package io.hawt.web;

import java.io.IOException;
import javax.management.ObjectName;
import org.jolokia.config.ConfigKey;
import org.jolokia.config.Configuration;
import org.jolokia.restrictor.AllowAllRestrictor;
import org.jolokia.restrictor.DenyAllRestrictor;
import org.jolokia.restrictor.Restrictor;
import org.jolokia.restrictor.RestrictorFactory;
import org.jolokia.util.HttpMethod;
import org.jolokia.util.NetworkUtil;
import org.jolokia.util.RequestType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hawtio-system-1.4.0.redhat-630348.jar:io/hawt/web/RBACRestrictor.class */
public class RBACRestrictor implements Restrictor {
    private static final transient Logger LOG = LoggerFactory.getLogger(RBACRestrictor.class);
    protected Restrictor delegate;
    protected RBACMBeanInvoker mBeanInvoker;

    public RBACRestrictor(Configuration configuration) {
        this(NetworkUtil.replaceExpression(configuration.get(ConfigKey.POLICY_LOCATION)));
    }

    public RBACRestrictor(String str) {
        initDelegate(str);
        this.mBeanInvoker = new RBACMBeanInvoker();
    }

    protected void initDelegate(String str) {
        try {
            this.delegate = RestrictorFactory.lookupPolicyRestrictor(str);
            if (this.delegate != null) {
                LOG.debug("Delegate - Using policy access restrictor {}", str);
            } else {
                LOG.debug("Delegate - No policy access restrictor found, access to any MBean is allowed");
                this.delegate = new AllowAllRestrictor();
            }
        } catch (IOException e) {
            LOG.error("Delegate - Error while accessing access policy restrictor at " + str + ". Denying all access to MBeans for security reasons. Exception: " + e, (Throwable) e);
            this.delegate = new DenyAllRestrictor();
        }
    }

    @Override // org.jolokia.restrictor.Restrictor
    public boolean isOperationAllowed(ObjectName objectName, String str) {
        boolean isOperationAllowed = this.delegate.isOperationAllowed(objectName, str);
        if (isOperationAllowed) {
            isOperationAllowed = this.mBeanInvoker.canInvoke(objectName, str);
        }
        LOG.debug("isOperationAllowed(objectName = {}, operation = {}) = {}", new Object[]{objectName, str, Boolean.valueOf(isOperationAllowed)});
        return isOperationAllowed;
    }

    @Override // org.jolokia.restrictor.Restrictor
    public boolean isAttributeReadAllowed(ObjectName objectName, String str) {
        boolean isAttributeReadAllowed = this.delegate.isAttributeReadAllowed(objectName, str);
        if (isAttributeReadAllowed) {
            isAttributeReadAllowed = this.mBeanInvoker.isReadAllowed(objectName, str);
        }
        LOG.debug("isAttributeReadAllowed(objectName = {}, attribute = {}) = {}", new Object[]{objectName, str, Boolean.valueOf(isAttributeReadAllowed)});
        return isAttributeReadAllowed;
    }

    @Override // org.jolokia.restrictor.Restrictor
    public boolean isAttributeWriteAllowed(ObjectName objectName, String str) {
        boolean isAttributeWriteAllowed = this.delegate.isAttributeWriteAllowed(objectName, str);
        if (isAttributeWriteAllowed) {
            isAttributeWriteAllowed = this.mBeanInvoker.isWriteAllowed(objectName, str);
        }
        LOG.debug("isAttributeWriteAllowed(objectName = {}, attribute = {}) = {}", new Object[]{objectName, str, Boolean.valueOf(isAttributeWriteAllowed)});
        return isAttributeWriteAllowed;
    }

    @Override // org.jolokia.restrictor.Restrictor
    public boolean isHttpMethodAllowed(HttpMethod httpMethod) {
        boolean isHttpMethodAllowed = this.delegate.isHttpMethodAllowed(httpMethod);
        LOG.trace("isHttpMethodAllowed(method = {}) = {}", httpMethod, Boolean.valueOf(isHttpMethodAllowed));
        return isHttpMethodAllowed;
    }

    @Override // org.jolokia.restrictor.Restrictor
    public boolean isTypeAllowed(RequestType requestType) {
        boolean isTypeAllowed = this.delegate.isTypeAllowed(requestType);
        LOG.trace("isTypeAllowed(type = {}) = {}", requestType, Boolean.valueOf(isTypeAllowed));
        return isTypeAllowed;
    }

    @Override // org.jolokia.restrictor.Restrictor
    public boolean isRemoteAccessAllowed(String... strArr) {
        boolean isRemoteAccessAllowed = this.delegate.isRemoteAccessAllowed(strArr);
        LOG.trace("isRemoteAccessAllowed(hostOrAddress = {}) = {}", strArr, Boolean.valueOf(isRemoteAccessAllowed));
        return isRemoteAccessAllowed;
    }

    @Override // org.jolokia.restrictor.Restrictor
    public boolean isOriginAllowed(String str, boolean z) {
        boolean isOriginAllowed = this.delegate.isOriginAllowed(str, z);
        LOG.trace("isOriginAllowed(origin = {}, strictCheck = {}) = {}", new Object[]{str, Boolean.valueOf(z), Boolean.valueOf(isOriginAllowed)});
        return isOriginAllowed;
    }
}
