package com.sun.server.realm.util;

import com.sun.server.realm.BadAclException;
import com.sun.server.realm.BadRealmException;
import com.sun.server.realm.NoSuchGroupException;
import com.sun.server.realm.NoSuchUserException;
import com.sun.server.realm.Realm;
import com.sun.server.util.REException;
import com.sun.server.util.RegexpPool;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.security.Principal;
import java.security.acl.AclEntry;
import java.security.acl.NotOwnerException;
import java.security.acl.Permission;
import java.util.Enumeration;
import java.util.Properties;
import java.util.StringTokenizer;
import java.util.Vector;
import sun.security.acl.AclEntryImpl;
import sun.security.acl.AclImpl;
import sun.security.acl.PermissionImpl;

/* loaded from: input_file:com/sun/server/realm/util/FileAcl.class */
public class FileAcl extends AclImpl {
    protected File aclFile;
    protected Realm realm;
    private Vector allowedHosts;
    private Vector deniedHosts;
    private boolean onlyHostEntries;
    private static String extension = ".acl";

    public static File getFile(String str, File file) {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(file.getPath());
        stringBuffer.append(File.separatorChar);
        stringBuffer.append(str);
        stringBuffer.append(extension);
        return new File(stringBuffer.toString());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public FileAcl(Principal principal, String str) {
        super(principal, str);
        this.onlyHostEntries = false;
        this.allowedHosts = new Vector();
        this.deniedHosts = new Vector();
    }

    protected FileAcl(Principal principal, String str, File file) {
        super(principal, str);
        this.onlyHostEntries = false;
        this.aclFile = file;
        this.allowedHosts = new Vector();
        this.deniedHosts = new Vector();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static FileAcl load(String str, Realm realm, Principal principal) throws IOException, BadRealmException {
        File file = getFile(str, realm.getRealmDir());
        DataInputStream dataInputStream = new DataInputStream(new FileInputStream(file));
        int i = 0;
        int i2 = 0;
        FileAcl fileAcl = new FileAcl(principal, str, file);
        fileAcl.realm = realm;
        Properties properties = new Properties();
        properties.load(dataInputStream);
        dataInputStream.close();
        Enumeration<?> propertyNames = properties.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str2 = (String) propertyNames.nextElement();
            String trim = ((String) properties.get(str2)).trim();
            int indexOf = str2.indexOf(46);
            if (indexOf == -1 || trim == null) {
                throw new BadAclException(new StringBuffer("illegal ACL syntax:  ").append(str2).append("=").append(trim).toString());
            }
            String substring = str2.substring(0, indexOf);
            String substring2 = str2.substring(indexOf + 1);
            try {
                AclEntry aclEntry = getAclEntry(substring, substring2, realm);
                i++;
                if (substring.equals("+Host") || substring.equals("-Host")) {
                    i2++;
                }
                StringTokenizer stringTokenizer = new StringTokenizer(trim, ",");
                while (stringTokenizer.hasMoreTokens()) {
                    aclEntry.addPermission(new PermissionImpl(stringTokenizer.nextToken()));
                }
                try {
                    fileAcl.addFileAclEntry(principal, aclEntry);
                } catch (NotOwnerException e) {
                    Realm.logError(e, "not owner; internal error");
                    throw new BadAclException("not owner; internal error");
                }
            } catch (Exception e2) {
                String stringBuffer = new StringBuffer("bad entry in ACL:  ").append(substring).append(".").append(substring2).toString();
                Realm.logError(e2, stringBuffer);
                throw new BadAclException(stringBuffer);
            }
        }
        if (i > 0 && i == i2) {
            fileAcl.hasOnlyHostEntries(true);
        }
        return fileAcl;
    }

