package org.jboss.as.controller.access.rbac;

import java.security.Permission;
import java.security.PermissionCollection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;
import org.jboss.as.controller.access.Action;
import org.jboss.as.controller.access.AuthorizerConfiguration;
import org.jboss.as.controller.access.Caller;
import org.jboss.as.controller.access.CombinationPolicy;
import org.jboss.as.controller.access.Environment;
import org.jboss.as.controller.access.JmxAction;
import org.jboss.as.controller.access.JmxTarget;
import org.jboss.as.controller.access.TargetAttribute;
import org.jboss.as.controller.access.TargetResource;
import org.jboss.as.controller.access.constraint.ApplicationTypeConstraint;
import org.jboss.as.controller.access.constraint.AuditConstraint;
import org.jboss.as.controller.access.constraint.Constraint;
import org.jboss.as.controller.access.constraint.ConstraintFactory;
import org.jboss.as.controller.access.constraint.HostEffectConstraint;
import org.jboss.as.controller.access.constraint.NonAuditConstraint;
import org.jboss.as.controller.access.constraint.ScopingConstraint;
import org.jboss.as.controller.access.constraint.SensitiveTargetConstraint;
import org.jboss.as.controller.access.constraint.SensitiveVaultExpressionConstraint;
import org.jboss.as.controller.access.constraint.ServerGroupEffectConstraint;
import org.jboss.as.controller.access.constraint.TopRoleConstraint;
import org.jboss.as.controller.access.permission.AllPermissionsCollection;
import org.jboss.as.controller.access.permission.CombinationManagementPermission;
import org.jboss.as.controller.access.permission.ManagementPermission;
import org.jboss.as.controller.access.permission.ManagementPermissionCollection;
import org.jboss.as.controller.access.permission.PermissionFactory;
import org.jboss.as.controller.access.permission.SimpleManagementPermission;
import org.jboss.as.controller.logging.ControllerLogger;

/* loaded from: input_file:WEB-INF/lib/wildfly-controller-2.0.10.Final.jar:org/jboss/as/controller/access/rbac/DefaultPermissionFactory.class */
public class DefaultPermissionFactory implements PermissionFactory, AuthorizerConfiguration.ScopedRoleListener {
    private static final PermissionCollection NO_PERMISSIONS = new NoPermissionsCollection();
    private final RoleMapper roleMapper;
    private final SortedSet<ConstraintFactory> constraintFactories;
    private final Map<String, ManagementPermissionCollection> permissionsByRole;
    private final Map<String, ScopedBase> scopedBaseMap;
    private final AuthorizerConfiguration authorizerConfiguration;
    private PermsHolder permsHolder;
    private boolean rolePermissionsConfigured;

    /* loaded from: input_file:WEB-INF/lib/wildfly-controller-2.0.10.Final.jar:org/jboss/as/controller/access/rbac/DefaultPermissionFactory$NoPermissionsCollection.class */
    private static class NoPermissionsCollection extends PermissionCollection {
        private static final long serialVersionUID = 426277167342589940L;

        private NoPermissionsCollection() {
            super.setReadOnly();
        }

        @Override // java.security.PermissionCollection
        public void add(Permission permission) {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.PermissionCollection
        public boolean implies(Permission permission) {
            return false;
        }

        @Override // java.security.PermissionCollection
        public Enumeration<Permission> elements() {
            return new Enumeration<Permission>() { // from class: org.jboss.as.controller.access.rbac.DefaultPermissionFactory.NoPermissionsCollection.1
                @Override // java.util.Enumeration
                public boolean hasMoreElements() {
                    return false;
                }

