;
                        }
                        break;
                    case true:
                        if (!isOwnDomain(rawRoutingKey, userRealm, objectProperties)) {
                            result = Result.DENIED;
                            break;
                        } else if (!isAdmin(str, userRealm)) {
                            if (isAuthorizeToParentInHierarchy(str, userRealm, topicID, TreeNode.Permission.PUBLISH)) {
                                result = Result.ALLOWED;
                                break;
                            }
                        } else {
                            result = Result.ALLOWED;
                            break;
                        }
                        break;
                    case true:
                        if (!isOwnDomain(rawRoutingKey, userRealm, objectProperties)) {
                            result = Result.DENIED;
                            break;
                        } else if (!isAdmin(str, userRealm)) {
                            if (userRealm.getAuthorizationManager().isUserAuthorized(str, queueID, TreeNode.Permission.PUBLISH.toString().toLowerCase())) {
                                result = Result.ALLOWED;
                                break;
                            }
                        } else {
                            result = Result.ALLOWED;
                            break;
                        }
                        break;
                }
            } catch (RegistryClientException e) {
                throw new AndesAuthorizationHandlerException("Error checking permission hierarchy", e);
            } catch (UserStoreException e2) {
                throw new AndesAuthorizationHandlerException("Error handling publish queue.", e2);
            }
        }
        if (log.isDebugEnabled()) {
            log.debug(str + SPACE + result.toString().toLowerCase() + SPACE + operation.toString() + SPACE + ((String) objectProperties.get(ObjectProperties.Property.ROUTING_KEY)));
        }
        return result;
    }

    public static Result handleUnbindQueue(String str, UserRealm userRealm, ObjectProperties objectProperties, Operation operation) throws AndesAuthorizationHandlerException {
        String rawExchangeName = getRawExchangeName((String) objectProperties.get(ObjectProperties.Property.NAME));
        String rawQueueName = getRawQueueName((String) objectProperties.get(ObjectProperties.Property.QUEUE_NAME));
        String rawRoutingKey = getRawRoutingKey((String) objectProperties.get(ObjectProperties.Property.ROUTING_KEY));
        String replace = rawRoutingKey.replace("@", AT_REPLACE_CHAR);
        String replace2 = rawQueueName.replace("@", AT_REPLACE_CHAR);
        try {
            if (TOPIC_EXCHANGE.equals(rawExchangeName)) {
                RegistryClient.deleteSubscription(replace, replace2);
                temporaryQueueToTopicMap.remove(rawQueueName);
                if (isAdmin(str, userRealm)) {
                    String[] roleListOfUser = userRealm.getUserStoreManager().getRoleListOfUser(str);
                    String adminRoleName = userRealm.getRealmConfiguration().getAdminRoleName();
                    String str2 = null;
                    int length = roleListOfUser.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        String str3 = roleListOfUser[i];
                        if (str3.equals(adminRoleName)) {
                            str2 = str3;
                            break;
                        }
                        i++;
                    }
                    String queueID = CommonsUtil.getQueueID(rawQueueName);
                    String topicID = CommonsUtil.getTopicID(RegistryClient.getTenantBasedTopicName(rawRoutingKey));
                    userRealm.getAuthorizationManager().clearRoleAuthorization(str2, queueID, TreeNode.Permission.CONSUME.toString().toLowerCase());
                    userRealm.getAuthorizationManager().clearRoleAuthorization(str2, topicID, TreeNode.Permission.SUBSCRIBE.toString().toLowerCase());
                    userRealm.getAuthorizationManager().clearRoleAuthorization(str2, topicID, TreeNode.Permission.PUBLISH.toString().toLowerCase());
                    userRealm.getAuthorizationManager().clearRoleAuthorization(str2, topicID, PERMISSION_CHANGE_PERMISSION);
                }
            }
            if (log.isDebugEnabled()) {
                log.debug(str + SPACE + Result.ALLOWED.toString().toLowerCase() + SPACE + operation.toString() + SPACE + ((String) objectProperties.get(ObjectProperties.Property.ROUTING_KEY)));
            }
            return Result.ALLOWED;
        } catch (RegistryClientException | UserStoreException e) {
            throw new AndesAuthorizationHandlerException("Error handling unbind queue.", e);
        }
    }

