package org.apache.qpid.server.security.access.config;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.qpid.server.message.MessageDestination;
import org.apache.qpid.server.model.AlternateBinding;
import org.apache.qpid.server.model.Binding;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.BrokerLogInclusionRule;
import org.apache.qpid.server.model.BrokerLogger;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.Connection;
import org.apache.qpid.server.model.Consumer;
import org.apache.qpid.server.model.Exchange;
import org.apache.qpid.server.model.ExclusivityPolicy;
import org.apache.qpid.server.model.Group;
import org.apache.qpid.server.model.GroupMember;
import org.apache.qpid.server.model.LifetimePolicy;
import org.apache.qpid.server.model.Model;
import org.apache.qpid.server.model.PermissionedObject;
import org.apache.qpid.server.model.Queue;
import org.apache.qpid.server.model.RemoteReplicationNode;
import org.apache.qpid.server.model.Session;
import org.apache.qpid.server.model.User;
import org.apache.qpid.server.model.VirtualHost;
import org.apache.qpid.server.model.VirtualHostAccessControlProvider;
import org.apache.qpid.server.model.VirtualHostAlias;
import org.apache.qpid.server.model.VirtualHostLogInclusionRule;
import org.apache.qpid.server.model.VirtualHostLogger;
import org.apache.qpid.server.model.VirtualHostNode;
import org.apache.qpid.server.queue.QueueConsumer;
import org.apache.qpid.server.security.Result;
import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.security.access.OperationType;
import org.apache.qpid.server.security.access.config.ObjectProperties;
import org.apache.qpid.server.virtualhost.QueueManagingVirtualHost;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/apache/qpid/server/security/access/config/LegacyAccessControlAdapter.class */
public class LegacyAccessControlAdapter {
    private static final Set<String> LOG_ACCESS_METHOD_NAMES = Collections.unmodifiableSet(new HashSet(Arrays.asList("getFile", "getFiles", "getAllFiles", "getLogEntries")));
    private static final Set<String> QUEUE_UPDATE_METHODS = Collections.unmodifiableSet(new HashSet(Arrays.asList("moveMessages", "copyMessages", "deleteMessages")));
    private final LegacyAccessControl _accessControl;
    private final Model _model;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.qpid.server.security.access.config.LegacyAccessControlAdapter$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/qpid/server/security/access/config/LegacyAccessControlAdapter$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$qpid$server$security$access$OperationType = new int[OperationType.values().length];

        static {
            try {
                $SwitchMap$org$apache$qpid$server$security$access$OperationType[OperationType.CREATE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$qpid$server$security$access$OperationType[OperationType.UPDATE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$qpid$server$security$access$OperationType[OperationType.DELETE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$qpid$server$security$access$OperationType[OperationType.INVOKE_METHOD.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$qpid$server$security$access$OperationType[OperationType.PERFORM_ACTION.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$apache$qpid$server$security$access$OperationType[OperationType.DISCOVER.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$apache$qpid$server$security$access$OperationType[OperationType.READ.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public LegacyAccessControlAdapter(LegacyAccessControl legacyAccessControl, Model model) {
        this._accessControl = legacyAccessControl;
        this._model = model;
    }

    private Model getModel() {
        return this._model;
    }

    Result authorise(LegacyOperation legacyOperation, PermissionedObject permissionedObject, Map<String, Object> map) {
        if (isAllowedOperation(legacyOperation, permissionedObject)) {
            return Result.ALLOWED;
        }
        Class<? extends ConfiguredObject> categoryClass = permissionedObject.getCategoryClass();
        ObjectType aCLObjectTypeManagingConfiguredObjectOfCategory = getACLObjectTypeManagingConfiguredObjectOfCategory(categoryClass);
        if (aCLObjectTypeManagingConfiguredObjectOfCategory == null) {
            throw new IllegalArgumentException("Cannot identify object type for category " + categoryClass);
        }
        ObjectProperties aCLObjectProperties = getACLObjectProperties(permissionedObject, legacyOperation);
        if (legacyOperation == LegacyOperation.UPDATE) {
            aCLObjectProperties.setAttributeNames(map.keySet());
        }
        return this._accessControl.authorise(validateAuthoriseOperation(legacyOperation, categoryClass), aCLObjectTypeManagingConfiguredObjectOfCategory, aCLObjectProperties);
    }