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.Enumeration
                public Permission nextElement() {
                    throw new NoSuchElementException();
                }
            };
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/wildfly-controller-2.0.10.Final.jar:org/jboss/as/controller/access/rbac/DefaultPermissionFactory$PermsHolder.class */
    public static class PermsHolder {
        private final Map<Set<String>, PermissionCollection> permsByRoleSet;
        private final Map<String, ManagementPermissionCollection> permsByRole;
        private final ConstraintFactory[] constraintFactories;

        private PermsHolder(Map<String, ManagementPermissionCollection> map, SortedSet<ConstraintFactory> sortedSet) {
            this.permsByRoleSet = Collections.synchronizedMap(new HashMap());
            this.permsByRole = new HashMap();
            this.permsByRole.putAll(map);
            this.constraintFactories = (ConstraintFactory[]) sortedSet.toArray(new ConstraintFactory[sortedSet.size()]);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public PermissionCollection getPermissions(Set<String> set) {
            return this.permsByRoleSet.get(set);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void storePermissions(Set<String> set, PermissionCollection permissionCollection) {
            this.permsByRoleSet.put(set, permissionCollection);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/wildfly-controller-2.0.10.Final.jar:org/jboss/as/controller/access/rbac/DefaultPermissionFactory$ScopedBase.class */
    public class ScopedBase {
        private final StandardRole base;
        private final ScopingConstraint constraint;

        private ScopedBase(StandardRole standardRole, ScopingConstraint scopingConstraint) {
            this.base = standardRole;
            this.constraint = scopingConstraint;
        }
    }

    public DefaultPermissionFactory(RoleMapper roleMapper, AuthorizerConfiguration authorizerConfiguration) {
        this(roleMapper, getStandardConstraintFactories(), authorizerConfiguration);
    }

    DefaultPermissionFactory(RoleMapper roleMapper, Set<ConstraintFactory> set, AuthorizerConfiguration authorizerConfiguration) {
        this.constraintFactories = new TreeSet();
        this.permissionsByRole = new HashMap();
        this.scopedBaseMap = new HashMap();
        this.roleMapper = roleMapper;
        this.constraintFactories.addAll(set);
        this.authorizerConfiguration = authorizerConfiguration;
    }

    @Override // org.jboss.as.controller.access.permission.PermissionFactory
    public PermissionCollection getUserPermissions(Caller caller, Environment environment, Action action, TargetAttribute targetAttribute) {
        return getUserPermissions(this.roleMapper.mapRoles(caller, environment, action, targetAttribute));
    }

    @Override // org.jboss.as.controller.access.permission.PermissionFactory
    public PermissionCollection getUserPermissions(Caller caller, Environment environment, Action action, TargetResource targetResource) {
        return getUserPermissions(this.roleMapper.mapRoles(caller, environment, action, targetResource));
    }

