package org.ow2.jonas.security.auth.spi;

import java.io.FileInputStream;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.security.AccessController;
import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.management.MBeanServer;
import javax.management.remote.MBeanServerForwarder;
import javax.security.auth.Subject;
import org.apache.cxf.tools.wadlto.jaxrs.SourceGenerator;
import org.apache.juddi.util.Language;
import org.eclipse.persistence.logging.SessionLog;
import org.ow2.jonas.jmx.JmxService;
import org.ow2.jonas.lib.bootstrap.JProp;
import org.springframework.jmx.export.naming.IdentityNamingStrategy;

/* loaded from: input_file:org/ow2/jonas/security/auth/spi/RoleBasedAuthorizationModule.class */
public class RoleBasedAuthorizationModule implements InvocationHandler {
    private MBeanServer mBeanServer = null;
    private Map<String, MethodType> accessRights = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/ow2/jonas/security/auth/spi/RoleBasedAuthorizationModule$MethodType.class */
    public enum MethodType {
        GETTER,
        SETTER
    }

    public static MBeanServerForwarder newProxyInstance(String str, String str2) {
        try {
            if (!"file".equals(str)) {
                throw new IllegalArgumentException("Unknown MBeanServerForwarder type: " + str);
            }
            FileInputStream fileInputStream = new FileInputStream(JProp.getJonasBase() + System.getProperty(SourceGenerator.FILE_SEP_PROPERTY) + str2);
            Properties properties = new Properties();
            properties.load(fileInputStream);
            fileInputStream.close();
            return (MBeanServerForwarder) Proxy.newProxyInstance(MBeanServerForwarder.class.getClassLoader(), new Class[]{MBeanServerForwarder.class}, new RoleBasedAuthorizationModule(properties));
        } catch (Exception e) {
            throw new IllegalArgumentException("Failed creating the MBeanServerForwarder: " + e.getLocalizedMessage());
        }
    }

    private RoleBasedAuthorizationModule(Map<String, String> map) {
        MethodType methodType;
        for (String str : map.keySet()) {
            String str2 = map.get(str);
            if ("readonly".equals(str2)) {
                methodType = MethodType.GETTER;
            } else {
                if (!"readwrite".equals(str2)) {
                    throw new IllegalArgumentException("Unknown access right: " + str2 + ". Valid values are \"readonly\" and \"readwrite\".");
                }
                methodType = MethodType.SETTER;
            }
            this.accessRights.put(str, methodType);
        }
    }

    public void setJmxService(JmxService jmxService) {
        this.mBeanServer = jmxService.getJmxServer();
    }

    @Override // java.lang.reflect.InvocationHandler
    public Object invoke(Object obj, Method method, Object[] objArr) throws IllegalAccessException, Throwable {
        if (method == null) {
            throw new IllegalArgumentException("Method is null");
        }
        String name = method.getName();
        if (name == null) {
            throw new IllegalArgumentException("MethodName is null");
        }
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (subject == null && "setMBeanServer".equals(name)) {
            this.mBeanServer = (MBeanServer) objArr[0];
            return null;
        }
        if (this.mBeanServer == null) {
            throw new IllegalStateException("MBeanServer is null");
        }
        if (subject == null) {
            return method.invoke(this.mBeanServer, objArr);
        }
        if (!canAccess((name.startsWith("get") || name.startsWith(SessionLog.QUERY) || name.startsWith("is") || name.startsWith(Language.TONGA) || "equals".equals(name) || IdentityNamingStrategy.HASH_CODE_KEY.equals(name)) ? MethodType.GETTER : MethodType.SETTER, getRoles(subject))) {
            throw new IllegalAccessException("Access denied for method " + name);
        }
        try {
            return method.invoke(this.mBeanServer, objArr);
        } catch (InvocationTargetException e) {
            throw e.getTargetException();
        }
    }

    private Set<String> getRoles(Subject subject) {
        HashSet hashSet = new HashSet();
        Iterator it = subject.getPrincipals(Group.class).iterator();
        while (it.hasNext()) {
            Enumeration<? extends Principal> members = ((Group) it.next()).members();
            while (members.hasMoreElements()) {
                hashSet.add(members.nextElement().getName());
            }
        }
        return hashSet;
    }

    private boolean canAccess(MethodType methodType, Set<String> set) {
        if (methodType != MethodType.GETTER && methodType != MethodType.SETTER) {
            throw new IllegalArgumentException("Unknown method type: " + methodType);
        }
        MethodType methodType2 = this.accessRights.get("*");
        Iterator<String> it = set.iterator();
        while (it.hasNext() && methodType2 != MethodType.SETTER) {
            MethodType methodType3 = this.accessRights.get(it.next());
            if ((methodType3 == MethodType.GETTER && methodType2 == null) || methodType3 == MethodType.SETTER) {
                methodType2 = methodType3;
            }
        }
        return methodType2 == methodType || methodType2 == MethodType.SETTER;
    }
}
