package org.jboss.as.controller.access.rbac;

import java.security.Permission;
import java.security.PermissionCollection;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Locale;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import java.util.TreeSet;
import org.jboss.as.controller.ControllerMessages;
import org.jboss.as.controller.access.Action;
import org.jboss.as.controller.access.Caller;
import org.jboss.as.controller.access.Environment;
import org.jboss.as.controller.access.TargetAttribute;
import org.jboss.as.controller.access.TargetResource;
import org.jboss.as.controller.access.constraint.ApplicationTypeConstraint;
import org.jboss.as.controller.access.constraint.AuditConstraint;
import org.jboss.as.controller.access.constraint.Constraint;
import org.jboss.as.controller.access.constraint.ConstraintFactory;
import org.jboss.as.controller.access.constraint.HostEffectConstraint;
import org.jboss.as.controller.access.constraint.NonAuditConstraint;
import org.jboss.as.controller.access.constraint.ScopingConstraint;
import org.jboss.as.controller.access.constraint.SensitiveTargetConstraint;
import org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint;
import org.jboss.as.controller.access.constraint.ServerGroupEffectConstraint;
import org.jboss.as.controller.access.permission.CombinationManagementPermission;
import org.jboss.as.controller.access.permission.CombinationPolicy;
import org.jboss.as.controller.access.permission.ManagementPermission;
import org.jboss.as.controller.access.permission.ManagementPermissionCollection;
import org.jboss.as.controller.access.permission.PermissionFactory;
import org.jboss.as.controller.access.permission.SimpleManagementPermission;

/* loaded from: input_file:org/jboss/as/controller/access/rbac/DefaultPermissionFactory.class */
public class DefaultPermissionFactory implements PermissionFactory {
    private static final PermissionCollection NO_PERMISSIONS = new NoPermissionsCollection();
    private final CombinationPolicy combinationPolicy;
    private final RoleMapper roleMapper;
    private final Set<ConstraintFactory> constraintFactories;
    private final Map<String, ManagementPermissionCollection> permissionsByRole;
    private final Map<String, ScopedBase> scopedBaseMap;
    private boolean rolePermissionsConfigured;

    /* loaded from: input_file:org/jboss/as/controller/access/rbac/DefaultPermissionFactory$NoPermissionsCollection.class */
    private static class NoPermissionsCollection extends PermissionCollection {
        private static final long serialVersionUID = 426277167342589940L;

        private NoPermissionsCollection() {
            super.setReadOnly();
        }

        @Override // java.security.PermissionCollection
        public void add(Permission permission) {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.PermissionCollection
        public boolean implies(Permission permission) {
            return false;
        }

        @Override // java.security.PermissionCollection
        public Enumeration<Permission> elements() {
            return new Enumeration<Permission>() { // from class: org.jboss.as.controller.access.rbac.DefaultPermissionFactory.NoPermissionsCollection.1
                @Override // java.util.Enumeration
                public boolean hasMoreElements() {
                    return false;
                }

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.Enumeration
                public Permission nextElement() {
                    throw new NoSuchElementException();
                }
            };
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jboss/as/controller/access/rbac/DefaultPermissionFactory$ScopedBase.class */
    public class ScopedBase {
        private final StandardRole base;
        private final ScopingConstraint constraint;

        private ScopedBase(StandardRole standardRole, ScopingConstraint scopingConstraint) {
            this.base = standardRole;
            this.constraint = scopingConstraint;
        }
    }

    public DefaultPermissionFactory(CombinationPolicy combinationPolicy, RoleMapper roleMapper) {
        this(combinationPolicy, roleMapper, getStandardConstraintFactories());
    }

    DefaultPermissionFactory(CombinationPolicy combinationPolicy, RoleMapper roleMapper, Set<ConstraintFactory> set) {
        this.permissionsByRole = new HashMap();
        this.scopedBaseMap = new HashMap();
        this.combinationPolicy = combinationPolicy;
        this.roleMapper = roleMapper;
        this.constraintFactories = set;
    }

    @Override // org.jboss.as.controller.access.permission.PermissionFactory
    public PermissionCollection getUserPermissions(Caller caller, Environment environment, Action action, TargetAttribute targetAttribute) {
        return getUserPermissions(this.roleMapper.mapRoles(caller, environment, action, targetAttribute));
    }

