package com.sun.messaging.jmq.jmsserver.auth.acl;

import com.sun.jdo.spi.persistence.utility.generator.JavaClassWriterHelper;
import com.sun.messaging.jmq.auth.api.server.model.AccessControlModel;
import com.sun.messaging.jmq.jmsserver.Globals;
import com.sun.messaging.jmq.jmsserver.auth.AccessController;
import com.sun.messaging.jmq.jmsserver.core.DestinationUID;
import com.sun.messaging.jmq.jmsserver.resources.BrokerResources;
import com.sun.messaging.jmq.util.StringUtil;
import com.sun.messaging.jmq.util.log.Logger;
import com.sun.xml.rpc.processor.modeler.rmi.RmiConstants;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URL;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.BitSet;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import javax.xml.parsers.DocumentBuilder;
import org.w3c.dom.DOMException;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* JADX WARN: Classes with same name are omitted:
  input_file:jmsra.rar:lib/install/applications/jmsra/imqbroker.jar:com/sun/messaging/jmq/jmsserver/auth/acl/JMQFileAccessControlModel.class
 */
/* loaded from: input_file:com/sun/messaging/jmq/jmsserver/auth/acl/JMQFileAccessControlModel.class */
public class JMQFileAccessControlModel implements AccessControlModel {
    public static final String VERSION = "JMQFileAccessControlModel/100";
    public static final String TYPE = "file";
    public static final String PROP_FILENAME_SUFFIX = "file.filename";
    public static final String PROP_DIRPATH_SUFFIX = "file.dirpath";
    public static final String PROP_URL_SUFFIX = "file.url";
    public static final String DEFAULT_ACL_FILENAME = "accesscontrol.properties";
    private static boolean DEBUG;
    private static final String VERSION_PROPNAME = "version";
    private static final String ALLOW_SUFFIX = ".allow";
    private static final String DENY_SUFFIX = ".deny";
    private static final String USER_SUFFIX = ".user";
    private static final String GROUP_SUFFIX = ".group";
    private static final String ALL = "*";
    private static final String WILDCARD = "*";
    private static final int ALLOW_BIT = 0;
    private static final int DENY_BIT = 1;
    private String type;
    private Properties authProps;
    private static final int MAX_RECURSIONS = 25;
    private static final String LDAP_MULTILINE_SEPARATOR = "$";
    static final /* synthetic */ boolean $assertionsDisabled;
    private Logger logger = Globals.getLogger();
    private String aclfname = null;
    private Properties acs = null;
    private long acsTimestamp = 0;
    private String aclfileSave = null;
    private Class userClass = null;
    private Class groupClass = null;
    DocumentBuilder docBuilder = null;
    boolean doXMLOnly = false;

    @Override // com.sun.messaging.jmq.auth.api.server.model.AccessControlModel
    public String getType() {
        return "file";
    }

    @Override // com.sun.messaging.jmq.auth.api.server.model.AccessControlModel
    public void initialize(String str, Properties properties) throws AccessControlException {
        this.type = str;
        if (!str.equals("file")) {
            String kString = Globals.getBrokerResources().getKString(BrokerResources.X_ACCESSCONTROL_TYPE_MISMATCH, (Object[]) new String[]{str, "file", getClass().getName()});
            this.logger.log(32, kString);
            throw new AccessControlException(kString);
        }
        this.authProps = properties;
        String property = this.authProps.getProperty(AccessController.PROP_AUTHENTICATION_TYPE);
        if (!$assertionsDisabled && property == null) {
            throw new AssertionError();
        }
        String property2 = this.authProps.getProperty(AccessController.PROP_AUTHENTICATION_PREFIX + property + AccessController.PROP_USER_REPOSITORY_SUFFIX);
        if (!$assertionsDisabled && property2 == null) {
            throw new AssertionError();
        }
        String property3 = this.authProps.getProperty(AccessController.PROP_USER_REPOSITORY_PREFIX + property2 + AccessController.PROP_USER_PRINCIPAL_CLASS_SUFFIX);
        String property4 = this.authProps.getProperty(AccessController.PROP_USER_REPOSITORY_PREFIX + property2 + AccessController.PROP_GROUP_PRINCIPAL_CLASS_SUFFIX);
        if (property3 != null) {
            try {
                this.userClass = Class.forName(property3);
            } catch (ClassNotFoundException e) {
                this.logger.log(32, e.getMessage(), (Throwable) e);
                throw new AccessControlException("ClassNotFoundException: " + e.getMessage());
            }
        }
        if (property4 != null) {
            this.groupClass = Class.forName(property4);
        }
        load();
    }