    public static Result handleDeleteQueue(String str, UserRealm userRealm, ObjectProperties objectProperties, Operation operation) throws AndesAuthorizationHandlerException {
        Result result = Result.DENIED;
        if (null != userRealm) {
            try {
                String rawQueueName = getRawQueueName((String) objectProperties.get(ObjectProperties.Property.NAME));
                if (!isOwnDomain(rawQueueName, userRealm, objectProperties)) {
                    result = Result.DENIED;
                } else if (isAdmin(str, userRealm)) {
                    deleteQueueFromRegistry(rawQueueName);
                    result = Result.ALLOWED;
                } else if (userRealm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN_MANAGE_QUEUE_DELETE, UI_EXECUTE)) {
                    deleteQueueFromRegistry(rawQueueName);
                    result = Result.ALLOWED;
                } else if (userRealm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN_MANAGE_TOPIC_DELETE, UI_EXECUTE)) {
                    deleteQueueFromRegistry(rawQueueName);
                    result = Result.ALLOWED;
                } else if (Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue() && Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.EXCLUSIVE)).booleanValue()) {
                    deleteQueueFromRegistry(rawQueueName);
                    result = Result.ALLOWED;
                } else if (isTopicSubscriberQueue(rawQueueName) && !Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue()) {
                    deleteQueueFromRegistry(rawQueueName);
                    result = Result.ALLOWED;
                }
            } catch (RegistryClientException | UserStoreException e) {
                throw new AndesAuthorizationHandlerException("Error handling delete queue.", e);
            }
        }
        if (log.isDebugEnabled()) {
            log.debug(str + SPACE + result.toString().toLowerCase() + SPACE + operation.toString() + SPACE + ((String) objectProperties.get(ObjectProperties.Property.NAME)));
        }
        return result;
    }

    public static Result handlePurgeQueue(String str, UserRealm userRealm, ObjectProperties objectProperties, Operation operation) throws AndesAuthorizationHandlerException {
        Result result = Result.DENIED;
        if (null != userRealm) {
            try {
                String rawQueueName = getRawQueueName((String) objectProperties.get(ObjectProperties.Property.NAME));
                if (isAdmin(str, userRealm)) {
                    deleteQueueFromRegistry(rawQueueName);
                    result = Result.ALLOWED;
                } else if (userRealm.getAuthorizationManager().isUserAuthorized(str, PERMISSION_ADMIN_MANAGE_QUEUE_PURGE, UI_EXECUTE)) {
                    deleteQueueFromRegistry(rawQueueName);
                    result = Result.ALLOWED;
                } else if (Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue() && Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.EXCLUSIVE)).booleanValue()) {
                    deleteQueueFromRegistry(rawQueueName);
                    result = Result.ALLOWED;
                } else if (isTopicSubscriberQueue(rawQueueName) && !Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue()) {
                    deleteQueueFromRegistry(rawQueueName);
                    result = Result.ALLOWED;
                }
            } catch (RegistryClientException | UserStoreException e) {
                throw new AndesAuthorizationHandlerException("Error handling purge queue.", e);
            }
        }
        if (log.isDebugEnabled()) {
            log.debug(str + SPACE + result.toString().toLowerCase() + SPACE + operation.toString() + SPACE + ((String) objectProperties.get(ObjectProperties.Property.NAME)));
        }
        return result;
    }

    private static void registerAndAuthorizeQueue(String str, UserRealm userRealm, ObjectProperties objectProperties) throws RegistryClientException, UserStoreException {
        String rawQueueName = getRawQueueName((String) objectProperties.get(ObjectProperties.Property.NAME));
        if (isOwnDomain((String) objectProperties.get(ObjectProperties.Property.NAME), userRealm, objectProperties)) {
            String replace = rawQueueName.replace("@", AT_REPLACE_CHAR);
            RegistryClient.createQueue(replace, str);
            if (log.isDebugEnabled()) {
                log.debug(rawQueueName + " created in the registry");
            }
            String queueID = CommonsUtil.getQueueID(rawQueueName);
            boolean z = true;
            if (Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue() && Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.EXCLUSIVE)).booleanValue()) {
                z = false;
            } else if (isTopicSubscriberQueue((String) objectProperties.get(ObjectProperties.Property.NAME)) && !Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue()) {
                z = false;
            } else if (isAdmin(str, userRealm)) {
                z = false;
            }
            if (z) {
                authorizeQueuePermissionsToLoggedInUser(str, replace, queueID, userRealm);
            }
        }
    }

