package com.ibm.ws.sib.processor.matching;

import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.sib.processor.SIMPConstants;
import com.ibm.ws.sib.processor.impl.MessageProcessor;
import com.ibm.ws.sib.processor.impl.SecurityContext;
import com.ibm.ws.sib.processor.impl.interfaces.DestinationHandler;
import com.ibm.ws.sib.security.BusSecurity;
import com.ibm.ws.sib.security.auth.AuthUtils;
import com.ibm.ws.sib.utils.SIBUuid12;
import com.ibm.ws.sib.utils.ras.SibTr;
import com.ibm.ws.sib.wsn.msg.impl.z.WSNSRRemotePublisherToken;
import com.ibm.wsspi.sib.core.exception.SIDiscriminatorSyntaxException;
import java.security.Principal;
import javax.security.auth.Subject;

/* loaded from: input_file:com/ibm/ws/sib/processor/matching/TopicAuthorization.class */
public class TopicAuthorization {
    private static final TraceComponent tc = SibTr.register(TopicAuthorization.class, "SIBProcessor", SIMPConstants.RESOURCE_BUNDLE);
    private MessageProcessor _messageProcessor;
    private MessageProcessorMatching _messageProcessorMatching;
    private String _busName;
    private AuthUtils _authorisationUtils;
    private boolean _pendingRefresh = false;
    protected Object _refreshRequestLock = new Object();
    protected Object _refreshLock = new Object();
    private int _refreshCount = 0;

    public TopicAuthorization(MessageProcessor messageProcessor, MessageProcessorMatching messageProcessorMatching, AuthUtils authUtils) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "TopicAuthorization", new Object[]{messageProcessor, messageProcessorMatching, authUtils});
        }
        this._messageProcessor = messageProcessor;
        this._busName = messageProcessor.getBus().getName();
        this._messageProcessorMatching = messageProcessorMatching;
        this._authorisationUtils = authUtils;
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "TopicAuthorization", this);
        }
    }

    public void addTopicAcl(SIBUuid12 sIBUuid12, String str, int i, Principal principal) throws SIDiscriminatorSyntaxException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "addTopicAcl", new Object[]{sIBUuid12, str, new Integer(i), principal});
        }
        this._messageProcessorMatching.addTopicAcl(sIBUuid12, new TopicAcl(str, i, principal));
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "addTopicAcl");
        }
    }

    public boolean checkPermissionToPublish(DestinationHandler destinationHandler, String str, Principal principal) throws SIDiscriminatorSyntaxException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "checkPermissionToPublish", new Object[]{destinationHandler, str, principal});
        }
        handleAclRefresh();
        MessageProcessorSearchResults messageProcessorSearchResults = (MessageProcessorSearchResults) this._messageProcessor.getSearchResultsObjectPool().remove();
        messageProcessorSearchResults.reset();
        this._messageProcessorMatching.retrieveMatchingTopicAcls(destinationHandler, str, null, messageProcessorSearchResults);
        boolean checkPermission = ((TopicAclTraversalResults) messageProcessorSearchResults.getResults(null)[0]).checkPermission(principal, 1);
        this._messageProcessor.getSearchResultsObjectPool().add(messageProcessorSearchResults);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "checkPermissionToPublish", new Boolean(checkPermission));
        }
        return checkPermission;
    }

