package org.wso2.carbon.andes.authorization.andes;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.andes.server.security.Result;
import org.wso2.andes.server.security.access.ObjectProperties;
import org.wso2.carbon.andes.commons.CommonsUtil;
import org.wso2.carbon.andes.commons.registry.RegistryClient;
import org.wso2.carbon.andes.commons.registry.RegistryClientException;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.user.api.UserRealm;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.authorization.TreeNode;

/* loaded from: input_file:org/wso2/carbon/andes/authorization/andes/QpidAuthorizationHandler.class */
public class QpidAuthorizationHandler {
    private static final Log log = LogFactory.getLog(QpidAuthorizationHandler.class);
    private static final String DEFAULT_EXCHANGE = "default";
    private static final String DIRECT_EXCHANGE = "amq.direct";
    private static final String TOPIC_EXCHANGE = "amq.topic";
    private static final String PERMISSION_CHANGE_PERMISSION = "changePermission";
    private static final String ADMIN_ROLE = "admin";
    private static final String AT_REPLACE_CHAR = "_";

    public static Result handleCreateQueue(String str, UserRealm userRealm, ObjectProperties objectProperties) throws QpidAuthorizationHandlerException {
        if (null == userRealm) {
            return Result.DENIED;
        }
        try {
            String rawQueueName = getRawQueueName((String) objectProperties.get(ObjectProperties.Property.NAME));
            RegistryClient.createQueue(rawQueueName.replace("@", AT_REPLACE_CHAR), str);
            String queueID = CommonsUtil.getQueueID(rawQueueName);
            userRealm.getAuthorizationManager().authorizeUser(str, queueID, TreeNode.Permission.CONSUME.toString().toLowerCase());
            userRealm.getAuthorizationManager().authorizeUser(str, queueID, TreeNode.Permission.PUBLISH.toString().toLowerCase());
            userRealm.getAuthorizationManager().authorizeUser(str, queueID, PERMISSION_CHANGE_PERMISSION);
            return Result.ALLOWED;
        } catch (UserStoreException e) {
            throw new QpidAuthorizationHandlerException((Throwable) e);
        } catch (RegistryClientException e2) {
            throw new QpidAuthorizationHandlerException((Throwable) e2);
        }
    }

    public static Result handleConsumeQueue(String str, UserRealm userRealm, ObjectProperties objectProperties) throws QpidAuthorizationHandlerException {
        if (null != userRealm) {
            try {
                String queueID = CommonsUtil.getQueueID(getRawQueueName((String) objectProperties.get(ObjectProperties.Property.NAME)));
                if (isAdminUser(str, userRealm)) {
                    return Result.ALLOWED;
                }
                if (userRealm.getAuthorizationManager().isUserAuthorized(str, queueID, TreeNode.Permission.CONSUME.toString().toLowerCase())) {
                    return Result.ALLOWED;
                }
            } catch (UserStoreException e) {
                throw new QpidAuthorizationHandlerException((Throwable) e);
            }
        }
        return Result.DENIED;
    }

    public static Result handleBindQueue(String str, UserRealm userRealm, ObjectProperties objectProperties) throws QpidAuthorizationHandlerException {
        if (null != userRealm) {
            try {
                String rawExchangeName = getRawExchangeName((String) objectProperties.get(ObjectProperties.Property.NAME));
                String rawQueueName = getRawQueueName((String) objectProperties.get(ObjectProperties.Property.QUEUE_NAME));
                String rawRoutingKey = getRawRoutingKey((String) objectProperties.get(ObjectProperties.Property.ROUTING_KEY));
                if (DEFAULT_EXCHANGE.equals(rawExchangeName)) {
                    String queueID = CommonsUtil.getQueueID(rawQueueName);
                    if (!isAdminUser(str, userRealm) && !userRealm.getAuthorizationManager().isUserAuthorized(str, queueID, TreeNode.Permission.CONSUME.toString().toLowerCase())) {
                    }
                    return Result.ALLOWED;
                }
                if (DIRECT_EXCHANGE.equals(rawExchangeName)) {
                    String queueID2 = CommonsUtil.getQueueID(rawQueueName);
                    if (!isAdminUser(str, userRealm) && !userRealm.getAuthorizationManager().isUserAuthorized(str, queueID2, TreeNode.Permission.CONSUME.toString().toLowerCase())) {
                    }
                    return Result.ALLOWED;
                }
                if (TOPIC_EXCHANGE.equals(rawExchangeName)) {
                    if (CarbonContext.getCurrentContext().getTenantId() > 0) {
                        rawRoutingKey = rawRoutingKey.substring(CarbonContext.getCurrentContext().getTenantDomain().length() + 1);
                    }
                    String topicID = CommonsUtil.getTopicID(rawRoutingKey);
                    String replace = rawRoutingKey.replace("@", AT_REPLACE_CHAR);
                    String replace2 = rawQueueName.replace("@", AT_REPLACE_CHAR);
                    if (isAdminUser(str, userRealm)) {
                        RegistryClient.createSubscription(replace, replace2, str);
                        return Result.ALLOWED;
                    }
                    if (userRealm.getAuthorizationManager().isUserAuthorized(str, topicID, TreeNode.Permission.SUBSCRIBE.toString().toLowerCase())) {
                        RegistryClient.createSubscription(replace, replace2, str);
                        return Result.ALLOWED;
                    }
                }
            } catch (RegistryClientException e) {
                throw new QpidAuthorizationHandlerException((Throwable) e);
            } catch (UserStoreException e2) {
                throw new QpidAuthorizationHandlerException((Throwable) e2);
            }
        }
        return Result.DENIED;
    }

