package io.hawt.web;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import io.hawt.system.Helpers;
import io.hawt.system.JmxHelpers;
import java.lang.management.ManagementFactory;
import java.security.AccessController;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import javax.management.InstanceNotFoundException;
import javax.management.MBeanAttributeInfo;
import javax.management.MBeanInfo;
import javax.management.MBeanServer;
import javax.management.MalformedObjectNameException;
import javax.management.ObjectName;
import javax.management.QueryExp;
import javax.security.auth.Subject;
import org.eclipse.jgit.lib.RefDatabase;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hawtio-system-1.4.0.redhat-630416.jar:io/hawt/web/RBACMBeanInvoker.class */
public class RBACMBeanInvoker {
    private static final transient Logger LOG = LoggerFactory.getLogger(RBACMBeanInvoker.class);
    private static long CAN_INVOKE_CACHE_DURATION = 10;
    private static long MBEAN_INFO_CACHE_DURATION = 10;
    protected MBeanServer mBeanServer;
    protected ObjectName securityMBean;
    protected LoadingCache<CanInvokeKey, Boolean> canInvokeCache;
    protected LoadingCache<ObjectName, Map<String, MBeanAttributeInfo>> mbeanInfoCache;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/hawtio-system-1.4.0.redhat-630416.jar:io/hawt/web/RBACMBeanInvoker$CanInvokeKey.class */
    public class CanInvokeKey {
        protected String username;
        protected ObjectName objectName;
        protected String operation;

        protected CanInvokeKey(String str, ObjectName objectName, String str2) {
            this.username = str;
            this.objectName = objectName;
            this.operation = str2;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (obj == null || !(obj instanceof CanInvokeKey)) {
                return false;
            }
            CanInvokeKey canInvokeKey = (CanInvokeKey) obj;
            return Objects.equals(this.username, canInvokeKey.username) && Objects.equals(this.objectName, canInvokeKey.objectName) && Objects.equals(this.operation, canInvokeKey.operation);
        }

        public int hashCode() {
            return Objects.hash(this.username, this.objectName, this.operation);
        }

        public String toString() {
            return String.format("%s{username=%s, objectName=%s, operation=%s}", getClass().getSimpleName(), Objects.toString(this.username), Objects.toString(this.objectName), Objects.toString(this.operation));
        }
    }

    public RBACMBeanInvoker() {
        initSecurityMBean();
        initCaches();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v13, types: [java.util.Set] */
    protected void initSecurityMBean() {
        this.mBeanServer = ManagementFactory.getPlatformMBeanServer();
        HashSet hashSet = new HashSet();
        try {
            hashSet = this.mBeanServer.queryNames(new ObjectName("*:type=security,area=jmx,*"), (QueryExp) null);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Found JMXSecurity MBeans: {}", hashSet);
            }
        } catch (MalformedObjectNameException e) {
            LOG.error(e.getMessage(), e);
        }
        if (hashSet.isEmpty()) {
            LOG.info("Didn't discover any JMXSecurity MBeans, role based access control is disabled");
            this.securityMBean = null;
        } else {
            ObjectName chooseMBean = JmxHelpers.chooseMBean(hashSet);
            LOG.info("Using MBean [{}] for role based access control", chooseMBean);
            this.securityMBean = chooseMBean;
        }
    }

    protected void initCaches() {
        this.canInvokeCache = CacheBuilder.newBuilder().expireAfterWrite(CAN_INVOKE_CACHE_DURATION, TimeUnit.MINUTES).build(new CacheLoader<CanInvokeKey, Boolean>() { // from class: io.hawt.web.RBACMBeanInvoker.1
            @Override // com.google.common.cache.CacheLoader
            public Boolean load(CanInvokeKey canInvokeKey) throws Exception {
                RBACMBeanInvoker.LOG.debug("Do invoking canInvoke() for {}", canInvokeKey);
                return Boolean.valueOf(RBACMBeanInvoker.this.doCanInvoke(canInvokeKey.objectName, canInvokeKey.operation));
            }
        });
        this.mbeanInfoCache = CacheBuilder.newBuilder().expireAfterWrite(MBEAN_INFO_CACHE_DURATION, TimeUnit.MINUTES).build(new CacheLoader<ObjectName, Map<String, MBeanAttributeInfo>>() { // from class: io.hawt.web.RBACMBeanInvoker.2
            @Override // com.google.common.cache.CacheLoader
            public Map<String, MBeanAttributeInfo> load(ObjectName objectName) throws Exception {
                RBACMBeanInvoker.LOG.debug("Do loading MBean attributes for {}", objectName);
                return RBACMBeanInvoker.this.loadMBeanAttributes(objectName);
            }
        });
    }