    private boolean isAllowedOperation(LegacyOperation legacyOperation, PermissionedObject permissionedObject) {
        if ((permissionedObject instanceof Session) && (legacyOperation == LegacyOperation.CREATE || legacyOperation == LegacyOperation.UPDATE || legacyOperation == LegacyOperation.DELETE)) {
            return true;
        }
        if ((permissionedObject instanceof Consumer) && (legacyOperation == LegacyOperation.UPDATE || legacyOperation == LegacyOperation.DELETE)) {
            return true;
        }
        if (permissionedObject instanceof Connection) {
            return legacyOperation == LegacyOperation.UPDATE || legacyOperation == LegacyOperation.DELETE;
        }
        return false;
    }

    private ObjectType getACLObjectTypeManagingConfiguredObjectOfCategory(Class<? extends ConfiguredObject> cls) {
        if (Binding.class.isAssignableFrom(cls)) {
            return ObjectType.EXCHANGE;
        }
        if (VirtualHostNode.class.isAssignableFrom(cls)) {
            return ObjectType.VIRTUALHOSTNODE;
        }
        if (isBrokerType(cls)) {
            return ObjectType.BROKER;
        }
        if (isVirtualHostType(cls)) {
            return ObjectType.VIRTUALHOST;
        }
        if (!Group.class.isAssignableFrom(cls) && !GroupMember.class.isAssignableFrom(cls)) {
            if (User.class.isAssignableFrom(cls)) {
                return ObjectType.USER;
            }
            if (Queue.class.isAssignableFrom(cls)) {
                return ObjectType.QUEUE;
            }
            if (!Exchange.class.isAssignableFrom(cls) && !Session.class.isAssignableFrom(cls)) {
                if (Consumer.class.isAssignableFrom(cls)) {
                    return ObjectType.QUEUE;
                }
                if (RemoteReplicationNode.class.isAssignableFrom(cls)) {
                    return ObjectType.VIRTUALHOSTNODE;
                }
                return null;
            }
            return ObjectType.EXCHANGE;
        }
        return ObjectType.GROUP;
    }

    private boolean isVirtualHostType(Class<? extends ConfiguredObject> cls) {
        return VirtualHost.class.isAssignableFrom(cls) || VirtualHostLogger.class.isAssignableFrom(cls) || VirtualHostLogInclusionRule.class.isAssignableFrom(cls) || VirtualHostAccessControlProvider.class.isAssignableFrom(cls) || Connection.class.isAssignableFrom(cls);
    }

    private boolean isBrokerType(Class<? extends ConfiguredObject> cls) {
        return Broker.class.isAssignableFrom(cls) || BrokerLogInclusionRule.class.isAssignableFrom(cls) || VirtualHostAlias.class.isAssignableFrom(cls) || (!VirtualHostNode.class.isAssignableFrom(cls) && getModel().getChildTypes(Broker.class).contains(cls));
    }

    private ObjectProperties getACLObjectProperties(PermissionedObject permissionedObject, LegacyOperation legacyOperation) {
        String name = permissionedObject.getName();
        Class<? extends ConfiguredObject> categoryClass = permissionedObject.getCategoryClass();
        ObjectProperties objectProperties = new ObjectProperties(name);
        if (permissionedObject instanceof Queue) {
            setQueueProperties((Queue) permissionedObject, objectProperties);
        } else if (permissionedObject instanceof Exchange) {
            Exchange exchange = (Exchange) permissionedObject;
            Object attribute = exchange.getAttribute("lifetimePolicy");
            objectProperties.put(ObjectProperties.Property.AUTO_DELETE, Boolean.valueOf(attribute != LifetimePolicy.PERMANENT));
            objectProperties.put(ObjectProperties.Property.TEMPORARY, Boolean.valueOf(attribute != LifetimePolicy.PERMANENT));
            objectProperties.put(ObjectProperties.Property.DURABLE, (Boolean) exchange.getAttribute("durable"));
            objectProperties.put(ObjectProperties.Property.TYPE, (String) exchange.getAttribute("type"));
            if (exchange.getAttribute("createdBy") != null) {
                objectProperties.put(ObjectProperties.Property.CREATED_BY, (String) exchange.getAttribute("createdBy"));
            }
            objectProperties.put(ObjectProperties.Property.VIRTUALHOST_NAME, (String) exchange.getParent().getAttribute("name"));
        } else if (permissionedObject instanceof QueueConsumer) {
            setQueueProperties(((QueueConsumer) permissionedObject).getParent(), objectProperties);
        } else {
            ConfiguredObject configuredObject = (ConfiguredObject) permissionedObject;
            if (isBrokerType(categoryClass)) {
                Object[] objArr = new Object[3];
                objArr[0] = legacyOperation == null ? null : legacyOperation.name().toLowerCase();
                objArr[1] = categoryClass == null ? null : categoryClass.getSimpleName().toLowerCase();
                objArr[2] = name;
                objectProperties = new OperationLoggingDetails(String.format("%s %s '%s'", objArr));
            } else if (isVirtualHostType(categoryClass)) {
                objectProperties.put(ObjectProperties.Property.VIRTUALHOST_NAME, (String) ((ConfiguredObject) getModel().getAncestor(VirtualHost.class, configuredObject)).getAttribute("name"));
            }
            if (configuredObject.getAttribute("createdBy") != null) {
                objectProperties.put(ObjectProperties.Property.CREATED_BY, (String) configuredObject.getAttribute("createdBy"));
            }
        }
        return objectProperties;
    }