    @Override // org.jboss.as.controller.access.permission.PermissionFactory
    public PermissionCollection getUserPermissions(Caller caller, Environment environment, JmxAction jmxAction, JmxTarget jmxTarget) {
        return getUserPermissions(this.roleMapper.mapRoles(caller, environment, jmxAction, jmxTarget));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v31, types: [java.security.PermissionCollection] */
    private PermissionCollection getUserPermissions(Set<String> set) {
        ManagementPermissionCollection managementPermissionCollection;
        PermissionCollection checkAllPermissions = checkAllPermissions(set);
        if (checkAllPermissions != null) {
            return checkAllPermissions;
        }
        PermsHolder configureRolePermissions = configureRolePermissions();
        PermissionCollection permissions = configureRolePermissions.getPermissions(set);
        if (permissions != null) {
            return permissions;
        }
        CombinationPolicy permissionCombinationPolicy = this.authorizerConfiguration.getPermissionCombinationPolicy();
        ManagementPermissionCollection managementPermissionCollection2 = null;
        HashMap hashMap = null;
        for (String str : set) {
            if (permissionCombinationPolicy == CombinationPolicy.REJECTING && managementPermissionCollection2 != null) {
                throw ControllerLogger.ROOT_LOGGER.illegalMultipleRoles();
            }
            ManagementPermissionCollection managementPermissionCollection3 = (ManagementPermissionCollection) configureRolePermissions.permsByRole.get(getOfficialForm(str));
            if (managementPermissionCollection3 == null) {
                throw ControllerLogger.ROOT_LOGGER.unknownRole(str);
            }
            if (managementPermissionCollection2 == null) {
                managementPermissionCollection2 = managementPermissionCollection3;
            } else {
                if (hashMap == null) {
                    hashMap = new HashMap();
                    Enumeration<Permission> elements = managementPermissionCollection2.elements();
                    String name = managementPermissionCollection2.getName();
                    while (elements.hasMoreElements()) {
                        ManagementPermission managementPermission = (ManagementPermission) elements.nextElement();
                        Action.ActionEffect actionEffect = managementPermission.getActionEffect();
                        CombinationManagementPermission combinationManagementPermission = new CombinationManagementPermission(permissionCombinationPolicy, actionEffect);
                        combinationManagementPermission.addUnderlyingPermission(name, managementPermission);
                        hashMap.put(actionEffect, combinationManagementPermission);
                    }
                }
                Enumeration<Permission> elements2 = managementPermissionCollection3.elements();
                String officialForm = getOfficialForm(str);
                while (elements2.hasMoreElements()) {
                    ManagementPermission managementPermission2 = (ManagementPermission) elements2.nextElement();
                    Action.ActionEffect actionEffect2 = managementPermission2.getActionEffect();
                    CombinationManagementPermission combinationManagementPermission2 = (CombinationManagementPermission) hashMap.get(actionEffect2);
                    if (combinationManagementPermission2 == null) {
                        combinationManagementPermission2 = new CombinationManagementPermission(permissionCombinationPolicy, actionEffect2);
                        hashMap.put(actionEffect2, combinationManagementPermission2);
                    }
                    combinationManagementPermission2.addUnderlyingPermission(officialForm, managementPermission2);
                }
            }
        }
        if (hashMap == null) {
            managementPermissionCollection = managementPermissionCollection2 != null ? managementPermissionCollection2 : NO_PERMISSIONS;
        } else {
            managementPermissionCollection = new ManagementPermissionCollection("MULTIPLE ROLES", CombinationManagementPermission.class);
            Iterator it = hashMap.values().iterator();
            while (it.hasNext()) {
                managementPermissionCollection.add((CombinationManagementPermission) it.next());
            }
        }
        configureRolePermissions.storePermissions(set, managementPermissionCollection);
        return managementPermissionCollection;
    }

    private PermissionCollection checkAllPermissions(Set<String> set) {
        if (!set.contains(StandardRole.SUPERUSER.toString())) {
            return null;
        }
        if (this.authorizerConfiguration.getPermissionCombinationPolicy() == CombinationPolicy.PERMISSIVE || set.size() == 1) {
            return AllPermissionsCollection.INSTANCE;
        }
        return null;
    }

    @Override // org.jboss.as.controller.access.permission.PermissionFactory
    public PermissionCollection getRequiredPermissions(Action action, TargetAttribute targetAttribute) {
        ConstraintFactory[] constraintFactoryArr = configureRolePermissions().constraintFactories;
        ManagementPermissionCollection managementPermissionCollection = new ManagementPermissionCollection(SimpleManagementPermission.class);
        for (Action.ActionEffect actionEffect : action.getActionEffects()) {
            Constraint[] constraintArr = new Constraint[constraintFactoryArr.length];
            for (int i = 0; i < constraintArr.length; i++) {
                constraintArr[i] = constraintFactoryArr[i].getRequiredConstraint(actionEffect, action, targetAttribute);
            }
            managementPermissionCollection.add(new SimpleManagementPermission(actionEffect, constraintArr));
        }
        return managementPermissionCollection;
    }

    @Override // org.jboss.as.controller.access.permission.PermissionFactory
    public PermissionCollection getRequiredPermissions(Action action, TargetResource targetResource) {
        ConstraintFactory[] constraintFactoryArr = configureRolePermissions().constraintFactories;
        ManagementPermissionCollection managementPermissionCollection = new ManagementPermissionCollection(SimpleManagementPermission.class);
        for (Action.ActionEffect actionEffect : action.getActionEffects()) {
            Constraint[] constraintArr = new Constraint[constraintFactoryArr.length];
            for (int i = 0; i < constraintArr.length; i++) {
                constraintArr[i] = constraintFactoryArr[i].getRequiredConstraint(actionEffect, action, targetResource);
            }
            managementPermissionCollection.add(new SimpleManagementPermission(actionEffect, constraintArr));
        }
        return managementPermissionCollection;
    }

