package dmg.cells.services.login.user;

import dmg.cells.nucleus.CellAdapter;
import dmg.cells.nucleus.CellMessage;
import dmg.cells.nucleus.CellNucleus;
import dmg.security.digest.Crypt;
import dmg.util.Authorizable;
import dmg.util.UserPasswords;
import java.io.File;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.StringTokenizer;
import org.dcache.util.Args;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dmg/cells/services/login/user/AclCell.class */
public class AclCell extends CellAdapter {
    private static final Logger _log = LoggerFactory.getLogger(AclCell.class);
    private String _cellName;
    private CellNucleus _nucleus;
    private Args _args;
    private AclDb _aclDb;
    private UserRelationable _userDb;
    private UserMetaDb _userMetaDb;
    private UserPasswords _sysPassword;
    private UserPasswords _egPassword;
    private Crypt _crypt;
    private static final String DUMMY_ADMIN = "5t2Hw7lNqVock";
    public static final String hh_set_passwd = "[-user=<userName>] [-old=<oldPasswd>] newPswd verifyPswd";

    public AclCell(String str, String str2) throws Throwable {
        super(str, str2, false);
        this._crypt = new Crypt();
        this._cellName = str;
        this._args = getArgs();
        try {
            if (this._args.argc() < 1) {
                throw new IllegalArgumentException("Usage : ... <dbPath>");
            }
            File file = new File(this._args.argv(0));
            this._aclDb = new AclDb(new File(file, "acls"));
            this._userDb = new InMemoryUserRelation(new FileUserRelation(new File(file, "relations")));
            this._userMetaDb = new UserMetaDb(new File(file, "meta"));
            addCommandListener(new UserAdminCommands(this._userDb, this._aclDb, this._userMetaDb));
            setCommandExceptionEnabled(true);
            String opt = this._args.getOpt("syspassword");
            if (opt != null) {
                this._sysPassword = new UserPasswords(new File(opt));
                _log.info("using as SystemPasswordfile : " + opt);
            }
            String opt2 = this._args.getOpt("egpassword");
            if (opt2 != null) {
                this._egPassword = new UserPasswords(new File(opt2));
                _log.info("using as EgPasswordfile : " + opt2);
            }
            start();
        } catch (Throwable th) {
            _log.warn("Exception while <init> : " + th, th);
            start();
            kill();
            throw th;
        }
    }

    @Override // dmg.cells.nucleus.CellAdapter
    public void messageArrived(CellMessage cellMessage) {
        Serializable serializable;
        Object messageObject = cellMessage.getMessageObject();
        try {
            _log.info("Message type : " + messageObject.getClass());
        } catch (Exception e) {
            serializable = e;
        }
        if (!(messageObject instanceof Object[]) || ((Object[]) messageObject).length < 3 || !((Object[]) messageObject)[0].equals("request")) {
            String str = "Illegal message object received from : " + cellMessage.getSourcePath();
            _log.warn(str);
            throw new Exception(str);
        }
        Object[] objArr = (Object[]) messageObject;
        String str2 = objArr[1] == null ? "unknown" : (String) objArr[1];
        String str3 = (String) objArr[2];
        _log.info(">" + str3 + "< request from " + str2);
        try {
            boolean z = -1;
            switch (str3.hashCode()) {
                case 1321894336:
                    if (str3.equals("check-password")) {
                        z = false;
                        break;
                    }
                    break;
                case 1515280308:
                    if (str3.equals("check-permission")) {
                        z = true;
                        break;
                    }
                    break;
                case 2100479178:
                    if (str3.equals("get-metainfo")) {
                        z = 2;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    serializable = acl_check_password(objArr);
                    break;
                case true:
                    serializable = acl_check_permission(objArr);
                    break;
                case true:
                    serializable = acl_get_metainfo(objArr);
                    break;
                default:
                    throw new Exception("Command not found : " + str3);
            }
            if (serializable instanceof Object[]) {
                ((Object[]) serializable)[0] = "response";
            }
            cellMessage.revertDirection();
            cellMessage.setMessageObject(serializable);
            try {
                sendMessage(cellMessage);
            } catch (Exception e2) {
                _log.warn("Can't send acl_response : " + e2, e2);
            }
        } catch (Exception e3) {
            throw new Exception("Problem : " + e3);
        }
    }