    private static AclEntry getAclEntry(String str, String str2, Realm realm) throws BadRealmException, NoSuchUserException, NoSuchGroupException {
        AclEntryImpl aclEntryImpl;
        boolean z = false;
        if (str.startsWith("-")) {
            z = true;
        }
        if (str.startsWith("Group", 1) || str.startsWith("Group")) {
            aclEntryImpl = new AclEntryImpl(realm.getGroup(str2));
        } else if (str.startsWith("User", 1) || str.startsWith("User")) {
            aclEntryImpl = str2.equals("*") ? new AclEntryImpl(new AllUsers(realm, "*")) : new AclEntryImpl(realm.getUser(str2));
        } else {
            if (!str.startsWith("Host", 1) && !str.startsWith("Host")) {
                throw new BadAclException(new StringBuffer("Invalid ACL syntax: ").append(str).append(".").append(str2).toString());
            }
            aclEntryImpl = new HostAclEntryImpl(new HostImpl(str2));
        }
        if (z) {
            aclEntryImpl.setNegativePermissions();
        }
        return aclEntryImpl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static FileAcl build(String str, Realm realm, Principal principal) throws IOException {
        String[] strArr = {"GET", "POST"};
        File file = getFile(str, realm.getRealmDir());
        if (file.exists()) {
            throw new IOException(new StringBuffer("ACL \"").append(str).append("\" already exists").toString());
        }
        new FileOutputStream(file);
        FileAcl fileAcl = new FileAcl(principal, str, file);
        fileAcl.realm = realm;
        fileAcl.addPermissionsForAllUsers(strArr, true);
        fileAcl.sync();
        return fileAcl;
    }

    public static Enumeration list(File file) throws IOException {
        if (file == null) {
            return null;
        }
        Vector vector = new Vector(10, 10);
        String[] list = file.list();
        for (int i = 0; i < list.length; i++) {
            if (list[i].endsWith(extension)) {
                vector.addElement(list[i].substring(0, list[i].indexOf(extension)));
            }
        }
        return vector.elements();
    }

    public synchronized void delete(Principal principal) throws IOException {
        Enumeration entries = entries();
        while (entries.hasMoreElements()) {
            try {
                removeEntry(principal, (AclEntry) entries.nextElement());
            } catch (NotOwnerException unused) {
            }
        }
        if (this.aclFile.exists()) {
            this.aclFile.delete();
        }
    }

    protected synchronized void sync() throws IOException {
        String stringBuffer = new StringBuffer(String.valueOf(this.aclFile.toString())).append("tmp").toString();
        PrintStream printStream = new PrintStream(new FileOutputStream(stringBuffer));
        Enumeration entries = entries();
        while (entries.hasMoreElements()) {
            printStream.println(entries.nextElement().toString());
        }
        printStream.close();
        File file = new File(stringBuffer);
        this.aclFile.delete();
        file.renameTo(this.aclFile);
    }

    private AclEntry matchHost(String str, Enumeration enumeration) {
        RegexpPool regexpPool;
        AclEntry aclEntry;
        do {
            try {
                if (!enumeration.hasMoreElements()) {
                    return null;
                }
                regexpPool = new RegexpPool();
                aclEntry = (AclEntry) enumeration.nextElement();
                String name = aclEntry.getPrincipal().getName();
                regexpPool.add(name.toLowerCase(), name);
            } catch (REException e) {
                Realm.logError(e, "hostname in the acl is invalid!");
                return null;
            }
        } while (((String) regexpPool.match(str.toLowerCase())) == null);
        return aclEntry;
    }

    private boolean matchPermission(Permission permission, AclEntry aclEntry) {
        Enumeration<Permission> permissions = aclEntry.permissions();
        boolean isNegative = aclEntry.isNegative();
        while (permissions.hasMoreElements()) {
            if (permission.equals(permissions.nextElement())) {
                return !isNegative;
            }
        }
        return isNegative;
    }

    private boolean checkHost(Host host, Permission permission) {
        AclEntry matchHost = matchHost(host.getName(), this.deniedHosts.elements());
        if (matchHost != null) {
            return matchPermission(permission, matchHost);
        }
        if (this.allowedHosts.size() == 0) {
            return true;
        }
        AclEntry matchHost2 = matchHost(host.getName(), this.allowedHosts.elements());
        if (matchHost2 != null) {
            return matchPermission(permission, matchHost2);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean addFileAclEntry(Principal principal, AclEntry aclEntry) throws NotOwnerException {
        if (!isOwner(principal)) {
            throw new NotOwnerException();
        }
        if (aclEntry instanceof HostAclEntryImpl) {
            if (aclEntry.isNegative()) {
                this.deniedHosts.addElement(aclEntry);
            } else {
                this.allowedHosts.addElement(aclEntry);
            }
        }
        return super.addEntry(principal, aclEntry);
    }

