package com.sonicsw.mq.components;

import com.sonicsw.mf.common.IComponentContext;
import com.sonicsw.mf.common.config.IAttributeSet;
import com.sonicsw.mf.common.config.IElementChange;
import com.sonicsw.mq.mgmtapi.config.constants.IAuthorizationAclConstants;
import java.io.IOException;
import java.text.MessageFormat;
import progress.message.broker.AgentRegistrar;
import progress.message.broker.Broker;
import progress.message.broker.BrokerLicenseMgr;
import progress.message.broker.Config;
import progress.message.broker.RoutingUserAclEntry;
import progress.message.broker.SubjectAclEntry;
import progress.message.resources.prMessageFormat;
import progress.message.security.EPermissionConflict;
import progress.message.security.EUnknownPermission;
import progress.message.util.DraDestUtil;
import progress.message.util.EAssertFailure;
import progress.message.util.QueueUtil;
import progress.message.zclient.ProgressGroup;
import progress.message.zclient.ProgressPasswordUser;
import progress.message.zclient.ProgressPrincipal;

/* loaded from: input_file:com/sonicsw/mq/components/ACLConfigChangeHelper.class */
public class ACLConfigChangeHelper {
    public static void handleConfigurationChange(IComponentContext iComponentContext, IElementChange iElementChange, String str, ConfigurationChangeBindHelper configurationChangeBindHelper) {
        if (iElementChange.getChangeType() == 0) {
            handleNewACL(iComponentContext, iElementChange, configurationChangeBindHelper);
        } else {
            if (iElementChange.getChangeType() == 3) {
            }
        }
    }

    public static void handleNewACL(IComponentContext iComponentContext, IElementChange iElementChange, ConfigurationChangeBindHelper configurationChangeBindHelper) throws EAssertFailure {
        ProgressPrincipal user;
        IAttributeSet attributes = iElementChange.getElement().getAttributes();
        if (attributes != null) {
            String str = (String) attributes.getAttribute(IAuthorizationAclConstants.ACL_TYPE_ATTR);
            String str2 = (String) attributes.getAttribute(IAuthorizationAclConstants.PRINCIPAL_NAME_ATTR);
            String str3 = (String) attributes.getAttribute(IAuthorizationAclConstants.PRINCIPAL_TYPE_ATTR);
            String str4 = (String) attributes.getAttribute("RESOURCE_TYPE");
            String str5 = (String) attributes.getAttribute("RESOURCE_NAME");
            String str6 = (String) attributes.getAttribute(IAuthorizationAclConstants.PERMISSION_ATTR);
            if (str4.equalsIgnoreCase("queue") && str5.startsWith(QueueUtil.QROOT)) {
                throw new EAssertFailure("RESOURCE_NAME " + str5 + " cannot have prefix " + QueueUtil.QROOT);
            }
            String resourceToSecSubject = DraDestUtil.resourceToSecSubject(str4, str5);
            if (resourceToSecSubject == null) {
                BrokerComponent.getComponentContext().logMessage("RESOURCE_NAME " + str5 + " with RESOURCE_TYPE " + str4 + " contains error", 2);
                return;
            }
            if (str3.equalsIgnoreCase(Constants.GROUP)) {
                user = AgentRegistrar.getAgentRegistrar().getSecurityBean().getGroup(str2);
            } else {
                str2 = str2.replace('.', '$');
                user = AgentRegistrar.getAgentRegistrar().getSecurityBean().getUser(str2);
            }
            if (user == null) {
                if ((BrokerComponent.getBrokerComponent().getTraceMask().intValue() & 128) > 0) {
                    BrokerComponent.getComponentContext().logMessage(prMessageFormat.format(progress.message.broker.prAccessor.getString("STR365"), new Object[]{str2.replace('$', '.')}), 7);
                }
                if (str3.equalsIgnoreCase("USER")) {
                    user = new ProgressPasswordUser(str2, "");
                    ((ProgressPasswordUser) user).setInternalPrincipal(false);
                    ((ProgressPasswordUser) user).setCreatedDueToACLEntry(true);
                    ((ProgressPasswordUser) user).setExternalGroups(null);
                    Broker.getBroker().getSecurityCache().addUser((ProgressPasswordUser) user);
                } else if (str3.equalsIgnoreCase(Constants.GROUP)) {
                    user = new ProgressGroup(str2);
                    ((ProgressGroup) user).setInternalPrincipal(false);
                    ((ProgressGroup) user).setCreatedDueToACLEntry(true);
                    Broker.getBroker().getSecurityCache().addGroup((ProgressGroup) user);
                }
            } else if (user.isInternalPrincipal() && !user.isCreatedDueToACLEntry()) {
                user.setCreatedDueToACLEntry(true);
                if (str3.equalsIgnoreCase(Constants.GROUP)) {
                    Broker.getBroker().getSecurityCache().addGroup((ProgressGroup) user);
                } else {
                    Broker.getBroker().getSecurityCache().addUser((ProgressPasswordUser) user);
                }
            }
            if (!str.equals(Constants.ROUTING_USER_ACL)) {
                SubjectAclEntry subjectAclEntry = new SubjectAclEntry(user);
                setSubjectACLPermissions(subjectAclEntry, str, str6);
                if (user == null) {
                    throw new NullPointerException("Principal is null at " + ACLConfigChangeHelper.class.getName() + ".handleNewACL( IComponentContext context, IElementChange elementChange, ConfigurationChangeBindHelper bindHelper )");
                }
                user.addAclSubject(resourceToSecSubject);
                try {
                    AgentRegistrar.getAgentRegistrar().getSecurityBean().setAclEntry(resourceToSecSubject, subjectAclEntry);
                    configurationChangeBindHelper.bindACLChangeHandlers(str2, str3, resourceToSecSubject, str, attributes);
                } catch (IOException e) {
                }
            } else {
                if (!Config.ENABLE_ROUTING) {
                    iComponentContext.logMessage(MessageFormat.format(progress.message.broker.prAccessor.getString("DRA_NOT_SUPPORTED3"), BrokerLicenseMgr.getLicenseMgr().getProductName()), 2);
                    return;
                }
                RoutingUserAclEntry routingUserAclEntry = new RoutingUserAclEntry(user, resourceToSecSubject);
                if (str6.equalsIgnoreCase(Constants.GRANT_PERMISSION)) {
                    routingUserAclEntry.setPosPermission();
                } else if (str6.equalsIgnoreCase(Constants.DENY_PERMISSION)) {
                    routingUserAclEntry.setNegPermission();
                }
                try {
                    AgentRegistrar.getAgentRegistrar().getSecurityBean().setRoutingUserAclEntry(resourceToSecSubject, routingUserAclEntry);
                } catch (IOException e2) {
                }
            }
            configurationChangeBindHelper.bindACLPermissionChangeHandler(str2, str3, resourceToSecSubject, str, attributes);
            configurationChangeBindHelper.bindRemoveACLChangeHandler(str2, str3, resourceToSecSubject, str, attributes);
        }
    }

