package com.sun.messaging.jmq.jmsserver.auth;

import com.sun.messaging.jmq.auth.api.server.AccessControlContext;
import com.sun.messaging.jmq.auth.api.server.AuthenticationProtocolHandler;
import com.sun.messaging.jmq.jmsserver.Globals;
import com.sun.messaging.jmq.jmsserver.config.BrokerConfig;
import com.sun.messaging.jmq.jmsserver.resources.BrokerResources;
import com.sun.messaging.jmq.jmsserver.service.ServiceManager;
import com.sun.messaging.jmq.jmsserver.util.BrokerException;
import com.sun.messaging.jmq.util.ServiceType;
import com.sun.messaging.jmq.util.StringUtil;
import com.sun.messaging.jmq.util.log.Logger;
import java.security.AccessControlException;
import java.security.Policy;
import java.security.Principal;
import java.util.List;
import java.util.Properties;
import javax.security.auth.Refreshable;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:jmsra.rar:lib/install/applications/jmsra/imqbroker.jar:com/sun/messaging/jmq/jmsserver/auth/AccessController.class */
public class AccessController {
    public static final String PROP_SERVICE_NAME = "imq.servicename";
    public static final String PROP_SERVICE_TYPE = "imq.servicetype";
    public static final String PROP_AUTHENTICATION_AREA = "authentication";
    public static final String PROP_ACCESSCONTROL_AREA = "accesscontrol";
    public static final String PROP_USER_REPOSITORY_AREA = "user_repository";
    public static final String PROP_AUTHENTICATION_PREFIX = "imq.authentication.";
    public static final String PROP_ACCESSCONTROL_PREFIX = "imq.accesscontrol.";
    public static final String PROP_USER_REPOSITORY_PREFIX = "imq.user_repository.";
    public static final String PROP_USER_REPOSITORY_SUFFIX = ".user_repository";
    public static final String PROP_USER_PRINCIPAL_CLASS_SUFFIX = ".userPrincipalClass";
    public static final String PROP_GROUP_PRINCIPAL_CLASS_SUFFIX = ".groupPrincipalClass";
    public static final String PROP_CLIENTIP = "imq.authentication.clientip";
    public static final String PROP_AUTHENTICATION_TYPE = "imq.authentication.type";
    public static final String PROP_AUTHENTICATION_TYPE_SUFFIX = ".authentication.type";
    public static final String PROP_ACCESSCONTROL_TYPE = "imq.accesscontrol.type";
    public static final String PROP_ACCESSCONTROL_TYPE_SUFFIX = ".accesscontrol.type";
    public static final String PROP_ACCESSCONTROL_ENABLED = "imq.accesscontrol.enabled";
    public static final String PROP_ACCESSCONTROL_ENABLED_SUFFIX = ".accesscontrol.enabled";
    public static final String PROP_SERVICE_PREFIX = "imq.";
    public static final String PROPERTIES_DIRPATH = "dirpath";
    public static final String PROP_ADMINKEY = "imq.adminkey";
    public static final String AUTHTYPE_BASIC = "basic";
    public static final String AUTHTYPE_DIGEST = "digest";
    public static final String AUTHTYPE_JMQADMINKEY = "jmqadminkey";
    public static final String BAD_AUTHTYPE = "client";
    private String authType = "basic";
    private String accesscontrolType = "";
    private String userRepository = "";
    private boolean accessControlEnabled = true;
    private Properties authprops = new Properties();
    private Logger logger = Globals.getLogger();
    private AuthenticationProtocolHandler aph = null;
    private AccessControlContext acc = null;
    private String serviceName = null;
    private int serviceType = 0;
    private String clientIP = null;

