package com.sun.messaging.jmq.jmsserver.auth.acl;

import com.sun.messaging.jmq.auth.api.server.model.AccessControlModel;
import com.sun.messaging.jmq.auth.jaas.PermissionFactory;
import com.sun.messaging.jmq.jmsserver.Globals;
import com.sun.messaging.jmq.jmsserver.auth.usermgr.UserMgrOptions;
import com.sun.messaging.jmq.util.log.Logger;
import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Permission;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Map;
import java.util.Properties;
import javax.security.auth.Subject;

/* loaded from: input_file:com/sun/messaging/jmq/jmsserver/auth/acl/JAASAccessControlModel.class */
public class JAASAccessControlModel implements AccessControlModel {
    public static final String TYPE = "jaas";
    public static final String PROP_PERMISSION_FACTORY = "jaas.permissionFactory";
    public static final String PROP_PERMISSION_FACTORY_PRIVATE = "jaas.permissionFactoryPrivate";
    public static final String PROP_POLICY_PROVIDER = "jaas.policyProvider";
    private Properties authProps;
    private Logger logger = Globals.getLogger();
    private PermissionFactory permFactory = null;
    private String permFactoryPrivate = null;

    public void initialize(String str, Properties properties) {
        if (!str.equals("jaas")) {
            String kString = Globals.getBrokerResources().getKString("B4072", new String[]{str, "jaas", getClass().getName()});
            this.logger.log(32, kString);
            throw new AccessControlException(kString);
        }
        this.authProps = properties;
        String property = this.authProps.getProperty("imq.accesscontrol.jaas.permissionFactory");
        String property2 = this.authProps.getProperty("imq.accesscontrol.jaas.policyProvider");
        if (property != null) {
            try {
                this.permFactory = (PermissionFactory) Class.forName(property).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
            } catch (Exception e) {
                this.logger.logStack(32, e.getMessage(), e);
                throw new AccessControlException(e.getClass().getName() + ": " + e.getMessage());
            }
        }
        if (property2 != null) {
            Class.forName(property2).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
        }
        this.permFactoryPrivate = this.authProps.getProperty("imq.accesscontrol.jaas.permissionFactoryPrivate");
        load();
    }

    public void load() {
        try {
            Policy.getPolicy().refresh();
        } catch (SecurityException e) {
            AccessControlException accessControlException = new AccessControlException(e.toString());
            accessControlException.initCause(e);
            throw accessControlException;
        }
    }

    public void checkConnectionPermission(Principal principal, String str, String str2, Subject subject) {
        try {
            try {
                checkPermission(subject, this.permFactory.newPermission(this.permFactoryPrivate, "mq-conn::" + str2, (String) null, (Map) null));
            } catch (AccessControlException e) {
                AccessControlException accessControlException = new AccessControlException(e.getMessage() + ": " + principal + " [" + subject.getPrincipals() + "]");
                accessControlException.initCause(e);
                throw accessControlException;
            }
        } catch (Exception e2) {
            this.logger.logStack(32, e2.toString(), e2);
            AccessControlException accessControlException2 = new AccessControlException(e2.toString());
            accessControlException2.initCause(e2);
            throw accessControlException2;
        }
    }

    public void checkDestinationPermission(Principal principal, String str, String str2, Subject subject, String str3, String str4, String str5) {
        try {
            try {
                checkPermission(subject, str3.equals(UserMgrOptions.PROP_NAME_OPTION_CREATEMODE) ? this.permFactory.newPermission(this.permFactoryPrivate, "mq-auto::queue", (String) null, (Map) null) : this.permFactory.newPermission(this.permFactoryPrivate, "mq-dest::queue:" + str4, str3, (Map) null));
            } catch (AccessControlException e) {
                AccessControlException accessControlException = new AccessControlException(e.getMessage() + ": " + principal + " [" + subject.getPrincipals() + "]");
                accessControlException.initCause(e);
                throw accessControlException;
            }
        } catch (Exception e2) {
            this.logger.logStack(32, e2.toString(), e2);
            AccessControlException accessControlException2 = new AccessControlException(e2.toString());
            accessControlException2.initCause(e2);
            throw accessControlException2;
        }
    }

    private void checkPermission(Subject subject, final Permission permission) {
        Subject.doAsPrivileged(subject, new PrivilegedAction() { // from class: com.sun.messaging.jmq.jmsserver.auth.acl.JAASAccessControlModel.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                AccessController.checkPermission(permission);
                return null;
            }
        }, (AccessControlContext) null);
    }
}
