package com.ibm.micro.internal.clients;

import com.ibm.micro.internal.clients.persistence.ManagedMessage;
import com.ibm.micro.internal.clients.persistence.ManagedSubscription;
import com.ibm.micro.internal.messagingengine.MessagingEngine;
import com.ibm.micro.internal.persistence.Persistence;
import com.ibm.micro.internal.security.access.AccessCtrlHandle;
import com.ibm.micro.internal.security.access.DecisionRequest;
import com.ibm.micro.internal.security.access.Environment;
import com.ibm.micro.logging.Logger;
import com.ibm.micro.spi.AccessController;
import com.ibm.micro.spi.BrokerComponentException;
import com.ibm.micro.spi.BrokerConnection;
import com.ibm.micro.spi.MessageDispatcher;
import com.ibm.micro.spi.QueueFullException;
import com.ibm.micro.spi.QueueListener;
import java.io.Serializable;
import java.util.Hashtable;

/* loaded from: input_file:com/ibm/micro/internal/clients/SecureBrokerConnectionImpl.class */
public class SecureBrokerConnectionImpl extends BrokerConnectionImpl {
    private static final String SYSTEM_TOPIC_PREFIX = "$SYS";
    private final AccessCtrlHandle[] accessCtrlHandle;
    private final DecisionRequest req;
    private final AccessController controller;
    private final Environment env;

    public SecureBrokerConnectionImpl(ClientManager clientManager, MessagingEngine messagingEngine, Persistence persistence, Logger logger, AccessController accessController, AccessCtrlHandle[] accessCtrlHandleArr, Environment environment) throws BrokerComponentException {
        super(clientManager, messagingEngine, persistence, logger);
        this.controller = accessController;
        this.accessCtrlHandle = accessCtrlHandleArr;
        this.env = environment;
        this.req = new DecisionRequest(null, 3, null, 16, environment);
        if (!checkAllAccessHandles()) {
            throw new BrokerComponentException(new IllegalAccessError("broker connect: access denied."));
        }
    }

    @Override // com.ibm.micro.internal.clients.BrokerConnectionImpl
    protected SessionProvider createSessionProvider(int i, BrokerServiceProvider brokerServiceProvider, boolean z, MessageDispatcher messageDispatcher, BrokerConnection brokerConnection, String str, Logger logger) {
        return new SecureSessionProvider(i, brokerServiceProvider, z, messageDispatcher, brokerConnection, logger, this.controller, this.accessCtrlHandle, this.req.env, str);
    }

    @Override // com.ibm.micro.internal.clients.BrokerConnectionImpl, com.ibm.micro.spi.BrokerConnection
    public ManagedMessage createPublication(String str, String str2, int i, boolean z, int i2, long j, Hashtable hashtable, byte[] bArr, int i3) throws BrokerComponentException {
        checkTopicPublishAccess(str2);
        return super.createPublication(str, str2, i, z, i2, j, hashtable, bArr, i3);
    }

    @Override // com.ibm.micro.internal.clients.BrokerConnectionImpl, com.ibm.micro.spi.BrokerConnection
    public ManagedMessage createPublication(String str, String str2, int i, boolean z, int i2, long j, Hashtable hashtable, Serializable serializable) throws BrokerComponentException {
        checkTopicPublishAccess(str2);
        return super.createPublication(str, str2, i, z, i2, j, hashtable, serializable);
    }

    @Override // com.ibm.micro.internal.clients.BrokerConnectionImpl, com.ibm.micro.spi.BrokerConnection
    public ManagedSubscription createSubscription(String str, boolean z, String str2, boolean z2, String str3, int i, String str4) throws BrokerComponentException {
        checkTopicSubscribeAccess(str2);
        return super.createSubscription(str, z, str2, z2, str3, i, str4);
    }

    @Override // com.ibm.micro.internal.clients.BrokerConnectionImpl, com.ibm.micro.spi.BrokerConnection
    public ManagedSubscription createSubscription(String str, String str2, boolean z, String str3, int i, String str4) throws BrokerComponentException {
        checkTopicSubscribeAccess(str2);
        return super.createSubscription(str, str2, z, str3, i, str4);
    }

