package net.jxta.impl.access.pse;

import java.net.URI;
import java.net.URISyntaxException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import net.jxta.access.AccessService;
import net.jxta.credential.Credential;
import net.jxta.credential.PrivilegedOperation;
import net.jxta.document.Advertisement;
import net.jxta.document.Attributable;
import net.jxta.document.Attribute;
import net.jxta.document.Element;
import net.jxta.document.MimeMediaType;
import net.jxta.document.StructuredDocument;
import net.jxta.document.StructuredDocumentFactory;
import net.jxta.document.TextElement;
import net.jxta.exception.PeerGroupException;
import net.jxta.id.ID;
import net.jxta.id.IDFactory;
import net.jxta.impl.endpoint.EndpointServiceImpl;
import net.jxta.impl.membership.pse.PSECredential;
import net.jxta.impl.membership.pse.PSEMembershipService;
import net.jxta.impl.protocol.ResolverSrdiMsgImpl;
import net.jxta.logging.Logging;
import net.jxta.membership.MembershipService;
import net.jxta.peergroup.PeerGroup;
import net.jxta.platform.ModuleSpecID;
import net.jxta.protocol.ModuleImplAdvertisement;
import net.jxta.service.Service;

/* loaded from: input_file:META-INF/lib/shoal-jxta-1.1_12142008.jar:net/jxta/impl/access/pse/PSEAccessService.class */
public class PSEAccessService implements AccessService {
    private static final Logger LOG = Logger.getLogger(PSEAccessService.class.getName());
    public static final ModuleSpecID PSE_ACCESS_SPEC_ID = (ModuleSpecID) ID.create(URI.create("urn:jxta:uuid-DeadBeefDeafBabaFeedBabe000000100306"));
    PeerGroup group;
    ModuleImplAdvertisement implAdvertisement;
    PSEMembershipService pseMembership;
    final boolean allowNullCredentialForNullOperation = false;

    /* loaded from: input_file:META-INF/lib/shoal-jxta-1.1_12142008.jar:net/jxta/impl/access/pse/PSEAccessService$PSEOperation.class */
    private static class PSEOperation implements PrivilegedOperation {
        final PSEAccessService source;
        PSECredential op;

        protected PSEOperation(PSEAccessService pSEAccessService, PSECredential pSECredential) {
            this.source = pSEAccessService;
            this.op = pSECredential;
        }

        protected PSEOperation(PSEAccessService pSEAccessService, Element element) {
            this.source = pSEAccessService;
            initialize(element);
        }

        @Override // net.jxta.credential.Credential
        public ID getPeerGroupID() {
            return this.source.getPeerGroup().getPeerGroupID();
        }

        @Override // net.jxta.credential.Credential
        public ID getPeerID() {
            return null;
        }

        @Override // net.jxta.credential.Credential
        public boolean isExpired() {
            return false;
        }

        @Override // net.jxta.credential.Credential
        public boolean isValid() {
            return true;
        }

        @Override // net.jxta.credential.Credential
        public PSECredential getSubject() {
            return this.op;
        }

        @Override // net.jxta.credential.Credential
        public Service getSourceService() {
            return this.source;
        }

        @Override // net.jxta.credential.Credential
        public StructuredDocument getDocument(MimeMediaType mimeMediaType) throws Exception {
            StructuredDocument newStructuredDocument = StructuredDocumentFactory.newStructuredDocument(mimeMediaType, ResolverSrdiMsgImpl.credentialTag);
            if (newStructuredDocument instanceof Attributable) {
                ((Attributable) newStructuredDocument).addAttribute("xmlns:jxta", "http://jxta.org");
                ((Attributable) newStructuredDocument).addAttribute("xml:space", "preserve");
                ((Attributable) newStructuredDocument).addAttribute("type", "jxta:PSEOp");
            }
            newStructuredDocument.appendChild(newStructuredDocument.createElement("PeerGroupID", getPeerGroupID().toString()));
            newStructuredDocument.appendChild(newStructuredDocument.createElement("Operation", this.op));
            return newStructuredDocument;
        }

        @Override // net.jxta.credential.PrivilegedOperation
        public PSECredential getOfferer() {
            return null;
        }

        protected boolean handleElement(TextElement textElement) {
            if (!textElement.getName().equals("PeerGroupID")) {
                if (!textElement.getName().equals("Operation")) {
                    return false;
                }
                this.op = (PSECredential) this.source.pseMembership.makeCredential(textElement);
                return true;
            }
            try {
                ID fromURI = IDFactory.fromURI(new URI(textElement.getTextValue().trim()));
                if (fromURI.equals(getPeerGroupID())) {
                    return true;
                }
                throw new IllegalArgumentException("Operation is from a different group. " + fromURI + " != " + getPeerGroupID());
            } catch (ClassCastException e) {
                throw new IllegalArgumentException("Id is not a group id: " + textElement.getTextValue());
            } catch (URISyntaxException e2) {
                throw new IllegalArgumentException("Unusable ID in advertisement: " + textElement.getTextValue());
            }
        }

        protected void initialize(Element element) {
            Attribute attribute;
            if (!TextElement.class.isInstance(element)) {
                throw new IllegalArgumentException(getClass().getName() + " only supports TextElement");
            }
            TextElement textElement = (TextElement) element;
            String str = EndpointServiceImpl.MESSAGE_EMPTY_NS;
            if ((element instanceof Attributable) && null != (attribute = ((Attributable) element).getAttribute("type"))) {
                str = attribute.getValue();
            }
            if (!textElement.getName().equals("jxta:PSEOp") && !str.equals("jxta:PSEOp")) {
                throw new IllegalArgumentException("Could not construct : " + getClass().getName() + "from doc containing a " + textElement.getName());
            }
            Enumeration<T> children = textElement.getChildren();
            while (children.hasMoreElements()) {
                TextElement textElement2 = (TextElement) children.nextElement();
                if (!handleElement(textElement2) && Logging.SHOW_WARNING && PSEAccessService.LOG.isLoggable(Level.WARNING)) {
                    PSEAccessService.LOG.warning("Unhandled element '" + textElement2.getName() + "' in " + textElement.getName());
                }
            }
            if (null == this.op) {
                throw new IllegalArgumentException("operation was never initialized.");
            }
        }
    }

