package pt.com.broker.auth;

import java.net.InetAddress;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.caudexorigo.text.StringUtils;
import org.jboss.netty.channel.Channel;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pt.com.broker.types.NetAction;
import pt.com.broker.types.NetMessage;
import pt.com.broker.types.NetPoll;
import pt.com.broker.types.NetPublish;
import pt.com.broker.types.NetSubscribe;
import pt.com.broker.types.channels.ChannelAttributes;
import pt.com.gcs.conf.GcsInfo;
import pt.com.gcs.conf.global.Agents;
import pt.com.gcs.conf.global.Authorization;
import pt.com.gcs.conf.global.BrokerSecurityPolicy;
import pt.com.gcs.conf.global.Condition;
import pt.com.gcs.conf.global.ConditionType;
import pt.com.gcs.conf.global.DestinationType;
import pt.com.gcs.conf.global.Policies;
import pt.com.gcs.messaging.DestinationMatcher;
import pt.com.gcs.messaging.GlobalConfigMonitor;

/* loaded from: input_file:pt/com/broker/auth/AccessControl.class */
public class AccessControl {
    private static ValidationResult granted;
    private static ValidationResult refused_authRequired;
    private static Logger log = LoggerFactory.getLogger(AccessControl.class);
    private static List<AclEntry> agentAcl = new ArrayList();
    private static boolean accessControlRequired = true;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: pt.com.broker.auth.AccessControl$2, reason: invalid class name */
    /* loaded from: input_file:pt/com/broker/auth/AccessControl$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$pt$com$gcs$conf$global$Privilege;
        static final /* synthetic */ int[] $SwitchMap$pt$com$gcs$conf$global$Authorization;
        static final /* synthetic */ int[] $SwitchMap$pt$com$gcs$conf$global$DestinationType;
        static final /* synthetic */ int[] $SwitchMap$pt$com$gcs$conf$global$ConditionType;
        static final /* synthetic */ int[] $SwitchMap$pt$com$broker$types$NetAction$ActionType = new int[NetAction.ActionType.values().length];

        static {
            try {
                $SwitchMap$pt$com$broker$types$NetAction$ActionType[NetAction.ActionType.POLL.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$pt$com$broker$types$NetAction$ActionType[NetAction.ActionType.PUBLISH.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$pt$com$broker$types$NetAction$ActionType[NetAction.ActionType.SUBSCRIBE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$pt$com$gcs$conf$global$ConditionType = new int[ConditionType.values().length];
            try {
                $SwitchMap$pt$com$gcs$conf$global$ConditionType[ConditionType.ADDRESS.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$pt$com$gcs$conf$global$ConditionType[ConditionType.CHANNELTYPE.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$pt$com$gcs$conf$global$ConditionType[ConditionType.ROLE.ordinal()] = 3;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$pt$com$gcs$conf$global$ConditionType[ConditionType.ALWAYS.ordinal()] = 4;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$pt$com$gcs$conf$global$ConditionType[ConditionType.AND.ordinal()] = 5;
            } catch (NoSuchFieldError e8) {
            }
            $SwitchMap$pt$com$gcs$conf$global$DestinationType = new int[DestinationType.values().length];
            try {
                $SwitchMap$pt$com$gcs$conf$global$DestinationType[DestinationType.QUEUE.ordinal()] = 1;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$pt$com$gcs$conf$global$DestinationType[DestinationType.TOPIC.ordinal()] = 2;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$pt$com$gcs$conf$global$DestinationType[DestinationType.VIRTUAL_QUEUE.ordinal()] = 3;
            } catch (NoSuchFieldError e11) {
            }
            $SwitchMap$pt$com$gcs$conf$global$Authorization = new int[Authorization.values().length];
            try {
                $SwitchMap$pt$com$gcs$conf$global$Authorization[Authorization.PERMIT.ordinal()] = 1;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$pt$com$gcs$conf$global$Authorization[Authorization.DENY.ordinal()] = 2;
            } catch (NoSuchFieldError e13) {
            }
            $SwitchMap$pt$com$gcs$conf$global$Privilege = new int[pt.com.gcs.conf.global.Privilege.values().length];
            try {
                $SwitchMap$pt$com$gcs$conf$global$Privilege[pt.com.gcs.conf.global.Privilege.READ.ordinal()] = 1;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$pt$com$gcs$conf$global$Privilege[pt.com.gcs.conf.global.Privilege.WRITE.ordinal()] = 2;
            } catch (NoSuchFieldError e15) {
            }
        }
    }

    /* loaded from: input_file:pt/com/broker/auth/AccessControl$Autorization.class */
    public enum Autorization {
        PERMIT,
        DENY;

        public static Autorization fromValue(Authorization authorization) {
            switch (AnonymousClass2.$SwitchMap$pt$com$gcs$conf$global$Authorization[authorization.ordinal()]) {
                case 1:
                    return PERMIT;
                case 2:
                    return DENY;
                default:
                    return null;
            }
        }
    }

