package com.ibm.ws.sib.processor.impl;

import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ejs.ras.TraceNLS;
import com.ibm.websphere.sib.exception.SIErrorException;
import com.ibm.websphere.sib.management.SibNotificationConstants;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.sib.admin.JsMessagingEngine;
import com.ibm.ws.sib.admin.RuntimeEventListener;
import com.ibm.ws.sib.mfp.JsMessage;
import com.ibm.ws.sib.processor.SIMPConstants;
import com.ibm.ws.sib.processor.impl.interfaces.DestinationHandler;
import com.ibm.ws.sib.processor.matching.MPTopicAuths;
import com.ibm.ws.sib.processor.matching.TopicAuthorization;
import com.ibm.ws.sib.security.auth.OperationType;
import com.ibm.ws.sib.security.auth.SIBAccessControl;
import com.ibm.ws.sib.security.auth.SIBAccessControlException;
import com.ibm.ws.sib.utils.ras.SibTr;
import com.ibm.wsspi.sib.core.exception.SIDiscriminatorSyntaxException;
import java.util.Properties;
import javax.security.auth.Subject;

/* loaded from: input_file:com/ibm/ws/sib/processor/impl/AccessChecker.class */
public class AccessChecker {
    private static final TraceComponent tc = SibTr.register(AccessChecker.class, "SIBProcessor", SIMPConstants.RESOURCE_BUNDLE);
    private static final TraceNLS nls;
    private SIBAccessControl _securityAccessChecker;
    private TopicAuthorization _topicAuthorization;
    private MessageProcessor _messageProcessor;
    private MPTopicAuths _mpTopicAuths;

    public AccessChecker(MessageProcessor messageProcessor, SIBAccessControl sIBAccessControl) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "AccessChecker", new Object[]{messageProcessor, sIBAccessControl});
        }
        this._messageProcessor = messageProcessor;
        this._securityAccessChecker = sIBAccessControl;
        this._mpTopicAuths = new MPTopicAuths(messageProcessor);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "AccessChecker", this);
        }
    }

    public boolean checkBusAccess(Subject subject) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "checkBusAccess", subject != null ? "subject(" + this._messageProcessor.getAuthorisationUtils().getUserName(subject) + ")" : "<null>");
        }
        try {
            boolean checkBusAccess = this._securityAccessChecker.checkBusAccess(subject);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                SibTr.exit(tc, "checkBusAccess", new Boolean(checkBusAccess));
            }
            return checkBusAccess;
        } catch (SIBAccessControlException e) {
            FFDCFilter.processException(e, "com.ibm.ws.sib.processor.impl.AccessChecker.checkBusAccess", "1:149:1.34", this);
            String str = null;
            if (subject != null) {
                str = this._messageProcessor.getAuthorisationUtils().getUserName(subject);
            }
            SibTr.exception(tc, e);
            SibTr.error(tc, "INTERNAL_MESSAGING_ERROR_CWSIP0003", new Object[]{"AccessChecker", "1:160:1.34", e, str});
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                SibTr.exit(tc, "checkBusAccess", e);
            }
            throw new SIErrorException(nls.getFormattedMessage("INTERNAL_MESSAGING_ERROR_CWSIP0003", new Object[]{"AccessChecker", "1:170:1.34", e, str}, (String) null), e);
        }
    }

    public void listTopicAuthorisations() {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "listTopicAuthorisations");
        }
        try {
            this._securityAccessChecker.listTopicAuthorisations(this._mpTopicAuths);
        } catch (SIBAccessControlException e) {
            SibTr.exception(tc, e);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "listTopicAuthorisations");
        }
    }

