package org.apache.qpid.server.security.access;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.log4j.Logger;
import org.apache.qpid.framing.AMQShortString;
import org.apache.qpid.server.configuration.SecurityConfiguration;
import org.apache.qpid.server.exchange.Exchange;
import org.apache.qpid.server.plugins.PluginManager;
import org.apache.qpid.server.protocol.AMQProtocolSession;
import org.apache.qpid.server.queue.AMQQueue;
import org.apache.qpid.server.security.access.ACLPlugin;
import org.apache.qpid.server.virtualhost.VirtualHost;

/* loaded from: input_file:org/apache/qpid/server/security/access/ACLManager.class */
public class ACLManager {
    private static final Logger _logger = Logger.getLogger(ACLManager.class);
    private PluginManager _pluginManager;
    private Map<String, ACLPluginFactory> _allSecurityPlugins;
    private Map<String, ACLPlugin> _globalPlugins;
    private Map<String, ACLPlugin> _hostPlugins;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/qpid/server/security/access/ACLManager$AccessCheck.class */
    public abstract class AccessCheck {
        private AccessCheck() {
        }

        abstract ACLPlugin.AuthzResult allowed(ACLPlugin aCLPlugin);
    }

    public ACLManager(SecurityConfiguration securityConfiguration, PluginManager pluginManager) throws ConfigurationException {
        this(securityConfiguration, pluginManager, null);
    }

    public ACLManager(SecurityConfiguration securityConfiguration, PluginManager pluginManager, ACLPluginFactory aCLPluginFactory) throws ConfigurationException {
        this._allSecurityPlugins = new HashMap();
        this._globalPlugins = new HashMap();
        this._hostPlugins = new HashMap();
        this._pluginManager = pluginManager;
        if (pluginManager == null) {
            return;
        }
        this._allSecurityPlugins = this._pluginManager.getSecurityPlugins();
        if (aCLPluginFactory != null) {
            this._allSecurityPlugins.put(aCLPluginFactory.getClass().getName(), aCLPluginFactory);
        }
        this._globalPlugins = configurePlugins(securityConfiguration);
    }

    public void configureHostPlugins(SecurityConfiguration securityConfiguration) throws ConfigurationException {
        this._hostPlugins = configurePlugins(securityConfiguration);
    }

    public Map<String, ACLPlugin> configurePlugins(SecurityConfiguration securityConfiguration) throws ConfigurationException {
        Configuration configuration = securityConfiguration.getConfiguration();
        HashMap hashMap = new HashMap();
        Iterator keys = configuration.getKeys();
        HashSet hashSet = new HashSet();
        while (keys.hasNext()) {
            String str = ((String) keys.next()).split("\\.", 2)[0];
            if (!hashSet.contains(str)) {
                for (ACLPluginFactory aCLPluginFactory : this._allSecurityPlugins.values()) {
                    if (aCLPluginFactory.supportsTag(str)) {
                        _logger.warn("Plugin handling security section " + str + " is " + aCLPluginFactory.getClass().getSimpleName());
                        hashSet.add(str);
                        hashMap.put(aCLPluginFactory.getClass().getName(), aCLPluginFactory.newInstance(configuration));
                    }
                }
            }
            if (!hashSet.contains(str)) {
                _logger.warn("No plugin handled security section " + str);
            }
        }
        return hashMap;
    }

    public static Logger getLogger() {
        return _logger;
    }

    private boolean checkAllPlugins(AccessCheck accessCheck) {
        ACLPlugin.AuthzResult authzResult = ACLPlugin.AuthzResult.ABSTAIN;
        HashMap hashMap = new HashMap();
        hashMap.putAll(this._globalPlugins);
        for (Map.Entry<String, ACLPlugin> entry : this._hostPlugins.entrySet()) {
            ACLPlugin.AuthzResult allowed = accessCheck.allowed(entry.getValue());
            if (allowed == ACLPlugin.AuthzResult.DENIED) {
                return false;
            }
            if (allowed == ACLPlugin.AuthzResult.ALLOWED) {
                hashMap.remove(entry.getKey());
            }
        }
        Iterator it = hashMap.values().iterator();
        while (it.hasNext()) {
            if (accessCheck.allowed((ACLPlugin) it.next()) == ACLPlugin.AuthzResult.DENIED) {
                return false;
            }
        }
        return true;
    }

    public boolean authoriseBind(final AMQProtocolSession aMQProtocolSession, final Exchange exchange, final AMQQueue aMQQueue, final AMQShortString aMQShortString) {
        return checkAllPlugins(new AccessCheck() { // from class: org.apache.qpid.server.security.access.ACLManager.1
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.apache.qpid.server.security.access.ACLManager.AccessCheck
            ACLPlugin.AuthzResult allowed(ACLPlugin aCLPlugin) {
                return aCLPlugin.authoriseBind(aMQProtocolSession, exchange, aMQQueue, aMQShortString);
            }
        });
    }

    public boolean authoriseConnect(final AMQProtocolSession aMQProtocolSession, final VirtualHost virtualHost) {
        return checkAllPlugins(new AccessCheck() { // from class: org.apache.qpid.server.security.access.ACLManager.2
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.apache.qpid.server.security.access.ACLManager.AccessCheck
            ACLPlugin.AuthzResult allowed(ACLPlugin aCLPlugin) {
                return aCLPlugin.authoriseConnect(aMQProtocolSession, virtualHost);
            }
        });
    }