    public boolean checkPermissionToPublish(DestinationHandler destinationHandler, String str, SecurityContext securityContext) throws SIDiscriminatorSyntaxException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "checkPermissionToPublish", new Object[]{destinationHandler, str, securityContext});
        }
        boolean z = false;
        handleAclRefresh();
        MessageProcessorSearchResults messageProcessorSearchResults = (MessageProcessorSearchResults) this._messageProcessor.getSearchResultsObjectPool().remove();
        messageProcessorSearchResults.reset();
        this._messageProcessorMatching.retrieveMatchingTopicAcls(destinationHandler, str, null, messageProcessorSearchResults);
        TopicAclTraversalResults topicAclTraversalResults = (TopicAclTraversalResults) messageProcessorSearchResults.getResults(null)[0];
        if (securityContext.isAlternateUserBased()) {
            z = topicAclTraversalResults.checkPermission(new MPPrincipal(this._busName, securityContext.getAlternateUser(), this._messageProcessor), 1);
            handlePublishAuthorizationResult(securityContext.getAlternateUser(), str, destinationHandler, z);
        } else if (securityContext.isSubjectBased()) {
            z = topicAclTraversalResults.checkPermission(new MPPrincipal(this._busName, securityContext.getSubject(), this._authorisationUtils, this._messageProcessor), 1);
            handlePublishAuthorizationResult(securityContext.getSubject(), str, destinationHandler, z);
        } else if (securityContext.isUserIdBased()) {
            z = topicAclTraversalResults.checkPermission(new MPPrincipal(this._busName, securityContext.getUserId(), this._messageProcessor), 1);
            handlePublishAuthorizationResult(securityContext.getUserId(), str, destinationHandler, z);
        } else if (securityContext.isMsgBased()) {
            z = topicAclTraversalResults.checkPermission(new MPPrincipal(this._busName, securityContext.getMsg().getSecurityUserid(), this._messageProcessor), 1);
            handlePublishAuthorizationResult(securityContext.getMsg().getSecurityUserid(), str, destinationHandler, z);
        }
        this._messageProcessor.getSearchResultsObjectPool().add(messageProcessorSearchResults);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "checkPermissionToPublish", new Boolean(z));
        }
        return z;
    }

    public boolean checkPermissionToSubscribe(DestinationHandler destinationHandler, String str, SecurityContext securityContext) throws SIDiscriminatorSyntaxException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "checkPermissionToSubscribe", new Object[]{destinationHandler, str, securityContext});
        }
        boolean z = false;
        handleAclRefresh();
        MessageProcessorSearchResults messageProcessorSearchResults = (MessageProcessorSearchResults) this._messageProcessor.getSearchResultsObjectPool().remove();
        messageProcessorSearchResults.reset();
        this._messageProcessorMatching.retrieveMatchingTopicAcls(destinationHandler, str, null, messageProcessorSearchResults);
        TopicAclTraversalResults topicAclTraversalResults = (TopicAclTraversalResults) messageProcessorSearchResults.getResults(null)[0];
        if (securityContext.isAlternateUserBased()) {
            z = topicAclTraversalResults.checkPermission(new MPPrincipal(this._busName, securityContext.getAlternateUser(), this._messageProcessor), 0);
            handleSubscribeAuthorizationResult(securityContext.getAlternateUser(), str, destinationHandler, z);
        } else if (securityContext.isSubjectBased()) {
            z = topicAclTraversalResults.checkPermission(new MPPrincipal(this._busName, securityContext.getSubject(), this._authorisationUtils, this._messageProcessor), 0);
            handleSubscribeAuthorizationResult(securityContext.getSubject(), str, destinationHandler, z);
        } else if (securityContext.isUserIdBased()) {
            z = topicAclTraversalResults.checkPermission(new MPPrincipal(this._busName, securityContext.getUserId(), this._messageProcessor), 0);
            handleSubscribeAuthorizationResult(securityContext.getUserId(), str, destinationHandler, z);
        } else if (securityContext.isMsgBased()) {
            z = topicAclTraversalResults.checkPermission(new MPPrincipal(this._busName, securityContext.getMsg().getSecurityUserid(), this._messageProcessor), 0);
            handleSubscribeAuthorizationResult(securityContext.getMsg().getSecurityUserid(), str, destinationHandler, z);
        }
        this._messageProcessor.getSearchResultsObjectPool().add(messageProcessorSearchResults);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "checkPermissionToSubscribe", new Boolean(z));
        }
        return z;
    }

    public boolean checkPermissionToSubscribe(DestinationHandler destinationHandler, String str, String str2, TopicAclTraversalResults topicAclTraversalResults) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "checkPermissionToSubscribe", new Object[]{destinationHandler, str, str2});
        }
        boolean checkPermission = topicAclTraversalResults.checkPermission(new MPPrincipal(this._busName, str2, this._messageProcessor), 0);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "checkPermissionToSubscribe", new Boolean(checkPermission));
        }
        return checkPermission;
    }

    public void prepareToRefresh() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "prepareToRefresh");
        }
        synchronized (this._refreshRequestLock) {
            this._pendingRefresh = true;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "prepareToRefresh");
        }
    }