    public boolean checkDestinationAccess(SecurityContext securityContext, String str, String str2, OperationType operationType) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "checkDestinationAccess", new Object[]{securityContext, str, str2, operationType});
        }
        boolean z = false;
        try {
            if (!securityContext.isAlternateUserBased() || operationType == OperationType.IDENTITY_ADOPTER) {
                if (securityContext.isSubjectBased()) {
                    if (this._securityAccessChecker.checkDestinationAccess(securityContext.getSubject(), str, str2, operationType)) {
                        z = true;
                    }
                } else if (securityContext.isUserIdBased()) {
                    if (this._securityAccessChecker.checkDestinationAccess(securityContext.getUserId(), str, str2, operationType)) {
                        z = true;
                    }
                } else if (!securityContext.isMsgBased()) {
                    z = false;
                } else if (this._securityAccessChecker.checkDestinationAccess(securityContext.getMsg(), str, str2, operationType)) {
                    z = true;
                }
            } else if (securityContext.isMsgBased()) {
                if (this._securityAccessChecker.checkDestinationAccess(securityContext.getAlternateUser(), str, str2, operationType, securityContext.getMsg().getSecurityUserid(), securityContext.getMsg().getAuditSessionId())) {
                    z = true;
                }
            } else if (securityContext.isUserIdBased()) {
                if (this._securityAccessChecker.checkDestinationAccess(securityContext.getAlternateUser(), str, str2, operationType, securityContext.getUserId(), null)) {
                    z = true;
                }
            } else if (this._securityAccessChecker.checkDestinationAccess(securityContext.getAlternateUser(), str, str2, operationType, securityContext.getSubject())) {
                z = true;
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                SibTr.exit(tc, "checkDestinationAccess", new Boolean(z));
            }
            return z;
        } catch (SIBAccessControlException e) {
            FFDCFilter.processException(e, "com.ibm.ws.sib.processor.impl.AccessChecker.checkDestinationAccess", "1:324:1.34", this);
            SibTr.exception(tc, e);
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[4];
            objArr[0] = "AccessChecker";
            objArr[1] = "1:330:1.34";
            objArr[2] = e;
            objArr[3] = securityContext.getUserName(operationType != OperationType.IDENTITY_ADOPTER);
            SibTr.error(traceComponent, "INTERNAL_MESSAGING_ERROR_CWSIP0003", objArr);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                SibTr.exit(tc, "checkDestinationAccess", e);
            }
            TraceNLS traceNLS = nls;
            Object[] objArr2 = new Object[4];
            objArr2[0] = "AccessChecker";
            objArr2[1] = "1:342:1.34";
            objArr2[2] = e;
            objArr2[3] = securityContext.getUserName(operationType != OperationType.IDENTITY_ADOPTER);
            throw new SIErrorException(traceNLS.getFormattedMessage("INTERNAL_MESSAGING_ERROR_CWSIP0003", objArr2, (String) null), e);
        }
    }

    public boolean checkTemporaryDestinationAccess(SecurityContext securityContext, String str, String str2, OperationType operationType) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "checkTemporaryDestinationAccess", new Object[]{securityContext, str, str2, operationType});
        }
        boolean z = false;
        try {
            if (!securityContext.isAlternateUserBased() || operationType == OperationType.IDENTITY_ADOPTER) {
                if (securityContext.isSubjectBased()) {
                    if (this._securityAccessChecker.checkTemporaryDestinationAccess(securityContext.getSubject(), str, str2, operationType)) {
                        z = true;
                    }
                } else if (securityContext.isUserIdBased()) {
                    if (this._securityAccessChecker.checkTemporaryDestinationAccess(securityContext.getUserId(), str, str2, operationType)) {
                        z = true;
                    }
                } else if (!securityContext.isMsgBased()) {
                    z = false;
                } else if (this._securityAccessChecker.checkTemporaryDestinationAccess(securityContext.getMsg(), str, str2, operationType)) {
                    z = true;
                }
            } else if (this._securityAccessChecker.checkTemporaryDestinationAccess(securityContext.getAlternateUser(), str, str2, operationType)) {
                z = true;
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                SibTr.exit(tc, "checkTemporaryDestinationAccess", new Boolean(z));
            }
            return z;
        } catch (SIBAccessControlException e) {
            FFDCFilter.processException(e, "com.ibm.ws.sib.processor.impl.AccessChecker.checkTemporaryDestinationAccess", "1:437:1.34", this);
            SibTr.exception(tc, e);
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[4];
            objArr[0] = "AccessChecker";
            objArr[1] = "1:443:1.34";
            objArr[2] = e;
            objArr[3] = securityContext.getUserName(operationType != OperationType.IDENTITY_ADOPTER);
            SibTr.error(traceComponent, "INTERNAL_MESSAGING_ERROR_CWSIP0003", objArr);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                SibTr.exit(tc, "checkTemporaryDestinationAccess", e);
            }
            TraceNLS traceNLS = nls;
            Object[] objArr2 = new Object[4];
            objArr2[0] = "AccessChecker";
            objArr2[1] = "1:455:1.34";
            objArr2[2] = e;
            objArr2[3] = securityContext.getUserName(operationType != OperationType.IDENTITY_ADOPTER);
            throw new SIErrorException(traceNLS.getFormattedMessage("INTERNAL_MESSAGING_ERROR_CWSIP0003", objArr2, (String) null), e);
        }
    }

