package org.wso2.carbon.messagebox.internal.qpid;

import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.messagebox.MessageBoxConstants;
import org.wso2.carbon.messagebox.MessageBoxException;
import org.wso2.carbon.messagebox.PermissionLabel;
import org.wso2.carbon.messagebox.internal.ds.MessageBoxServiceValueHolder;
import org.wso2.carbon.messagebox.internal.utils.Utils;
import org.wso2.carbon.user.api.AuthorizationManager;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.Permission;
import org.wso2.carbon.user.core.util.UserCoreUtil;

/* loaded from: input_file:org/wso2/carbon/messagebox/internal/qpid/MessageBoxAuthorizationHandler.class */
public class MessageBoxAuthorizationHandler {
    private static final Log log = LogFactory.getLog(MessageBoxAuthorizationHandler.class);

    public boolean isAuthorized(String str, String str2) throws MessageBoxException {
        String tenantLessUsername = UserCoreUtil.getTenantLessUsername(CarbonContext.getCurrentContext().getUsername());
        try {
            return Utils.getUserRelam().getAuthorizationManager().isUserAuthorized(tenantLessUsername, "message/messageBoxes/" + str, str2);
        } catch (UserStoreException e) {
            String str3 = "Failed to check is " + tenantLessUsername + " authorized to " + str2 + " to " + str;
            log.error(str3);
            throw new MessageBoxException(str3, (Throwable) e);
        }
    }

    public boolean isUserAuthorized(String str, String str2, String str3) throws MessageBoxException {
        try {
            return Utils.getUserRelam().getAuthorizationManager().isUserAuthorized(str, "message/messageBoxes/" + str2, str3);
        } catch (UserStoreException e) {
            String str4 = "Failed to check is " + str + " authorized to " + str3 + " to " + str2;
            log.error(str4);
            throw new MessageBoxException(str4, (Throwable) e);
        }
    }

    public void addPermission(String str, PermissionLabel permissionLabel) throws MessageBoxException {
        try {
            AuthorizationManager authorizationManager = Utils.getUserRelam().getAuthorizationManager();
            String str2 = "message/messageBoxes/" + str;
            for (String str3 : permissionLabel.getSharedUsers()) {
                UserStoreManager userStoreManager = Utils.getUserRelam().getUserStoreManager();
                if (!userStoreManager.isExistingRole(str3)) {
                    userStoreManager.addRole(str3, new String[]{str3}, new Permission[0]);
                }
                Iterator<String> it = permissionLabel.getOperations().iterator();
                while (it.hasNext()) {
                    authorizationManager.authorizeRole(str3, str2, it.next());
                }
            }
        } catch (UserStoreException e) {
            String str4 = "Failed to add permissions to " + str + " with permission label " + permissionLabel.getLabelName();
            log.error(str4);
            throw new MessageBoxException(str4, (Throwable) e);
        }
    }

    public void allowAllPermissionsToAdminRole(String str) throws MessageBoxException {
        try {
            AuthorizationManager authorizationManager = Utils.getUserRelam().getAuthorizationManager();
            String str2 = "message/messageBoxes/" + str;
            String adminRoleName = MessageBoxServiceValueHolder.getInstance().getRealmService().getBootstrapRealmConfiguration().getAdminRoleName();
            authorizationManager.authorizeRole(adminRoleName, str2, MessageBoxConstants.SQS_OPERATION_DELETE_MESSAGE);
            authorizationManager.authorizeRole(adminRoleName, str2, MessageBoxConstants.SQS_OPERATION_CHANGE_MESSAGE_VISIBILITY);
            authorizationManager.authorizeRole(adminRoleName, str2, MessageBoxConstants.SQS_OPERATION_GET_QUEUE_ATTRIBUTES);
            authorizationManager.authorizeRole(adminRoleName, str2, MessageBoxConstants.SQS_OPERATION_RECEIVE_MESSAGE);
            authorizationManager.authorizeRole(adminRoleName, str2, MessageBoxConstants.SQS_OPERATION_SEND_MESSAGE);
        } catch (UserStoreException e) {
            String str3 = "Failed to add permissions to admin role for message box " + str;
            log.error(str3);
            throw new MessageBoxException(str3, (Throwable) e);
        }
    }

    public void allowAllPermissionsToUser(String str, String str2) throws MessageBoxException {
        try {
            UserStoreManager userStoreManager = Utils.getUserRelam().getUserStoreManager();
            if (!userStoreManager.isExistingRole(str2)) {
                userStoreManager.addRole(str2, new String[]{str2}, new Permission[0]);
            }
            AuthorizationManager authorizationManager = Utils.getUserRelam().getAuthorizationManager();
            String str3 = "message/messageBoxes/" + str;
            authorizationManager.authorizeRole(str2, str3, MessageBoxConstants.SQS_OPERATION_DELETE_MESSAGE);
            authorizationManager.authorizeRole(str2, str3, MessageBoxConstants.SQS_OPERATION_CHANGE_MESSAGE_VISIBILITY);
            authorizationManager.authorizeRole(str2, str3, MessageBoxConstants.SQS_OPERATION_GET_QUEUE_ATTRIBUTES);
            authorizationManager.authorizeRole(str2, str3, MessageBoxConstants.SQS_OPERATION_RECEIVE_MESSAGE);
            authorizationManager.authorizeRole(str2, str3, MessageBoxConstants.SQS_OPERATION_SEND_MESSAGE);
        } catch (UserStoreException e) {
            String str4 = "Failed to allow permissions to user " + str2 + " for message box " + str;
            log.error(str4);
            throw new MessageBoxException(str4, (Throwable) e);
        }
    }

    public void denyAllPermissionsToUser(String str, String str2) throws MessageBoxException {
        try {
            AuthorizationManager authorizationManager = Utils.getUserRelam().getAuthorizationManager();
            String str3 = "message/messageBoxes/" + str;
            authorizationManager.denyUser(str2, str3, MessageBoxConstants.SQS_OPERATION_DELETE_MESSAGE);
            authorizationManager.denyUser(str2, str3, MessageBoxConstants.SQS_OPERATION_CHANGE_MESSAGE_VISIBILITY);
            authorizationManager.denyUser(str2, str3, MessageBoxConstants.SQS_OPERATION_GET_QUEUE_ATTRIBUTES);
            authorizationManager.denyUser(str2, str3, MessageBoxConstants.SQS_OPERATION_RECEIVE_MESSAGE);
            authorizationManager.denyUser(str2, str3, MessageBoxConstants.SQS_OPERATION_SEND_MESSAGE);
        } catch (UserStoreException e) {
            String str4 = "Failed to deny permissions to user" + str2 + " for message box " + str;
            log.error(str4);
            throw new MessageBoxException(str4, (Throwable) e);
        }
    }

    public void removePermission(String str, PermissionLabel permissionLabel) throws MessageBoxException {
        try {
            AuthorizationManager authorizationManager = Utils.getUserRelam().getAuthorizationManager();
            String str2 = "message/messageBoxes/" + str;
            for (String str3 : permissionLabel.getSharedUsers()) {
                Iterator<String> it = permissionLabel.getOperations().iterator();
                while (it.hasNext()) {
                    authorizationManager.clearUserAuthorization(str3, str2, it.next());
                }
            }
        } catch (UserStoreException e) {
            String str4 = "Failed to clear permissions authorized for " + str + " with permission label " + permissionLabel.getLabelName();
            log.error(str4);
            throw new MessageBoxException(str4, (Throwable) e);
        }
    }
}
