package org.apache.servicemix.jbi.jmx;

import java.lang.reflect.Method;
import java.security.Principal;
import javax.security.auth.Subject;
import org.apache.activemq.security.SecurityAdminMBean;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.servicemix.jbi.security.GroupPrincipal;

/* loaded from: input_file:WEB-INF/lib/servicemix-core-3.3.1.25-fuse.jar:org/apache/servicemix/jbi/jmx/AdminReadWritePolicy.class */
public class AdminReadWritePolicy extends Policy {
    private static final Log LOG = LogFactory.getLog(AdminReadWritePolicy.class);
    private static final String INVOKE = "invoke";

    @Override // org.apache.servicemix.jbi.jmx.Policy
    public void checkAuthorization(Subject subject, Object obj, Method method, Object[] objArr) throws SecurityException {
        if (isReadOnly(method) || isAdmin(subject) || isInvokeReadOnly(method, objArr)) {
            return;
        }
        LOG.warn(String.format("Denied access to MBeanServer.%s(%s) to %s", method.getName(), explode(objArr), subject));
        throw new SecurityException("Not authorized to run MBeanServer." + method.getName() + "\n(" + explode(objArr) + ")");
    }

    private boolean isInvokeReadOnly(Method method, Object[] objArr) {
        return INVOKE.equals(method.getName()) && objArr != null && objArr.length >= 2 && isReadOnly((String) objArr[1]);
    }

    private String explode(Object[] objArr) {
        if (objArr == null || objArr.length == 0) {
            return "";
        }
        StringBuffer stringBuffer = new StringBuffer();
        Object obj = objArr[objArr.length - 1];
        for (Object obj2 : objArr) {
            stringBuffer.append(obj2);
            if (obj2 != obj) {
                stringBuffer.append(", ");
            }
        }
        return stringBuffer.toString();
    }

    private boolean isAdmin(Subject subject) {
        for (Principal principal : subject.getPrincipals()) {
            if ((principal instanceof GroupPrincipal) && SecurityAdminMBean.OPERATION_ADMIN.equals(principal.getName())) {
                return true;
            }
        }
        return false;
    }

    public String toString() {
        return "admin group read-write access";
    }
}