    private AccessController() {
    }

    private void init() throws BrokerException {
        this.acc = null;
        if (this.authType.equals("basic")) {
            this.aph = new JMQBasicAuthenticationHandler();
            return;
        }
        if (this.authType.equals(AUTHTYPE_DIGEST)) {
            this.aph = new JMQDigestAuthenticationHandler();
            return;
        }
        if (this.authType.equals(AUTHTYPE_JMQADMINKEY)) {
            this.aph = new JMQAdminKeyAuthenticationHandler();
            return;
        }
        String property = this.authprops.getProperty("imq.authentication." + this.authType + ".class");
        if (property == null) {
            throw new BrokerException(Globals.getBrokerResources().getKString(BrokerResources.X_UNDEFINED_AUTHTYPE, this.authType));
        }
        try {
            this.aph = (AuthenticationProtocolHandler) Class.forName(property).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
            if (this.aph.getType().equals(this.authType)) {
            } else {
                throw new BrokerException(Globals.getBrokerResources().getKString(BrokerResources.X_AUTHTYPE_MISMATCH, (Object[]) new String[]{this.authType, this.aph.getType(), property}));
            }
        } catch (BrokerException e) {
            throw e;
        } catch (Throwable th) {
            throw new BrokerException(Globals.getBrokerResources().getKString(BrokerResources.X_UNSUPPORTED_AUTHTYPE, this.authType) + " - " + th.getMessage());
        }
    }

    public boolean isAuthenticated() {
        return this.acc != null;
    }

    public String getAuthType() {
        return this.authType;
    }

    private void setAuthType(String str) {
        this.authType = str;
    }

    private void setAccessControlType(String str) {
        this.accesscontrolType = str;
    }

    public String getAccessControlType() {
        return this.accesscontrolType;
    }

    public String getUserRepository() {
        return this.userRepository;
    }

    private void setUserRepository(String str) {
        this.userRepository = str;
    }

    public boolean isAccessControlEnabled() {
        return this.accessControlEnabled;
    }

    private void setAccessControlEnabled(boolean z) {
        this.accessControlEnabled = z;
    }

    public Properties getAuthProperties() {
        return this.authprops;
    }

    public AccessControlContext getAccessControlContext() {
        return this.acc;
    }

    private void setServiceName(String str) {
        this.serviceName = str;
    }

    private String getServiceName() {
        return this.serviceName;
    }

    private void setServiceType(int i) {
        this.serviceType = i;
    }

    private int getServiceType() {
        return this.serviceType;
    }

    public void setClientIP(String str) {
        this.clientIP = str;
    }

    private String getClientIP() {
        return this.clientIP;
    }

    public boolean isRestrictedAdmin() {
        return this.authType.equals(AUTHTYPE_JMQADMINKEY);
    }

    public static AccessController getInstance(String str, int i) throws BrokerException {
        return getInstance(str, i, false);
    }

    public static AccessController getInstance(String str, int i, boolean z) throws BrokerException {
        AccessController accessController = new AccessController();
        accessController.setServiceName(str);
        accessController.setServiceType(i);
        BrokerConfig config = Globals.getConfig();
        String property = config.getProperty(PROP_ACCESSCONTROL_ENABLED);
        if (property != null && property.equals("false")) {
            accessController.setAccessControlEnabled(false);
        }
        String property2 = config.getProperty("imq." + str + ".accesscontrol.enabled");
        if (property2 != null && !property2.trim().equals("")) {
            if (property2.equals("false")) {
                accessController.setAccessControlEnabled(false);
            } else {
                accessController.setAccessControlEnabled(true);
            }
        }
        accessController.getAuthProperties().setProperty(PROP_ACCESSCONTROL_ENABLED, accessController.isAccessControlEnabled() ? "true" : "false");
        String property3 = config.getProperty("imq." + str + ".authentication.type");
        if (property3 == null || property3.trim().equals("")) {
            property3 = config.getProperty(PROP_AUTHENTICATION_TYPE);
        }
        if (property3 != null && !property3.trim().equals("")) {
            accessController.setAuthType(property3);
        }
        if (z) {
            accessController.setAuthType("basic");
        }
        if (accessController.getAuthType().equals(AUTHTYPE_JMQADMINKEY) || accessController.getAuthType().equals("client")) {
            throw new BrokerException(Globals.getBrokerResources().getKString(BrokerResources.X_UNSUPPORTED_AUTHTYPE, accessController.getAuthType()));
        }
        accessController.getAuthProperties().setProperty(PROP_AUTHENTICATION_TYPE, accessController.getAuthType());
        loadProps(accessController);
        return accessController;
    }

