package com.bes.enterprise.security.jndi;

import com.bes.enterprise.appserver.common.util.StringUtils;
import com.bes.enterprise.common.request.dispatcher.PatternMatchUtils;
import com.bes.enterprise.web.util.descriptor.web.SecurityConstraint;
import java.beans.Introspector;
import java.beans.PropertyDescriptor;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import javax.naming.NamingException;

/* loaded from: input_file:com/bes/enterprise/security/jndi/JndiInjectionChecker.class */
public class JndiInjectionChecker {
    private static final String BLACK_LIST_FILE = "com.bes.enterprise.security.jndi.JndiInjectionChecker.blacklistFile";
    private static final String WHITE_LIST_FILE = "com.bes.enterprise.security.jndi.JndiInjectionChecker.whitelistFile";
    private static final String DEFAULT_BLACK_LIST_FILE = "jndi/jndiBlackList";
    private static final String DEFAULT_WHITE_LIST_FILE = "jndi/jndiWhiteList";
    protected static final Logger _logger = Logger.getLogger(JndiInjectionChecker.class.getName());
    private static final String JNDI_INJECTION_CHECKER_ENABLED = "com.bes.enterprise.security.jndi.JndiInjectionChecker.enabled";
    private static final boolean enabled = Boolean.parseBoolean(System.getProperty(JNDI_INJECTION_CHECKER_ENABLED, "true"));
    private static final Map<String, List<JndiCheckList>> blackList = new HashMap();
    private static final Map<String, List<JndiCheckList>> whiteList = new HashMap();
    private static volatile boolean initialized = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/bes/enterprise/security/jndi/JndiInjectionChecker$JndiCheckResult.class */
    public static class JndiCheckResult {
        private Boolean result;
        private JndiCheckList checkList;
        private String checkPropertyValue;

        private JndiCheckResult() {
        }

        public Boolean getResult() {
            return this.result;
        }

        public void setResult(Boolean bool) {
            this.result = bool;
        }

        public JndiCheckList getCheckList() {
            return this.checkList;
        }

        public void setCheckList(JndiCheckList jndiCheckList) {
            this.checkList = jndiCheckList;
        }

        public String getCheckPropertyValue() {
            return this.checkPropertyValue;
        }

        public void setCheckPropertyValue(String str) {
            this.checkPropertyValue = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/bes/enterprise/security/jndi/JndiInjectionChecker$ReflectionUtil.class */
    public static class ReflectionUtil {
        private ReflectionUtil() {
        }

        public static String getFieldValue(Object obj, JndiCheckList jndiCheckList) {
            if (jndiCheckList.getPropertyGetMethod() != null) {
                return String.valueOf(jndiCheckList.getPropertyGetMethod().invoke(obj, new Object[0]));
            }
            for (PropertyDescriptor propertyDescriptor : Introspector.getBeanInfo(obj.getClass()).getPropertyDescriptors()) {
                if (propertyDescriptor.getName().equals(jndiCheckList.getPropertyName())) {
                    Method readMethod = propertyDescriptor.getReadMethod();
                    jndiCheckList.setPropertyGetMethod(readMethod);
                    return String.valueOf(readMethod.invoke(obj, new Object[0]));
                }
            }
            Field field = null;
            Boolean bool = null;
            try {
                field = obj.getClass().getDeclaredField(jndiCheckList.getPropertyName());
                bool = Boolean.valueOf(field.isAccessible());
                field.setAccessible(true);
                String valueOf = String.valueOf(field.get(obj));
                if (bool != null) {
                    field.setAccessible(bool.booleanValue());
                }
                return valueOf;
            } catch (IllegalAccessException | NoSuchFieldException e) {
                if (bool == null) {
                    return "";
                }
                field.setAccessible(bool.booleanValue());
                return "";
            } catch (Throwable th) {
                if (bool != null) {
                    field.setAccessible(bool.booleanValue());
                }
                throw th;
            }
        }
    }

    private static void init() {
        if (initialized) {
            return;
        }
        synchronized (JndiInjectionChecker.class) {
            if (initialized) {
                return;
            }
            if (enabled) {
                String property = System.getProperty(BLACK_LIST_FILE);
                if (property == null) {
                    property = DEFAULT_BLACK_LIST_FILE;
                }
                loadConfig(property, blackList);
                String property2 = System.getProperty(WHITE_LIST_FILE);
                if (property2 == null) {
                    property2 = DEFAULT_WHITE_LIST_FILE;
                }
                loadConfig(property2, whiteList);
            }
            initialized = true;
        }
    }

    public static boolean isEnabled() {
        return enabled;
    }

    public static void allow(JndiCheckBean jndiCheckBean) throws NamingException {
        if (!initialized) {
            init();
        }
        if (enabled) {
            JndiCheckResult allowJndiReferenceBind = allowJndiReferenceBind(jndiCheckBean);
            if (allowJndiReferenceBind.getResult().booleanValue()) {
                return;
            }
            if (!allowJndiReferenceBind.getCheckList().isAllProperty()) {
                throw new NamingException(String.format("The %s object with %s '%s' is in blacklist!", allowJndiReferenceBind.getCheckList().getClassName(), allowJndiReferenceBind.getCheckList().getPropertyName(), allowJndiReferenceBind.getCheckPropertyValue()));
            }
            throw new NamingException(String.format("Class %s is in blacklist!", allowJndiReferenceBind.getCheckList().getClassName()));
        }
    }