    @Override // org.jboss.as.controller.access.permission.PermissionFactory
    public PermissionCollection getUserPermissions(Caller caller, Environment environment, Action action, TargetResource targetResource) {
        return getUserPermissions(this.roleMapper.mapRoles(caller, environment, action, targetResource));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v20, types: [java.security.PermissionCollection] */
    private PermissionCollection getUserPermissions(Set<String> set) {
        ManagementPermissionCollection managementPermissionCollection;
        ManagementPermissionCollection managementPermissionCollection2;
        configureRolePermissions();
        ManagementPermissionCollection managementPermissionCollection3 = null;
        HashMap hashMap = null;
        for (String str : set) {
            if (this.combinationPolicy == CombinationPolicy.REJECTING && managementPermissionCollection3 != null) {
                throw ControllerMessages.MESSAGES.illegalMultipleRoles();
            }
            synchronized (this) {
                managementPermissionCollection2 = this.permissionsByRole.get(str);
            }
            if (managementPermissionCollection2 == null) {
                throw new IllegalArgumentException("unknown role " + managementPermissionCollection2);
            }
            if (managementPermissionCollection3 == null) {
                managementPermissionCollection3 = managementPermissionCollection2;
            } else {
                if (hashMap == null) {
                    hashMap = new HashMap();
                    Enumeration<Permission> elements = managementPermissionCollection3.elements();
                    while (elements.hasMoreElements()) {
                        ManagementPermission managementPermission = (ManagementPermission) elements.nextElement();
                        Action.ActionEffect actionEffect = managementPermission.getActionEffect();
                        CombinationManagementPermission combinationManagementPermission = new CombinationManagementPermission(this.combinationPolicy, actionEffect);
                        combinationManagementPermission.addUnderlyingPermission(managementPermission);
                        hashMap.put(actionEffect, combinationManagementPermission);
                    }
                }
                Enumeration<Permission> elements2 = managementPermissionCollection2.elements();
                while (elements2.hasMoreElements()) {
                    ManagementPermission managementPermission2 = (ManagementPermission) elements2.nextElement();
                    Action.ActionEffect actionEffect2 = managementPermission2.getActionEffect();
                    CombinationManagementPermission combinationManagementPermission2 = (CombinationManagementPermission) hashMap.get(actionEffect2);
                    if (combinationManagementPermission2 == null) {
                        combinationManagementPermission2 = new CombinationManagementPermission(this.combinationPolicy, actionEffect2);
                        hashMap.put(actionEffect2, combinationManagementPermission2);
                    }
                    combinationManagementPermission2.addUnderlyingPermission(managementPermission2);
                }
            }
        }
        if (hashMap == null) {
            managementPermissionCollection = managementPermissionCollection3 != null ? managementPermissionCollection3 : NO_PERMISSIONS;
        } else {
            managementPermissionCollection = new ManagementPermissionCollection(CombinationManagementPermission.class);
            Iterator it = hashMap.values().iterator();
            while (it.hasNext()) {
                managementPermissionCollection.add((CombinationManagementPermission) it.next());
            }
        }
        return managementPermissionCollection;
    }

    @Override // org.jboss.as.controller.access.permission.PermissionFactory
    public PermissionCollection getRequiredPermissions(Action action, TargetAttribute targetAttribute) {
        ArrayList arrayList;
        synchronized (this) {
            arrayList = new ArrayList(this.constraintFactories);
        }
        ManagementPermissionCollection managementPermissionCollection = new ManagementPermissionCollection(SimpleManagementPermission.class);
        for (Action.ActionEffect actionEffect : action.getActionEffects()) {
            TreeSet treeSet = new TreeSet();
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                treeSet.add(((ConstraintFactory) it.next()).getRequiredConstraint(actionEffect, action, targetAttribute));
            }
            managementPermissionCollection.add(new SimpleManagementPermission(actionEffect, (Constraint[]) treeSet.toArray(new Constraint[treeSet.size()])));
        }
        return managementPermissionCollection;
    }

