package org.jivesoftware.openfire.auth;

import org.jivesoftware.openfire.XMPPServerInfo;
import org.jivesoftware.openfire.admin.AdminManager;
import org.jivesoftware.openfire.net.SASLAuthentication;
import org.jivesoftware.util.SystemProperty;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jivesoftware/openfire/auth/DefaultAuthorizationPolicy.class */
public class DefaultAuthorizationPolicy implements AuthorizationPolicy {
    private static final Logger Log = LoggerFactory.getLogger(DefaultAuthorizationPolicy.class);
    public static final SystemProperty<Boolean> IGNORE_CASE = SystemProperty.Builder.ofType(Boolean.class).setKey("xmpp.auth.ignorecase").setDefaultValue(true).setDynamic(true).build();

    @Override // org.jivesoftware.openfire.auth.AuthorizationPolicy
    public boolean authorize(String str, String str2) {
        boolean z = false;
        String str3 = str;
        String str4 = null;
        String str5 = str2;
        String str6 = null;
        if (str.contains("@")) {
            str3 = str.substring(0, str.lastIndexOf("@"));
            str4 = str.substring(str.lastIndexOf("@") + 1);
        }
        if (str2.contains("@")) {
            str5 = str2.substring(0, str2.lastIndexOf("@"));
            str6 = str2.substring(str2.lastIndexOf("@") + 1);
        }
        if ((!SASLAuthentication.PROXY_AUTH.getValue().booleanValue() || !AdminManager.getInstance().isUserAdmin(str5, true)) && !str3.equals(str5)) {
            if (!IGNORE_CASE.getValue().booleanValue()) {
                Log.debug("Authorization username {} doesn't match authentication username {}", str3, str5);
                return false;
            }
            if (!str3.equalsIgnoreCase(str5)) {
                Log.debug("Authorization username {} doesn't match authentication username {}", str3, str5);
                return false;
            }
        }
        Log.debug("Checking authcRealm");
        if (str6 == null) {
            z = true;
        } else if (str6.equals(XMPPServerInfo.XMPP_DOMAIN.getValue())) {
            Log.trace("authcRealm = {}", XMPPServerInfo.XMPP_DOMAIN.getKey());
            z = true;
        } else if (str6.equals(SASLAuthentication.REALM.getValue())) {
            Log.trace("authcRealm = sasl.realm");
            z = true;
        } else {
            for (String str7 : SASLAuthentication.APPROVED_REALMS.getValue()) {
                if (str6.equals(str7)) {
                    Log.trace("authcRealm = {} which is approved", str7);
                    z = true;
                } else {
                    Log.trace("authcRealm != {} which is approved", str7);
                }
            }
        }
        if (!z) {
            return false;
        }
        boolean z2 = false;
        Log.debug("Checking authzRealm");
        if (str4 == null) {
            z2 = true;
        } else if (str4.equals(XMPPServerInfo.XMPP_DOMAIN.getValue())) {
            Log.trace("authcRealm = {}", XMPPServerInfo.XMPP_DOMAIN.getKey());
            z2 = true;
        } else if (str6 != null && str6.equals(str4)) {
            Log.trace("DefaultAuthorizationPolicy: authcRealm = {} which is approved", str6);
            z2 = true;
        }
        return z2;
    }

    @Override // org.jivesoftware.openfire.auth.AuthorizationPolicy
    public String name() {
        return "Default Policy";
    }

    @Override // org.jivesoftware.openfire.auth.AuthorizationPolicy
    public String description() {
        return "Different clients perform authentication differently, so this policy will authorize any authentication identity, or 'principal' (identity whose password will be used) to a requested authorization identity (identity to act as) that match specific conditions that are considered secure defaults for most installations.";
    }
}