    private boolean travelChildren(Node node, int i, URL url) throws Exception {
        NodeList childNodes = node.getChildNodes();
        if (DEBUG) {
            Logger logger = this.logger;
            Logger logger2 = this.logger;
            logger.log(8, "FileACL.travelChildren(" + node + JavaClassWriterHelper.paramSeparator_ + i + ")" + ((int) node.getNodeType()) + "#children:" + childNodes.getLength());
        }
        if (i > 25) {
            throw new DOMException((short) 2, "Maximum " + i + " nested elements exceeded: " + node);
        }
        for (int i2 = 0; i2 < childNodes.getLength(); i2++) {
            if (travelChildren(childNodes.item(i2), i + 1, url)) {
                return true;
            }
        }
        String nodeValue = node.getNodeValue();
        if (nodeValue == null || nodeValue.trim().equals("")) {
            return false;
        }
        if (DEBUG) {
            Logger logger3 = this.logger;
            Logger logger4 = this.logger;
            logger3.log(8, "FileACL.travelChildren.load data: " + nodeValue);
        }
        this.acs = new Properties();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(nodeValue.getBytes("UTF-8"));
        this.acs.load(byteArrayInputStream);
        if (checkVersion(this.acs, url.toString(), false)) {
            return true;
        }
        if (this.acs.size() == 1 && this.acs.getProperty("version") != null && nodeValue.contains(VERSION)) {
            this.acs.clear();
            this.acs = StringUtil.toProperties(nodeValue, "$", this.acs);
            if (checkVersion(this.acs, url.toString(), false)) {
                return true;
            }
        }
        this.acs = new Properties();
        byteArrayInputStream.close();
        return false;
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:20:0x0129
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private void loadAsXML(java.net.URL r7) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 302
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.messaging.jmq.jmsserver.auth.acl.JMQFileAccessControlModel.loadAsXML(java.net.URL):void");
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:14:0x0048
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private void loadAsProperties(java.net.URL r5) throws java.lang.Exception {
        /*
            r4 = this;
            r0 = 0
            r6 = r0
            r0 = 0
            r7 = r0
            r0 = r4
            java.util.Properties r1 = new java.util.Properties     // Catch: java.lang.Throwable -> L2b
            r2 = r1
            r2.<init>()     // Catch: java.lang.Throwable -> L2b
            r0.acs = r1     // Catch: java.lang.Throwable -> L2b
            r0 = r5
            java.io.InputStream r0 = r0.openStream()     // Catch: java.lang.Throwable -> L2b
            r6 = r0
            java.io.BufferedInputStream r0 = new java.io.BufferedInputStream     // Catch: java.lang.Throwable -> L2b
            r1 = r0
            r2 = r6
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L2b
            r7 = r0
            r0 = r4
            java.util.Properties r0 = r0.acs     // Catch: java.lang.Throwable -> L2b
            r1 = r7
            r0.load(r1)     // Catch: java.lang.Throwable -> L2b
            r0 = jsr -> L33
        L28:
            goto L4c
        L2b:
            r8 = move-exception
            r0 = jsr -> L33
        L30:
            r1 = r8
            throw r1
        L33:
            r9 = r0
            r0 = r6
            if (r0 == 0) goto L3d
            r0 = r6
            r0.close()     // Catch: java.io.IOException -> L48
        L3d:
            r0 = r7
            if (r0 == 0) goto L45
            r0 = r7
            r0.close()     // Catch: java.io.IOException -> L48
        L45:
            goto L4a
        L48:
            r10 = move-exception
        L4a:
            ret r9
        L4c:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.messaging.jmq.jmsserver.auth.acl.JMQFileAccessControlModel.loadAsProperties(java.net.URL):void");
    }