    @Override // org.jboss.as.controller.access.permission.PermissionFactory
    public PermissionCollection getRequiredPermissions(Action action, TargetResource targetResource) {
        ArrayList arrayList;
        synchronized (this) {
            arrayList = new ArrayList(this.constraintFactories);
        }
        ManagementPermissionCollection managementPermissionCollection = new ManagementPermissionCollection(SimpleManagementPermission.class);
        for (Action.ActionEffect actionEffect : action.getActionEffects()) {
            TreeSet treeSet = new TreeSet();
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                treeSet.add(((ConstraintFactory) it.next()).getRequiredConstraint(actionEffect, action, targetResource));
            }
            managementPermissionCollection.add(new SimpleManagementPermission(actionEffect, (Constraint[]) treeSet.toArray(new Constraint[treeSet.size()])));
        }
        return managementPermissionCollection;
    }

    void addConstraintFactory(ConstraintFactory constraintFactory) {
        synchronized (this) {
            if (this.constraintFactories.add(constraintFactory)) {
                this.rolePermissionsConfigured = false;
            }
        }
    }

    public void addScopedRole(String str, String str2, ScopingConstraint scopingConstraint) {
        StandardRole valueOf = StandardRole.valueOf(str2.toUpperCase(Locale.ENGLISH));
        configureRolePermissions();
        addScopedRoleInternal(str, valueOf, scopingConstraint);
    }

    public void removeScopedRole(String str) {
        if (StandardRole.valueOf(str.toUpperCase(Locale.ENGLISH)) != null) {
            throw new IllegalStateException("cannot remove standard role " + str);
        }
        synchronized (this) {
            this.permissionsByRole.remove(str);
        }
    }

    private synchronized void configureRolePermissions() {
        if (this.rolePermissionsConfigured) {
            return;
        }
        this.permissionsByRole.clear();
        this.permissionsByRole.putAll(configureDefaultPermissions());
        for (Map.Entry<String, ScopedBase> entry : this.scopedBaseMap.entrySet()) {
            addScopedRoleInternal(entry.getKey(), entry.getValue().base, entry.getValue().constraint);
        }
        this.rolePermissionsConfigured = true;
    }

    private synchronized Map<String, ManagementPermissionCollection> configureDefaultPermissions() {
        HashMap hashMap = new HashMap();
        for (StandardRole standardRole : StandardRole.values()) {
            ManagementPermissionCollection managementPermissionCollection = new ManagementPermissionCollection(SimpleManagementPermission.class);
            for (Action.ActionEffect actionEffect : Action.ActionEffect.values()) {
                if (standardRole.isActionEffectAllowed(actionEffect)) {
                    TreeSet treeSet = new TreeSet();
                    Iterator<ConstraintFactory> it = this.constraintFactories.iterator();
                    while (it.hasNext()) {
                        treeSet.add(it.next().getStandardUserConstraint(standardRole, actionEffect));
                    }
                    managementPermissionCollection.add(new SimpleManagementPermission(actionEffect, (Constraint[]) treeSet.toArray(new Constraint[treeSet.size()])));
                }
            }
            hashMap.put(standardRole.toString(), managementPermissionCollection);
        }
        return hashMap;
    }

    private synchronized void addScopedRoleInternal(String str, StandardRole standardRole, ScopingConstraint scopingConstraint) {
        if (this.permissionsByRole.containsKey(str)) {
            throw new IllegalStateException(String.format("role %s is already registered", str));
        }
        ManagementPermissionCollection managementPermissionCollection = this.permissionsByRole.get(standardRole.toString());
        if (managementPermissionCollection == null) {
            throw new IllegalArgumentException(String.format("Unknown base role %s", standardRole));
        }
        ManagementPermissionCollection managementPermissionCollection2 = null;
        Enumeration<Permission> elements = managementPermissionCollection.elements();
        while (elements.hasMoreElements()) {
            ManagementPermission createScopedPermission = ((ManagementPermission) elements.nextElement()).createScopedPermission(scopingConstraint);
            if (managementPermissionCollection2 == null) {
                managementPermissionCollection2 = (ManagementPermissionCollection) createScopedPermission.newPermissionCollection();
            }
            managementPermissionCollection2.add(createScopedPermission);
        }
        this.permissionsByRole.put(str, managementPermissionCollection2);
        this.scopedBaseMap.put(str, new ScopedBase(standardRole, scopingConstraint));
    }

    private static Set<ConstraintFactory> getStandardConstraintFactories() {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.add(ApplicationTypeConstraint.FACTORY);
        linkedHashSet.add(AuditConstraint.FACTORY);
        linkedHashSet.add(NonAuditConstraint.FACTORY);
        linkedHashSet.add(HostEffectConstraint.FACTORY);
        linkedHashSet.add(SensitiveTargetConstraint.FACTORY);
        linkedHashSet.add(SensitiveVaultExpressionConstraint.FACTORY);
        linkedHashSet.add(ServerGroupEffectConstraint.FACTORY);
        return linkedHashSet;
    }
}
