package com.bea.httppubsub.security;

import com.bea.httppubsub.AuthenticatedUser;
import com.bea.httppubsub.Client;
import com.bea.httppubsub.PubSubContext;
import com.bea.httppubsub.PubSubLogger;
import com.bea.httppubsub.bayeux.BayeuxConstants;
import com.bea.httppubsub.descriptor.ChannelConstraintBean;
import com.bea.httppubsub.descriptor.ChannelResourceCollectionBean;
import com.bea.httppubsub.security.ChannelAuthorizationManager;
import com.bea.httppubsub.util.ChannelMapping;
import java.util.HashMap;
import java.util.Map;
import weblogic.utils.http.HttpParsing;

/* loaded from: input_file:com/bea/httppubsub/security/ChannelAuthorizationManagerImpl.class */
public class ChannelAuthorizationManagerImpl implements ChannelAuthorizationManager {
    private Map<ChannelAuthorizationManager.Action, ChannelMapping> constraintsMap = null;

    @Override // com.bea.httppubsub.security.ChannelAuthorizationManager
    public boolean hasPermission(Client client, String str, ChannelAuthorizationManager.Action action) {
        if (str == null) {
            throw new IllegalArgumentException("Parameter channelPattern can't be null");
        }
        if (str.startsWith(BayeuxConstants.META) && !str.equals(BayeuxConstants.META_SUBSCRIBE)) {
            return true;
        }
        ChannelResourceConstraint resourceConstraint = getResourceConstraint(str, action);
        if (resourceConstraint == null || resourceConstraint.isUnrestricted()) {
            PubSubLogger.logNoSecurityConstraint(str, action.name());
            return true;
        }
        if (resourceConstraint.isForbidden()) {
            PubSubLogger.logAlwaysSecurityConstraint(str, action.name());
            return false;
        }
        AuthenticatedUser authenticatedUser = client.getAuthenticatedUser();
        if (authenticatedUser.getUserPrincipal() == null) {
            PubSubLogger.logNotLogin(client.getId(), str);
            return false;
        }
        for (String str2 : resourceConstraint.getRoles()) {
            if (authenticatedUser.isUserInRole(str2)) {
                PubSubLogger.logLoginAllowed(client.getId(), str, action.name());
                return true;
            }
        }
        PubSubLogger.logLoginDisallowed(client.getId(), str, action.name());
        return false;
    }

    @Override // com.bea.httppubsub.security.ChannelAuthorizationManager
    public void initialize(PubSubContext pubSubContext) {
        ChannelConstraintBean[] channelConstraints = pubSubContext.getConfig().getChannelConstraints();
        if (channelConstraints == null || channelConstraints.length < 1) {
            return;
        }
        for (ChannelConstraintBean channelConstraintBean : channelConstraints) {
            registerSecurityConstraint(channelConstraintBean);
        }
    }

    @Override // com.bea.httppubsub.security.ChannelAuthorizationManager
    public void destroy() {
    }

    private void registerSecurityConstraint(ChannelConstraintBean channelConstraintBean) {
        ChannelResourceCollectionBean[] channelResourceCollections = channelConstraintBean.getChannelResourceCollections();
        for (int i = 0; i < channelResourceCollections.length; i++) {
            for (String str : channelResourceCollections[i].getChannelOperations()) {
                mergePatterns(channelResourceCollections[i].getChannelPatterns(), str, channelConstraintBean);
            }
        }
    }

    private void mergePatterns(String[] strArr, String str, ChannelConstraintBean channelConstraintBean) {
        for (int i = 0; strArr != null && i < strArr.length; i++) {
            mergePolicy(new ChannelResourceConstraintImpl(HttpParsing.ensureStartingSlash(strArr[i]), getAction(str), channelConstraintBean));
        }
    }

    private void mergePolicy(ChannelResourceConstraintImpl channelResourceConstraintImpl) {
        ChannelAuthorizationManager.Action action = channelResourceConstraintImpl.getAction();
        if (action == null) {
            throw new IllegalArgumentException("null action");
        }
        if (this.constraintsMap == null) {
            this.constraintsMap = new HashMap();
        }
        ChannelMapping channelMapping = this.constraintsMap.get(action);
        if (channelMapping == null) {
            ChannelMapping channelMapping2 = new ChannelMapping(false);
            this.constraintsMap.put(action, channelMapping2);
            channelMapping2.put(channelResourceConstraintImpl.getChannelPattern(), channelResourceConstraintImpl);
            return;
        }
        ChannelResourceConstraintImpl channelResourceConstraintImpl2 = (ChannelResourceConstraintImpl) channelMapping.remove(channelResourceConstraintImpl.getChannelPattern());
        if (channelResourceConstraintImpl2 != null) {
            if (channelResourceConstraintImpl2.getRoles() == null || channelResourceConstraintImpl.getRoles() == null) {
                channelResourceConstraintImpl = channelResourceConstraintImpl2.getRoles() == null ? channelResourceConstraintImpl2 : channelResourceConstraintImpl;
            } else if (channelResourceConstraintImpl2.getRoles().length == 0 || channelResourceConstraintImpl.getRoles().length == 0) {
                channelResourceConstraintImpl = channelResourceConstraintImpl2.getRoles().length == 0 ? channelResourceConstraintImpl2 : channelResourceConstraintImpl;
            } else {
                channelResourceConstraintImpl.addRoles(channelResourceConstraintImpl2.getRoles());
            }
        }
        channelMapping.put(channelResourceConstraintImpl.getChannelPattern(), channelResourceConstraintImpl);
    }

    private ChannelResourceConstraint getResourceConstraint(String str, ChannelAuthorizationManager.Action action) {
        ChannelMapping channelMapping;
        if (this.constraintsMap == null || (channelMapping = this.constraintsMap.get(action)) == null) {
            return null;
        }
        return (ChannelResourceConstraint) channelMapping.get(str);
    }

    private static ChannelAuthorizationManager.Action getAction(String str) {
        if ("create".equalsIgnoreCase(str)) {
            return ChannelAuthorizationManager.Action.CREATE;
        }
        if ("delete".equalsIgnoreCase(str)) {
            return ChannelAuthorizationManager.Action.DELETE;
        }
        if ("subscribe".equalsIgnoreCase(str)) {
            return ChannelAuthorizationManager.Action.SUBSCRIBE;
        }
        if ("publish".equalsIgnoreCase(str)) {
            return ChannelAuthorizationManager.Action.PUBLISH;
        }
        throw new IllegalArgumentException("Illegal action: " + str);
    }
}
