package org.jboss.jmx.adaptor.html;

import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.StringTokenizer;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.jboss.logging.Logger;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SimpleGroup;

/* loaded from: input_file:org/jboss/jmx/adaptor/html/JMXOpsAccessControlFilter.class */
public class JMXOpsAccessControlFilter implements Filter {
    private static Logger log = Logger.getLogger((Class<?>) JMXOpsAccessControlFilter.class);
    private static final String ACTION_PARAM = "action";
    private static final String DISPLAY_MBEANS_ACTION = "displayMBeans";
    private static final String INSPECT_MBEAN_ACTION = "inspectMBean";
    private static final String UPDATE_ATTRIBUTES_ACTION = "updateAttributes";
    private static final String INVOKE_OP_ACTION = "invokeOp";
    private static final String INVOKE_OP_BY_NAME_ACTION = "invokeOpByName";
    private boolean trace = log.isTraceEnabled();
    private List updateAttributesRoles = null;
    private List invokeOpRoles = null;
    private List invokeMBeanRoles = null;
    private Object authorizationDelegate = null;

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter(UPDATE_ATTRIBUTES_ACTION);
        if (initParameter != null && initParameter.length() > 0) {
            this.updateAttributesRoles = getRoles(initParameter);
        }
        String initParameter2 = filterConfig.getInitParameter(INVOKE_OP_ACTION);
        if (initParameter2 != null && initParameter2.length() > 0) {
            this.invokeOpRoles = getRoles(initParameter2);
        }
        String initParameter3 = filterConfig.getInitParameter(INSPECT_MBEAN_ACTION);
        if (initParameter3 != null && initParameter3.length() > 0) {
            this.invokeMBeanRoles = getRoles(initParameter3);
        }
        String initParameter4 = filterConfig.getInitParameter("authorizationDelegate");
        if (initParameter4 == null || initParameter4.length() <= 0) {
            return;
        }
        this.authorizationDelegate = instantiate(initParameter4);
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        boolean z = true;
        String parameter = servletRequest.getParameter(ACTION_PARAM);
        if (parameter == null) {
            parameter = DISPLAY_MBEANS_ACTION;
        }
        if (parameter.equals(UPDATE_ATTRIBUTES_ACTION)) {
            z = authorize(servletRequest, servletResponse, this.updateAttributesRoles);
        } else if (parameter.equals(INVOKE_OP_ACTION) || parameter.equals(INVOKE_OP_BY_NAME_ACTION)) {
            z = authorize(servletRequest, servletResponse, this.invokeOpRoles);
        } else if (parameter.equals(INSPECT_MBEAN_ACTION)) {
            z = authorize(servletRequest, servletResponse, this.invokeMBeanRoles);
        }
        if (z) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            ((HttpServletResponse) servletResponse).setStatus(403);
        }
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    private boolean authorize(ServletRequest servletRequest, ServletResponse servletResponse, List list) {
        if (this.authorizationDelegate != null) {
            return checkWithDelegate(servletRequest, servletResponse, list);
        }
        if (list == null || list.size() == 0) {
            return true;
        }
        ArrayList subjectRoles = getSubjectRoles();
        boolean z = false;
        int size = subjectRoles.size();
        for (int i = 0; i < size; i++) {
            z = list.contains((String) subjectRoles.get(i));
            if (z) {
                break;
            }
        }
        return z;
    }

    private boolean checkWithDelegate(ServletRequest servletRequest, ServletResponse servletResponse, List list) {
        Boolean bool = Boolean.FALSE;
        try {
            bool = (Boolean) this.authorizationDelegate.getClass().getMethod("authorize", ServletRequest.class, ServletResponse.class, List.class).invoke(this.authorizationDelegate, servletRequest, servletResponse, list);
        } catch (Exception e) {
            if (this.trace) {
                log.error("Error invoking AuthorizationDelegate:", e);
            }
        }
        return bool.booleanValue();
    }

    private List getRoles(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        int countTokens = stringTokenizer.countTokens();
        String[] strArr = new String[countTokens];
        for (int i = 0; i < countTokens; i++) {
            strArr[i] = stringTokenizer.nextToken();
        }
        return Arrays.asList(strArr);
    }

    private ArrayList getSubjectRoles() {
        ArrayList arrayList = new ArrayList();
        try {
            Iterator<Principal> it = ((Subject) PolicyContext.getContext("javax.security.auth.Subject.container")).getPrincipals().iterator();
            while (it != null) {
                if (!it.hasNext()) {
                    break;
                }
                Principal next = it.next();
                if (next instanceof SimpleGroup) {
                    SimpleGroup simpleGroup = (SimpleGroup) next;
                    if (SecurityConstants.ROLES_IDENTIFIER.equals(simpleGroup.getName())) {
                        Enumeration<Principal> members = simpleGroup.members();
                        while (members.hasMoreElements()) {
                            String obj = members.nextElement().toString();
                            if (obj != null) {
                                arrayList.add(obj);
                            }
                        }
                    }
                }
            }
        } catch (PolicyContextException e) {
            if (this.trace) {
                log.trace("Error obtaining authenticated subject:", e);
            }
        }
        if (this.trace) {
            log.trace("Subject Roles=" + arrayList);
        }
        return arrayList;
    }

    public Object instantiate(String str) {
        Object obj = null;
        try {
            obj = Thread.currentThread().getContextClassLoader().loadClass(str).newInstance();
        } catch (Exception e) {
            if (this.trace) {
                log.error("Error instantiating AuthorizationDelegate:", e);
            }
        }
        return obj;
    }
}
