package org.owasp.esapi;

import java.io.File;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.owasp.esapi.errors.AccessControlException;
import org.owasp.esapi.errors.IntrusionException;
import org.owasp.esapi.interfaces.IAccessController;

/* JADX WARN: Classes with same name are omitted:
  input_file:ESAPI/build/classes/org/owasp/esapi/AccessController.class
 */
/* loaded from: input_file:ESAPI/esapi_1.0.jar:org/owasp/esapi/AccessController.class */
public class AccessController implements IAccessController {
    private Map urlMap = new HashMap();
    private Map functionMap = new HashMap();
    private Map dataMap = new HashMap();
    private Map fileMap = new HashMap();
    private Map serviceMap = new HashMap();
    private Rule deny = new Rule();
    private static AccessController instance = new AccessController();
    private static final File resourceDirectory = SecurityConfiguration.getInstance().getResourceDirectory();
    private static Logger logger = Logger.getLogger("ESAPI", "AccessController");

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:ESAPI/build/classes/org/owasp/esapi/AccessController$Rule.class
     */
    /* loaded from: input_file:ESAPI/esapi_1.0.jar:org/owasp/esapi/AccessController$Rule.class */
    public class Rule {
        protected String path = "";
        protected Set roles = new HashSet();
        protected boolean allow = false;

        protected Rule() {
        }

        public String toString() {
            return "URL:" + this.path + " | " + this.roles + " | " + (this.allow ? "allow" : "deny");
        }
    }

    protected AccessController() {
    }

    public static AccessController getInstance() {
        return instance;
    }

    @Override // org.owasp.esapi.interfaces.IAccessController
    public boolean isAuthorizedForURL(String str) {
        if (this.urlMap.isEmpty()) {
            try {
                this.urlMap = loadRules(new File(resourceDirectory, "URLAccessRules.txt"));
            } catch (AccessControlException e) {
                return false;
            }
        }
        try {
            return matchRule(this.urlMap, str);
        } catch (AccessControlException e2) {
            return false;
        }
    }

    @Override // org.owasp.esapi.interfaces.IAccessController
    public boolean isAuthorizedForFunction(String str) {
        if (this.functionMap.isEmpty()) {
            try {
                this.functionMap = loadRules(new File(resourceDirectory, "FunctionAccessRules.txt"));
            } catch (AccessControlException e) {
                return false;
            }
        }
        try {
            return matchRule(this.functionMap, str);
        } catch (AccessControlException e2) {
            return false;
        }
    }

    @Override // org.owasp.esapi.interfaces.IAccessController
    public boolean isAuthorizedForData(String str) {
        if (this.dataMap.isEmpty()) {
            try {
                this.dataMap = loadRules(new File(resourceDirectory, "DataAccessRules.txt"));
            } catch (AccessControlException e) {
                return false;
            }
        }
        try {
            return matchRule(this.dataMap, str);
        } catch (AccessControlException e2) {
            return false;
        }
    }

    @Override // org.owasp.esapi.interfaces.IAccessController
    public boolean isAuthorizedForFile(String str) {
        if (this.fileMap.isEmpty()) {
            try {
                this.fileMap = loadRules(new File(resourceDirectory, "FileAccessRules.txt"));
            } catch (AccessControlException e) {
                return false;
            }
        }
        try {
            return matchRule(this.fileMap, str.replaceAll("\\\\", "/"));
        } catch (AccessControlException e2) {
            return false;
        }
    }

    @Override // org.owasp.esapi.interfaces.IAccessController
    public boolean isAuthorizedForService(String str) {
        if (this.serviceMap.isEmpty()) {
            try {
                this.serviceMap = loadRules(new File(resourceDirectory, "ServiceAccessRules.txt"));
            } catch (AccessControlException e) {
                return false;
            }
        }
        try {
            return matchRule(this.serviceMap, str);
        } catch (AccessControlException e2) {
            return false;
        }
    }

    private boolean matchRule(Map map, String str) throws AccessControlException {
        User currentUser = Authenticator.getInstance().getCurrentUser();
        if (currentUser == null) {
            return false;
        }
        return searchForRule(map, currentUser.getRoles(), str).allow;
    }

    private Rule searchForRule(Map map, Set set, String str) throws AccessControlException {
        String str2;
        String canonicalize = Encoder.getInstance().canonicalize(str);
        while (true) {
            str2 = canonicalize;
            if (!str2.endsWith("/")) {
                break;
            }
            canonicalize = str2.substring(0, str2.length() - 1);
        }
        if (str2.indexOf("..") != -1) {
            throw new IntrusionException("Attempt to manipulate access control path", "Attempt to manipulate access control path: " + str);
        }
        int lastIndexOf = str2.lastIndexOf(".");
        String substring = lastIndexOf != -1 ? str2.substring(lastIndexOf + 1) : "";
        Rule rule = (Rule) map.get(str2);
        if (rule == null) {
            rule = (Rule) map.get(String.valueOf(str2) + "/*");
        }
        if (rule == null) {
            rule = (Rule) map.get("*." + substring);
        }
        if (rule != null && overlap(rule.roles, set)) {
            return rule;
        }
        String substring2 = str2.substring(0, str2.lastIndexOf(47));
        return substring2.length() <= 1 ? this.deny : searchForRule(map, set, substring2);
    }

    private boolean overlap(Set set, Set set2) {
        if (set.contains("any")) {
            return true;
        }
        Iterator it = set2.iterator();
        while (it.hasNext()) {
            if (set.contains((String) it.next())) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Code restructure failed: missing block: B:19:0x00b0, code lost:
    
        throw new org.owasp.esapi.errors.AccessControlException("Access control failure", "Problem in access control file. Duplicate rule " + r0);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.util.Map loadRules(java.io.File r8) throws org.owasp.esapi.errors.AccessControlException {
        /*
            Method dump skipped, instructions count: 326
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.owasp.esapi.AccessController.loadRules(java.io.File):java.util.Map");
    }
}