    /* loaded from: input_file:pt/com/broker/auth/AccessControl$Privilege.class */
    public enum Privilege {
        READ,
        WRITE;

        public static Privilege fromValue(pt.com.gcs.conf.global.Privilege privilege) {
            switch (AnonymousClass2.$SwitchMap$pt$com$gcs$conf$global$Privilege[privilege.ordinal()]) {
                case 1:
                    return READ;
                case 2:
                    return WRITE;
                default:
                    return null;
            }
        }
    }

    /* loaded from: input_file:pt/com/broker/auth/AccessControl$ValidationResult.class */
    public static class ValidationResult {
        public boolean accessGranted;
        public String reasonForRejection;
    }

    private static void init() {
        granted = new ValidationResult();
        granted.accessGranted = true;
        refused_authRequired = new ValidationResult();
        refused_authRequired.accessGranted = false;
        refused_authRequired.reasonForRejection = "Authentication Required!";
        loadSecurityPolicies();
        GlobalConfigMonitor.addGlobalConfigModifiedListener(new GlobalConfigMonitor.GlobalConfigModifiedListener() { // from class: pt.com.broker.auth.AccessControl.1
            public void globalConfigModified() {
                synchronized (AccessControl.agentAcl) {
                    AccessControl.loadSecurityPolicies();
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void loadSecurityPolicies() {
        BrokerSecurityPolicy securityPolicies = GcsInfo.getSecurityPolicies();
        if (securityPolicies == null) {
            accessControlRequired = false;
            return;
        }
        Policies policies = securityPolicies.getPolicies();
        if (policies == null) {
            accessControlRequired = false;
            return;
        }
        List policy = policies.getPolicy();
        if (policy == null) {
            accessControlRequired = false;
            return;
        }
        Agents agents = securityPolicies.getAgents();
        Agents.Agent agent = null;
        if (agents != null) {
            String agentName = GcsInfo.getAgentName();
            if (agents.getAgent() != null) {
                Iterator it = agents.getAgent().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Agents.Agent agent2 = (Agents.Agent) it.next();
                    if (agentName.equals(agent2.getAgentName())) {
                        agent = agent2;
                        break;
                    }
                }
            }
        }
        if (agent != null) {
            addPolicy(policy, agent.getAgentPolicy().getPolicyName());
        } else {
            addPolicy(policy, "default");
        }
        if (agentAcl.isEmpty()) {
            accessControlRequired = false;
        }
    }

    private static void addPolicy(List<Policies.Policy> list, String str) {
        for (Policies.Policy policy : list) {
            if (str.equals(policy.getPolicyName())) {
                addPolicyEntries(policy.getAcl().getEntry());
                if (StringUtils.isNotBlank(policy.getInherits())) {
                    addPolicy(list, policy.getInherits());
                    return;
                }
                return;
            }
        }
    }

    private static void addPolicyEntries(List<Policies.Policy.Acl.Entry> list) {
        ArrayList arrayList = new ArrayList();
        for (Policies.Policy.Acl.Entry entry : list) {
            List<pt.com.gcs.conf.global.Privilege> privilege = entry.getPrivilege();
            String destination = entry.getDestination();
            List destinationType = entry.getDestinationType();
            List<AclPredicate> translatePredicates = translatePredicates(entry.getCondition());
            Authorization action = entry.getAction();
            for (pt.com.gcs.conf.global.Privilege privilege2 : privilege) {
                Iterator it = destinationType.iterator();
                while (it.hasNext()) {
                    arrayList.add(new AclEntry(Autorization.fromValue(action), Privilege.fromValue(privilege2), destination, translateDestinationType((DestinationType) it.next()), translatePredicates));
                }
            }
        }
        synchronized (agentAcl) {
            agentAcl.clear();
            agentAcl.addAll(arrayList);
        }
    }

    private static NetAction.DestinationType translateDestinationType(DestinationType destinationType) {
        switch (AnonymousClass2.$SwitchMap$pt$com$gcs$conf$global$DestinationType[destinationType.ordinal()]) {
            case 1:
                return NetAction.DestinationType.QUEUE;
            case 2:
                return NetAction.DestinationType.TOPIC;
            case 3:
                return NetAction.DestinationType.VIRTUAL_QUEUE;
            default:
                return null;
        }
    }