    /* JADX WARN: Type inference failed for: r0v19, types: [java.lang.Object[], java.io.Serializable] */
    private Serializable acl_get_metainfo(Object[] objArr) {
        if (objArr.length < 5 || objArr[3] == null || objArr[4] == null) {
            throw new IllegalArgumentException("Not enough or illegal arguments for 'check-password'");
        }
        String obj = objArr[3].toString();
        UserMetaDictionary dictionary = this._userMetaDb.getDictionary(obj);
        if (dictionary == null) {
            throw new IllegalArgumentException("No such user : " + obj);
        }
        ArrayList arrayList = new ArrayList(Arrays.asList(objArr).subList(0, 5));
        StringTokenizer stringTokenizer = new StringTokenizer(objArr[4].toString(), ",");
        while (stringTokenizer.hasMoreTokens()) {
            arrayList.add(dictionary.valueOf(stringTokenizer.nextToken()));
        }
        return arrayList.toArray(new Object[arrayList.size()]);
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Object[], java.lang.Object, java.io.Serializable] */
    private Serializable acl_check_password(Object[] objArr) {
        if (objArr.length < 5) {
            throw new IllegalArgumentException("Not enough arguments for 'check-password'");
        }
        ?? r0 = new Object[6];
        System.arraycopy(objArr, 0, r0, 0, 5);
        r0[1] = objArr[3];
        r0[5] = Boolean.valueOf(matchPassword((String) objArr[3], (String) objArr[4]));
        return r0;
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Object[], java.lang.Object, java.io.Serializable] */
    private Serializable acl_check_permission(Object[] objArr) {
        if (objArr.length < 5) {
            throw new IllegalArgumentException("Not enough arguments for 'check-permission'");
        }
        ?? r0 = new Object[6];
        System.arraycopy(objArr, 0, r0, 0, 5);
        r0[1] = objArr[3];
        r0[5] = Boolean.valueOf(checkPermission((String) objArr[3], (String) objArr[4]));
        return r0;
    }

    private boolean checkPermission(String str, String str2) {
        if (str.equals("admin")) {
            return true;
        }
        try {
            if (this._aclDb.check(str2, str, this._userDb)) {
                return true;
            }
        } catch (Exception e) {
        }
        try {
            return this._aclDb.check("super.access", str, this._userDb);
        } catch (Exception e2) {
            return false;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:15:0x0032, code lost:
    
        if (r0 == null) goto L13;
     */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x0084, code lost:
    
        if (r0 == null) goto L30;
     */
    /* JADX WARN: Code restructure failed: missing block: B:8:0x001e, code lost:
    
        if (r0 == null) goto L9;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean matchPassword(java.lang.String r5, java.lang.String r6) {
        /*
            r4 = this;
            r0 = r4
            r0.updatePassword()
            r0 = r5
            java.lang.String r1 = "admin"
            boolean r0 = r0.equals(r1)     // Catch: java.lang.Throwable -> Lab
            if (r0 == 0) goto L46
            r0 = r4
            dmg.util.UserPasswords r0 = r0._sysPassword     // Catch: java.lang.Throwable -> Lab
            if (r0 == 0) goto L21
            r0 = r4
            dmg.util.UserPasswords r0 = r0._sysPassword     // Catch: java.lang.Throwable -> Lab
            r1 = r5
            java.lang.String r0 = r0.getPassword(r1)     // Catch: java.lang.Throwable -> Lab
            r1 = r0
            r7 = r1
            if (r0 != 0) goto L38
        L21:
            r0 = r4
            dmg.util.UserPasswords r0 = r0._egPassword     // Catch: java.lang.Throwable -> Lab
            if (r0 == 0) goto L35
            r0 = r4
            dmg.util.UserPasswords r0 = r0._egPassword     // Catch: java.lang.Throwable -> Lab
            r1 = r5
            java.lang.String r0 = r0.getPassword(r1)     // Catch: java.lang.Throwable -> Lab
            r1 = r0
            r7 = r1
            if (r0 != 0) goto L38
        L35:
            java.lang.String r0 = "5t2Hw7lNqVock"
            r7 = r0
        L38:
            r0 = r4
            dmg.security.digest.Crypt r0 = r0._crypt     // Catch: java.lang.Throwable -> Lab
            r1 = r7
            r2 = r6
            java.lang.String r0 = r0.crypt(r1, r2)     // Catch: java.lang.Throwable -> Lab
            r1 = r7
            boolean r0 = r0.equals(r1)     // Catch: java.lang.Throwable -> Lab
            return r0
        L46:
            r0 = r4
            dmg.cells.services.login.user.UserMetaDb r0 = r0._userMetaDb     // Catch: java.lang.Throwable -> Lab
            r1 = r5
            dmg.cells.services.login.user.UserMetaDictionary r0 = r0.getDictionary(r1)     // Catch: java.lang.Throwable -> Lab
            r8 = r0
            r0 = r8
            if (r0 != 0) goto L57
            r0 = 0
            return r0
        L57:
            r0 = r8
            java.lang.String r1 = "login"
            java.lang.String r0 = r0.valueOf(r1)     // Catch: java.lang.Throwable -> Lab
            r9 = r0
            r0 = r9
            if (r0 == 0) goto L73
            r0 = r9
            java.lang.String r1 = "no"
            boolean r0 = r0.equals(r1)     // Catch: java.lang.Throwable -> Lab
            if (r0 == 0) goto L73
            r0 = 0
            return r0
        L73:
            r0 = r4
            dmg.util.UserPasswords r0 = r0._sysPassword     // Catch: java.lang.Throwable -> Lab
            if (r0 == 0) goto L87
            r0 = r4
            dmg.util.UserPasswords r0 = r0._sysPassword     // Catch: java.lang.Throwable -> Lab
            r1 = r5
            java.lang.String r0 = r0.getPassword(r1)     // Catch: java.lang.Throwable -> Lab
            r1 = r0
            r7 = r1
            if (r0 != 0) goto L9d
        L87:
            r0 = r4
            dmg.util.UserPasswords r0 = r0._egPassword     // Catch: java.lang.Throwable -> Lab
            if (r0 == 0) goto L9b
            r0 = r4
            dmg.util.UserPasswords r0 = r0._egPassword     // Catch: java.lang.Throwable -> Lab
            r1 = r5
            java.lang.String r0 = r0.getPassword(r1)     // Catch: java.lang.Throwable -> Lab
            r1 = r0
            r7 = r1
            if (r0 != 0) goto L9d
        L9b:
            r0 = 0
            return r0
        L9d:
            r0 = r4
            dmg.security.digest.Crypt r0 = r0._crypt     // Catch: java.lang.Throwable -> Lab
            r1 = r7
            r2 = r6
            java.lang.String r0 = r0.crypt(r1, r2)     // Catch: java.lang.Throwable -> Lab
            r1 = r7
            boolean r0 = r0.equals(r1)     // Catch: java.lang.Throwable -> Lab
            return r0
        Lab:
            r8 = move-exception
            org.slf4j.Logger r0 = dmg.cells.services.login.user.AclCell._log
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "Found : "
            java.lang.StringBuilder r1 = r1.append(r2)
            r2 = r8
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.warn(r1)
            r0 = 0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: dmg.cells.services.login.user.AclCell.matchPassword(java.lang.String, java.lang.String):boolean");
    }

