package org.owasp.esapi.reference;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.owasp.esapi.AccessController;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Logger;
import org.owasp.esapi.errors.AccessControlException;
import org.owasp.esapi.errors.EncodingException;
import org.owasp.esapi.errors.IntrusionException;

/* loaded from: classes.dex */
public class FileBasedAccessController implements AccessController {
    private Map urlMap = new HashMap();
    private Map functionMap = new HashMap();
    private Map dataMap = new HashMap();
    private Map fileMap = new HashMap();
    private Map serviceMap = new HashMap();
    private Rule deny = new Rule(this);
    private Logger logger = ESAPI.getLogger("AccessController");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class Rule {
        final FileBasedAccessController this$0;
        protected String path = "";
        protected Set roles = new HashSet();
        protected boolean allow = false;
        protected Class clazz = null;
        protected List actions = new ArrayList();

        protected Rule(FileBasedAccessController fileBasedAccessController) {
            this.this$0 = fileBasedAccessController;
        }

        public String toString() {
            return new StringBuffer("URL:").append(this.path).append(" | ").append(this.roles).append(" | ").append(this.allow ? "allow" : "deny").toString();
        }
    }

    private List commaSplit(String str) {
        return Arrays.asList(str.split(","));
    }

    private Map loadDataRules(String str) {
        FileInputStream fileInputStream;
        HashMap hashMap = new HashMap();
        FileInputStream fileInputStream2 = null;
        try {
            try {
                fileInputStream = new FileInputStream(new File(ESAPI.securityConfiguration().getResourceDirectory(), str));
                while (true) {
                    try {
                        String safeReadLine = ESAPI.validator().safeReadLine(fileInputStream, 500);
                        if (safeReadLine == null) {
                            break;
                        }
                        if (safeReadLine.length() > 0 && safeReadLine.charAt(0) != '#') {
                            Rule rule = new Rule(this);
                            String[] split = safeReadLine.split("\\|");
                            rule.clazz = Class.forName(split[0].trim());
                            List validateRoles = validateRoles(commaSplit(split[1].trim().toLowerCase()));
                            for (int i = 0; i < validateRoles.size(); i++) {
                                rule.roles.add(((String) validateRoles.get(i)).trim());
                            }
                            List commaSplit = commaSplit(split[2].trim().toLowerCase());
                            for (int i2 = 0; i2 < commaSplit.size(); i2++) {
                                rule.actions.add(((String) commaSplit.get(i2)).trim());
                            }
                            if (hashMap.containsKey(rule.path)) {
                                this.logger.warning(Logger.SECURITY, false, new StringBuffer("Problem in access control file. Duplicate rule ignored: ").append(rule).toString());
                            } else {
                                hashMap.put(rule.clazz, rule);
                            }
                        }
                    } catch (Exception e) {
                        e = e;
                        fileInputStream2 = fileInputStream;
                        this.logger.warning(Logger.SECURITY, false, new StringBuffer("Problem in access control file : ").append(str).toString(), e);
                        if (fileInputStream2 != null) {
                            try {
                                fileInputStream2.close();
                            } catch (IOException e2) {
                                this.logger.warning(Logger.SECURITY, false, new StringBuffer("Failure closing access control file : ").append(str).toString(), e2);
                            }
                        }
                        return hashMap;
                    } catch (Throwable th) {
                        th = th;
                        fileInputStream2 = fileInputStream;
                        if (fileInputStream2 != null) {
                            try {
                                fileInputStream2.close();
                            } catch (IOException e3) {
                                this.logger.warning(Logger.SECURITY, false, new StringBuffer("Failure closing access control file : ").append(str).toString(), e3);
                            }
                        }
                        throw th;
                    }
                }
            } catch (Throwable th2) {
                th = th2;
            }
        } catch (Exception e4) {
            e = e4;
        }
        if (fileInputStream != null) {
            try {
                fileInputStream.close();
                fileInputStream2 = fileInputStream;
            } catch (IOException e5) {
                this.logger.warning(Logger.SECURITY, false, new StringBuffer("Failure closing access control file : ").append(str).toString(), e5);
            }
            return hashMap;
        }
        fileInputStream2 = fileInputStream;
        return hashMap;
    }

