package com.sun.messaging.jmq.jmsserver.auth.acl;

import com.sun.messaging.jmq.admin.bkrutil.BrokerConstants;
import com.sun.messaging.jmq.auth.server.AccessControlException;
import com.sun.messaging.jmq.auth.server.model.AccessControlModel;
import com.sun.messaging.jmq.auth.server.model.Subject;
import com.sun.messaging.jmq.jmsserver.Globals;
import com.sun.messaging.jmq.jmsserver.audit.MQAuditSession;
import com.sun.messaging.jmq.jmsserver.resources.BrokerResources;
import com.sun.messaging.jmq.util.log.Logger;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.BitSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;

/* loaded from: input_file:119133-01/SUNWiqu/reloc/usr/share/lib/imq/imqbroker.jar:com/sun/messaging/jmq/jmsserver/auth/acl/JMQFileAccessControlModel.class */
public class JMQFileAccessControlModel implements AccessControlModel {
    public static final String VERSION = "JMQFileAccessControlModel/100";
    public static final String TYPE = "file";
    public static final String PROP_FILENAME_SUFFIX = "file.filename";
    public static final String PROP_DIRPATH_SUFFIX = "file.dirpath";
    public static final String DEFAULT_ACL_FILENAME = "accesscontrol.properties";
    public static boolean DEBUG = false;
    private static final Logger logger = Globals.getLogger();
    private static final String VERSION_PROPNAME = "version";
    private static final String ALLOW_SUFFIX = ".allow";
    private static final String DENY_SUFFIX = ".deny";
    private static final String USER_SUFFIX = ".user";
    private static final String GROUP_SUFFIX = ".group";
    private static final String ALL = "*";
    private static final String WILDCARD = "*";
    private static final int ALLOW_BIT = 0;
    private static final int DENY_BIT = 1;
    private String type;
    private Properties authProps;
    private String aclfname = null;
    private Properties acs = null;

    @Override // com.sun.messaging.jmq.auth.server.model.AccessControlModel
    public String getType() {
        return "file";
    }

    @Override // com.sun.messaging.jmq.auth.server.model.AccessControlModel
    public void initialize(String str, Properties properties) throws AccessControlException {
        this.type = str;
        if (str.equals("file")) {
            this.authProps = properties;
            load();
        } else {
            String kString = Globals.getBrokerResources().getKString(BrokerResources.X_ACCESSCONTROL_TYPE_MISMATCH, (Object[]) new String[]{str, "file", getClass().getName()});
            logger.log(32, kString);
            throw new AccessControlException(kString);
        }
    }

    @Override // com.sun.messaging.jmq.auth.server.model.AccessControlModel
    public void load() throws AccessControlException {
        String property = this.authProps.getProperty("imq.user_repository.file.dirpath", Globals.getInstanceEtcDir());
        this.aclfname = this.authProps.getProperty("imq.accesscontrol.file.filename", DEFAULT_ACL_FILENAME);
        if (this.aclfname == null) {
            String kString = Globals.getBrokerResources().getKString(BrokerResources.X_ACCESSCONTROL_NOT_DEFINED, this.type);
            logger.log(32, kString);
            throw new AccessControlException(kString);
        }
        String stringBuffer = new StringBuffer().append(property).append(File.separator).append(this.aclfname).toString();
        this.acs = new Properties();
        FileInputStream fileInputStream = null;
        BufferedInputStream bufferedInputStream = null;
        try {
            fileInputStream = new FileInputStream(stringBuffer);
            bufferedInputStream = new BufferedInputStream(fileInputStream);
            this.acs.load(bufferedInputStream);
            bufferedInputStream.close();
            fileInputStream.close();
            String property2 = this.acs.getProperty("version");
            if (property2 == null || !property2.equals(VERSION)) {
                String kString2 = Globals.getBrokerResources().getKString(BrokerResources.X_ACCESSCONTROL_FILE_MISMATCH, (Object[]) new String[]{"version", property2 == null ? "null" : property2, this.aclfname, VERSION, getClass().getName()});
                logger.log(32, kString2);
                throw new AccessControlException(kString2);
            }
        } catch (IOException e) {
            this.acs = null;
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e2) {
                    logger.log(32, e.getMessage(), (Throwable) e);
                    throw new AccessControlException(new StringBuffer().append(Globals.getBrokerResources().getKString(BrokerResources.X_FAILED_TO_LOAD_ACCESSCONTROL, this.type)).append(" - ").append(e.getMessage()).toString());
                }
            }
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            logger.log(32, e.getMessage(), (Throwable) e);
            throw new AccessControlException(new StringBuffer().append(Globals.getBrokerResources().getKString(BrokerResources.X_FAILED_TO_LOAD_ACCESSCONTROL, this.type)).append(" - ").append(e.getMessage()).toString());
        }
    }

