package com.sun.server.http.admin;

import com.sun.server.http.AccessConfigException;
import com.sun.server.http.HttpService;
import com.sun.server.realm.BadRealmException;
import com.sun.server.realm.NoSuchAclException;
import com.sun.server.realm.NoSuchGroupException;
import com.sun.server.realm.NoSuchRealmException;
import com.sun.server.realm.NoSuchUserException;
import com.sun.server.realm.Realm;
import com.sun.server.realm.util.HostAclEntryImpl;
import com.sun.server.realm.util.HostImpl;
import com.sun.server.util.ExProperties;
import java.security.Principal;
import java.security.acl.Acl;
import java.security.acl.AclEntry;
import java.security.acl.NotOwnerException;
import java.util.Enumeration;
import sun.security.acl.AclEntryImpl;
import sun.security.acl.PermissionImpl;
import sun.security.acl.PrincipalImpl;

/* loaded from: input_file:com/sun/server/http/admin/AclManager.class */
class AclManager {
    static final String PRINCIPAL_USER = "User";
    static final String PRINCIPAL_GROUP = "Group";
    static final String PRINCIPAL_HOST = "Computer";
    static Principal aclOwner = new PrincipalImpl("admin");
    private static final String ACL_PROPERTY_GROUP = "acl";
    private static final boolean debugging = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized void removeAcl(HttpService httpService, String str, String str2) throws AccessConfigException {
        try {
            String protectedResources = getProtectedResources(httpService, str, str2);
            if (protectedResources != null) {
                throw new AccessConfigException(new StringBuffer("ACL is used for:\n").append(protectedResources).append("Remove these resource configurations first.").toString());
            }
            Realm.get(str).removeAcl(str2);
        } catch (BadRealmException e) {
            throw new AccessConfigException(e.getMessage());
        } catch (NoSuchAclException unused) {
            throw new AccessConfigException(new StringBuffer("Cannot find ACL ").append(str2).append(" in realm ").append(str).toString());
        } catch (NoSuchRealmException unused2) {
            throw new AccessConfigException(new StringBuffer("Cannot find realm ").append(str).toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized boolean removeAclEntries(Realm realm, String str, String str2, String str3) throws AccessConfigException {
        Acl acl = getAcl(realm, str);
        Principal principal = getPrincipal(realm, str2, str3);
        AclEntry findAclEntry = findAclEntry(realm, acl, principal, true);
        AclEntry findAclEntry2 = findAclEntry(realm, acl, principal, false);
        if (str.equals("adminAcl")) {
            boolean z = false;
            Enumeration<AclEntry> entries = acl.entries();
            while (true) {
                if (!entries.hasMoreElements()) {
                    break;
                }
                AclEntry nextElement = entries.nextElement();
                if (!nextElement.isNegative() && nextElement.getPrincipal() != null) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                throw new AccessConfigException("Cannot remove last allowed entry in adminAcl");
            }
        }
        if (findAclEntry != null) {
            try {
                acl.removeEntry(getAclOwner(), findAclEntry);
            } catch (NotOwnerException unused) {
                throw new AccessConfigException("Internal problem removing entry: ACL has the wrong owner");
            }
        }
        if (findAclEntry2 == null) {
            return true;
        }
        acl.removeEntry(getAclOwner(), findAclEntry2);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized boolean addPermission(Realm realm, String str, String str2, String str3, boolean z, String str4) throws AccessConfigException {
        Acl acl = getAcl(realm, str);
        Principal principal = getPrincipal(realm, str2, str3);
        AclEntry findAclEntry = findAclEntry(realm, acl, principal, z);
        if (findAclEntry == null) {
            findAclEntry = createAclEntry(realm, principal);
            if (z) {
                findAclEntry.setNegativePermissions();
            }
        }
        debug(new StringBuffer("Add ").append(z ? "-" : "+").append(str4).append(" to ").append(findAclEntry).toString());
        boolean addPermission = findAclEntry.addPermission(new PermissionImpl(str4));
        try {
            acl.removeEntry(getAclOwner(), findAclEntry);
            acl.addEntry(getAclOwner(), findAclEntry);
            debug(new StringBuffer("Acl now ").append(acl).toString());
            return addPermission;
        } catch (NotOwnerException unused) {
            throw new AccessConfigException("Internal problem: ACL has the wrong owner");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized boolean removePermission(Realm realm, String str, String str2, String str3, boolean z, String str4) throws AccessConfigException {
        Acl acl = getAcl(realm, str);
        AclEntry findAclEntry = findAclEntry(realm, acl, getPrincipal(realm, str2, str3), z);
        if (findAclEntry == null) {
            return false;
        }
        debug(new StringBuffer("Remove ").append(z ? "-" : "+").append(str4).append(" from ").append(findAclEntry).toString());
        boolean removePermission = findAclEntry.removePermission(new PermissionImpl(str4));
        try {
            acl.removeEntry(getAclOwner(), findAclEntry);
            acl.addEntry(getAclOwner(), findAclEntry);
            debug(new StringBuffer("Acl now ").append(acl).toString());
            return removePermission;
        } catch (NotOwnerException unused) {
            throw new AccessConfigException("Internal problem: ACL has the wrong owner");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Principal getAclOwner() {
        return aclOwner;
    }