    @Override // net.jxta.platform.Module
    public void init(PeerGroup peerGroup, ID id, Advertisement advertisement) throws PeerGroupException {
        this.group = peerGroup;
        this.implAdvertisement = (ModuleImplAdvertisement) advertisement;
        if (Logging.SHOW_CONFIG && LOG.isLoggable(Level.CONFIG)) {
            StringBuilder sb = new StringBuilder("Configuring PSE Access Service : " + id);
            sb.append("\n\tImplementation :");
            sb.append("\n\t\tModule Spec ID: " + this.implAdvertisement.getModuleSpecID());
            sb.append("\n\t\tImpl Description : " + this.implAdvertisement.getDescription());
            sb.append("\n\t\tImpl URI : " + this.implAdvertisement.getUri());
            sb.append("\n\t\tImpl Code : " + this.implAdvertisement.getCode());
            sb.append("\n\tGroup Params :");
            sb.append("\n\t\tGroup : " + peerGroup.getPeerGroupName());
            sb.append("\n\t\tGroup ID : " + peerGroup.getPeerGroupID());
            sb.append("\n\t\tPeer ID : " + peerGroup.getPeerID());
            LOG.config(sb.toString());
        }
    }

    @Override // net.jxta.platform.Module
    public int startApp(String[] strArr) {
        MembershipService membershipService = this.group.getMembershipService();
        if (null == membershipService) {
            if (!Logging.SHOW_WARNING || !LOG.isLoggable(Level.WARNING)) {
                return 2;
            }
            LOG.warning("Stalled until there is a membership service");
            return 2;
        }
        ModuleImplAdvertisement moduleImplAdvertisement = (ModuleImplAdvertisement) membershipService.getImplAdvertisement();
        if (null != moduleImplAdvertisement && PSEMembershipService.pseMembershipSpecID.equals(moduleImplAdvertisement.getModuleSpecID()) && (membershipService instanceof PSEMembershipService)) {
            this.pseMembership = (PSEMembershipService) membershipService;
            return 0;
        }
        if (!Logging.SHOW_SEVERE || !LOG.isLoggable(Level.SEVERE)) {
            return -1;
        }
        LOG.severe("PSE Access Service requires a PSE Membership Service.");
        return -1;
    }

    @Override // net.jxta.platform.Module
    public void stopApp() {
        this.pseMembership = null;
    }

    @Override // net.jxta.service.Service
    public ModuleImplAdvertisement getImplAdvertisement() {
        return this.implAdvertisement;
    }

    @Override // net.jxta.service.Service
    public Service getInterface() {
        return this;
    }

    @Override // net.jxta.access.AccessService
    public AccessService.AccessResult doAccessCheck(PrivilegedOperation privilegedOperation, Credential credential) {
        if (null == privilegedOperation && null == credential) {
            return AccessService.AccessResult.DISALLOWED;
        }
        if (null == credential || !(credential instanceof PSECredential)) {
            return AccessService.AccessResult.DISALLOWED;
        }
        if (!credential.isValid()) {
            return AccessService.AccessResult.DISALLOWED;
        }
        if (null == privilegedOperation) {
            return AccessService.AccessResult.PERMITTED;
        }
        if ((privilegedOperation instanceof PSEOperation) && privilegedOperation.getSourceService() == this && privilegedOperation.isValid()) {
            X509Certificate[] certificateChain = ((PSEOperation) privilegedOperation).getOfferer().getCertificateChain();
            for (X509Certificate x509Certificate : Arrays.asList(((PSECredential) credential).getCertificateChain())) {
                Iterator it = Arrays.asList(certificateChain).iterator();
                while (it.hasNext()) {
                    if (x509Certificate.getPublicKey().equals(((X509Certificate) it.next()).getPublicKey())) {
                        return AccessService.AccessResult.PERMITTED;
                    }
                }
            }
            return AccessService.AccessResult.DISALLOWED;
        }
        return AccessService.AccessResult.DISALLOWED;
    }

    @Override // net.jxta.access.AccessService
    public PrivilegedOperation newPrivilegedOperation(Object obj, Credential credential) {
        if (!(obj instanceof PSECredential)) {
            throw new IllegalArgumentException(getClass().getName() + " only supports PSECredential subjects.");
        }
        if (obj != credential) {
            throw new IllegalArgumentException("PSE Access Service requires operation and offerer to be the same object.");
        }
        if (credential.isValid()) {
            return new PSEOperation((PSEAccessService) getInterface(), (PSECredential) credential);
        }
        throw new IllegalArgumentException("offerer is not a valid credential");
    }

    @Override // net.jxta.access.AccessService
    public PrivilegedOperation newPrivilegedOperation(Element element) {
        return new PSEOperation((PSEAccessService) getInterface(), element);
    }

    PeerGroup getPeerGroup() {
        return this.group;
    }
}