    public boolean checkForeignBusAccess(SecurityContext securityContext, String str, OperationType operationType) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "checkForeignBusAccess", new Object[]{securityContext, str, operationType});
        }
        boolean z = false;
        try {
            if (!securityContext.isAlternateUserBased() || operationType == OperationType.IDENTITY_ADOPTER) {
                if (securityContext.isSubjectBased()) {
                    if (this._securityAccessChecker.checkForeignBusAccess(securityContext.getSubject(), str, operationType)) {
                        z = true;
                    }
                } else if (securityContext.isUserIdBased()) {
                    if (this._securityAccessChecker.checkForeignBusAccess(securityContext.getUserId(), str, operationType)) {
                        z = true;
                    }
                } else if (!securityContext.isMsgBased()) {
                    z = false;
                } else if (this._securityAccessChecker.checkForeignBusAccess(securityContext.getMsg(), str, operationType)) {
                    z = true;
                }
            } else if (this._securityAccessChecker.checkForeignBusAccess(securityContext.getAlternateUser(), str, operationType)) {
                z = true;
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                SibTr.exit(tc, "checkForeignBusAccess", new Boolean(z));
            }
            return z;
        } catch (SIBAccessControlException e) {
            FFDCFilter.processException(e, "com.ibm.ws.sib.processor.impl.AccessChecker.checkForeignBusAccess", "1:545:1.34", this);
            SibTr.exception(tc, e);
            TraceComponent traceComponent = tc;
            Object[] objArr = new Object[4];
            objArr[0] = "AccessChecker";
            objArr[1] = "1:551:1.34";
            objArr[2] = e;
            objArr[3] = securityContext.getUserName(operationType != OperationType.IDENTITY_ADOPTER);
            SibTr.error(traceComponent, "INTERNAL_MESSAGING_ERROR_CWSIP0003", objArr);
            if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
                SibTr.exit(tc, "checkForeignBusAccess", e);
            }
            TraceNLS traceNLS = nls;
            Object[] objArr2 = new Object[4];
            objArr2[0] = "AccessChecker";
            objArr2[1] = "1:563:1.34";
            objArr2[2] = e;
            objArr2[3] = securityContext.getUserName(operationType != OperationType.IDENTITY_ADOPTER);
            throw new SIErrorException(traceNLS.getFormattedMessage("INTERNAL_MESSAGING_ERROR_CWSIP0003", objArr2, (String) null), e);
        }
    }

    public boolean checkDiscriminatorAccess(SecurityContext securityContext, DestinationHandler destinationHandler, String str, OperationType operationType) throws SIDiscriminatorSyntaxException {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "checkDiscriminatorAccess", new Object[]{securityContext, destinationHandler, str, operationType});
        }
        boolean z = true;
        if (!securityContext.isSIBServerSubject() || securityContext.isAlternateUserBased()) {
            if (operationType.toInt() == 1) {
                if (!this._topicAuthorization.checkPermissionToPublish(destinationHandler, str, securityContext)) {
                    z = false;
                }
            } else if (!this._topicAuthorization.checkPermissionToSubscribe(destinationHandler, str, securityContext)) {
                z = false;
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "checkDiscriminatorAccess", new Boolean(z));
        }
        return z;
    }

    public void setTopicAuthorization(TopicAuthorization topicAuthorization) {
        this._topicAuthorization = topicAuthorization;
    }

    public void setSecurityIDInMessage(Subject subject, JsMessage jsMessage) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "setSecurityIDInMessage", new Object[]{subject != null ? "subject(" + this._messageProcessor.getAuthorisationUtils().getUserName(subject) + ")" : "<null>", jsMessage});
        }
        this._messageProcessor.getAuthorisationUtils().setSecurityIDInMessage(this._messageProcessor.getMessagingEngineBus(), subject, jsMessage);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "setSecurityIDInMessage");
        }
    }

    public void setSecurityIDInMessage(String str, JsMessage jsMessage) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "setSecurityIDInMessage", new Object[]{str, jsMessage});
        }
        this._messageProcessor.getAuthorisationUtils().setSecurityIDInMessage(this._messageProcessor.getMessagingEngineBus(), str, jsMessage);
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "setSecurityIDInMessage");
        }
    }