    protected boolean removeFileAclEntry(Principal principal, AclEntry aclEntry) throws NotOwnerException {
        if (!isOwner(principal)) {
            throw new NotOwnerException();
        }
        if (aclEntry instanceof HostAclEntryImpl) {
            if (aclEntry.isNegative()) {
                this.deniedHosts.removeElement(aclEntry);
            } else {
                this.allowedHosts.removeElement(aclEntry);
            }
        }
        return super.removeEntry(principal, aclEntry);
    }

    public boolean hasOnlyHostEntries() {
        return this.onlyHostEntries;
    }

    public void hasOnlyHostEntries(boolean z) {
        this.onlyHostEntries = z;
    }

    public boolean checkPermissionsForAllUsers(String str, boolean z) {
        try {
            return checkPermission(getAclEntryForAllUsers(z).getPrincipal(), new PermissionImpl(str));
        } catch (Exception unused) {
            return false;
        }
    }

    private AclEntry getAclEntryForAllUsers(boolean z) throws NoSuchGroupException, BadRealmException, NoSuchUserException {
        return z ? getAclEntry("+User", "*", this.realm) : getAclEntry("-User", "*", this.realm);
    }

    public boolean checkPermission(Principal principal, Permission permission) {
        return principal instanceof Host ? checkHost((Host) principal, permission) : super.checkPermission(principal, permission);
    }

    public void setName(Principal principal, String str) throws NotOwnerException {
        if (getName() != null) {
            throw new SecurityException("ACL name may not be changed");
        }
        super.setName(principal, str);
    }

    public synchronized boolean addEntry(Principal principal, AclEntry aclEntry) throws NotOwnerException {
        checkForAllUsers(principal, aclEntry);
        boolean addFileAclEntry = addFileAclEntry(principal, aclEntry);
        if (addFileAclEntry) {
            try {
                sync();
            } catch (IOException e) {
                Realm.logError(e, new StringBuffer("Cannot add entry ").append(aclEntry).toString());
                removeFileAclEntry(principal, aclEntry);
                return false;
            }
        }
        return addFileAclEntry;
    }

    public synchronized boolean removeEntry(Principal principal, AclEntry aclEntry) throws NotOwnerException {
        boolean removeFileAclEntry = removeFileAclEntry(principal, aclEntry);
        if (removeFileAclEntry) {
            try {
                sync();
            } catch (IOException e) {
                Realm.logError(e, new StringBuffer("Cannot remove entry ").append(aclEntry).toString());
                addFileAclEntry(principal, aclEntry);
                return false;
            }
        }
        return removeFileAclEntry;
    }

    private synchronized void checkForAllUsers(Principal principal, AclEntry aclEntry) throws NotOwnerException {
        String aclEntry2 = aclEntry.toString();
        boolean z = false;
        int indexOf = aclEntry2.indexOf(61);
        if (indexOf == -1) {
            return;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(aclEntry2.substring(indexOf + 1).trim(), ",");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (!nextToken.equals("PUT") && !nextToken.equals("DELETE")) {
                z = true;
            }
        }
        if (z) {
            try {
                AclEntry aclEntryForAllUsers = getAclEntryForAllUsers(true);
                if (checkPermissionsForAllUsers("GET", true)) {
                    removeEntry(principal, aclEntryForAllUsers);
                }
            } catch (Exception unused) {
            }
        }
    }

    public boolean addPermissionsForAllUsers(String[] strArr, boolean z) {
        try {
            AclEntry aclEntryForAllUsers = getAclEntryForAllUsers(z);
            for (String str : strArr) {
                if (!aclEntryForAllUsers.addPermission(new PermissionImpl(str))) {
                    return false;
                }
            }
            addEntry(this.realm.getDefaultAclOwner(), aclEntryForAllUsers);
            return true;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }
}
