package com.ibm.ws.messaging.security.authorization.internal;

import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.ws.messaging.security.MSTraceConstants;
import com.ibm.ws.messaging.security.MessagingSecurityConstants;
import com.ibm.ws.messaging.security.MessagingSecurityException;
import com.ibm.ws.messaging.security.authorization.MessagingAuthorizationException;
import com.ibm.ws.messaging.security.authorization.MessagingAuthorizationService;
import com.ibm.ws.messaging.security.beans.Permission;
import com.ibm.ws.messaging.security.beans.TemporaryDestinationPermission;
import com.ibm.ws.messaging.security.beans.TopicPermission;
import com.ibm.ws.messaging.security.internal.MessagingSecurityServiceImpl;
import com.ibm.ws.messaging.security.utility.MessagingSecurityUtility;
import com.ibm.ws.sib.utils.ras.SibTr;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;

/* loaded from: input_file:wlp/lib/com.ibm.ws.messaging.security_1.0.15.jar:com/ibm/ws/messaging/security/authorization/internal/MessagingAuthorizationServiceImpl.class */
public class MessagingAuthorizationServiceImpl implements MessagingAuthorizationService {
    private static final String CLASS_NAME = "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImpl";
    private MessagingSecurityServiceImpl messagingSecurityService;
    private static TraceComponent tc = SibTr.register(MessagingAuthorizationServiceImpl.class, MSTraceConstants.MESSAGING_SECURITY_TRACE_GROUP, MSTraceConstants.MESSAGING_SECURITY_RESOURCE_BUNDLE);
    private static final TraceNLS nls = TraceNLS.getTraceNLS(MessagingAuthorizationServiceImpl.class, MSTraceConstants.MESSAGING_SECURITY_RESOURCE_BUNDLE);

    public MessagingAuthorizationServiceImpl(MessagingSecurityServiceImpl messagingSecurityServiceImpl) {
        this.messagingSecurityService = null;
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImplconstructor", messagingSecurityServiceImpl);
        }
        this.messagingSecurityService = messagingSecurityServiceImpl;
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImplconstructor");
        }
    }

    private void checkIfUserIsAuthenticated(Subject subject) throws MessagingAuthorizationException {
        try {
            this.messagingSecurityService.isUnauthenticated(subject);
        } catch (Exception e) {
            throw new MessagingAuthorizationException(e.getMessage());
        }
    }

    @Override // com.ibm.ws.messaging.security.authorization.MessagingAuthorizationService
    public boolean checkQueueAccess(Subject subject, String str, String str2, boolean z) throws MessagingAuthorizationException {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImplcheckQueueAccess", new Object[]{subject, str, str2});
        if (str2.equalsIgnoreCase(MessagingSecurityConstants.OPERATION_TYPE_BROWSE) && checkQueueAccess(subject, str, MessagingSecurityConstants.OPERATION_TYPE_RECEIVE, false)) {
            return true;
        }
        checkIfUserIsAuthenticated(subject);
        String str3 = null;
        try {
            str3 = MessagingSecurityUtility.getUniqueUserName(subject);
            boolean checkPermission = checkPermission(this.messagingSecurityService.getQueuePermissions().get(str), str2, str3);
            if (checkPermission || !z) {
                SibTr.exit(tc, "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImplcheckQueueAccess", Boolean.valueOf(checkPermission));
                return checkPermission;
            }
            SibTr.debug(tc, "USER_NOT_AUTHORIZED_MSE1010", new Object[]{str3, str2, str});
            throw new MessagingAuthorizationException(nls.getFormattedMessage("USER_NOT_AUTHORIZED_MSE1010", new Object[]{str3, str2, str}, "User not authorized"));
        } catch (MessagingSecurityException e) {
            throw new MessagingAuthorizationException(nls.getFormattedMessage("USER_NOT_AUTHORIZED_MSE1010", new Object[]{str3, str2, str}, "User not authorized"), e);
        }
    }

    private boolean checkPermission(Permission permission, String str, String str2) {
        List<String> groupsAssociatedToUser;
        SibTr.entry(tc, "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImplcheckPermission", new Object[]{permission, str, str2});
        if (permission != null) {
            Set<String> set = permission.getRoleToUserMap().get(str);
            if (set != null && set.contains(str2)) {
                SibTr.exit(tc, "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImplcheckPermission", (Object) true);
                return true;
            }
            Set<String> set2 = permission.getRoleToGroupMap().get(str);
            if (set2 != null && (groupsAssociatedToUser = MessagingSecurityUtility.getGroupsAssociatedToUser(str2, this.messagingSecurityService)) != null) {
                Iterator<String> it = groupsAssociatedToUser.iterator();
                while (it.hasNext()) {
                    if (set2.contains(it.next())) {
                        SibTr.exit(tc, "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImplcheckPermission", (Object) true);
                        return true;
                    }
                }
            }
        }
        SibTr.exit(tc, "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImplcheckPermission", (Object) false);
        return false;
    }