    public boolean authoriseConsume(final AMQProtocolSession aMQProtocolSession, final boolean z, final AMQQueue aMQQueue) {
        return checkAllPlugins(new AccessCheck() { // from class: org.apache.qpid.server.security.access.ACLManager.3
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.apache.qpid.server.security.access.ACLManager.AccessCheck
            ACLPlugin.AuthzResult allowed(ACLPlugin aCLPlugin) {
                return aCLPlugin.authoriseConsume(aMQProtocolSession, z, aMQQueue);
            }
        });
    }

    public boolean authoriseConsume(final AMQProtocolSession aMQProtocolSession, final boolean z, final boolean z2, final boolean z3, final boolean z4, final AMQQueue aMQQueue) {
        return checkAllPlugins(new AccessCheck() { // from class: org.apache.qpid.server.security.access.ACLManager.4
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.apache.qpid.server.security.access.ACLManager.AccessCheck
            ACLPlugin.AuthzResult allowed(ACLPlugin aCLPlugin) {
                return aCLPlugin.authoriseConsume(aMQProtocolSession, z, z2, z3, z4, aMQQueue);
            }
        });
    }

    public boolean authoriseCreateExchange(final AMQProtocolSession aMQProtocolSession, final boolean z, final boolean z2, final AMQShortString aMQShortString, final boolean z3, final boolean z4, final boolean z5, final AMQShortString aMQShortString2) {
        return checkAllPlugins(new AccessCheck() { // from class: org.apache.qpid.server.security.access.ACLManager.5
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.apache.qpid.server.security.access.ACLManager.AccessCheck
            ACLPlugin.AuthzResult allowed(ACLPlugin aCLPlugin) {
                return aCLPlugin.authoriseCreateExchange(aMQProtocolSession, z, z2, aMQShortString, z3, z4, z5, aMQShortString2);
            }
        });
    }

    public boolean authoriseCreateQueue(final AMQProtocolSession aMQProtocolSession, final boolean z, final boolean z2, final boolean z3, final boolean z4, final boolean z5, final AMQShortString aMQShortString) {
        return checkAllPlugins(new AccessCheck() { // from class: org.apache.qpid.server.security.access.ACLManager.6
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.apache.qpid.server.security.access.ACLManager.AccessCheck
            ACLPlugin.AuthzResult allowed(ACLPlugin aCLPlugin) {
                return aCLPlugin.authoriseCreateQueue(aMQProtocolSession, z, z2, z3, z4, z5, aMQShortString);
            }
        });
    }

    public boolean authoriseDelete(final AMQProtocolSession aMQProtocolSession, final AMQQueue aMQQueue) {
        return checkAllPlugins(new AccessCheck() { // from class: org.apache.qpid.server.security.access.ACLManager.7
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.apache.qpid.server.security.access.ACLManager.AccessCheck
            ACLPlugin.AuthzResult allowed(ACLPlugin aCLPlugin) {
                return aCLPlugin.authoriseDelete(aMQProtocolSession, aMQQueue);
            }
        });
    }

    public boolean authoriseDelete(final AMQProtocolSession aMQProtocolSession, final Exchange exchange) {
        return checkAllPlugins(new AccessCheck() { // from class: org.apache.qpid.server.security.access.ACLManager.8
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.apache.qpid.server.security.access.ACLManager.AccessCheck
            ACLPlugin.AuthzResult allowed(ACLPlugin aCLPlugin) {
                return aCLPlugin.authoriseDelete(aMQProtocolSession, exchange);
            }
        });
    }

    public boolean authorisePublish(final AMQProtocolSession aMQProtocolSession, final boolean z, final boolean z2, final AMQShortString aMQShortString, final Exchange exchange) {
        return checkAllPlugins(new AccessCheck() { // from class: org.apache.qpid.server.security.access.ACLManager.9
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.apache.qpid.server.security.access.ACLManager.AccessCheck
            ACLPlugin.AuthzResult allowed(ACLPlugin aCLPlugin) {
                return aCLPlugin.authorisePublish(aMQProtocolSession, z, z2, aMQShortString, exchange);
            }
        });
    }

    public boolean authorisePurge(final AMQProtocolSession aMQProtocolSession, final AMQQueue aMQQueue) {
        return checkAllPlugins(new AccessCheck() { // from class: org.apache.qpid.server.security.access.ACLManager.10
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.apache.qpid.server.security.access.ACLManager.AccessCheck
            ACLPlugin.AuthzResult allowed(ACLPlugin aCLPlugin) {
                return aCLPlugin.authorisePurge(aMQProtocolSession, aMQQueue);
            }
        });
    }

    public boolean authoriseUnbind(final AMQProtocolSession aMQProtocolSession, final Exchange exchange, final AMQShortString aMQShortString, final AMQQueue aMQQueue) {
        return checkAllPlugins(new AccessCheck() { // from class: org.apache.qpid.server.security.access.ACLManager.11
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.apache.qpid.server.security.access.ACLManager.AccessCheck
            ACLPlugin.AuthzResult allowed(ACLPlugin aCLPlugin) {
                return aCLPlugin.authoriseUnbind(aMQProtocolSession, exchange, aMQShortString, aMQQueue);
            }
        });
    }

    public void addHostPlugin(ACLPlugin aCLPlugin) {
        this._hostPlugins.put(aCLPlugin.getClass().getName(), aCLPlugin);
    }
}