    @Override // com.sun.messaging.jmq.auth.api.server.model.AccessControlModel
    public void load() throws AccessControlException {
        String property = this.authProps.getProperty("imq.accesscontrol.file.url");
        if (this.authProps.getProperty("imq." + this.authProps.getProperty(AccessController.PROP_SERVICE_NAME) + "." + AccessController.PROP_ACCESSCONTROL_AREA + ".file.filename") != null) {
            property = null;
        }
        if (property != null) {
            try {
                URL url = new URL(property);
                boolean z = false;
                if (!this.doXMLOnly) {
                    loadAsProperties(url);
                    z = checkVersion(this.acs, property, false);
                }
                if (!z) {
                    loadAsXML(url);
                    checkVersion(this.acs, property, true);
                    this.doXMLOnly = true;
                }
                if (DEBUG) {
                    Logger logger = this.logger;
                    Logger logger2 = this.logger;
                    logger.log(8, "FileACL.loaded: " + this.acs);
                }
                return;
            } catch (Exception e) {
                this.acs = null;
                this.logger.log(32, e.getMessage(), (Throwable) e);
                throw new AccessControlException(Globals.getBrokerResources().getKString(BrokerResources.X_FAILED_TO_LOAD_ACCESSCONTROL, property) + " - " + e.getMessage());
            }
        }
        String property2 = this.authProps.getProperty("imq.user_repository.file.dirpath", Globals.getInstanceEtcDir());
        this.aclfname = this.authProps.getProperty("imq.accesscontrol.file.filename", DEFAULT_ACL_FILENAME);
        if (this.aclfname == null) {
            String kString = Globals.getBrokerResources().getKString(BrokerResources.X_ACCESSCONTROL_NOT_DEFINED, this.type);
            this.logger.log(32, kString);
            throw new AccessControlException(kString);
        }
        String str = property2 + File.separator + this.aclfname;
        FileInputStream fileInputStream = null;
        BufferedInputStream bufferedInputStream = null;
        try {
            File file = new File(str);
            long lastModified = file.lastModified();
            if (this.acs == null || this.aclfileSave == null || !str.equals(this.aclfileSave) || lastModified <= 0 || lastModified != this.acsTimestamp) {
                if (DEBUG) {
                    Logger logger3 = this.logger;
                    Logger logger4 = this.logger;
                    logger3.log(8, "Loading access control " + str + " ...");
                }
                this.acs = new Properties();
                fileInputStream = new FileInputStream(file);
                bufferedInputStream = new BufferedInputStream(fileInputStream);
                this.acs.load(bufferedInputStream);
                bufferedInputStream.close();
                fileInputStream.close();
                checkVersion(this.acs, str, true);
                this.aclfileSave = str;
                this.acsTimestamp = lastModified;
            }
        } catch (IOException e2) {
            this.acs = null;
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e3) {
                    this.logger.log(32, e2.getMessage(), (Throwable) e2);
                    throw new AccessControlException(Globals.getBrokerResources().getKString(BrokerResources.X_FAILED_TO_LOAD_ACCESSCONTROL, str) + " - " + e2.getMessage());
                }
            }
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            this.logger.log(32, e2.getMessage(), (Throwable) e2);
            throw new AccessControlException(Globals.getBrokerResources().getKString(BrokerResources.X_FAILED_TO_LOAD_ACCESSCONTROL, str) + " - " + e2.getMessage());
        }
    }

    private boolean checkVersion(Properties properties, String str, boolean z) throws AccessControlException {
        String property = properties.getProperty("version");
        if (property != null && property.equals(VERSION)) {
            return true;
        }
        String kString = Globals.getBrokerResources().getKString(BrokerResources.X_ACCESSCONTROL_FILE_MISMATCH, (Object[]) new String[]{"version", property == null ? "null" : property, str + " " + properties.keySet(), VERSION, getClass().getName()});
        if (z) {
            this.logger.log(32, kString);
            throw new AccessControlException(kString);
        }
        if (!DEBUG) {
            return false;
        }
        this.logger.log(8, kString);
        return false;
    }

    @Override // com.sun.messaging.jmq.auth.api.server.model.AccessControlModel
    public void checkConnectionPermission(Principal principal, String str, String str2, Subject subject) throws AccessControlException {
        checkPermission(principal, subject, "connection", str2, null, false);
    }