    private void updatePassword() {
        try {
            if (this._sysPassword != null) {
                this._sysPassword.update();
            }
        } catch (Exception e) {
            _log.warn("Updating failed : " + this._sysPassword);
        }
        try {
            if (this._egPassword != null) {
                this._egPassword.update();
            }
        } catch (Exception e2) {
            _log.warn("Updating failed : " + this._egPassword);
        }
    }

    private void checkPermission(Args args, String str) throws Exception {
        if (!(args instanceof Authorizable)) {
            throw new AclPermissionException("Command not authorizable");
        }
        String authorizedPrincipal = ((Authorizable) args).getAuthorizedPrincipal();
        if (authorizedPrincipal.equals("admin")) {
            return;
        }
        try {
            if (this._aclDb.check("super.access", authorizedPrincipal, this._userDb)) {
                return;
            }
        } catch (Exception e) {
        }
        if (!this._aclDb.check(str, authorizedPrincipal, this._userDb)) {
            throw new AclPermissionException("Acl >" + str + "< negative for " + authorizedPrincipal);
        }
    }

    public String ac_interrupted(Args args) {
        return "\n";
    }

    public String ac_set_passwd_$_2(Args args) throws Exception {
        String[] record;
        if (this._egPassword == null) {
            throw new AclPermissionException("No private password file found");
        }
        if (!(args instanceof Authorizable)) {
            throw new AclPermissionException("Command not authorizable");
        }
        String argv = args.argv(0);
        if (!argv.equals(args.argv(1))) {
            throw new IllegalArgumentException("pswd1 doesn't match pswd2");
        }
        String authorizedPrincipal = ((Authorizable) args).getAuthorizedPrincipal();
        String opt = args.getOpt("user");
        String str = opt == null ? authorizedPrincipal : opt;
        String opt2 = args.getOpt("old");
        String str2 = "user." + str + ".setpassword";
        if (authorizedPrincipal.equals("admin") || this._aclDb.check(str2, authorizedPrincipal, this._userDb)) {
            record = this._egPassword.getRecord(str);
            if (record == null) {
                record = new String[2];
                record[0] = str;
            }
        } else {
            if (!authorizedPrincipal.equals(str)) {
                throw new AclPermissionException("Acl >" + str2 + "< negative for " + authorizedPrincipal);
            }
            if (opt2 == null) {
                throw new IllegalArgumentException("-old=<oldPassword> option missing");
            }
            String password = this._egPassword.getPassword(str);
            if (password == null) {
                throw new IllegalArgumentException("User not found in private passwd file");
            }
            if (!this._crypt.crypt(password, opt2).equals(password)) {
                throw new IllegalArgumentException("Old password doesn't match");
            }
            record = this._egPassword.getRecord(str);
            if (record == null) {
                throw new IllegalArgumentException("User " + str + " doesn't exist");
            }
        }
        record[1] = this._crypt.crypt(str.substring(0, 2), argv);
        this._egPassword.addRecord(record);
        this._egPassword.commit();
        return "";
    }
}