    private void setQueueProperties(ConfiguredObject<?> configuredObject, ObjectProperties objectProperties) {
        String destination;
        objectProperties.setName((String) configuredObject.getAttribute("name"));
        Object attribute = configuredObject.getAttribute("lifetimePolicy");
        objectProperties.put(ObjectProperties.Property.AUTO_DELETE, Boolean.valueOf(attribute != LifetimePolicy.PERMANENT));
        objectProperties.put(ObjectProperties.Property.TEMPORARY, Boolean.valueOf(attribute != LifetimePolicy.PERMANENT));
        objectProperties.put(ObjectProperties.Property.DURABLE, (Boolean) configuredObject.getAttribute("durable"));
        objectProperties.put(ObjectProperties.Property.EXCLUSIVE, Boolean.valueOf(configuredObject.getAttribute("exclusive") != ExclusivityPolicy.NONE));
        if (configuredObject.getAttribute("createdBy") != null) {
            objectProperties.put(ObjectProperties.Property.CREATED_BY, (String) configuredObject.getAttribute("createdBy"));
        }
        Object attribute2 = configuredObject.getAttribute("alternateBinding");
        if ((attribute2 instanceof AlternateBinding) && (destination = ((AlternateBinding) attribute2).getDestination()) != null && !"".equals(destination)) {
            objectProperties.put(ObjectProperties.Property.ALTERNATE, destination);
        }
        String str = (String) configuredObject.getAttribute(Rule.OWNER);
        if (str != null) {
            objectProperties.put(ObjectProperties.Property.OWNER, str);
        }
        objectProperties.put(ObjectProperties.Property.VIRTUALHOST_NAME, (String) configuredObject.getParent().getAttribute("name"));
    }

    private LegacyOperation validateAuthoriseOperation(LegacyOperation legacyOperation, Class<? extends ConfiguredObject> cls) {
        if (legacyOperation == LegacyOperation.CREATE || legacyOperation == LegacyOperation.UPDATE) {
            if (Consumer.class.isAssignableFrom(cls)) {
                return LegacyOperation.CONSUME;
            }
            if (GroupMember.class.isAssignableFrom(cls)) {
                return LegacyOperation.UPDATE;
            }
            if (isBrokerType(cls)) {
                return LegacyOperation.CONFIGURE;
            }
        } else if (legacyOperation == LegacyOperation.DELETE) {
            if (isBrokerType(cls)) {
                return LegacyOperation.CONFIGURE;
            }
            if (GroupMember.class.isAssignableFrom(cls)) {
                return LegacyOperation.UPDATE;
            }
        }
        return legacyOperation;
    }