    public void fireBusAccessNotAuthorizedEvent(String str, String str2, String str3) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "fireBusAccessNotAuthorizedEvent", new Object[]{str, str2, str3});
        }
        JsMessagingEngine messagingEngine = this._messageProcessor.getMessagingEngine();
        RuntimeEventListener runtimeEventListener = this._messageProcessor.getRuntimeEventListener();
        if (messagingEngine.isEventNotificationEnabled()) {
            if (runtimeEventListener != null) {
                Properties properties = new Properties();
                properties.put(SibNotificationConstants.KEY_OPERATION, SibNotificationConstants.OPERATION_CONNECT);
                properties.put(SibNotificationConstants.KEY_SECURITY_USERID, str2);
                properties.put(SibNotificationConstants.KEY_SECURITY_RESOURCE_TYPE, SibNotificationConstants.SECURITY_RESOURCE_TYPE_BUS);
                properties.put(SibNotificationConstants.KEY_SECURITY_RESOURCE_NAME, str);
                properties.put(SibNotificationConstants.KEY_SECURITY_REASON, SibNotificationConstants.SECURITY_REASON_NOT_AUTHORIZED);
                runtimeEventListener.runtimeEventOccurred(messagingEngine, SibNotificationConstants.TYPE_SIB_SECURITY_NOT_AUTHORIZED, str3, properties);
            } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                SibTr.debug(tc, "Null RuntimeEventListener, cannot fire event");
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "fireBusAccessNotAuthorizedEvent");
        }
    }

    public void fireDestinationAccessNotAuthorizedEvent(String str, String str2, OperationType operationType, String str3) {
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.entry(tc, "fireDestinationAccessNotAuthorizedEvent", new Object[]{str, str2, operationType, str3});
        }
        JsMessagingEngine messagingEngine = this._messageProcessor.getMessagingEngine();
        RuntimeEventListener runtimeEventListener = this._messageProcessor.getRuntimeEventListener();
        if (messagingEngine.isEventNotificationEnabled()) {
            if (runtimeEventListener != null) {
                Properties properties = new Properties();
                Object obj = null;
                if (operationType == OperationType.BROWSE) {
                    obj = SibNotificationConstants.OPERATION_BROWSE;
                } else if (operationType == OperationType.CREATE) {
                    obj = SibNotificationConstants.OPERATION_CREATE;
                } else if (operationType == OperationType.IDENTITY_ADOPTER) {
                    obj = SibNotificationConstants.OPERATION_IDENTITY_ADOPTION;
                } else if (operationType == OperationType.RECEIVE) {
                    obj = SibNotificationConstants.OPERATION_RECEIVE;
                } else if (operationType == OperationType.SEND) {
                    obj = SibNotificationConstants.OPERATION_SEND;
                } else if (operationType == OperationType.INQUIRE) {
                    obj = SibNotificationConstants.OPERATION_INQUIRE;
                }
                properties.put(SibNotificationConstants.KEY_OPERATION, obj);
                properties.put(SibNotificationConstants.KEY_SECURITY_USERID, str2 == null ? "" : str2);
                properties.put(SibNotificationConstants.KEY_SECURITY_RESOURCE_TYPE, SibNotificationConstants.SECURITY_RESOURCE_TYPE_DESTINATION);
                properties.put(SibNotificationConstants.KEY_SECURITY_RESOURCE_NAME, str);
                properties.put(SibNotificationConstants.KEY_SECURITY_REASON, SibNotificationConstants.SECURITY_REASON_NOT_AUTHORIZED);
                runtimeEventListener.runtimeEventOccurred(messagingEngine, SibNotificationConstants.TYPE_SIB_SECURITY_NOT_AUTHORIZED, str3, properties);
            } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                SibTr.debug(tc, "Null RuntimeEventListener, cannot fire event");
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEntryEnabled()) {
            SibTr.exit(tc, "fireDestinationAccessNotAuthorizedEvent");
        }
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            SibTr.debug(tc, "Source info: @(#)SIB/ws/code/sib.processor.impl/src/com/ibm/ws/sib/processor/impl/AccessChecker.java, SIB.processor, WAS855.SIB, cf111646.01 1.34");
        }
        nls = TraceNLS.getTraceNLS(SIMPConstants.RESOURCE_BUNDLE);
    }
}
