package org.apache.qpid.server.security.access.plugins;

import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.Reader;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.SocketAddress;
import java.net.URL;
import java.security.AccessController;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.commons.lang.ObjectUtils;
import org.apache.log4j.Logger;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.connection.ConnectionPrincipal;
import org.apache.qpid.server.logging.EventLoggerProvider;
import org.apache.qpid.server.security.AccessControl;
import org.apache.qpid.server.security.Result;
import org.apache.qpid.server.security.access.ObjectProperties;
import org.apache.qpid.server.security.access.ObjectType;
import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.security.access.config.PlainConfiguration;
import org.apache.qpid.server.security.access.config.RuleSet;

/* loaded from: input_file:org/apache/qpid/server/security/access/plugins/DefaultAccessControl.class */
public class DefaultAccessControl implements AccessControl {
    private static final Logger _logger = Logger.getLogger(DefaultAccessControl.class);
    private final String _fileName;
    private RuleSet _ruleSet;
    private final EventLoggerProvider _eventLogger;

    public DefaultAccessControl(String str, EventLoggerProvider eventLoggerProvider) {
        this._fileName = str;
        this._eventLogger = eventLoggerProvider;
        if (_logger.isDebugEnabled()) {
            _logger.debug("Creating AccessControl instance");
        }
    }

    DefaultAccessControl(RuleSet ruleSet) {
        this._fileName = null;
        this._ruleSet = ruleSet;
        this._eventLogger = ruleSet;
    }

    public void open() {
        if (this._fileName != null) {
            this._ruleSet = new PlainConfiguration(this._fileName, this._eventLogger).load(getReaderFromURLString(this._fileName));
        }
    }

    public boolean validate() {
        try {
            getReaderFromURLString(this._fileName);
            return true;
        } catch (IllegalConfigurationException e) {
            return false;
        }
    }

    private static Reader getReaderFromURLString(String str) {
        URL url;
        try {
            try {
                url = new URL(str);
            } catch (MalformedURLException e) {
                try {
                    url = new File(str).toURI().toURL();
                } catch (MalformedURLException e2) {
                    throw new IllegalConfigurationException("Cannot convert " + str + " to a readable resource");
                }
            }
            return new InputStreamReader(url.openStream());
        } catch (IOException e3) {
            throw new IllegalConfigurationException("Cannot convert " + str + " to a readable resource");
        }
    }

    public void close() {
    }

    public void onDelete() {
    }

    public void onCreate() {
        if (this._fileName != null) {
            new PlainConfiguration(this._fileName, this._eventLogger).load(getReaderFromURLString(this._fileName));
        }
    }

    public Result getDefault() {
        return this._ruleSet.getDefault();
    }

    public Result authorise(Operation operation, ObjectType objectType, ObjectProperties objectProperties) {
        InetAddress inetAddress = null;
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (subject == null || subject.getPrincipals().size() == 0) {
            return Result.ABSTAIN;
        }
        Set principals = subject.getPrincipals(ConnectionPrincipal.class);
        if (!principals.isEmpty()) {
            SocketAddress remoteAddress = ((ConnectionPrincipal) principals.iterator().next()).getConnection().getRemoteAddress();
            if (remoteAddress instanceof InetSocketAddress) {
                inetAddress = ((InetSocketAddress) remoteAddress).getAddress();
            }
        }
        if (_logger.isDebugEnabled()) {
            _logger.debug("Checking " + operation + " " + objectType + " " + ObjectUtils.defaultIfNull(inetAddress, ""));
        }
        try {
            return this._ruleSet.check(subject, operation, objectType, objectProperties, inetAddress);
        } catch (Exception e) {
            _logger.error("Unable to check " + operation + " " + objectType + " " + ObjectUtils.defaultIfNull(inetAddress, ""), e);
            return Result.DENIED;
        }
    }
}