    @Override // com.ibm.ws.messaging.security.authorization.MessagingAuthorizationService
    public boolean checkTemporaryDestinationAccess(Subject subject, String str, String str2) throws MessagingAuthorizationException {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImplcheckTemporaryDestinationAccess", new Object[]{subject, str, str2});
        checkIfUserIsAuthenticated(subject);
        String str3 = null;
        boolean z = false;
        try {
            str3 = MessagingSecurityUtility.getUniqueUserName(subject);
            Map<String, TemporaryDestinationPermission> temporaryDestinationPermissions = this.messagingSecurityService.getTemporaryDestinationPermissions();
            Iterator<String> it = getPrefixMatchingTemporaryDestination(temporaryDestinationPermissions.keySet(), str).iterator();
            while (it.hasNext()) {
                z = checkPermission(temporaryDestinationPermissions.get(it.next()), str2, str3);
                if (z) {
                    break;
                }
            }
            if (z) {
                SibTr.exit(tc, "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImplcheckTemporaryDestinationAccess", Boolean.valueOf(z));
                return z;
            }
            SibTr.debug(tc, "USER_NOT_AUTHORIZED_MSE1010", new Object[]{str3, str2, str});
            throw new MessagingAuthorizationException(nls.getFormattedMessage("USER_NOT_AUTHORIZED_MSE1010", new Object[]{str3, str2, str}, "User not authorized"));
        } catch (MessagingSecurityException e) {
            throw new MessagingAuthorizationException(nls.getFormattedMessage("USER_NOT_AUTHORIZED_MSE1010", new Object[]{str3, str2, str}, "User not authorized"), e);
        }
    }

    private List<String> getPrefixMatchingTemporaryDestination(Set<String> set, String str) {
        ArrayList arrayList = new ArrayList();
        for (String str2 : set) {
            if (str.startsWith(str2)) {
                arrayList.add(str2);
            }
        }
        return arrayList;
    }

    @Override // com.ibm.ws.messaging.security.authorization.MessagingAuthorizationService
    public boolean checkTopicAccess(Subject subject, String str, String str2, String str3) throws MessagingAuthorizationException {
        String str4 = str;
        if (str2 != null) {
            str4 = str + "/" + str2;
        }
        SibTr.entry(tc, "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImplcheckTopicAccess", new Object[]{subject, str4, str3});
        checkIfUserIsAuthenticated(subject);
        String str5 = null;
        try {
            str5 = MessagingSecurityUtility.getUniqueUserName(subject);
            boolean checkPermission = checkPermission(getTopicPermission(this.messagingSecurityService.getTopicPermissions(), str4), str3, str5);
            if (checkPermission) {
                SibTr.exit(tc, "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImplcheckTopicAccess", Boolean.valueOf(checkPermission));
                return checkPermission;
            }
            SibTr.debug(tc, "USER_NOT_AUTHORIZED_MSE1010", new Object[]{str5, str3, str4});
            throw new MessagingAuthorizationException(nls.getFormattedMessage("USER_NOT_AUTHORIZED_MSE1010", new Object[]{str5, str3, str4}, "User not authorized"));
        } catch (MessagingSecurityException e) {
            throw new MessagingAuthorizationException(nls.getFormattedMessage("USER_NOT_AUTHORIZED_MSE1010", new Object[]{str5, str3, str4}, "User not authorized"), e);
        }
    }

    private TopicPermission getTopicPermission(Map<String, TopicPermission> map, String str) {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImplgetTopicPermission", str);
        TopicPermission topicPermission = null;
        if (map.keySet().contains(str)) {
            SibTr.exit(tc, "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImplgetTopicPermission", (Object) null);
            return map.get(str);
        }
        while (true) {
            int lastIndexOf = str.lastIndexOf("/");
            if (lastIndexOf == -1) {
                SibTr.exit(tc, "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImplgetTopicPermission", topicPermission);
                return topicPermission;
            }
            str = str.substring(0, lastIndexOf);
            topicPermission = getTopicPermission(map, str);
        }
    }

    @Override // com.ibm.ws.messaging.security.authorization.MessagingAuthorizationService
    public boolean checkAliasAccess(Subject subject, String str, String str2, int i, String str3, boolean z) throws MessagingAuthorizationException {
        SibTr.entry(tc, "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImplcheckAliasAccess", new Object[]{subject, str2, str3});
        if (str3.equalsIgnoreCase(MessagingSecurityConstants.OPERATION_TYPE_BROWSE) && checkAliasAccess(subject, str, str2, i, MessagingSecurityConstants.OPERATION_TYPE_RECEIVE, false)) {
            return true;
        }
        checkIfUserIsAuthenticated(subject);
        String str4 = null;
        try {
            str4 = MessagingSecurityUtility.getUniqueUserName(subject);
            Permission permission = null;
            if (i == 0) {
                permission = this.messagingSecurityService.getQueuePermissions().get(str);
            } else if (i == 1) {
                permission = this.messagingSecurityService.getTopicPermissions().get(str);
            }
            boolean checkPermission = checkPermission(permission, str3, str4);
            if (checkPermission || !z) {
                SibTr.exit(tc, "com.ibm.ws.messaging.security.authorization.internal.MessagingAuthorizationServiceImplcheckAliasAccess", Boolean.valueOf(checkPermission));
                return checkPermission;
            }
            SibTr.debug(tc, "USER_NOT_AUTHORIZED_MSE1010", new Object[]{str4, str3, str2});
            throw new MessagingAuthorizationException(nls.getFormattedMessage("USER_NOT_AUTHORIZED_MSE1010", new Object[]{str4, str3, str2}, "User not authorized"));
        } catch (MessagingSecurityException e) {
            throw new MessagingAuthorizationException(nls.getFormattedMessage("USER_NOT_AUTHORIZED_MSE1010", new Object[]{str4, str3, str2}, "User not authorized"), e);
        }
    }
}