    static Principal getPrincipal(Realm realm, String str, String str2) throws AccessConfigException {
        Principal hostImpl;
        try {
            if (str.equals(PRINCIPAL_GROUP)) {
                hostImpl = realm.getGroup(str2);
            } else if (str.equals(PRINCIPAL_USER)) {
                hostImpl = realm.getUser(str2);
            } else {
                if (!str.equals(PRINCIPAL_HOST)) {
                    throw new AccessConfigException(new StringBuffer("Unknown principal type: ").append(str).toString());
                }
                hostImpl = new HostImpl(str2);
            }
            return hostImpl;
        } catch (BadRealmException e) {
            throw new AccessConfigException(e.getMessage());
        } catch (NoSuchGroupException unused) {
            throw new AccessConfigException(new StringBuffer("Cannot find group ").append(str2).append(" in realm ").append(realm.getName()).toString());
        } catch (NoSuchUserException unused2) {
            throw new AccessConfigException(new StringBuffer("Cannot find user  ").append(str2).append(" in realm ").append(realm.getName()).toString());
        }
    }

    static AclEntry createAclEntry(Realm realm, Principal principal) {
        return principal instanceof HostImpl ? new HostAclEntryImpl(principal) : new AclEntryImpl(principal);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getProtectedResources(HttpService httpService, String str, String str2) {
        StringBuffer stringBuffer = new StringBuffer();
        boolean z = false;
        ExProperties groupProperties = httpService.getConfiguration().getGroupProperties("acl");
        Enumeration<Object> keys = groupProperties.keys();
        while (keys.hasMoreElements()) {
            String str3 = (String) keys.nextElement();
            if (((String) groupProperties.get(str3)).indexOf(new StringBuffer(String.valueOf(str)).append(":").append(str2).toString()) != -1) {
                stringBuffer.append(str3).append("\n");
                z = true;
            }
        }
        if (z) {
            return stringBuffer.toString();
        }
        return null;
    }

    private static Acl getAcl(Realm realm, String str) throws AccessConfigException {
        try {
            Acl acl = realm.getAcl(str);
            aclOwner = realm.getDefaultAclOwner();
            return acl;
        } catch (BadRealmException e) {
            throw new AccessConfigException(e.getMessage());
        } catch (NoSuchAclException unused) {
            throw new AccessConfigException(new StringBuffer("Cannot find ACL ").append(str).append(" in realm ").append(realm.getName()).toString());
        }
    }

    private static AclEntry findAclEntry(Realm realm, Acl acl, Principal principal, boolean z) throws AccessConfigException {
        boolean z2 = false;
        AclEntry aclEntry = null;
        Enumeration<AclEntry> entries = acl.entries();
        while (true) {
            if (!entries.hasMoreElements()) {
                break;
            }
            aclEntry = entries.nextElement();
            if (principal.equals(aclEntry.getPrincipal()) && z == aclEntry.isNegative()) {
                z2 = true;
                break;
            }
        }
        if (z2) {
            return aclEntry;
        }
        return null;
    }

    private static final void debug(String str) {
    }

    AclManager() {
    }
}