    private static JndiCheckResult allowJndiReferenceBind(JndiCheckBean jndiCheckBean) {
        List<JndiCheckList> list;
        List<JndiCheckList> list2;
        JndiCheckResult jndiCheckResult = new JndiCheckResult();
        if (whiteList.size() > 0 && (list2 = whiteList.get(jndiCheckBean.getClazz().getName())) != null) {
            for (JndiCheckList jndiCheckList : list2) {
                if (jndiCheckList.isAllProperty()) {
                    jndiCheckResult.setResult(Boolean.TRUE);
                    return jndiCheckResult;
                }
                if (checkReferenceMatches(jndiCheckBean, jndiCheckList, jndiCheckResult).booleanValue()) {
                    jndiCheckResult.setResult(Boolean.TRUE);
                    return jndiCheckResult;
                }
            }
        }
        if (blackList.size() > 0 && (list = blackList.get(jndiCheckBean.getClazz().getName())) != null) {
            for (JndiCheckList jndiCheckList2 : list) {
                if (jndiCheckList2.isAllProperty()) {
                    jndiCheckResult.setCheckList(jndiCheckList2);
                    jndiCheckResult.setResult(Boolean.FALSE);
                    return jndiCheckResult;
                }
                if (checkReferenceMatches(jndiCheckBean, jndiCheckList2, jndiCheckResult).booleanValue()) {
                    jndiCheckResult.setResult(Boolean.FALSE);
                    return jndiCheckResult;
                }
            }
        }
        jndiCheckResult.setResult(Boolean.TRUE);
        return jndiCheckResult;
    }

    private static boolean matches(String str, String str2) {
        return str2.endsWith(".*") ? str.startsWith(str2.substring(0, str2.length() - 2)) : str2.endsWith(SecurityConstraint.ROLE_ALL_ROLES) ? str.startsWith(str2.substring(0, str2.length() - 1)) : str.equals(str2);
    }

    private static Boolean checkReferenceMatches(JndiCheckBean jndiCheckBean, JndiCheckList jndiCheckList, JndiCheckResult jndiCheckResult) {
        if (StringUtils.isEmpty(jndiCheckBean.getPropertyName())) {
            String fieldValue = ReflectionUtil.getFieldValue(jndiCheckBean.getCheckObj(), jndiCheckList);
            Iterator<String> it = jndiCheckList.getPropertyValue().iterator();
            while (it.hasNext()) {
                if (matches(fieldValue, it.next())) {
                    jndiCheckResult.setCheckList(jndiCheckList);
                    jndiCheckResult.setCheckPropertyValue(fieldValue);
                    return Boolean.TRUE;
                }
            }
        } else if (jndiCheckList.getPropertyName().equals(jndiCheckBean.getPropertyName())) {
            Iterator<String> it2 = jndiCheckList.getPropertyValue().iterator();
            while (it2.hasNext()) {
                if (matches(StringUtils.nvl(jndiCheckBean.getPropertyValue()), it2.next())) {
                    jndiCheckResult.setCheckList(jndiCheckList);
                    jndiCheckResult.setCheckPropertyValue(jndiCheckBean.getPropertyValue());
                    return Boolean.TRUE;
                }
            }
        }
        return Boolean.FALSE;
    }

    private static void loadConfig(String str, Map<String, List<JndiCheckList>> map) {
        InputStream inputStream = null;
        BufferedReader bufferedReader = null;
        try {
            try {
                inputStream = getInputStream(str);
                bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    String trim = readLine.trim();
                    if (!trim.startsWith("#") && !trim.startsWith("//")) {
                        String[] split = trim.split(PatternMatchUtils.QUERY_PARAM_KEY_VLUE_SEPARATOR);
                        if (split.length == 1) {
                            map.put(split[0], Collections.singletonList(new JndiCheckList(split[0])));
                        } else if (split.length == 2) {
                            int indexOf = split[0].indexOf("[@");
                            int indexOf2 = split[0].indexOf(93, indexOf);
                            if (indexOf >= 0 && indexOf2 >= 0 && indexOf2 >= indexOf) {
                                String trim2 = split[0].substring(0, indexOf).trim();
                                String trim3 = split[0].substring(indexOf + 2, indexOf2).trim();
                                List<JndiCheckList> list = map.get(trim2);
                                if (list != null) {
                                    list.add(new JndiCheckList(trim2, trim3, new HashSet(Arrays.asList(split[1].trim().split(",")))));
                                } else {
                                    ArrayList arrayList = new ArrayList();
                                    arrayList.add(new JndiCheckList(trim2, trim3, new HashSet(Arrays.asList(split[1].trim().split(",")))));
                                    map.put(trim2, arrayList);
                                }
                            }
                        }
                    }
                }
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (Exception e) {
                    }
                }
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Exception e2) {
                    }
                }
            } catch (IOException e3) {
                _logger.warning(e3.getClass().getName() + ":" + e3.getMessage());
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (Exception e4) {
                    }
                }
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Exception e5) {
                    }
                }
            }
        } catch (Throwable th) {
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (Exception e6) {
                }
            }
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (Exception e7) {
                }
            }
            throw th;
        }
    }

    private static InputStream getInputStream(String str) throws IOException {
        InputStream resourceAsStream;
        ClassLoader classLoader = JndiInjectionChecker.class.getClassLoader();
        InputStream resourceAsStream2 = classLoader.getResourceAsStream(str);
        if (resourceAsStream2 != null) {
            return resourceAsStream2;
        }
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        if (contextClassLoader == classLoader || (resourceAsStream = contextClassLoader.getResourceAsStream(str)) == null) {
            throw new IOException("Could not read config file: " + str + "!");
        }
        return resourceAsStream;
    }
}