    Result authoriseAction(PermissionedObject permissionedObject, String str, Map<String, Object> map) {
        Class categoryClass = permissionedObject.getCategoryClass();
        String str2 = permissionedObject instanceof ConfiguredObject ? (String) ((ConfiguredObject) permissionedObject).getAttribute("createdBy") : null;
        if (categoryClass == Exchange.class) {
            Exchange exchange = (MessageDestination) permissionedObject;
            if ("publish".equals(str)) {
                ObjectProperties objectProperties = new ObjectProperties(exchange.getAddressSpace().getName(), exchange.getName(), (String) map.get("routingKey"));
                objectProperties.put(ObjectProperties.Property.DURABLE, Boolean.valueOf(exchange.isDurable()));
                if (exchange instanceof Exchange) {
                    LifetimePolicy lifetimePolicy = exchange.getLifetimePolicy();
                    objectProperties.put(ObjectProperties.Property.AUTO_DELETE, Boolean.valueOf(lifetimePolicy != LifetimePolicy.PERMANENT));
                    objectProperties.put(ObjectProperties.Property.TEMPORARY, Boolean.valueOf(lifetimePolicy != LifetimePolicy.PERMANENT));
                }
                if (str2 != null) {
                    objectProperties.put(ObjectProperties.Property.CREATED_BY, str2);
                }
                return this._accessControl.authorise(LegacyOperation.PUBLISH, ObjectType.EXCHANGE, objectProperties);
            }
        } else if (categoryClass == VirtualHost.class) {
            if ("connect".equals(str)) {
                String name = permissionedObject.getName();
                ObjectProperties objectProperties2 = new ObjectProperties(name);
                objectProperties2.put(ObjectProperties.Property.VIRTUALHOST_NAME, name);
                if (str2 != null) {
                    objectProperties2.put(ObjectProperties.Property.CREATED_BY, str2);
                }
                return this._accessControl.authorise(LegacyOperation.ACCESS, ObjectType.VIRTUALHOST, objectProperties2);
            }
        } else if (categoryClass == Broker.class) {
            if ("manage".equals(str)) {
                ObjectProperties objectProperties3 = ObjectProperties.EMPTY;
                if (str2 != null) {
                    objectProperties3 = new ObjectProperties();
                    objectProperties3.put(ObjectProperties.Property.CREATED_BY, str2);
                }
                return this._accessControl.authorise(LegacyOperation.ACCESS, ObjectType.MANAGEMENT, objectProperties3);
            }
        } else if (categoryClass == Queue.class) {
            Queue queue = (Queue) permissionedObject;
            if ("publish".equals(str)) {
                ObjectProperties objectProperties4 = new ObjectProperties(queue.getParent().getName(), "", queue.getName());
                if (str2 != null) {
                    objectProperties4.put(ObjectProperties.Property.CREATED_BY, str2);
                }
                return this._accessControl.authorise(LegacyOperation.PUBLISH, ObjectType.EXCHANGE, objectProperties4);
            }
        }
        return Result.DEFER;
    }

    Result authoriseMethod(PermissionedObject permissionedObject, String str, Map<String, Object> map) {
        Class<? extends ConfiguredObject> categoryClass = permissionedObject.getCategoryClass();
        Result authorise = this._accessControl.authorise(LegacyOperation.INVOKE, getACLObjectTypeManagingConfiguredObjectOfCategory(categoryClass), createObjectPropertiesForMethod(permissionedObject, str));
        if (authorise == Result.ALLOWED) {
            return authorise;
        }
        String str2 = permissionedObject instanceof ConfiguredObject ? (String) ((ConfiguredObject) permissionedObject).getAttribute("createdBy") : null;
        ObjectProperties objectProperties = new ObjectProperties();
        if (str2 != null) {
            objectProperties.put(ObjectProperties.Property.CREATED_BY, str2);
        }
        if (categoryClass == Queue.class) {
            Queue queue = (Queue) permissionedObject;
            if ("clearQueue".equals(str)) {
                setQueueProperties(queue, objectProperties);
                return this._accessControl.authorise(LegacyOperation.PURGE, ObjectType.QUEUE, objectProperties);
            }
            if (QUEUE_UPDATE_METHODS.contains(str)) {
                QueueManagingVirtualHost virtualHost = queue.getVirtualHost();
                String name = virtualHost.getName();
                objectProperties.setName(str);
                objectProperties.put(ObjectProperties.Property.COMPONENT, buildHierarchicalCategoryName(queue, virtualHost));
                objectProperties.put(ObjectProperties.Property.VIRTUALHOST_NAME, name);
                return this._accessControl.authorise(LegacyOperation.UPDATE, ObjectType.METHOD, objectProperties);
            }
        } else {
            if ((categoryClass == BrokerLogger.class || categoryClass == VirtualHostLogger.class) && LOG_ACCESS_METHOD_NAMES.contains(str)) {
                if (categoryClass != BrokerLogger.class) {
                    objectProperties.setName(((ConfiguredObject) permissionedObject).getParent().getName());
                }
                return this._accessControl.authorise(LegacyOperation.ACCESS_LOGS, categoryClass == BrokerLogger.class ? ObjectType.BROKER : ObjectType.VIRTUALHOST, objectProperties);
            }
            if (categoryClass == Broker.class && "initiateShutdown".equals(str)) {
                this._accessControl.authorise(LegacyOperation.SHUTDOWN, ObjectType.BROKER, objectProperties);
            } else if (categoryClass == Exchange.class) {
                ObjectProperties createObjectPropertiesForExchangeBind = createObjectPropertiesForExchangeBind(map, permissionedObject);
                if (str2 != null) {
                    createObjectPropertiesForExchangeBind.put(ObjectProperties.Property.CREATED_BY, str2);
                }
                if ("bind".equals(str)) {
                    return this._accessControl.authorise(LegacyOperation.BIND, ObjectType.EXCHANGE, createObjectPropertiesForExchangeBind);
                }
                if ("unbind".equals(str)) {
                    return this._accessControl.authorise(LegacyOperation.UNBIND, ObjectType.EXCHANGE, createObjectPropertiesForExchangeBind);
                }
            }
        }
        return authorise;
    }

