package org.owasp.esapi.reference.accesscontrol;

import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.codec.language.bm.Languages;
import org.hibernate.event.internal.EntityCopyAllowedObserver;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Logger;
import org.owasp.esapi.errors.AccessControlException;
import org.owasp.esapi.errors.IntrusionException;
import org.springframework.jdbc.datasource.init.ScriptUtils;
import org.squashtest.tm.domain.customfield.MultiSelectField;

/* loaded from: input_file:WEB-INF/lib/esapi-2.5.2.0.jar:org/owasp/esapi/reference/accesscontrol/FileBasedACRs.class */
public class FileBasedACRs {
    private Map urlMap = new HashMap();
    private Map functionMap = new HashMap();
    private Map dataMap = new HashMap();
    private Map fileMap = new HashMap();
    private Map serviceMap = new HashMap();
    private Rule deny = new Rule();
    private Logger logger = ESAPI.getLogger("FileBasedACRs");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/esapi-2.5.2.0.jar:org/owasp/esapi/reference/accesscontrol/FileBasedACRs$Rule.class */
    public class Rule {
        protected String path = "";
        protected Set roles = new HashSet();
        protected boolean allow = false;
        protected Class clazz = null;
        protected List actions = new ArrayList();

        protected Rule() {
        }

        public String toString() {
            return "URL:" + this.path + " | " + this.roles + " | " + (this.allow ? EntityCopyAllowedObserver.SHORT_NAME : "deny");
        }
    }

    public boolean isAuthorizedForURL(String str) {
        if (this.urlMap == null || this.urlMap.isEmpty()) {
            this.urlMap = loadRules("URLAccessRules.txt");
        }
        return matchRule(this.urlMap, str);
    }

    public boolean isAuthorizedForFunction(String str) throws AccessControlException {
        if (this.functionMap == null || this.functionMap.isEmpty()) {
            this.functionMap = loadRules("FunctionAccessRules.txt");
        }
        return matchRule(this.functionMap, str);
    }

    public boolean isAuthorizedForData(String str, Object obj) throws AccessControlException {
        if (this.dataMap == null || this.dataMap.isEmpty()) {
            this.dataMap = loadDataRules("DataAccessRules.txt");
        }
        return matchRule(this.dataMap, (Class) obj, str);
    }

    public boolean isAuthorizedForFile(String str) throws AccessControlException {
        if (this.fileMap == null || this.fileMap.isEmpty()) {
            this.fileMap = loadRules("FileAccessRules.txt");
        }
        return matchRule(this.fileMap, str.replaceAll("\\\\", "/"));
    }

    public boolean isAuthorizedForService(String str) throws AccessControlException {
        if (this.serviceMap == null || this.serviceMap.isEmpty()) {
            this.serviceMap = loadRules("ServiceAccessRules.txt");
        }
        return matchRule(this.serviceMap, str);
    }

    private boolean matchRule(Map map, String str) {
        return searchForRule(map, ESAPI.authenticator().getCurrentUser().getRoles(), str).allow;
    }

    private boolean matchRule(Map map, Class cls, String str) {
        return searchForRule(map, ESAPI.authenticator().getCurrentUser().getRoles(), cls, str) != null;
    }

    private Rule searchForRule(Map map, Set set, String str) {
        String canonicalize = ESAPI.encoder().canonicalize(str);
        if (canonicalize == null) {
            canonicalize = "";
        }
        while (canonicalize.endsWith("/")) {
            canonicalize = canonicalize.substring(0, canonicalize.length() - 1);
        }
        if (canonicalize.indexOf("..") != -1) {
            throw new IntrusionException("Attempt to manipulate access control path", "Attempt to manipulate access control path: " + str);
        }
        int lastIndexOf = canonicalize.lastIndexOf(".");
        String substring = lastIndexOf != -1 ? canonicalize.substring(lastIndexOf + 1) : "";
        Rule rule = (Rule) map.get(canonicalize);
        if (rule == null) {
            rule = (Rule) map.get(canonicalize + ScriptUtils.DEFAULT_BLOCK_COMMENT_START_DELIMITER);
        }
        if (rule == null) {
            rule = (Rule) map.get("*." + substring);
        }
        if (rule != null && overlap(rule.roles, set)) {
            return rule;
        }
        if (canonicalize.lastIndexOf(47) == -1) {
            return this.deny;
        }
        String substring2 = canonicalize.substring(0, canonicalize.lastIndexOf(47));
        return substring2.length() <= 1 ? this.deny : searchForRule(map, set, substring2);
    }

    private Rule searchForRule(Map map, Set set, Class cls, String str) {
        Rule rule = (Rule) map.get(cls);
        if (rule != null && overlap(rule.actions, str) && overlap(rule.roles, set)) {
            return rule;
        }
        return null;
    }