    public static Result handlePublishToExchange(String str, UserRealm userRealm, ObjectProperties objectProperties) throws QpidAuthorizationHandlerException {
        if (null != userRealm) {
            try {
                String rawExchangeName = getRawExchangeName((String) objectProperties.get(ObjectProperties.Property.NAME));
                String rawRoutingKey = getRawRoutingKey((String) objectProperties.get(ObjectProperties.Property.ROUTING_KEY));
                if (DIRECT_EXCHANGE.equals(rawExchangeName)) {
                    String queueID = CommonsUtil.getQueueID(rawRoutingKey);
                    if (!isAdminUser(str, userRealm) && !userRealm.getAuthorizationManager().isUserAuthorized(str, queueID, TreeNode.Permission.PUBLISH.toString().toLowerCase())) {
                    }
                    return Result.ALLOWED;
                }
                if (TOPIC_EXCHANGE.equals(rawExchangeName)) {
                    if (CarbonContext.getCurrentContext().getTenantId() > 0) {
                        rawRoutingKey = rawRoutingKey.substring(CarbonContext.getCurrentContext().getTenantDomain().length() + 1);
                    }
                    String topicID = CommonsUtil.getTopicID(rawRoutingKey);
                    if (!isAdminUser(str, userRealm) && !userRealm.getAuthorizationManager().isUserAuthorized(str, topicID, TreeNode.Permission.PUBLISH.toString().toLowerCase())) {
                    }
                    return Result.ALLOWED;
                }
                if (DEFAULT_EXCHANGE.equals(rawExchangeName)) {
                    String queueID2 = CommonsUtil.getQueueID(rawRoutingKey);
                    if (isAdminUser(str, userRealm)) {
                        return Result.ALLOWED;
                    }
                    if (userRealm.getAuthorizationManager().isUserAuthorized(str, queueID2, TreeNode.Permission.PUBLISH.toString().toLowerCase())) {
                        return Result.ALLOWED;
                    }
                }
            } catch (UserStoreException e) {
                throw new QpidAuthorizationHandlerException((Throwable) e);
            }
        }
        return Result.DENIED;
    }

    public static Result handleUnbindQueue(ObjectProperties objectProperties) throws QpidAuthorizationHandlerException {
        try {
            String rawExchangeName = getRawExchangeName((String) objectProperties.get(ObjectProperties.Property.NAME));
            String rawQueueName = getRawQueueName((String) objectProperties.get(ObjectProperties.Property.QUEUE_NAME));
            String rawRoutingKey = getRawRoutingKey((String) objectProperties.get(ObjectProperties.Property.ROUTING_KEY));
            rawRoutingKey.replace("@", AT_REPLACE_CHAR);
            rawQueueName.replace("@", AT_REPLACE_CHAR);
            if (TOPIC_EXCHANGE.equals(rawExchangeName)) {
                RegistryClient.deleteSubscription(rawRoutingKey, rawQueueName);
            }
            return Result.ALLOWED;
        } catch (RegistryClientException e) {
            throw new QpidAuthorizationHandlerException((Throwable) e);
        }
    }

    public static Result handleDeleteQueue(ObjectProperties objectProperties) throws QpidAuthorizationHandlerException {
        try {
            String rawQueueName = getRawQueueName((String) objectProperties.get(ObjectProperties.Property.NAME));
            rawQueueName.replace("@", AT_REPLACE_CHAR);
            RegistryClient.deleteQueue(rawQueueName);
            return Result.ALLOWED;
        } catch (RegistryClientException e) {
            throw new QpidAuthorizationHandlerException((Throwable) e);
        }
    }

    private static String getRawQueueName(String str) {
        if (str.indexOf(";") > -1) {
            str = str.substring(0, str.indexOf(";"));
        }
        return str.substring(str.indexOf(":") + 1, str.length());
    }

    private static String getRawRoutingKey(String str) {
        return str.substring(str.indexOf(":") + 1, str.length());
    }

    private static String getRawExchangeName(String str) {
        return str.equals("<<default>>") ? DEFAULT_EXCHANGE : str;
    }

    private static boolean isAdminUser(String str, UserRealm userRealm) {
        try {
            for (String str2 : userRealm.getUserStoreManager().getRoleListOfUser(str)) {
                if (ADMIN_ROLE.equals(str2)) {
                    return true;
                }
            }
            return false;
        } catch (UserStoreException e) {
            return false;
        }
    }
}