    @Override // org.jboss.as.controller.access.permission.PermissionFactory
    public PermissionCollection getRequiredPermissions(JmxAction jmxAction, JmxTarget jmxTarget) {
        ConstraintFactory[] constraintFactoryArr = configureRolePermissions().constraintFactories;
        ManagementPermissionCollection managementPermissionCollection = new ManagementPermissionCollection(SimpleManagementPermission.class);
        for (Action.ActionEffect actionEffect : jmxAction.getActionEffects()) {
            Constraint[] constraintArr = new Constraint[constraintFactoryArr.length];
            for (int i = 0; i < constraintArr.length; i++) {
                constraintArr[i] = constraintFactoryArr[i].getRequiredConstraint(actionEffect, jmxAction, jmxTarget);
            }
            managementPermissionCollection.add(new SimpleManagementPermission(actionEffect, constraintArr));
        }
        return managementPermissionCollection;
    }

    void addConstraintFactory(ConstraintFactory constraintFactory) {
        synchronized (this) {
            if (this.constraintFactories.add(constraintFactory)) {
                this.rolePermissionsConfigured = false;
            }
        }
    }

    @Override // org.jboss.as.controller.access.AuthorizerConfiguration.ScopedRoleListener
    public synchronized void scopedRoleAdded(AuthorizerConfiguration.ScopedRole scopedRole) {
        String name = scopedRole.getName();
        String officialForm = getOfficialForm(name);
        if (this.permissionsByRole.containsKey(officialForm)) {
            throw ControllerLogger.ROOT_LOGGER.roleIsAlreadyRegistered(name);
        }
        String baseRoleName = scopedRole.getBaseRoleName();
        String officialForm2 = getOfficialForm(baseRoleName);
        if (this.rolePermissionsConfigured && !this.permissionsByRole.containsKey(officialForm2)) {
            throw ControllerLogger.ROOT_LOGGER.unknownBaseRole(baseRoleName);
        }
        ScopingConstraint scopingConstraint = scopedRole.getScopingConstraint();
        addConstraintFactory(scopingConstraint.getFactory());
        this.scopedBaseMap.put(officialForm, new ScopedBase(StandardRole.valueOf(officialForm2), scopingConstraint));
        this.rolePermissionsConfigured = false;
    }

    @Override // org.jboss.as.controller.access.AuthorizerConfiguration.ScopedRoleListener
    public synchronized void scopedRoleRemoved(AuthorizerConfiguration.ScopedRole scopedRole) {
        StandardRole standardRole;
        String officialForm = getOfficialForm(scopedRole.getName());
        try {
            standardRole = StandardRole.valueOf(officialForm);
        } catch (RuntimeException e) {
            standardRole = null;
        }
        if (standardRole != null) {
            throw ControllerLogger.ROOT_LOGGER.cannotRemoveStandardRole(standardRole.toString());
        }
        synchronized (this) {
            this.scopedBaseMap.remove(officialForm);
            this.rolePermissionsConfigured = false;
        }
    }

    private synchronized PermsHolder configureRolePermissions() {
        if (!this.rolePermissionsConfigured) {
            this.permissionsByRole.clear();
            this.permissionsByRole.putAll(configureDefaultPermissions());
            for (Map.Entry<String, ScopedBase> entry : this.scopedBaseMap.entrySet()) {
                addScopedRoleInternal(entry.getKey(), entry.getValue().base, entry.getValue().constraint);
            }
            this.permsHolder = new PermsHolder(this.permissionsByRole, this.constraintFactories);
            this.rolePermissionsConfigured = true;
        }
        return this.permsHolder;
    }