    private boolean overlap(Set set, Set set2) {
        if (set.contains(Languages.ANY)) {
            return true;
        }
        Iterator it = set2.iterator();
        while (it.hasNext()) {
            if (set.contains((String) it.next())) {
                return true;
            }
        }
        return false;
    }

    private boolean overlap(List list, String str) {
        return list.contains(str);
    }

    private List validateRoles(List list) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < list.size(); i++) {
            String canonicalize = ESAPI.encoder().canonicalize(((String) list.get(i)).trim());
            if (ESAPI.validator().isValidInput("Validating user roles in FileBasedAccessController", canonicalize, "RoleName", 20, false)) {
                arrayList.add(canonicalize.trim());
            } else {
                this.logger.warning(Logger.SECURITY_FAILURE, "Role: " + ((String) list.get(i)).trim() + " is invalid, so was not added to the list of roles for this Rule.");
            }
        }
        return arrayList;
    }

    private Map loadRules(String str) {
        String str2 = "fbac-policies/" + str;
        HashMap hashMap = new HashMap();
        InputStream inputStream = null;
        try {
            try {
                inputStream = ESAPI.securityConfiguration().getResourceStream(str2);
                while (true) {
                    String safeReadLine = ESAPI.validator().safeReadLine(inputStream, 500);
                    if (safeReadLine == null) {
                        break;
                    }
                    if (safeReadLine.length() > 0 && safeReadLine.charAt(0) != '#') {
                        Rule rule = new Rule();
                        String[] split = safeReadLine.split(MultiSelectField.SEPARATOR_EXPR);
                        rule.path = split[0].trim().replaceAll("\\\\", "/");
                        List validateRoles = validateRoles(commaSplit(split[1].trim().toLowerCase()));
                        for (int i = 0; i < validateRoles.size(); i++) {
                            rule.roles.add(((String) validateRoles.get(i)).trim());
                        }
                        rule.allow = split[2].trim().equalsIgnoreCase(EntityCopyAllowedObserver.SHORT_NAME);
                        if (hashMap.containsKey(rule.path)) {
                            this.logger.warning(Logger.SECURITY_FAILURE, "Problem in access control file. Duplicate rule ignored: " + rule);
                        } else {
                            hashMap.put(rule.path, rule);
                        }
                    }
                }
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                        this.logger.warning(Logger.SECURITY_FAILURE, "Failure closing access control file: " + str2, e);
                    }
                }
            } catch (Exception e2) {
                this.logger.warning(Logger.SECURITY_FAILURE, "Problem in access control file: " + str2, e2);
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e3) {
                        this.logger.warning(Logger.SECURITY_FAILURE, "Failure closing access control file: " + str2, e3);
                    }
                }
            }
            return hashMap;
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e4) {
                    this.logger.warning(Logger.SECURITY_FAILURE, "Failure closing access control file: " + str2, e4);
                    throw th;
                }
            }
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    private Map loadDataRules(String str) {
        HashMap hashMap = new HashMap();
        InputStream inputStream = null;
        try {
            try {
                str = "fbac-policies/" + str;
                inputStream = ESAPI.securityConfiguration().getResourceStream(str);
                while (true) {
                    String safeReadLine = ESAPI.validator().safeReadLine(inputStream, 500);
                    if (safeReadLine == null) {
                        break;
                    }
                    if (safeReadLine.length() > 0 && safeReadLine.charAt(0) != '#') {
                        Rule rule = new Rule();
                        String[] split = safeReadLine.split(MultiSelectField.SEPARATOR_EXPR);
                        rule.clazz = Class.forName(split[0].trim());
                        List validateRoles = validateRoles(commaSplit(split[1].trim().toLowerCase()));
                        for (int i = 0; i < validateRoles.size(); i++) {
                            rule.roles.add(((String) validateRoles.get(i)).trim());
                        }
                        List commaSplit = commaSplit(split[2].trim().toLowerCase());
                        for (int i2 = 0; i2 < commaSplit.size(); i2++) {
                            rule.actions.add(((String) commaSplit.get(i2)).trim());
                        }
                        if (hashMap.containsKey(rule.path)) {
                            this.logger.warning(Logger.SECURITY_FAILURE, "Problem in access control file. Duplicate rule ignored: " + rule);
                        } else {
                            hashMap.put(rule.clazz, rule);
                        }
                    }
                }
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                        this.logger.warning(Logger.SECURITY_FAILURE, "Failure closing access control file : " + str, e);
                    }
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                        this.logger.warning(Logger.SECURITY_FAILURE, "Failure closing access control file : " + str, e2);
                        throw th;
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            this.logger.warning(Logger.SECURITY_FAILURE, "Problem in access control file : " + str, e3);
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e4) {
                    this.logger.warning(Logger.SECURITY_FAILURE, "Failure closing access control file : " + str, e4);
                }
            }
        }
        return hashMap;
    }

    private List commaSplit(String str) {
        return Arrays.asList(str.split(","));
    }
}