    private ObjectProperties createObjectPropertiesForMethod(PermissionedObject permissionedObject, String str) {
        String buildHierarchicalCategoryName;
        ObjectProperties objectProperties = new ObjectProperties(permissionedObject.getName());
        objectProperties.put(ObjectProperties.Property.METHOD_NAME, str);
        if (permissionedObject instanceof ConfiguredObject) {
            ConfiguredObject<?> configuredObject = (ConfiguredObject) permissionedObject;
            Model model = configuredObject.getModel();
            VirtualHost virtualHost = (VirtualHost) model.getAncestor(VirtualHost.class, configuredObject);
            if (virtualHost != null) {
                objectProperties.put(ObjectProperties.Property.VIRTUALHOST_NAME, virtualHost.getName());
                buildHierarchicalCategoryName = buildHierarchicalCategoryName(configuredObject, virtualHost);
            } else {
                buildHierarchicalCategoryName = buildHierarchicalCategoryName(configuredObject, (ConfiguredObject) model.getAncestor(Broker.class, configuredObject));
            }
            objectProperties.put(ObjectProperties.Property.COMPONENT, buildHierarchicalCategoryName);
            String str2 = (String) configuredObject.getAttribute("createdBy");
            if (str2 != null) {
                objectProperties.put(ObjectProperties.Property.CREATED_BY, str2);
            }
        }
        return objectProperties;
    }

    private String buildHierarchicalCategoryName(ConfiguredObject<?> configuredObject, ConfiguredObject<?> configuredObject2) {
        LinkedList linkedList = new LinkedList();
        ConfiguredObject<?> configuredObject3 = configuredObject;
        linkedList.add(configuredObject.getCategoryClass().getSimpleName());
        while (configuredObject3 != null && configuredObject2 != configuredObject3) {
            ConfiguredObject<?> parent = configuredObject.getParent();
            linkedList.add(0, parent.getCategoryClass().getSimpleName());
            configuredObject3 = parent;
        }
        return (String) linkedList.stream().collect(Collectors.joining("."));
    }

    private ObjectProperties createObjectPropertiesForExchangeBind(Map<String, Object> map, PermissionedObject permissionedObject) {
        ObjectProperties objectProperties = new ObjectProperties();
        Exchange exchange = (Exchange) permissionedObject;
        QueueManagingVirtualHost virtualHost = exchange.getVirtualHost();
        objectProperties.setName(exchange.getName());
        String str = (String) map.get("destination");
        objectProperties.put(ObjectProperties.Property.QUEUE_NAME, str);
        objectProperties.put(ObjectProperties.Property.ROUTING_KEY, (String) map.get("bindingKey"));
        objectProperties.put(ObjectProperties.Property.VIRTUALHOST_NAME, virtualHost.getName());
        ConfiguredObject attainedMessageDestination = virtualHost.getAttainedMessageDestination(str, false);
        if (attainedMessageDestination != null) {
            if (attainedMessageDestination instanceof ConfiguredObject) {
                objectProperties.put(ObjectProperties.Property.TEMPORARY, Boolean.valueOf(attainedMessageDestination.getLifetimePolicy() != LifetimePolicy.PERMANENT));
            }
            objectProperties.put(ObjectProperties.Property.DURABLE, Boolean.valueOf(attainedMessageDestination.isDurable()));
        }
        return objectProperties;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Result authorise(Operation operation, PermissionedObject permissionedObject, Map<String, Object> map) {
        switch (AnonymousClass1.$SwitchMap$org$apache$qpid$server$security$access$OperationType[operation.getType().ordinal()]) {
            case 1:
                return authorise(LegacyOperation.CREATE, permissionedObject, Collections.emptyMap());
            case 2:
                return authorise(LegacyOperation.UPDATE, permissionedObject, map);
            case 3:
                return authorise(LegacyOperation.DELETE, permissionedObject, Collections.emptyMap());
            case 4:
                return authoriseMethod(permissionedObject, operation.getName(), map);
            case 5:
                return authoriseAction(permissionedObject, operation.getName(), map);
            case 6:
            case 7:
                return Result.DEFER;
            default:
                return null;
        }
    }
}
