package org.apache.activemq.artemis.core.server.management;

import java.util.ArrayList;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import javax.management.ObjectName;
import org.apache.activemq.artemis.api.config.ActiveMQDefaultConfiguration;

/* loaded from: input_file:artemis-server-2.19.1.jar:org/apache/activemq/artemis/core/server/management/JMXAccessControlList.class */
public class JMXAccessControlList {
    private static final String WILDCARD = "*";
    private Access defaultAccess = new Access("*");
    private ConcurrentHashMap<String, TreeMap<String, Access>> domainAccess = new ConcurrentHashMap<>();
    private ConcurrentHashMap<String, TreeMap<String, Access>> allowList = new ConcurrentHashMap<>();
    private Comparator<String> keyComparator = (str, str2) -> {
        boolean contains = str.contains("*");
        boolean contains2 = str2.contains("*");
        if (contains && !contains2) {
            return 1;
        }
        if (contains || !contains2) {
            return str.length() == str2.length() ? str.compareTo(str2) : str2.length() - str.length();
        }
        return -1;
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:artemis-server-2.19.1.jar:org/apache/activemq/artemis/core/server/management/JMXAccessControlList$Access.class */
    public static class Access {
        private final String id;
        private final String key;
        private final Pattern keyPattern;
        List<String> catchAllRoles;
        Map<String, List<String>> methodRoles;
        Map<String, List<String>> methodPrefixRoles;

        Access(String str) {
            this(str, ActiveMQDefaultConfiguration.DEFAULT_TEMPORARY_QUEUE_NAMESPACE);
        }

        Access(String str, String str2) {
            this.catchAllRoles = new ArrayList();
            this.methodRoles = new HashMap();
            this.methodPrefixRoles = new LinkedHashMap();
            this.id = str;
            this.key = str2;
            this.keyPattern = Pattern.compile(str2.replace("*", ".*"));
        }

        public synchronized void addMethods(String str, String... strArr) {
            List<String> list = this.methodRoles.get(str);
            if (list == null) {
                list = new ArrayList();
                this.methodRoles.put(str, list);
            }
            for (String str2 : strArr) {
                list.add(str2);
            }
        }

        public synchronized void addMethodsPrefixes(String str, String... strArr) {
            List<String> list = this.methodPrefixRoles.get(str);
            if (list == null) {
                list = new ArrayList();
                this.methodPrefixRoles.put(str, list);
            }
            for (String str2 : strArr) {
                list.add(str2);
            }
        }

        public void addCatchAll(String... strArr) {
            for (String str : strArr) {
                this.catchAllRoles.add(str);
            }
        }

        public String getId() {
            return this.id;
        }

        public String getKey() {
            return this.key;
        }

        public Pattern getKeyPattern() {
            return this.keyPattern;
        }

        public List<String> getMatchingRolesForMethod(String str) {
            List<String> list = this.methodRoles.get(str);
            if (list != null) {
                return list;
            }
            for (Map.Entry<String, List<String>> entry : this.methodPrefixRoles.entrySet()) {
                if (str.startsWith(entry.getKey())) {
                    return entry.getValue();
                }
            }
            return this.catchAllRoles;
        }
    }

    public void addToAllowList(String str, String str2) {
        TreeMap<String, Access> putIfAbsent = this.allowList.putIfAbsent(str, new TreeMap<>(this.keyComparator));
        if (putIfAbsent == null) {
            putIfAbsent = this.allowList.get(str);
        }
        Access access = new Access(str, normalizeKey(str2));
        putIfAbsent.putIfAbsent(access.getKey(), access);
    }

    public List<String> getRolesForObject(ObjectName objectName, String str) {
        TreeMap<String, Access> treeMap = this.domainAccess.get(objectName.getDomain());
        if (treeMap != null) {
            for (Map.Entry entry : objectName.getKeyPropertyList().entrySet()) {
                String normalizeKey = normalizeKey(((String) entry.getKey()) + "=" + ((String) entry.getValue()));
                for (Access access : treeMap.values()) {
                    if (access.getKeyPattern().matcher(normalizeKey).matches()) {
                        return access.getMatchingRolesForMethod(str);
                    }
                }
            }
            Access access2 = treeMap.get(ActiveMQDefaultConfiguration.DEFAULT_TEMPORARY_QUEUE_NAMESPACE);
            if (access2 != null) {
                return access2.getMatchingRolesForMethod(str);
            }
        }
        return this.defaultAccess.getMatchingRolesForMethod(str);
    }