    private Map loadRules(String str) {
        FileInputStream fileInputStream;
        HashMap hashMap = new HashMap();
        FileInputStream fileInputStream2 = null;
        try {
            try {
                fileInputStream = new FileInputStream(new File(ESAPI.securityConfiguration().getResourceDirectory(), str));
                while (true) {
                    try {
                        String safeReadLine = ESAPI.validator().safeReadLine(fileInputStream, 500);
                        if (safeReadLine == null) {
                            break;
                        }
                        if (safeReadLine.length() > 0 && safeReadLine.charAt(0) != '#') {
                            Rule rule = new Rule(this);
                            String[] split = safeReadLine.split("\\|");
                            rule.path = split[0].trim().replaceAll("\\\\", "/");
                            List validateRoles = validateRoles(commaSplit(split[1].trim().toLowerCase()));
                            for (int i = 0; i < validateRoles.size(); i++) {
                                rule.roles.add(((String) validateRoles.get(i)).trim());
                            }
                            rule.allow = split[2].trim().equalsIgnoreCase("allow");
                            if (hashMap.containsKey(rule.path)) {
                                this.logger.warning(Logger.SECURITY, false, new StringBuffer("Problem in access control file. Duplicate rule ignored: ").append(rule).toString());
                            } else {
                                hashMap.put(rule.path, rule);
                            }
                        }
                    } catch (Exception e) {
                        e = e;
                        fileInputStream2 = fileInputStream;
                        this.logger.warning(Logger.SECURITY, false, new StringBuffer("Problem in access control file : ").append(str).toString(), e);
                        if (fileInputStream2 != null) {
                            try {
                                fileInputStream2.close();
                            } catch (IOException e2) {
                                this.logger.warning(Logger.SECURITY, false, new StringBuffer("Failure closing access control file : ").append(str).toString(), e2);
                            }
                        }
                        return hashMap;
                    } catch (Throwable th) {
                        th = th;
                        fileInputStream2 = fileInputStream;
                        if (fileInputStream2 != null) {
                            try {
                                fileInputStream2.close();
                            } catch (IOException e3) {
                                this.logger.warning(Logger.SECURITY, false, new StringBuffer("Failure closing access control file : ").append(str).toString(), e3);
                            }
                        }
                        throw th;
                    }
                }
            } catch (Exception e4) {
                e = e4;
            }
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e5) {
                    this.logger.warning(Logger.SECURITY, false, new StringBuffer("Failure closing access control file : ").append(str).toString(), e5);
                }
                return hashMap;
            }
            return hashMap;
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private boolean matchRule(Map map, Class cls, String str) {
        return searchForRule(map, ESAPI.authenticator().getCurrentUser().getRoles(), cls, str) != null;
    }

    private boolean matchRule(Map map, String str) {
        return searchForRule(map, ESAPI.authenticator().getCurrentUser().getRoles(), str).allow;
    }

    private boolean overlap(List list, String str) {
        return list.contains(str);
    }

    private boolean overlap(Set set, Set set2) {
        if (set.contains("any")) {
            return true;
        }
        Iterator it = set2.iterator();
        while (it.hasNext()) {
            if (set.contains((String) it.next())) {
                return true;
            }
        }
        return false;
    }

    private Rule searchForRule(Map map, Set set, Class cls, String str) {
        Rule rule = (Rule) map.get(cls);
        if (rule != null && overlap(rule.actions, str) && overlap(rule.roles, set)) {
            return rule;
        }
        return null;
    }

    private Rule searchForRule(Map map, Set set, String str) {
        String str2 = null;
        try {
            str2 = ESAPI.encoder().canonicalize(str);
        } catch (EncodingException e) {
            this.logger.warning(Logger.SECURITY, false, new StringBuffer("Failed to canonicalize input: ").append(str).toString());
        }
        String str3 = str2;
        if (str3 == null) {
            str3 = "";
        }
        while (str3.endsWith("/")) {
            str3 = str3.substring(0, str3.length() - 1);
        }
        if (str3.indexOf("..") != -1) {
            throw new IntrusionException("Attempt to manipulate access control path", new StringBuffer("Attempt to manipulate access control path: ").append(str).toString());
        }
        int lastIndexOf = str3.lastIndexOf(".");
        String substring = lastIndexOf != -1 ? str3.substring(lastIndexOf + 1) : "";
        Rule rule = (Rule) map.get(str3);
        if (rule == null) {
            rule = (Rule) map.get(new StringBuffer(String.valueOf(str3)).append("/*").toString());
        }
        if (rule == null) {
            rule = (Rule) map.get(new StringBuffer("*.").append(substring).toString());
        }
        if (rule != null && overlap(rule.roles, set)) {
            return rule;
        }
        if (str3.lastIndexOf(47) == -1) {
            return this.deny;
        }
        String substring2 = str3.substring(0, str3.lastIndexOf(47));
        return substring2.length() <= 1 ? this.deny : searchForRule(map, set, substring2);
    }