    private static List<AclPredicate> translatePredicates(List<Condition> list) {
        ArrayList arrayList = new ArrayList(list.size());
        for (Condition condition : list) {
            switch (AnonymousClass2.$SwitchMap$pt$com$gcs$conf$global$ConditionType[condition.getConditionType().ordinal()]) {
                case 1:
                    Condition.Address address = condition.getAddress();
                    try {
                        arrayList.add(new AddressPredicate(InetAddress.getByName(address.getValue()), address.getMask() == null ? (short) 32 : address.getMask().shortValue()));
                        break;
                    } catch (Throwable th) {
                        log.error("Invalid Address or mask", "Address: " + address.getValue() + "Value :" + address.getMask());
                        break;
                    }
                case 2:
                    arrayList.add(new ChannelTypePredicate(condition.getChannelType()));
                    break;
                case 3:
                    arrayList.add(new RolePredicate(condition.getRole()));
                    break;
                case 4:
                    arrayList.add(AlwaysPredicate.getInstance());
                    break;
                case 5:
                    arrayList.add(new AndPredicate(translatePredicates(condition.getCondition())));
                    break;
            }
        }
        return arrayList;
    }

    public static synchronized SessionAcl getSessionAcl(SessionProperties sessionProperties) {
        SessionAcl sessionAcl = new SessionAcl();
        synchronized (agentAcl) {
            for (AclEntry aclEntry : agentAcl) {
                Iterator<AclPredicate> it = aclEntry.getConditions().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (it.next().match(sessionProperties)) {
                        sessionAcl.add(aclEntry);
                        break;
                    }
                }
            }
        }
        return sessionAcl;
    }

    public static ValidationResult validate(NetMessage netMessage, Session session) {
        NetAction.DestinationType destinationType;
        String destination;
        Privilege privilege;
        if (!accessControlRequired) {
            return granted;
        }
        switch (AnonymousClass2.$SwitchMap$pt$com$broker$types$NetAction$ActionType[netMessage.getAction().getActionType().ordinal()]) {
            case 1:
                NetPoll pollMessage = netMessage.getAction().getPollMessage();
                destinationType = NetAction.DestinationType.QUEUE;
                destination = pollMessage.getDestination();
                privilege = Privilege.READ;
                break;
            case 2:
                NetPublish publishMessage = netMessage.getAction().getPublishMessage();
                destinationType = publishMessage.getDestinationType();
                destination = publishMessage.getDestination();
                privilege = Privilege.WRITE;
                break;
            case 3:
                NetSubscribe subscribeMessage = netMessage.getAction().getSubscribeMessage();
                if (subscribeMessage.getDestinationType().equals(NetAction.DestinationType.VIRTUAL_QUEUE)) {
                    destinationType = NetAction.DestinationType.TOPIC;
                    destination = StringUtils.substringAfter(subscribeMessage.getDestination(), "@");
                } else {
                    destinationType = subscribeMessage.getDestinationType();
                    destination = subscribeMessage.getDestination();
                }
                privilege = Privilege.READ;
                break;
            default:
                return granted;
        }
        return validate(destinationType, destination, privilege, session);
    }

    public static ValidationResult validate(NetAction.DestinationType destinationType, String str, Privilege privilege, Session session) {
        if (!accessControlRequired) {
            return granted;
        }
        SessionAcl readSessionAcl = privilege.equals(Privilege.READ) ? session.getReadSessionAcl() : session.getWriteSessionAcl();
        if (readSessionAcl.isEmpty()) {
            return granted;
        }
        SessionProperties sessionProperties = session != null ? session.getSessionProperties() : null;
        Iterator<AclEntry> it = readSessionAcl.iterator();
        while (it.hasNext()) {
            AclEntry next = it.next();
            if (destinationType.equals(next.getDestinationType()) && match(next.getDestination(), str)) {
                for (AclPredicate aclPredicate : next.getConditions()) {
                    if (session == null) {
                        return refused_authRequired;
                    }
                    if (aclPredicate.match(sessionProperties)) {
                        if (next.getAutorizationType().equals(Autorization.PERMIT)) {
                            return granted;
                        }
                        ValidationResult validationResult = new ValidationResult();
                        validationResult.accessGranted = false;
                        validationResult.reasonForRejection = String.format("Access denied! Destination type: %s, Destination name: %s, Privilege: %s", destinationType, str, privilege);
                        return validationResult;
                    }
                }
            }
        }
        return granted;
    }

    public static boolean deliveryAllowed(NetMessage netMessage, NetAction.DestinationType destinationType, Channel channel, String str, String str2) {
        Object obj = ChannelAttributes.get(ChannelAttributes.getChannelId(channel), "BROKER_SESSION_PROPERTIES");
        Session session = null;
        if (obj == null) {
            obj = new Session();
        }
        if (obj != null) {
            session = (Session) obj;
        }
        ValidationResult validate = validate(destinationType, str2, Privilege.READ, session);
        if (!validate.accessGranted) {
            log.info(String.format("Message delivery refused to '%s'. Subscription: '%s', Destination: '%s'", channel.toString(), str, str2));
        }
        return validate.accessGranted;
    }

    private static boolean match(String str, String str2) {
        return DestinationMatcher.match(str, str2);
    }

    static {
        init();
    }
}