    @Override // com.sun.messaging.jmq.auth.server.model.AccessControlModel
    public void checkConnectionPermission(String str, String str2, Subject subject) throws AccessControlException {
        Set groups = subject.getGroups();
        String user = subject.getUser();
        validate(user, groups);
        load();
        computePermission(user, groups, getRules(BrokerConstants.PROP_NAME_TXN_CONNECTION, str2, null, false), GROUP_SUFFIX);
    }

    @Override // com.sun.messaging.jmq.auth.server.model.AccessControlModel
    public void checkDestinationPermission(String str, String str2, Subject subject, String str3, String str4, String str5) throws AccessControlException {
        Set groups = subject.getGroups();
        String user = subject.getUser();
        validate(user, groups);
        load();
        computePermission(user, groups, getRules(str5, str4, str3, true), GROUP_SUFFIX);
    }

    private void computePermission(String str, Set set, ArrayList arrayList, String str2) throws AccessControlException {
        BitSet bitSet = new BitSet(2);
        for (int i = 0; i < arrayList.size(); i++) {
            String str3 = (String) arrayList.get(i);
            HashMap ruleRightHand = getRuleRightHand(new StringBuffer().append(str3).append(ALLOW_SUFFIX).append(USER_SUFFIX).toString());
            HashMap ruleRightHand2 = getRuleRightHand(new StringBuffer().append(str3).append(DENY_SUFFIX).append(USER_SUFFIX).toString());
            BitSet permission = getPermission(Globals.HOSTNAME_ALL, ruleRightHand, ruleRightHand2);
            BitSet permission2 = getPermission(str, ruleRightHand, ruleRightHand2);
            BitSet bitSet2 = new BitSet(2);
            BitSet bitSet3 = new BitSet(2);
            if (set != null && set.size() > 0) {
                if (set.size() >= Integer.MAX_VALUE) {
                    throw new AccessControlException(Globals.getBrokerResources().getString(BrokerResources.X_INTERNAL_EXCEPTION, new StringBuffer().append("too many groups for user ").append(str).toString()));
                }
                HashMap ruleRightHand3 = getRuleRightHand(new StringBuffer().append(str3).append(ALLOW_SUFFIX).append(str2).toString());
                HashMap ruleRightHand4 = getRuleRightHand(new StringBuffer().append(str3).append(DENY_SUFFIX).append(str2).toString());
                bitSet3 = getPermission(Globals.HOSTNAME_ALL, ruleRightHand3, ruleRightHand4);
                Iterator it = set.iterator();
                while (it.hasNext()) {
                    bitSet2.or(getPermission((String) it.next(), ruleRightHand3, ruleRightHand4));
                }
            }
            if (DEBUG) {
                logger.log(4, new StringBuffer().append("computePermission:ubs=").append(permission2).toString());
                logger.log(4, new StringBuffer().append("computePermission:gbs=").append(bitSet2).toString());
                logger.log(4, new StringBuffer().append("computePermission:ubsall=").append(permission).toString());
                logger.log(4, new StringBuffer().append("computePermission:gbsall=").append(bitSet3).toString());
            }
            overridePermission(bitSet2, permission2);
            overridePermission(bitSet3, permission);
            overridePermission(bitSet3, bitSet2);
            if (DEBUG) {
                logger.log(4, new StringBuffer().append("computePermission:").append(str3).append(":bs=").append(bitSet3).toString());
            }
            overridePermission(bitSet, bitSet3);
            if (DEBUG) {
                logger.log(4, new StringBuffer().append("computePermission:total=").append(bitSet).toString());
            }
        }
        if (!bitSet.get(0) || bitSet.get(1)) {
            throw new AccessControlException(Globals.getBrokerResources().getKString(BrokerResources.X_FORBIDDEN, str));
        }
    }