    private void handleAclRefresh() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "handleAclRefresh");
        }
        synchronized (this._refreshLock) {
            if (this._pendingRefresh) {
                while (this._pendingRefresh) {
                    synchronized (this._refreshRequestLock) {
                        this._pendingRefresh = false;
                    }
                    this._messageProcessorMatching.removeAllTopicAcls();
                    this._messageProcessor.getAccessChecker().listTopicAuthorisations();
                    this._refreshCount++;
                }
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "handleAclRefresh");
        }
    }

    public int getAclRefreshVersion() {
        int i;
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "getAclRefreshVersion");
        }
        synchronized (this._refreshLock) {
            i = this._refreshCount;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "getAclRefreshVersion", new Integer(i));
        }
        return i;
    }

    private void handlePublishAuthorizationResult(String str, String str2, DestinationHandler destinationHandler, boolean z) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "handlePublishAuthorizationResult", new Object[]{str, str2, destinationHandler, Boolean.valueOf(z)});
        }
        BusSecurity busSecurity = (BusSecurity) this._messageProcessor.getMessagingEngine().getEngineComponent(BusSecurity.class);
        if (z) {
            busSecurity.publishAuthorizationPassed(str, str2, destinationHandler.getName(), (Long) 0L, "publish");
        } else {
            busSecurity.publishAuthorizationFailed(str, str2, destinationHandler.getName(), (Long) 0L, "publish");
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "handlePublishAuthorizationResult");
        }
    }

    private void handlePublishAuthorizationResult(Subject subject, String str, DestinationHandler destinationHandler, boolean z) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "handlePublishAuthorizationResult", new Object[]{subject != null ? "subject(" + this._messageProcessor.getAuthorisationUtils().getUserName(subject) + ")" : "<null>", str, destinationHandler, Boolean.valueOf(z)});
        }
        BusSecurity busSecurity = (BusSecurity) this._messageProcessor.getMessagingEngine().getEngineComponent(BusSecurity.class);
        if (z) {
            busSecurity.publishAuthorizationPassed(subject, str, destinationHandler.getName(), (Long) 0L, "publish");
        } else {
            busSecurity.publishAuthorizationFailed(subject, str, destinationHandler.getName(), (Long) 0L, "publish");
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "handlePublishAuthorizationResult");
        }
    }

    private void handleSubscribeAuthorizationResult(String str, String str2, DestinationHandler destinationHandler, boolean z) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "handleSubscribeAuthorizationResult", new Object[]{str, str2, destinationHandler, Boolean.valueOf(z)});
        }
        BusSecurity busSecurity = (BusSecurity) this._messageProcessor.getMessagingEngine().getEngineComponent(BusSecurity.class);
        if (z) {
            busSecurity.publishAuthorizationPassed(str, str2, destinationHandler.getName(), (Long) 0L, WSNSRRemotePublisherToken.SUBSCRIBE);
        } else {
            busSecurity.publishAuthorizationFailed(str, str2, destinationHandler.getName(), (Long) 0L, WSNSRRemotePublisherToken.SUBSCRIBE);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "handleSubscribeAuthorizationResult");
        }
    }

    private void handleSubscribeAuthorizationResult(Subject subject, String str, DestinationHandler destinationHandler, boolean z) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "handleSubscribeAuthorizationResult", new Object[]{subject != null ? "subject(" + this._messageProcessor.getAuthorisationUtils().getUserName(subject) + ")" : "<null>", str, destinationHandler, Boolean.valueOf(z)});
        }
        BusSecurity busSecurity = (BusSecurity) this._messageProcessor.getMessagingEngine().getEngineComponent(BusSecurity.class);
        if (z) {
            busSecurity.subscribeAuthorizationPassed(subject, str, destinationHandler.getName(), (Long) 0L, WSNSRRemotePublisherToken.SUBSCRIBE);
        } else {
            busSecurity.subscribeAuthorizationFailed(subject, str, destinationHandler.getName(), (Long) 0L, WSNSRRemotePublisherToken.SUBSCRIBE);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "handleSubscribeAuthorizationResult");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final boolean isBusSecure() {
        return this._messageProcessor.isBusSecure();
    }
}