    private synchronized Map<String, ManagementPermissionCollection> configureDefaultPermissions() {
        HashMap hashMap = new HashMap();
        for (StandardRole standardRole : StandardRole.values()) {
            String officialForm = getOfficialForm(standardRole);
            ManagementPermissionCollection managementPermissionCollection = new ManagementPermissionCollection(officialForm, SimpleManagementPermission.class);
            for (Action.ActionEffect actionEffect : Action.ActionEffect.values()) {
                if (standardRole.isActionEffectAllowed(actionEffect)) {
                    Constraint[] constraintArr = new Constraint[this.constraintFactories.size()];
                    int i = 0;
                    Iterator<ConstraintFactory> it = this.constraintFactories.iterator();
                    while (it.hasNext()) {
                        constraintArr[i] = it.next().getStandardUserConstraint(standardRole, actionEffect);
                        i++;
                    }
                    managementPermissionCollection.add(new SimpleManagementPermission(actionEffect, constraintArr));
                }
            }
            hashMap.put(officialForm, managementPermissionCollection);
        }
        return hashMap;
    }

    private synchronized void addScopedRoleInternal(String str, StandardRole standardRole, ScopingConstraint scopingConstraint) {
        ManagementPermissionCollection managementPermissionCollection = this.permissionsByRole.get(getOfficialForm(standardRole));
        int constraintIndex = getConstraintIndex(scopingConstraint.getFactory());
        HashMap hashMap = new HashMap();
        Enumeration<Permission> elements = this.permissionsByRole.get(getOfficialForm(StandardRole.MONITOR)).elements();
        while (elements.hasMoreElements()) {
            SimpleManagementPermission simpleManagementPermission = (SimpleManagementPermission) elements.nextElement();
            hashMap.put(simpleManagementPermission.getActionEffect(), simpleManagementPermission);
        }
        ManagementPermissionCollection managementPermissionCollection2 = null;
        Enumeration<Permission> elements2 = managementPermissionCollection.elements();
        String str2 = str + " (" + getOfficialForm(standardRole) + " permissions)";
        while (elements2.hasMoreElements()) {
            SimpleManagementPermission simpleManagementPermission2 = (SimpleManagementPermission) elements2.nextElement();
            Action.ActionEffect actionEffect = simpleManagementPermission2.getActionEffect();
            CombinationManagementPermission combinationManagementPermission = new CombinationManagementPermission(CombinationPolicy.PERMISSIVE, actionEffect);
            if (managementPermissionCollection2 == null) {
                managementPermissionCollection2 = new ManagementPermissionCollection(str, CombinationManagementPermission.class);
            }
            combinationManagementPermission.addUnderlyingPermission(str2, simpleManagementPermission2.createScopedPermission(scopingConstraint.getStandardConstraint(), constraintIndex));
            SimpleManagementPermission simpleManagementPermission3 = (SimpleManagementPermission) hashMap.get(actionEffect);
            String str3 = str + " (READ-ONLY permissions)";
            if (simpleManagementPermission3 != null) {
                combinationManagementPermission.addUnderlyingPermission(str3, simpleManagementPermission3.createScopedPermission(scopingConstraint.getOutofScopeReadConstraint(), constraintIndex));
            }
            managementPermissionCollection2.add(combinationManagementPermission);
        }
        this.permissionsByRole.put(str, managementPermissionCollection2);
    }

    private int getConstraintIndex(ConstraintFactory constraintFactory) {
        int i = 0;
        Iterator<ConstraintFactory> it = this.constraintFactories.iterator();
        while (it.hasNext()) {
            if (constraintFactory.equals(it.next())) {
                return i;
            }
            i++;
        }
        throw new IllegalStateException();
    }

    private static Set<ConstraintFactory> getStandardConstraintFactories() {
        HashSet hashSet = new HashSet();
        hashSet.add(ApplicationTypeConstraint.FACTORY);
        hashSet.add(AuditConstraint.FACTORY);
        hashSet.add(NonAuditConstraint.FACTORY);
        hashSet.add(HostEffectConstraint.FACTORY);
        hashSet.add(SensitiveTargetConstraint.FACTORY);
        hashSet.add(SensitiveVaultExpressionConstraint.FACTORY);
        hashSet.add(ServerGroupEffectConstraint.FACTORY);
        hashSet.add(TopRoleConstraint.FACTORY);
        return hashSet;
    }

    private static String getOfficialForm(StandardRole standardRole) {
        return standardRole.getOfficialForm();
    }

    private static String getOfficialForm(String str) {
        return str.toUpperCase(Locale.ENGLISH);
    }
}