    private void overridePermission(BitSet bitSet, BitSet bitSet2) {
        if (bitSet2.get(0) && bitSet2.get(1)) {
            return;
        }
        if (bitSet2.get(0)) {
            bitSet.set(0);
            bitSet.clear(1);
        }
        if (bitSet2.get(1)) {
            bitSet.set(1);
            bitSet.clear(0);
        }
    }

    private BitSet getPermission(String str, HashMap hashMap, HashMap hashMap2) {
        BitSet bitSet = new BitSet(2);
        if (hashMap != null && hashMap.get(str) != null) {
            bitSet.set(0);
        }
        if (hashMap2 != null && hashMap2.get(str) != null) {
            bitSet.set(1);
        }
        if (bitSet.get(0) && bitSet.get(1)) {
            bitSet.clear(0);
            bitSet.clear(1);
        }
        return bitSet;
    }

    private ArrayList getRules(String str, String str2, String str3, boolean z) {
        ArrayList arrayList = new ArrayList();
        if (str2 == null && str3 != null) {
            arrayList.add(new StringBuffer().append(str).append(".").append(str3).toString());
            return arrayList;
        }
        String stringBuffer = new StringBuffer().append(str).append(".").append(Globals.HOSTNAME_ALL).toString();
        if (str3 != null) {
            stringBuffer = new StringBuffer().append(stringBuffer).append(".").append(str3).toString();
        }
        arrayList.add(stringBuffer);
        if (!str2.equals(Globals.HOSTNAME_ALL)) {
            String stringBuffer2 = new StringBuffer().append(str).append(".").append(str2).toString();
            if (str3 != null) {
                stringBuffer2 = new StringBuffer().append(stringBuffer2).append(".").append(str3).toString();
            }
            arrayList.add(stringBuffer2);
        }
        return arrayList;
    }

    private HashMap getRuleRightHand(String str) {
        if (DEBUG) {
            logger.log(4, new StringBuffer().append("check permission ").append(str).toString());
        }
        String property = this.acs.getProperty(str);
        if (property == null) {
            return null;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(property, ",", false);
        HashMap hashMap = new HashMap();
        while (stringTokenizer.hasMoreElements()) {
            hashMap.put(stringTokenizer.nextToken(), "");
        }
        if (hashMap.size() == 0) {
            return null;
        }
        return hashMap;
    }

    private void validate(String str, Set set) throws AccessControlException {
        if (str == null) {
            throw new AccessControlException(Globals.getBrokerResources().getKString(BrokerResources.X_USER_NOT_DEFINED));
        }
        if (str.equals(Globals.HOSTNAME_ALL)) {
            throw new AccessControlException(Globals.getBrokerResources().getKString(BrokerResources.X_USER_NAME_RESERVED, Globals.HOSTNAME_ALL));
        }
        if (set != null) {
            Iterator it = set.iterator();
            while (it.hasNext()) {
                String str2 = (String) it.next();
                if (str2 == null) {
                    it.remove();
                } else if (str2.equals(Globals.HOSTNAME_ALL)) {
                    throw new AccessControlException(Globals.getBrokerResources().getKString(BrokerResources.X_GROUP_NAME_RESERVED, Globals.HOSTNAME_ALL));
                }
            }
        }
    }

    public static void main(String[] strArr) throws Exception {
        DEBUG = true;
        Properties properties = new Properties();
        properties.setProperty("imq.accesscontrol.file.filename", DEFAULT_ACL_FILENAME);
        JMQFileAccessControlModel jMQFileAccessControlModel = new JMQFileAccessControlModel();
        jMQFileAccessControlModel.initialize("file", properties);
        HashSet hashSet = new HashSet();
        hashSet.add("student");
        hashSet.add("Accounting Managers");
        ArrayList rules = jMQFileAccessControlModel.getRules(MQAuditSession.TOPIC, "abc", "produce", true);
        System.out.println(rules);
        jMQFileAccessControlModel.computePermission("akang", hashSet, rules, GROUP_SUFFIX);
        System.out.println("--DONE--");
    }
}