    private static boolean isAdmin(String str, UserRealm userRealm) throws UserStoreException {
        boolean z = false;
        String[] roleListOfUser = userRealm.getUserStoreManager().getRoleListOfUser(str);
        String adminRoleName = userRealm.getRealmConfiguration().getAdminRoleName();
        int length = roleListOfUser.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (roleListOfUser[i].equals(adminRoleName)) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    private static void deleteQueueFromRegistry(String str) throws RegistryClientException, UserStoreException {
        String replace = str.replace("@", AT_REPLACE_CHAR);
        RegistryClient.deleteQueue(str);
        if (log.isDebugEnabled()) {
            log.debug(str + " deleted from the registry");
        }
        if (AndesKernelBoot.isKernelShuttingDown()) {
            return;
        }
        removeQueueRoleCreateForLoggedInUser(replace);
    }

    private static String getRawQueueName(String str) {
        if (str.contains(";")) {
            str = str.substring(0, str.indexOf(";"));
        }
        return str.substring(str.indexOf(":") + 1, str.length());
    }

    private static String getRawRoutingKey(String str) {
        return str.substring(!str.contains("carbon:") ? 0 : str.indexOf("carbon:"), str.length());
    }

    private static String getRawExchangeName(String str) {
        return str.equals("<<default>>") ? DEFAULT_EXCHANGE : str;
    }

    private static boolean isOwnDomain(String str, UserRealm userRealm, ObjectProperties objectProperties) throws UserStoreException {
        boolean z = false;
        String domain = AuthorizationServiceDataHolder.getInstance().getRealmService().getTenantManager().getDomain(userRealm.getAuthorizationManager().getTenantId());
        if (domain != null) {
            if (!str.substring(str.contains("/") ? str.indexOf("/") + 1 : 0).isEmpty()) {
                if (str.length() >= domain.length() + 1 && str.substring(0, domain.length() + 1).equals(domain + "/")) {
                    z = true;
                } else if (domain.equalsIgnoreCase("carbon.super")) {
                    if (!str.contains("/")) {
                        z = true;
                    }
                } else if (isTopicSubscriberQueue(str) && !Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue()) {
                    z = true;
                } else if (Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.DURABLE)).booleanValue() && Boolean.valueOf((String) objectProperties.get(ObjectProperties.Property.EXCLUSIVE)).booleanValue() && str.substring(str.lastIndexOf(":") + 1).startsWith(domain)) {
                    z = true;
                }
            }
        } else if (!str.contains("/")) {
            z = true;
        }
        return z;
    }

    private static boolean isTopicSubscriberQueue(String str) {
        return str.startsWith(TEMP_QUEUE_SUFFIX);
    }

    private static void authorizeQueuePermissionsToLoggedInUser(String str, String str2, String str3, UserRealm userRealm) throws UserStoreException {
        if (DLCQueueUtils.isDeadLetterQueue(str2)) {
            if (log.isDebugEnabled()) {
                log.debug("Dead letter channel permission to subscribe or consume is not granted to users");
                return;
            }
            return;
        }
        String addInternalDomainName = UserCoreUtil.addInternalDomainName(QUEUE_ROLE_PREFIX + str2.replace(".", "-").replace("/", "-"));
        UserStoreManager userStoreManager = userRealm.getUserStoreManager();
        if (userStoreManager.isExistingRole(addInternalDomainName)) {
            log.warn("Unable to provide permissions to the user,  " + str + ", to subscribe and publish to " + str2);
            return;
        }
        userStoreManager.addRole(addInternalDomainName, new String[]{MultitenantUtils.getTenantAwareUsername(str)}, (Permission[]) null);
        userRealm.getAuthorizationManager().authorizeRole(addInternalDomainName, str3, PERMISSION_CHANGE_PERMISSION);
        userRealm.getAuthorizationManager().authorizeRole(addInternalDomainName, str3, TreeNode.Permission.CONSUME.toString().toLowerCase());
        userRealm.getAuthorizationManager().authorizeRole(addInternalDomainName, str3, TreeNode.Permission.PUBLISH.toString().toLowerCase());
        if (log.isDebugEnabled()) {
            log.debug("permission granted to user = " + str + " role = " + addInternalDomainName + " queue = " + str2 + " queueId = " + str3);
        }
    }