    private static void loadProps(AccessController accessController) throws BrokerException {
        BrokerConfig config = Globals.getConfig();
        String serviceName = accessController.getServiceName();
        accessController.getAuthProperties().setProperty(PROP_SERVICE_NAME, accessController.getServiceName());
        accessController.getAuthProperties().setProperty(PROP_SERVICE_TYPE, ServiceType.getServiceTypeString(accessController.getServiceType()));
        getProps(accessController.getAuthProperties(), PROP_AUTHENTICATION_PREFIX, accessController.getAuthType(), null, null);
        getProps(accessController.getAuthProperties(), PROP_AUTHENTICATION_PREFIX, accessController.getAuthType(), "authentication", serviceName);
        String property = config.getProperty("imq." + serviceName + ".accesscontrol.type");
        if (property == null || property.trim().equals("")) {
            property = config.getProperty(PROP_ACCESSCONTROL_TYPE);
        }
        if (property != null && !property.trim().equals("")) {
            accessController.setAccessControlType(property);
            accessController.getAuthProperties().setProperty(PROP_ACCESSCONTROL_TYPE, property);
            getProps(accessController.getAuthProperties(), PROP_ACCESSCONTROL_PREFIX, property, null, null);
            getProps(accessController.getAuthProperties(), PROP_ACCESSCONTROL_PREFIX, property, PROP_ACCESSCONTROL_AREA, serviceName);
        } else if (accessController.isAccessControlEnabled()) {
            throw new BrokerException(Globals.getBrokerResources().getKString(BrokerResources.X_ACCESSCONTROL_TYPE_NOT_DEFINED));
        }
        String property2 = accessController.getAuthProperties().getProperty("imq.authentication." + accessController.getAuthType() + ".user_repository");
        if (property2 != null && !property2.trim().equals("")) {
            accessController.setUserRepository(property2);
            getProps(accessController.getAuthProperties(), PROP_USER_REPOSITORY_PREFIX, property2, null, null);
            getProps(accessController.getAuthProperties(), PROP_USER_REPOSITORY_PREFIX, property2, PROP_USER_REPOSITORY_AREA, serviceName);
        }
        accessController.init();
    }

    private static List getPropNames(String str, String str2) {
        return Globals.getConfig().getList(str + str2 + ".properties");
    }

    private static void getProps(Properties properties, String str, String str2, String str3, String str4) {
        String str5 = str;
        if (str4 != null) {
            str5 = "imq." + str4 + "." + str3 + ".";
        }
        List propNames = getPropNames(str, str2);
        if (propNames == null) {
            return;
        }
        int size = propNames.size();
        for (int i = 0; i < size; i++) {
            String str6 = (String) propNames.get(i);
            String property = Globals.getConfig().getProperty(str5 + str2 + "." + str6);
            if (property != null) {
                if (str6.equals(PROPERTIES_DIRPATH)) {
                    property = StringUtil.expandVariables(property, Globals.getConfig());
                }
                properties.setProperty(str + str2 + "." + str6, property);
                properties.setProperty(str5 + str2 + "." + str6, property);
            }
        }
    }

    public synchronized byte[] getChallenge(int i, Properties properties, Refreshable refreshable, String str) throws BrokerException, LoginException {
        if (this.aph == null) {
            throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_CONNECTION_LOGGEDOUT));
        }
        this.acc = null;
        if (str != null) {
            if (!str.equals(AUTHTYPE_JMQADMINKEY) || this.serviceType != 1) {
                throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_AUTHTYPE_OVERRIDE, (Object[]) new String[]{str, this.serviceName, ServiceType.getServiceTypeString(this.serviceType)}));
            }
            String property = Globals.getConfig().getProperty(PROP_ADMINKEY);
            if (property == null) {
                throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_ADMINKEY_NOT_EXIST));
            }
            this.authprops = new Properties();
            setAuthType(AUTHTYPE_JMQADMINKEY);
            this.authprops.setProperty(PROP_AUTHENTICATION_TYPE, AUTHTYPE_JMQADMINKEY);
            setAccessControlEnabled(false);
            this.authprops.setProperty(PROP_ACCESSCONTROL_ENABLED, "false");
            this.authprops.setProperty(PROP_ADMINKEY, property);
            loadProps(this);
        }
        Properties properties2 = (Properties) getAuthProperties().clone();
        properties2.putAll(properties);
        if (getClientIP() != null) {
            properties2.setProperty(PROP_CLIENTIP, getClientIP());
        }
        return this.aph.init(i, properties2, refreshable);
    }