    @Override // com.sun.messaging.jmq.auth.api.server.model.AccessControlModel
    public void checkDestinationPermission(Principal principal, String str, String str2, Subject subject, String str3, String str4, String str5) throws AccessControlException {
        checkPermission(principal, subject, str5, str4, str3, true);
    }

    private void checkPermission(Principal principal, Subject subject, String str, String str2, String str3, boolean z) throws AccessControlException {
        Set principals = this.groupClass != null ? subject.getPrincipals(this.groupClass) : null;
        Set<Principal> principals2 = this.userClass != null ? subject.getPrincipals(this.userClass) : null;
        if (principals2 == null || principals2.size() == 0) {
            principals2 = new HashSet();
            principals2.add(principal);
        }
        load();
        StringBuffer stringBuffer = null;
        boolean z2 = false;
        for (Principal principal2 : principals2) {
            if (principal2 != null) {
                validate(principal2.getName(), principals);
                try {
                    computePermission(principal.getName(), principal2.getName(), principals, getRules(str, str2, str3, z), GROUP_SUFFIX);
                    z2 = true;
                } catch (AccessControlException e) {
                    if (DEBUG) {
                        Logger logger = this.logger;
                        Logger logger2 = this.logger;
                        logger.log(8, principal + RmiConstants.SIG_ARRAY + principal2.getName() + "]AccessControlException: " + e.getMessage());
                    }
                    if (stringBuffer == null) {
                        stringBuffer = new StringBuffer();
                    }
                    stringBuffer.append(e.getMessage());
                    stringBuffer.append(JavaClassWriterHelper.paramSeparator_);
                }
            }
        }
        if (stringBuffer != null) {
            throw new AccessControlException(Globals.getBrokerResources().getKString(BrokerResources.X_FORBIDDEN, stringBuffer));
        }
        if (!z2) {
            throw new AccessControlException(Globals.getBrokerResources().getKString(BrokerResources.X_USER_NOT_DEFINED));
        }
    }

    private void computePermission(String str, String str2, Set set, ArrayList arrayList, String str3) throws AccessControlException {
        BitSet bitSet = new BitSet(2);
        for (int i = 0; i < arrayList.size(); i++) {
            String str4 = (String) arrayList.get(i);
            HashMap ruleRightHand = getRuleRightHand(str4 + ALLOW_SUFFIX + USER_SUFFIX);
            HashMap ruleRightHand2 = getRuleRightHand(str4 + DENY_SUFFIX + USER_SUFFIX);
            BitSet permission = getPermission("*", ruleRightHand, ruleRightHand2);
            BitSet permission2 = getPermission(str2, ruleRightHand, ruleRightHand2);
            BitSet bitSet2 = new BitSet(2);
            BitSet bitSet3 = new BitSet(2);
            if (set != null && set.size() > 0) {
                if (set.size() >= Integer.MAX_VALUE) {
                    throw new AccessControlException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, "too many groups for user " + str));
                }
                HashMap ruleRightHand3 = getRuleRightHand(str4 + ALLOW_SUFFIX + str3);
                HashMap ruleRightHand4 = getRuleRightHand(str4 + DENY_SUFFIX + str3);
                bitSet3 = getPermission("*", ruleRightHand3, ruleRightHand4);
                Iterator it = set.iterator();
                while (it.hasNext()) {
                    bitSet2.or(getPermission(((Principal) it.next()).getName(), ruleRightHand3, ruleRightHand4));
                }
            }
            if (DEBUG) {
                this.logger.log(8, "\t" + str + RmiConstants.SIG_ARRAY + str2 + "] computePermission:ubs=" + permission2);
                this.logger.log(8, "\t" + str + RmiConstants.SIG_ARRAY + str2 + "] computePermission:gbs=" + bitSet2);
                this.logger.log(8, "\t" + str + RmiConstants.SIG_ARRAY + str2 + "] computePermission:ubsall=" + permission);
                this.logger.log(8, "\t" + str + RmiConstants.SIG_ARRAY + str2 + "] computePermission:gbsall=" + bitSet3);
            }
            overridePermission(bitSet2, permission2);
            overridePermission(bitSet3, permission);
            overridePermission(bitSet3, bitSet2);
            if (DEBUG) {
                this.logger.log(8, "computed permission:" + str4 + ":bs=" + bitSet3);
            }
            overridePermission(bitSet, bitSet3);
            if (DEBUG) {
                this.logger.log(8, "computed permission:total=" + bitSet);
            }
        }
        if (!bitSet.get(0) || bitSet.get(1)) {
            throw new AccessControlException(str.equals(str2) ? "" + str : str + " [" + str2 + "]");
        }
    }

    private void overridePermission(BitSet bitSet, BitSet bitSet2) {
        if (bitSet2.get(0) && bitSet2.get(1)) {
            return;
        }
        if (bitSet2.get(0)) {
            bitSet.set(0);
            bitSet.clear(1);
        }
        if (bitSet2.get(1)) {
            bitSet.set(1);
            bitSet.clear(0);
        }
    }

