package org.jivesoftware.openfire.auth;

import java.util.Iterator;
import java.util.StringTokenizer;
import java.util.Vector;
import org.jivesoftware.util.JiveGlobals;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jivesoftware/openfire/auth/DefaultAuthorizationPolicy.class */
public class DefaultAuthorizationPolicy implements AuthorizationPolicy {
    private static final Logger Log = LoggerFactory.getLogger(DefaultAuthorizationPolicy.class);
    private Vector<String> approvedRealms = new Vector<>();

    public DefaultAuthorizationPolicy() {
        String property = JiveGlobals.getProperty("sasl.approvedRealms");
        if (property != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(property, " ,\t\n\r\f");
            while (stringTokenizer.hasMoreTokens()) {
                this.approvedRealms.add(stringTokenizer.nextToken());
            }
        }
    }

    @Override // org.jivesoftware.openfire.auth.AuthorizationPolicy
    public boolean authorize(String str, String str2) {
        boolean z = false;
        String str3 = str;
        String str4 = null;
        String str5 = str2;
        String str6 = null;
        if (str.contains("@")) {
            str3 = str.substring(0, str.lastIndexOf("@"));
            str4 = str.substring(str.lastIndexOf("@") + 1);
        }
        if (str2.contains("@")) {
            str5 = str2.substring(0, str2.lastIndexOf("@"));
            str6 = str2.substring(str2.lastIndexOf("@") + 1);
        }
        if (!str3.equals(str5)) {
            if (!JiveGlobals.getBooleanProperty("xmpp.auth.ignorecase", true)) {
                Log.debug("DefaultAuthorizationPolicy: usernames don't match (" + str3 + " " + str5 + ")");
                return false;
            }
            if (!str3.toLowerCase().equals(str5.toLowerCase())) {
                if (!Log.isDebugEnabled()) {
                    return false;
                }
                Log.debug("DefaultAuthorizationPolicy: usernames don't match (" + str3 + " " + str5 + ")");
                return false;
            }
        }
        Log.debug("DefaultAuthorizationPolicy: Checking authenID realm");
        if (str6 == null) {
            z = true;
        } else if (str6.equals(JiveGlobals.getProperty("xmpp.domain"))) {
            Log.debug("DefaultAuthorizationPolicy: authenRealm = xmpp.domain");
            z = true;
        } else if (str6.equals(JiveGlobals.getProperty("sasl.realm"))) {
            Log.debug("DefaultAuthorizationPolicy: authenRealm = sasl.realm");
            z = true;
        } else {
            Iterator<String> it = this.approvedRealms.iterator();
            while (it.hasNext()) {
                String next = it.next();
                if (str6.equals(next)) {
                    if (Log.isDebugEnabled()) {
                        Log.debug("DefaultAuthorizationPolicy: authenRealm = " + next + " which is approved");
                    }
                    z = true;
                } else if (Log.isDebugEnabled()) {
                    Log.debug("DefaultAuthorizationPolicy: authenRealm != " + next + " which is approved");
                }
            }
        }
        if (!z) {
            return false;
        }
        boolean z2 = false;
        if (str4 == null) {
            z2 = true;
        } else if (str4.equals(JiveGlobals.getProperty("xmpp.domain"))) {
            Log.debug("DefaultAuthorizationPolicy: userRealm = xmpp.domain");
            z2 = true;
        } else if (str6 != null && str6.equals(str4)) {
            if (Log.isDebugEnabled()) {
                Log.debug("DefaultAuthorizationPolicy: userRealm = " + str6 + " which is approved");
            }
            z2 = true;
        }
        return z2;
    }

    @Override // org.jivesoftware.openfire.auth.AuthorizationPolicy
    public String name() {
        return "Default Policy";
    }

    @Override // org.jivesoftware.openfire.auth.AuthorizationPolicy
    public String description() {
        return "Different clients perform authentication differently, so this policy will authorize any principal to a requested user that match specific conditions that are considered secure defaults for most installations.";
    }
}