    public boolean isInAllowList(ObjectName objectName) {
        TreeMap<String, Access> treeMap = this.allowList.get(objectName.getDomain());
        if (treeMap == null) {
            return false;
        }
        if (treeMap.containsKey(ActiveMQDefaultConfiguration.DEFAULT_TEMPORARY_QUEUE_NAMESPACE)) {
            return true;
        }
        for (Map.Entry entry : objectName.getKeyPropertyList().entrySet()) {
            String normalizeKey = normalizeKey(((String) entry.getKey()) + "=" + ((String) entry.getValue()));
            Iterator<Access> it = treeMap.values().iterator();
            while (it.hasNext()) {
                if (it.next().getKeyPattern().matcher(normalizeKey).matches()) {
                    return true;
                }
            }
        }
        return false;
    }

    public void addToDefaultAccess(String str, String... strArr) {
        if (strArr != null) {
            if (str.equals("*")) {
                this.defaultAccess.addCatchAll(strArr);
            } else if (!str.endsWith("*")) {
                this.defaultAccess.addMethods(str, strArr);
            } else {
                this.defaultAccess.addMethodsPrefixes(str.replace("*", ActiveMQDefaultConfiguration.DEFAULT_TEMPORARY_QUEUE_NAMESPACE), strArr);
            }
        }
    }

    public void addToRoleAccess(String str, String str2, String str3, String... strArr) {
        TreeMap<String, Access> putIfAbsent = this.domainAccess.putIfAbsent(str, new TreeMap<>(this.keyComparator));
        if (putIfAbsent == null) {
            putIfAbsent = this.domainAccess.get(str);
        }
        String normalizeKey = normalizeKey(str2);
        Access access = putIfAbsent.get(normalizeKey);
        if (access == null) {
            access = new Access(str, normalizeKey);
            putIfAbsent.put(normalizeKey, access);
        }
        if (str3.equals("*")) {
            access.addCatchAll(strArr);
        } else if (!str3.endsWith("*")) {
            access.addMethods(str3, strArr);
        } else {
            access.addMethodsPrefixes(str3.replace("*", ActiveMQDefaultConfiguration.DEFAULT_TEMPORARY_QUEUE_NAMESPACE), strArr);
        }
    }

    private String normalizeKey(String str) {
        return str == null ? ActiveMQDefaultConfiguration.DEFAULT_TEMPORARY_QUEUE_NAMESPACE : str.endsWith("\"") ? str.replace("\"", ActiveMQDefaultConfiguration.DEFAULT_TEMPORARY_QUEUE_NAMESPACE) : str;
    }

    public static JMXAccessControlList createDefaultList() {
        JMXAccessControlList jMXAccessControlList = new JMXAccessControlList();
        jMXAccessControlList.addToAllowList("hawtio", "type=*");
        jMXAccessControlList.addToRoleAccess("org.apache.activemq.artemis", null, "list*", "view", "update", "amq");
        jMXAccessControlList.addToRoleAccess("org.apache.activemq.artemis", null, "get*", "view", "update", "amq");
        jMXAccessControlList.addToRoleAccess("org.apache.activemq.artemis", null, "is*", "view", "update", "amq");
        jMXAccessControlList.addToRoleAccess("org.apache.activemq.artemis", null, "set*", "update", "amq");
        jMXAccessControlList.addToRoleAccess("org.apache.activemq.artemis", null, "*", "amq");
        jMXAccessControlList.addToDefaultAccess("list*", "view", "update", "amq");
        jMXAccessControlList.addToDefaultAccess("get*", "view", "update", "amq");
        jMXAccessControlList.addToDefaultAccess("is*", "view", "update", "amq");
        jMXAccessControlList.addToDefaultAccess("set*", "update", "amq");
        jMXAccessControlList.addToDefaultAccess("*", "amq");
        return jMXAccessControlList;
    }
}
