package org.wso2.carbon.andes.authorization.service.andes;

import java.security.Principal;
import javax.security.auth.Subject;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.andes.configuration.qpid.plugins.ConfigurationPlugin;
import org.wso2.andes.server.security.AbstractPlugin;
import org.wso2.andes.server.security.Result;
import org.wso2.andes.server.security.SecurityManager;
import org.wso2.andes.server.security.SecurityPluginFactory;
import org.wso2.andes.server.security.access.ObjectProperties;
import org.wso2.andes.server.security.access.ObjectType;
import org.wso2.andes.server.security.access.Operation;
import org.wso2.carbon.andes.authorization.andes.AndesAuthorizationHandler;
import org.wso2.carbon.andes.authorization.andes.AndesAuthorizationHandlerException;
import org.wso2.carbon.andes.authorization.internal.AuthorizationServiceDataHolder;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;

/* loaded from: input_file:org/wso2/carbon/andes/authorization/service/andes/AndesAuthorizationPlugin.class */
public class AndesAuthorizationPlugin extends AbstractPlugin {
    private static final String DOMAIN_NAME_SEPARATOR = "!";
    private static final Log logger = LogFactory.getLog(AndesAuthorizationPlugin.class);
    public static final SecurityPluginFactory<AndesAuthorizationPlugin> FACTORY = new SecurityPluginFactory<AndesAuthorizationPlugin>() { // from class: org.wso2.carbon.andes.authorization.service.andes.AndesAuthorizationPlugin.1
        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public AndesAuthorizationPlugin m6newInstance(ConfigurationPlugin configurationPlugin) throws ConfigurationException {
            return new AndesAuthorizationPlugin();
        }

        public String getPluginName() {
            return AndesAuthorizationPlugin.class.getName();
        }

        public Class<AndesAuthorizationPlugin> getPluginClass() {
            return AndesAuthorizationPlugin.class;
        }
    };

    /* renamed from: org.wso2.carbon.andes.authorization.service.andes.AndesAuthorizationPlugin$2, reason: invalid class name */
    /* loaded from: input_file:org/wso2/carbon/andes/authorization/service/andes/AndesAuthorizationPlugin$2.class */
    static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$wso2$andes$server$security$access$Operation = new int[Operation.values().length];