    private List validateRoles(List list) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < list.size(); i++) {
            String str = "";
            try {
                str = ESAPI.encoder().canonicalize(((String) list.get(i)).trim());
            } catch (EncodingException e) {
                this.logger.warning(Logger.SECURITY, false, new StringBuffer("Failed to canonicalize role ").append(((String) list.get(i)).trim()).toString(), e);
            }
            if (ESAPI.validator().isValidInput("Validating user roles in FileBasedAccessController", str, "^[a-zA-Z0-9_]{0,10}$", Logger.DEBUG, false)) {
                arrayList.add(str.trim());
            } else {
                this.logger.warning(Logger.SECURITY, false, new StringBuffer("Role: ").append(((String) list.get(i)).trim()).append(" is invalid, so was not added to the list of roles for this Rule.").toString());
            }
        }
        return arrayList;
    }

    @Override // org.owasp.esapi.AccessController
    public void assertAuthorizedForData(String str) throws AccessControlException {
        if (this.dataMap == null || this.dataMap.isEmpty()) {
            this.dataMap = loadDataRules("DataAccessRules.txt");
        }
        if (!matchRule(this.dataMap, str)) {
            throw new AccessControlException("Not authorized for function", new StringBuffer("Not authorized for data: ").append(str).toString());
        }
    }

    @Override // org.owasp.esapi.AccessController
    public void assertAuthorizedForData(String str, Object obj) throws AccessControlException {
        if (this.dataMap == null || this.dataMap.isEmpty()) {
            this.dataMap = loadDataRules("DataAccessRules.txt");
        }
        if (!matchRule(this.dataMap, (Class) obj, str)) {
            throw new AccessControlException("Not authorized for data", new StringBuffer("Not authorized for data: ").append((Class) obj).toString());
        }
    }

    @Override // org.owasp.esapi.AccessController
    public void assertAuthorizedForFile(String str) throws AccessControlException {
        if (this.fileMap == null || this.fileMap.isEmpty()) {
            this.fileMap = loadRules("FileAccessRules.txt");
        }
        if (!matchRule(this.fileMap, str.replaceAll("\\\\", "/"))) {
            throw new AccessControlException("Not authorized for file", new StringBuffer("Not authorized for file: ").append(str).toString());
        }
    }

    @Override // org.owasp.esapi.AccessController
    public void assertAuthorizedForFunction(String str) throws AccessControlException {
        if (this.functionMap == null || this.functionMap.isEmpty()) {
            this.functionMap = loadRules("FunctionAccessRules.txt");
        }
        if (!matchRule(this.functionMap, str)) {
            throw new AccessControlException("Not authorized for function", new StringBuffer("Not authorized for function: ").append(str).toString());
        }
    }

    @Override // org.owasp.esapi.AccessController
    public void assertAuthorizedForService(String str) throws AccessControlException {
        if (this.serviceMap == null || this.serviceMap.isEmpty()) {
            this.serviceMap = loadRules("ServiceAccessRules.txt");
        }
        if (!matchRule(this.serviceMap, str)) {
            throw new AccessControlException("Not authorized for service", new StringBuffer("Not authorized for service: ").append(str).toString());
        }
    }

    @Override // org.owasp.esapi.AccessController
    public void assertAuthorizedForURL(String str) throws AccessControlException {
        if (this.urlMap == null || this.urlMap.isEmpty()) {
            this.urlMap = loadRules("URLAccessRules.txt");
        }
        if (!matchRule(this.urlMap, str)) {
            throw new AccessControlException("Not authorized for URL", new StringBuffer("Not authorized for URL: ").append(str).toString());
        }
    }

    @Override // org.owasp.esapi.AccessController
    public boolean isAuthorizedForData(String str) {
        try {
            assertAuthorizedForData(str);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.AccessController
    public boolean isAuthorizedForData(String str, Object obj) {
        try {
            assertAuthorizedForData(str, obj);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.AccessController
    public boolean isAuthorizedForFile(String str) {
        try {
            assertAuthorizedForFile(str);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.AccessController
    public boolean isAuthorizedForFunction(String str) {
        try {
            assertAuthorizedForFunction(str);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.AccessController
    public boolean isAuthorizedForService(String str) {
        try {
            assertAuthorizedForService(str);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.AccessController
    public boolean isAuthorizedForURL(String str) {
        try {
            assertAuthorizedForURL(str);
            return true;
        } catch (Exception e) {
            return false;
        }
    }
}