    private BitSet getPermission(String str, HashMap hashMap, HashMap hashMap2) {
        BitSet bitSet = new BitSet(2);
        if (hashMap != null && hashMap.get(str) != null) {
            bitSet.set(0);
        }
        if (hashMap2 != null && hashMap2.get(str) != null) {
            bitSet.set(1);
        }
        if (bitSet.get(0) && bitSet.get(1)) {
            bitSet.clear(0);
            bitSet.clear(1);
        }
        return bitSet;
    }

    private ArrayList getRules(String str, String str2, String str3, boolean z) throws AccessControlException {
        try {
            ArrayList arrayList = new ArrayList();
            if (str2 == null && str3 != null) {
                arrayList.add(str + "." + str3);
                return arrayList;
            }
            String str4 = str + ".*";
            if (str3 != null) {
                str4 = str4 + "." + str3;
            }
            arrayList.add(str4);
            if (!str2.equals("*")) {
                String str5 = str + "." + str2;
                if (str3 != null) {
                    str5 = str5 + "." + str3;
                }
                arrayList.add(str5);
            }
            if (z && str2 != null && str3 != null) {
                Pattern compile = Pattern.compile("(" + str + "\\.(.+)\\." + str3 + ")(\\" + ALLOW_SUFFIX + "|\\" + DENY_SUFFIX + ")(\\" + USER_SUFFIX + "|\\" + GROUP_SUFFIX + ")");
                Enumeration<?> propertyNames = this.acs.propertyNames();
                while (propertyNames.hasMoreElements()) {
                    Matcher matcher = compile.matcher((String) propertyNames.nextElement());
                    if (matcher.matches() && Pattern.matches(DestinationUID.createRegExString(matcher.group(2)), str2)) {
                        arrayList.add(matcher.group(1));
                    }
                }
            }
            return arrayList;
        } catch (Exception e) {
            AccessControlException accessControlException = new AccessControlException(e.toString() + (0 == 0 ? "" : " - " + ((String) null)));
            accessControlException.initCause(e);
            throw accessControlException;
        }
    }

    private HashMap getRuleRightHand(String str) {
        if (DEBUG) {
            this.logger.log(4, "check permission " + str);
        }
        String property = this.acs.getProperty(str);
        if (property == null) {
            return null;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(property, ",", false);
        HashMap hashMap = new HashMap();
        while (stringTokenizer.hasMoreElements()) {
            hashMap.put(stringTokenizer.nextToken().trim(), "");
        }
        if (hashMap.size() == 0) {
            return null;
        }
        return hashMap;
    }

    private void validate(String str, Set set) throws AccessControlException {
        if (str == null) {
            throw new AccessControlException(Globals.getBrokerResources().getKString(BrokerResources.X_USER_NOT_DEFINED));
        }
        if (str.equals("*")) {
            throw new AccessControlException(Globals.getBrokerResources().getKString(BrokerResources.X_USER_NAME_RESERVED, "*"));
        }
        if (set != null) {
            Iterator it = set.iterator();
            while (it.hasNext()) {
                Principal principal = (Principal) it.next();
                if (principal == null || principal.getName() == null) {
                    it.remove();
                } else if (principal.getName().equals("*")) {
                    throw new AccessControlException(Globals.getBrokerResources().getKString(BrokerResources.X_GROUP_NAME_RESERVED, "*"));
                }
            }
        }
    }

    public static void main(String[] strArr) throws Exception {
        DEBUG = true;
        Properties properties = new Properties();
        properties.setProperty("imq.accesscontrol.file.filename", DEFAULT_ACL_FILENAME);
        JMQFileAccessControlModel jMQFileAccessControlModel = new JMQFileAccessControlModel();
        jMQFileAccessControlModel.initialize("file", properties);
        HashSet hashSet = new HashSet();
        hashSet.add("student");
        hashSet.add("Accounting Managers");
        ArrayList rules = jMQFileAccessControlModel.getRules("topic", "abc", "produce", true);
        System.out.println(rules);
        jMQFileAccessControlModel.computePermission("akang", "akang", hashSet, rules, GROUP_SUFFIX);
        System.out.println("--DONE--");
    }

    static {
        $assertionsDisabled = !JMQFileAccessControlModel.class.desiredAssertionStatus();
        DEBUG = false;
    }
}
