package org.apache.activemq.artemis.core.server.management;

import java.io.IOException;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Principal;
import java.util.Iterator;
import java.util.List;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.JMException;
import javax.management.MBeanAttributeInfo;
import javax.management.MBeanServer;
import javax.management.ObjectName;
import javax.security.auth.Subject;
import org.apache.commons.beanutils.FluentPropertyBeanIntrospector;

/* loaded from: input_file:WEB-INF/lib/artemis-server-2.6.4.jar:org/apache/activemq/artemis/core/server/management/ArtemisMBeanServerGuard.class */
public class ArtemisMBeanServerGuard implements InvocationHandler {
    private JMXAccessControlList jmxAccessControlList = JMXAccessControlList.createDefaultList();

    public void init() {
        ArtemisMBeanServerBuilder.setGuard(this);
    }

    @Override // java.lang.reflect.InvocationHandler
    public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
        if (method.getParameterTypes().length == 0 || !ObjectName.class.isAssignableFrom(method.getParameterTypes()[0])) {
            return null;
        }
        ObjectName objectName = (ObjectName) objArr[0];
        if ("getAttribute".equals(method.getName())) {
            handleGetAttribute((MBeanServer) obj, objectName, (String) objArr[1]);
            return null;
        }
        if ("getAttributes".equals(method.getName())) {
            handleGetAttributes((MBeanServer) obj, objectName, (String[]) objArr[1]);
            return null;
        }
        if ("setAttribute".equals(method.getName())) {
            handleSetAttribute((MBeanServer) obj, objectName, (Attribute) objArr[1]);
            return null;
        }
        if ("setAttributes".equals(method.getName())) {
            handleSetAttributes((MBeanServer) obj, objectName, (AttributeList) objArr[1]);
            return null;
        }
        if (!"invoke".equals(method.getName())) {
            return null;
        }
        handleInvoke(objectName, (String) objArr[1], (Object[]) objArr[2], (String[]) objArr[3]);
        return null;
    }

    private void handleGetAttribute(MBeanServer mBeanServer, ObjectName objectName, String str) throws JMException, IOException {
        String str2 = null;
        for (MBeanAttributeInfo mBeanAttributeInfo : mBeanServer.getMBeanInfo(objectName).getAttributes()) {
            if (mBeanAttributeInfo.getName().equals(str)) {
                str2 = mBeanAttributeInfo.isIs() ? "is" : "get";
            }
        }
        if (str2 == null) {
            return;
        }
        handleInvoke(objectName, str2 + str, new Object[0], new String[0]);
    }

    private void handleGetAttributes(MBeanServer mBeanServer, ObjectName objectName, String[] strArr) throws JMException, IOException {
        for (String str : strArr) {
            handleGetAttribute(mBeanServer, objectName, str);
        }
    }

    private void handleSetAttribute(MBeanServer mBeanServer, ObjectName objectName, Attribute attribute) throws JMException, IOException {
        String str = null;
        MBeanAttributeInfo[] attributes = mBeanServer.getMBeanInfo(objectName).getAttributes();
        int length = attributes.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            MBeanAttributeInfo mBeanAttributeInfo = attributes[i];
            if (mBeanAttributeInfo.getName().equals(attribute.getName())) {
                str = mBeanAttributeInfo.getType();
                break;
            }
            i++;
        }
        if (str == null) {
            throw new IllegalStateException("Attribute data type can not be found");
        }
        handleInvoke(objectName, FluentPropertyBeanIntrospector.DEFAULT_WRITE_METHOD_PREFIX + attribute.getName(), new Object[]{attribute.getValue()}, new String[]{str});
    }

    private void handleSetAttributes(MBeanServer mBeanServer, ObjectName objectName, AttributeList attributeList) throws JMException, IOException {
        Iterator it = attributeList.asList().iterator();
        while (it.hasNext()) {
            handleSetAttribute(mBeanServer, objectName, (Attribute) it.next());
        }
    }

    private boolean canBypassRBAC(ObjectName objectName) {
        return this.jmxAccessControlList.isInWhiteList(objectName);
    }

    void handleInvoke(ObjectName objectName, String str, Object[] objArr, String[] strArr) throws IOException {
        if (canBypassRBAC(objectName)) {
            return;
        }
        Iterator<String> it = getRequiredRoles(objectName, str, objArr, strArr).iterator();
        while (it.hasNext()) {
            if (currentUserHasRole(it.next())) {
                return;
            }
        }
        throw new SecurityException("Insufficient roles/credentials for operation");
    }

    List<String> getRequiredRoles(ObjectName objectName, String str, Object[] objArr, String[] strArr) throws IOException {
        return this.jmxAccessControlList.getRolesForObject(objectName, str);
    }

    public void setJMXAccessControlList(JMXAccessControlList jMXAccessControlList) {
        this.jmxAccessControlList = jMXAccessControlList;
    }

    public static boolean currentUserHasRole(String str) {
        String str2;
        String str3;
        Subject subject;
        int indexOf = str.indexOf(58);
        if (indexOf > 0) {
            str2 = str.substring(0, indexOf);
            str3 = str.substring(indexOf + 1);
        } else {
            str2 = "org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal";
            str3 = str;
        }
        AccessControlContext context = AccessController.getContext();
        if (context == null || (subject = Subject.getSubject(context)) == null) {
            return false;
        }
        for (Principal principal : subject.getPrincipals()) {
            if (str2.equals(principal.getClass().getName()) && str3.equals(principal.getName())) {
                return true;
            }
        }
        return false;
    }
}