    @Override // com.ibm.micro.internal.clients.BrokerConnectionImpl, com.ibm.micro.spi.BrokerConnection
    public ManagedSubscription createSubscription(String str, String str2, String str3, boolean z, String str4, int i) throws BrokerComponentException {
        checkTopicSubscribeAccess(str2);
        return super.createSubscription(str, str2, str3, z, str4, i);
    }

    @Override // com.ibm.micro.internal.clients.BrokerConnectionImpl, com.ibm.micro.spi.BrokerConnection
    public ManagedMessage createQueuedMessage(String str, String str2, int i, int i2, long j, Hashtable hashtable, byte[] bArr, int i3) throws BrokerComponentException {
        checkQueueWriteAccess(str2);
        return super.createQueuedMessage(str, str2, i, i2, j, hashtable, bArr, i3);
    }

    @Override // com.ibm.micro.internal.clients.BrokerConnectionImpl, com.ibm.micro.spi.BrokerConnection
    public void addNamedQueueListener(String str, QueueListener queueListener) throws BrokerComponentException {
        checkQueueReadAccess(str);
        super.addNamedQueueListener(str, queueListener);
    }

    private final boolean checkAllAccessHandles() {
        int i = 0;
        for (int i2 = 0; i2 < this.accessCtrlHandle.length; i2++) {
            i = this.controller.checkAccess(this.accessCtrlHandle[i2], this.req);
            if (i == 1) {
                break;
            }
        }
        return i == 1;
    }

    public final void checkTopicPublishAccess(String str) throws BrokerComponentException {
        if (null == str || str.startsWith("$SYS")) {
            return;
        }
        this.req.resourceType = 1;
        this.req.action = 1;
        this.req.resourceName = str;
        if (!checkAllAccessHandles()) {
            throw new BrokerComponentException(new IllegalAccessError("publish access denied."));
        }
    }

    private final void checkTopicSubscribeAccess(String str) throws BrokerComponentException {
        boolean z;
        if (null == str || str.startsWith("$SYS")) {
            return;
        }
        this.req.resourceType = 1;
        this.req.action = 2;
        this.req.resourceName = str;
        try {
            z = !checkAllAccessHandles();
        } catch (IllegalArgumentException e) {
            z = true;
        }
        if (z) {
            throw new BrokerComponentException(new IllegalAccessError("subscribe access denied."));
        }
    }

    @Override // com.ibm.micro.internal.clients.BrokerConnectionImpl, com.ibm.micro.spi.BrokerConnection
    public void publish(ManagedMessage managedMessage) throws QueueFullException, BrokerComponentException {
        getOrCreateTransaction();
        this.serviceProvider.publish(managedMessage, this.moduleTxn, this.accessCtrlHandle, this.env);
    }

    private final void checkQueueWriteAccess(String str) throws BrokerComponentException {
        this.req.resourceType = 2;
        this.req.action = 4;
        this.req.resourceName = str;
        if (!checkAllAccessHandles()) {
            throw new BrokerComponentException(new IllegalAccessError("write access denied."));
        }
    }

    private final void checkQueueReadAccess(String str) throws BrokerComponentException {
        this.req.resourceType = 2;
        this.req.action = 8;
        this.req.resourceName = str;
        if (!checkAllAccessHandles()) {
            throw new BrokerComponentException(new IllegalAccessError("read access denied."));
        }
    }

    @Override // com.ibm.micro.internal.clients.BrokerConnectionImpl, com.ibm.micro.spi.BrokerConnection
    public void checkListenPermitted(String str) throws BrokerComponentException {
        checkQueueReadAccess(str);
    }

    @Override // com.ibm.micro.internal.clients.BrokerConnectionImpl, com.ibm.micro.spi.BrokerConnection
    public void checkSubscribePermitted(String str) throws BrokerComponentException {
        checkTopicSubscribeAccess(str);
    }
}