    public byte[] handleResponse(byte[] bArr, int i) throws LoginException {
        if (this.aph == null) {
            throw new LoginException(Globals.getBrokerResources().getKString(BrokerResources.X_CONNECTION_LOGGEDOUT));
        }
        byte[] handleResponse = this.aph.handleResponse(bArr, i);
        if (handleResponse == null) {
            this.acc = this.aph.getAccessControlContext();
        }
        return handleResponse;
    }

    public synchronized Refreshable getCacheData() {
        if (!isAuthenticated() || this.aph == null) {
            return null;
        }
        return this.aph.getCacheData();
    }

    public synchronized void logout() {
        try {
            this.acc = null;
            if (this.aph != null) {
                this.aph.logout();
            }
        } catch (LoginException e) {
            this.logger.log(16, "Logout exception : " + e.getMessage(), (Throwable) e);
        }
    }

    public synchronized Subject getAuthenticatedSubject() throws BrokerException {
        if (isAuthenticated()) {
            return ((JMQAccessControlContext) this.acc).getSubject();
        }
        throw new BrokerException(Globals.getBrokerResources().getKString(BrokerResources.X_CONNECTION_NOT_AUTHENTICATED));
    }

    public synchronized Principal getAuthenticatedName() throws BrokerException {
        if (isAuthenticated()) {
            return this.acc.getClientUser();
        }
        throw new BrokerException(Globals.getBrokerResources().getKString(BrokerResources.X_CONNECTION_NOT_AUTHENTICATED));
    }

    public synchronized void checkConnectionPermission(String str, String str2) throws AccessControlException {
        if (!isAuthenticated()) {
            throw new AccessControlException(Globals.getBrokerResources().getKString(BrokerResources.X_CONNECTION_NOT_AUTHENTICATED));
        }
        if (isAccessControlEnabled() || str2.equals("ADMIN")) {
            this.acc.checkConnectionPermission(str, str2);
        }
    }

    public synchronized void checkDestinationPermission(String str, String str2, String str3, String str4, String str5) throws AccessControlException {
        if (!isAuthenticated()) {
            throw new AccessControlException(Globals.getBrokerResources().getKString(BrokerResources.X_CONNECTION_NOT_AUTHENTICATED));
        }
        if (isAccessControlEnabled()) {
            this.acc.checkDestinationPermission(str, str2, str3, str4, str5);
        }
    }

    public static void setSecurityManagerIfneed() throws SecurityException, BrokerException {
        boolean z = false;
        Logger logger = Globals.getLogger();
        String str = null;
        for (String str2 : ServiceManager.getAllActiveServiceNames()) {
            String serviceTypeString = ServiceManager.getServiceTypeString(str2);
            if (serviceTypeString == null) {
                throw new BrokerException(Globals.getBrokerResources().getKString(BrokerResources.X_SERVICE_TYPE_NOT_FOUND_FOR_SERVICE, str2));
            }
            AccessController accessController = getInstance(str2, ServiceType.getServiceType(serviceTypeString));
            if (accessController.isAccessControlEnabled() && accessController.getAccessControlType().equals("jaas")) {
                z = true;
                String property = accessController.getAuthProperties().getProperty("imq.accesscontrol.jaas.policyProvider");
                if (str == null) {
                    str = property;
                } else if (property != null && !str.equals(property)) {
                    throw new BrokerException("XI18N - Multiple Java policy providers is not allowed:" + str + ", " + property);
                }
            }
        }
        if (z) {
            Policy policy = null;
            if (str != null) {
                try {
                    policy = (Policy) Class.forName(str).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
                } catch (Exception e) {
                    throw new BrokerException(e.getClass().getName() + ": " + e.getMessage() + " - imq.accesscontrol.jaas.policyProvider=" + str);
                }
            }
            synchronized (System.class) {
                if (System.getSecurityManager() == null) {
                    String property2 = System.getProperty("java.security.policy");
                    if (property2 != null) {
                        logger.log(8, "java.security.policy=" + property2);
                    }
                    System.setSecurityManager(new SecurityManager());
                    logger.log(8, Globals.getBrokerResources().getKString(BrokerResources.I_SET_DEFAULT_SECURITY_MANAGER));
                }
            }
            if (policy != null) {
                logger.log(8, "imq.accesscontrol.jaas.policyProvider=" + str);
                Policy.setPolicy(policy);
                logger.log(8, Globals.getBrokerResources().getKString(BrokerResources.I_SET_JAVA_POLICY_PROVIDER, policy.getClass().getName()));
            }
        }
    }
}