    private static void setSubjectACLPermissions(SubjectAclEntry subjectAclEntry, String str, String str2) {
        try {
            if (str2.equalsIgnoreCase(Constants.GRANT_PERMISSION)) {
                if (str.equalsIgnoreCase(Constants.PUBLISH_ACL)) {
                    subjectAclEntry.addPermission((byte) 1);
                } else if (str.equalsIgnoreCase(Constants.SUBSCRIBE_ACL)) {
                    subjectAclEntry.addPermission((byte) 2);
                } else if (str.equalsIgnoreCase(Constants.GUARANTEED_ACL)) {
                    subjectAclEntry.addPermission((byte) 4);
                } else if (str.equalsIgnoreCase(Constants.SEND_ACL)) {
                    subjectAclEntry.addPermission((byte) 1);
                } else if (str.equalsIgnoreCase(Constants.RECEIVE_ACL)) {
                    subjectAclEntry.addPermission((byte) 2);
                } else if (str.equalsIgnoreCase(Constants.BROWSE_ACL)) {
                    subjectAclEntry.addPermission((byte) 8);
                } else {
                    BrokerComponent.getComponentContext().logMessage("Unknown ACL type: " + str, 2);
                }
            } else if (str2.equalsIgnoreCase(Constants.DENY_PERMISSION)) {
                if (str.equalsIgnoreCase(Constants.PUBLISH_ACL)) {
                    subjectAclEntry.addPermission((byte) -2);
                } else if (str.equalsIgnoreCase(Constants.SUBSCRIBE_ACL)) {
                    subjectAclEntry.addPermission((byte) -3);
                } else if (str.equalsIgnoreCase(Constants.GUARANTEED_ACL)) {
                    subjectAclEntry.addPermission((byte) -5);
                } else if (str.equalsIgnoreCase(Constants.SEND_ACL)) {
                    subjectAclEntry.addPermission((byte) -2);
                } else if (str.equalsIgnoreCase(Constants.RECEIVE_ACL)) {
                    subjectAclEntry.addPermission((byte) -3);
                } else if (str.equalsIgnoreCase(Constants.BROWSE_ACL)) {
                    subjectAclEntry.addPermission((byte) -9);
                } else {
                    BrokerComponent.getComponentContext().logMessage("Unknown ACL type: " + str, 2);
                }
            }
        } catch (EPermissionConflict e) {
        } catch (EUnknownPermission e2) {
        }
    }
}