    private static void authorizeTopicPermissionsToLoggedInUser(String str, String str2, String str3, String str4, UserRealm userRealm) throws UserStoreException {
        String addInternalDomainName = UserCoreUtil.addInternalDomainName(TOPIC_ROLE_PREFIX + str2.replace(".*", "").replace(".#", "").replace(".", "-").replace("/", "-"));
        UserStoreManager userStoreManager = userRealm.getUserStoreManager();
        String[] strArr = {MultitenantUtils.getTenantAwareUsername(str)};
        String queueID = CommonsUtil.getQueueID(str4);
        if (!userStoreManager.isExistingRole(addInternalDomainName)) {
            userStoreManager.addRole(addInternalDomainName, strArr, (Permission[]) null);
        }
        boolean z = true;
        String[] userListOfRole = userStoreManager.getUserListOfRole(addInternalDomainName);
        int length = userListOfRole.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (str.equals(userListOfRole[i])) {
                z = false;
                break;
            }
            i++;
        }
        if (z) {
            userStoreManager.updateUserListOfRole(addInternalDomainName, new String[0], strArr);
        }
        grantPermissionToHierarchyLevel(str, userRealm, str3, addInternalDomainName);
        if (isTopicSubscriberQueue(str4)) {
            temporaryQueueToTopicMap.put(str4, str2);
        } else {
            userRealm.getAuthorizationManager().authorizeRole(addInternalDomainName, queueID, TreeNode.Permission.CONSUME.toString().toLowerCase());
            userRealm.getAuthorizationManager().authorizeRole(addInternalDomainName, queueID, TreeNode.Permission.PUBLISH.toString().toLowerCase());
            userRealm.getAuthorizationManager().authorizeRole(addInternalDomainName, queueID, PERMISSION_CHANGE_PERMISSION);
        }
        if (log.isDebugEnabled()) {
            log.debug("permission granted to user = " + str + " role = " + addInternalDomainName + " topic = " + str2 + " topicId = " + str3);
        }
    }

    private static void removeQueueRoleCreateForLoggedInUser(String str) throws UserStoreException {
        String addInternalDomainName = UserCoreUtil.addInternalDomainName(QUEUE_ROLE_PREFIX + str.replace(".", "-").replace("/", "-"));
        AuthorizationManager authorizationManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getAuthorizationManager();
        UserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager();
        if (userStoreManager.isExistingRole(addInternalDomainName)) {
            userStoreManager.deleteRole(addInternalDomainName);
            authorizationManager.clearResourceAuthorizations(CommonsUtil.getQueueID(str));
        }
        if (log.isDebugEnabled()) {
            log.debug("role " + addInternalDomainName + " associated with queue " + str + " deleted");
        }
    }

    private static void grantPermissionToHierarchyLevel(String str, UserRealm userRealm, String str2, String str3) throws UserStoreException {
        StringTokenizer stringTokenizer = new StringTokenizer(str2, "/");
        StringBuilder sb = new StringBuilder();
        int countTokens = stringTokenizer.countTokens();
        int i = 0;
        Pattern compile = Pattern.compile(PARENT_RESOURCE_PATH);
        while (stringTokenizer.hasMoreElements()) {
            sb.append(stringTokenizer.nextElement().toString());
            if (compile.matcher(sb.toString()).find()) {
                userRealm.getAuthorizationManager().authorizeRole(str3, sb.toString(), TreeNode.Permission.SUBSCRIBE.toString().toLowerCase());
                userRealm.getAuthorizationManager().authorizeRole(str3, sb.toString(), TreeNode.Permission.PUBLISH.toString().toLowerCase());
                userRealm.getAuthorizationManager().authorizeRole(str3, sb.toString(), PERMISSION_CHANGE_PERMISSION);
            }
            i++;
            if (i < countTokens) {
                sb.append("/");
            }
            if (log.isDebugEnabled()) {
                log.debug("permission granted to user = " + str + " role = " + str3 + " hierarchical topic = " + sb.toString());
            }
        }
    }

    private static boolean isAuthorizeToParentInHierarchy(String str, UserRealm userRealm, String str2, TreeNode.Permission permission) throws UserStoreException, RegistryClientException {
        if (!RegistryClient.isResourceExist(str2)) {
            return false;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str2, "/");
        StringBuilder sb = new StringBuilder();
        int countTokens = stringTokenizer.countTokens();
        int i = 0;
        boolean z = false;
        Pattern compile = Pattern.compile(PARENT_RESOURCE_PATH);
        while (true) {
            if (!stringTokenizer.hasMoreElements()) {
                break;
            }
            sb.append(stringTokenizer.nextElement().toString());
            if (compile.matcher(sb.toString()).find() && userRealm.getAuthorizationManager().isUserAuthorized(str, sb.toString(), permission.toString().toLowerCase())) {
                z = true;
                break;
            }
            i++;
            if (i < countTokens) {
                sb.append("/");
            }
        }
        if (log.isDebugEnabled()) {
            log.debug(str + " is authorized to parent hierarchy topic = " + sb.toString() + " topicId = " + str2 + SPACE + z);
        }
        return z;
    }
}