    protected boolean doCanInvoke(ObjectName objectName, String str) throws Exception {
        ArrayList arrayList = new ArrayList();
        return ((Boolean) this.mBeanServer.invoke(this.securityMBean, "canInvoke", new Object[]{objectName.toString(), parseOperation(str, arrayList), arrayList.toArray(new String[0])}, new String[]{String.class.getName(), String.class.getName(), String[].class.getName()})).booleanValue();
    }

    private String parseOperation(String str, List<String> list) {
        String trim = str.trim();
        int indexOf = trim.indexOf(40);
        if (indexOf < 0) {
            return trim;
        }
        for (String str2 : trim.substring(indexOf + 1, trim.length() - 1).split(",")) {
            if (!RefDatabase.ALL.equals(str2)) {
                list.add(str2);
            }
        }
        return trim.substring(0, indexOf);
    }

    private static void logMBeanError(Exception exc) {
        if (exc instanceof InstanceNotFoundException) {
            LOG.info("Instance not found: {}", exc.getMessage());
        } else if (exc.getCause() instanceof InstanceNotFoundException) {
            LOG.info("Instance not found: {}", exc.getCause().getMessage());
        } else {
            LOG.error("Error while invoking JMXSecurity MBean: " + exc.getMessage(), exc);
        }
    }

    protected Map<String, MBeanAttributeInfo> loadMBeanAttributes(ObjectName objectName) throws Exception {
        MBeanInfo mBeanInfo = this.mBeanServer.getMBeanInfo(objectName);
        HashMap hashMap = new HashMap();
        for (MBeanAttributeInfo mBeanAttributeInfo : mBeanInfo.getAttributes()) {
            hashMap.put(mBeanAttributeInfo.getName(), mBeanAttributeInfo);
        }
        return hashMap;
    }

    public boolean canInvoke(ObjectName objectName, String str) {
        if (this.securityMBean == null) {
            return true;
        }
        Subject subject = Subject.getSubject(AccessController.getContext());
        try {
            if (subject != null) {
                return this.canInvokeCache.get(new CanInvokeKey(Helpers.getUsernameFromSubject(subject), objectName, str)).booleanValue();
            }
            LOG.debug("Subject not available, directly invoking canInvoke(): {}, {}", objectName, str);
            return doCanInvoke(objectName, str);
        } catch (Exception e) {
            logMBeanError(e);
            return false;
        }
    }

    public boolean isReadAllowed(ObjectName objectName, String str) {
        if (this.securityMBean == null) {
            return true;
        }
        try {
            MBeanAttributeInfo mBeanAttributeInfo = this.mbeanInfoCache.get(objectName).get(str);
            if (mBeanAttributeInfo != null) {
                return canInvoke(objectName, getAccessor(mBeanAttributeInfo, false));
            }
            LOG.error("Attribute '{}' not found for MBean '{}'", str, objectName);
            return false;
        } catch (Exception e) {
            logMBeanError(e);
            return false;
        }
    }

    public boolean isWriteAllowed(ObjectName objectName, String str) {
        if (this.securityMBean == null) {
            return true;
        }
        try {
            MBeanAttributeInfo mBeanAttributeInfo = this.mbeanInfoCache.get(objectName).get(str);
            if (mBeanAttributeInfo != null) {
                return canInvoke(objectName, getAccessor(mBeanAttributeInfo, true));
            }
            LOG.error("Attribute '{}' not found for MBean '{}'", str, objectName);
            return false;
        } catch (Exception e) {
            logMBeanError(e);
            return false;
        }
    }

    private String getAccessor(MBeanAttributeInfo mBeanAttributeInfo, boolean z) {
        if (z) {
            return String.format("set%s(%s)", mBeanAttributeInfo.getName(), mBeanAttributeInfo.getType());
        }
        Object[] objArr = new Object[2];
        objArr[0] = mBeanAttributeInfo.isIs() ? "is" : "get";
        objArr[1] = mBeanAttributeInfo.getName();
        return String.format("%s%s()", objArr);
    }
}