        static {
            try {
                $SwitchMap$org$wso2$andes$server$security$access$Operation[Operation.CREATE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$wso2$andes$server$security$access$Operation[Operation.BIND.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$wso2$andes$server$security$access$Operation[Operation.PUBLISH.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$wso2$andes$server$security$access$Operation[Operation.CONSUME.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$wso2$andes$server$security$access$Operation[Operation.BROWSE.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$wso2$andes$server$security$access$Operation[Operation.UNBIND.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$wso2$andes$server$security$access$Operation[Operation.DELETE.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$wso2$andes$server$security$access$Operation[Operation.PURGE.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    public Result access(ObjectType objectType, Object obj) {
        try {
        } catch (Exception e) {
            logger.error("Authorising access to broker failed.", e);
        }
        if (((Principal) SecurityManager.getThreadSubject().getPrincipals().toArray()[0]) == null) {
            return getDefault();
        }
        if (objectType == ObjectType.VIRTUALHOST) {
            return Result.ALLOWED;
        }
        return Result.DENIED;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:18:0x00a8. Please report as an issue. */
    public Result authorise(Operation operation, ObjectType objectType, ObjectProperties objectProperties) {
        Principal principal;
        try {
            PrivilegedCarbonContext.startTenantFlow();
            Subject threadSubject = SecurityManager.getThreadSubject();
            principal = null;
            if (threadSubject != null) {
                principal = (Principal) threadSubject.getPrincipals().toArray()[0];
            }
        } catch (AndesAuthorizationHandlerException e) {
            logger.error("Error while invoking AndesAuthorizationHandler", e);
        } finally {
            PrivilegedCarbonContext.endTenantFlow();
        }
        if (principal == null) {
            Result result = getDefault();
            PrivilegedCarbonContext.endTenantFlow();
            return result;
        }
        String name = principal.getName();
        if (name.contains(DOMAIN_NAME_SEPARATOR)) {
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(name.substring(name.lastIndexOf(DOMAIN_NAME_SEPARATOR) + 1));
            PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true);
        } else {
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(-1234);
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain("carbon.super");
        }
        UserRealm userRealm = getUserRealm(name);
        int lastIndexOf = name.lastIndexOf(DOMAIN_NAME_SEPARATOR);
        if (-1 != lastIndexOf) {
            name = name.substring(0, lastIndexOf).replaceAll(DOMAIN_NAME_SEPARATOR, "@");
        }
        switch (AnonymousClass2.$SwitchMap$org$wso2$andes$server$security$access$Operation[operation.ordinal()]) {
            case 1:
                if (ObjectType.EXCHANGE == objectType) {
                    Result result2 = Result.ALLOWED;
                    PrivilegedCarbonContext.endTenantFlow();
                    return result2;
                }
                if (ObjectType.QUEUE == objectType) {
                    Result handleCreateQueue = AndesAuthorizationHandler.handleCreateQueue(name, userRealm, objectProperties, operation);
                    PrivilegedCarbonContext.endTenantFlow();
                    return handleCreateQueue;
                }
            case 2:
                Result handleBindQueue = AndesAuthorizationHandler.handleBindQueue(name, userRealm, objectProperties, operation);
                PrivilegedCarbonContext.endTenantFlow();
                return handleBindQueue;
            case 3:
                Result handlePublishToExchange = AndesAuthorizationHandler.handlePublishToExchange(name, userRealm, objectProperties, operation);
                PrivilegedCarbonContext.endTenantFlow();
                return handlePublishToExchange;
            case 4:
                Result handleConsumeQueue = AndesAuthorizationHandler.handleConsumeQueue(name, userRealm, objectProperties, operation);
                PrivilegedCarbonContext.endTenantFlow();
                return handleConsumeQueue;
            case 5:
                Result handleBrowseQueue = AndesAuthorizationHandler.handleBrowseQueue(name, userRealm, objectProperties, operation);
                PrivilegedCarbonContext.endTenantFlow();
                return handleBrowseQueue;
            case 6:
                Result handleUnbindQueue = AndesAuthorizationHandler.handleUnbindQueue(name, userRealm, objectProperties, operation);
                PrivilegedCarbonContext.endTenantFlow();
                return handleUnbindQueue;
            case 7:
                if (ObjectType.EXCHANGE == objectType) {
                    Result result3 = Result.ALLOWED;
                    PrivilegedCarbonContext.endTenantFlow();
                    return result3;
                }
                if (ObjectType.QUEUE == objectType) {
                    Result handleDeleteQueue = AndesAuthorizationHandler.handleDeleteQueue(name, userRealm, objectProperties, operation);
                    PrivilegedCarbonContext.endTenantFlow();
                    return handleDeleteQueue;
                }
            case 8:
                Result handlePurgeQueue = AndesAuthorizationHandler.handlePurgeQueue(name, userRealm, objectProperties, operation);
                PrivilegedCarbonContext.endTenantFlow();
                return handlePurgeQueue;
            default:
                return Result.DENIED;
        }
    }

    private static UserRealm getUserRealm(String str) {
        UserRealm userRealm = null;
        RealmService realmService = AuthorizationServiceDataHolder.getInstance().getRealmService();
        if (null != realmService) {
            try {
                userRealm = realmService.getTenantUserRealm(!str.contains(DOMAIN_NAME_SEPARATOR) ? -1234 : realmService.getTenantManager().getTenantId(str.substring(str.lastIndexOf(DOMAIN_NAME_SEPARATOR) + 1)));
            } catch (NullPointerException e) {
                logger.error("Error while accessing the realm service.", e);
            } catch (UserStoreException e2) {
                logger.error("Error while getting tenant user realm for user " + str, e2);
            }
        }
        return userRealm;
    }
}
