package org.jboss.jms.server.container;

import java.util.HashSet;
import java.util.Set;
import javax.jms.Destination;
import javax.jms.JMSSecurityException;
import javax.jms.Message;
import org.jboss.aop.joinpoint.Invocation;
import org.jboss.aop.joinpoint.MethodInvocation;
import org.jboss.jms.destination.JBossDestination;
import org.jboss.jms.server.SecurityManager;
import org.jboss.jms.server.endpoint.ServerConnectionEndpoint;
import org.jboss.jms.server.endpoint.ServerConsumerEndpoint;
import org.jboss.jms.server.endpoint.ServerSessionEndpoint;
import org.jboss.jms.server.endpoint.advised.ConsumerAdvised;
import org.jboss.jms.server.endpoint.advised.SessionAdvised;
import org.jboss.jms.server.security.SecurityMetadata;
import org.jboss.logging.Logger;

/* loaded from: input_file:org/jboss/jms/server/container/SecurityAspect.class */
public class SecurityAspect {
    private static final Logger log;
    private boolean trace = log.isTraceEnabled();
    private Set readCache = new HashSet();
    private Set writeCache = new HashSet();
    private Set createCache = new HashSet();
    private static final long INVALIDATION_INTERVAL = 15000;
    private long lastCheck;
    static Class class$org$jboss$jms$server$container$SecurityAspect;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jboss/jms/server/container/SecurityAspect$CheckType.class */
    public static class CheckType {
        private int type;
        public static final int TYPE_READ = 0;
        public static final int TYPE_WRITE = 1;
        public static final int TYPE_CREATE = 2;
        public static CheckType READ = new CheckType(0);
        public static CheckType WRITE = new CheckType(1);
        public static CheckType CREATE = new CheckType(2);

        private CheckType(int i) {
            this.type = i;
        }

        public boolean equals(Object obj) {
            return (obj instanceof CheckType) && ((CheckType) obj).type == this.type;
        }

        public int hashCode() {
            return this.type;
        }
    }

    public Object handleCreateConsumerDelegate(Invocation invocation) throws Throwable {
        MethodInvocation methodInvocation = (MethodInvocation) invocation;
        Destination destination = (Destination) methodInvocation.getArguments()[0];
        ServerSessionEndpoint serverSessionEndpoint = (ServerSessionEndpoint) ((SessionAdvised) invocation.getTargetObject()).getEndpoint();
        check(destination, CheckType.READ, serverSessionEndpoint.getConnectionEndpoint());
        if (((String) methodInvocation.getArguments()[3]) != null) {
            check(destination, CheckType.CREATE, serverSessionEndpoint.getConnectionEndpoint());
        }
        return invocation.invokeNext();
    }

    public Object handleCreateBrowserDelegate(Invocation invocation) throws Throwable {
        check((Destination) ((MethodInvocation) invocation).getArguments()[0], CheckType.READ, ((ServerSessionEndpoint) ((SessionAdvised) invocation.getTargetObject()).getEndpoint()).getConnectionEndpoint());
        return invocation.invokeNext();
    }

    public Object handleSend(Invocation invocation) throws Throwable {
        check(((Message) ((MethodInvocation) invocation).getArguments()[0]).getJMSDestination(), CheckType.WRITE, ((ServerSessionEndpoint) ((SessionAdvised) invocation.getTargetObject()).getEndpoint()).getConnectionEndpoint());
        return invocation.invokeNext();
    }

    public Object handleGetMessageNow(Invocation invocation) throws Throwable {
        checkConsumerAccess(invocation);
        return invocation.invokeNext();
    }

    public Object handleActivate(Invocation invocation) throws Throwable {
        checkConsumerAccess(invocation);
        return invocation.invokeNext();
    }

    protected void checkConsumerAccess(Invocation invocation) throws Throwable {
        ServerConsumerEndpoint serverConsumerEndpoint = (ServerConsumerEndpoint) ((ConsumerAdvised) invocation.getTargetObject()).getEndpoint();
        check(serverConsumerEndpoint.getDestination(), CheckType.READ, serverConsumerEndpoint.getSessionEndpoint().getConnectionEndpoint());
    }

    private boolean checkCached(Destination destination, CheckType checkType) {
        long currentTimeMillis = System.currentTimeMillis();
        boolean z = false;
        if (currentTimeMillis - this.lastCheck > INVALIDATION_INTERVAL) {
            this.readCache.clear();
            this.writeCache.clear();
            this.createCache.clear();
        } else {
            switch (checkType.type) {
                case 0:
                    z = this.readCache.contains(destination);
                    break;
                case 1:
                    z = this.writeCache.contains(destination);
                    break;
                case 2:
                    z = this.createCache.contains(destination);
                    break;
                default:
                    throw new IllegalArgumentException(new StringBuffer().append("Invalid checkType:").append(checkType).toString());
            }
        }
        this.lastCheck = currentTimeMillis;
        return z;
    }

    private void check(Destination destination, CheckType checkType, ServerConnectionEndpoint serverConnectionEndpoint) throws JMSSecurityException {
        if (this.trace) {
            log.trace(new StringBuffer().append("checking access permissions to ").append(destination).toString());
        }
        if (checkCached(destination, checkType)) {
            return;
        }
        JBossDestination jBossDestination = (JBossDestination) destination;
        boolean isQueue = jBossDestination.isQueue();
        String name = jBossDestination.getName();
        SecurityManager securityManager = serverConnectionEndpoint.getSecurityManager();
        SecurityMetadata securityMetadata = securityManager.getSecurityMetadata(isQueue, name);
        if (securityMetadata == null) {
            throw new JMSSecurityException(new StringBuffer().append("No security configuration avaliable for ").append(name).toString());
        }
        securityManager.authenticate(serverConnectionEndpoint.getUsername(), serverConnectionEndpoint.getPassword());
        if (!securityManager.authorize(serverConnectionEndpoint.getUsername(), checkType == CheckType.READ ? securityMetadata.getReadPrincipals() : checkType == CheckType.WRITE ? securityMetadata.getWritePrincipals() : securityMetadata.getCreatePrincipals())) {
            throw new JMSSecurityException(new StringBuffer().append("User: ").append(serverConnectionEndpoint.getUsername()).append(" is not authorized to ").append(checkType == CheckType.READ ? "read from" : checkType == CheckType.WRITE ? "write to" : "create durable sub on").append(" destination ").append(name).toString());
        }
        switch (checkType.type) {
            case 0:
                this.readCache.add(destination);
                return;
            case 1:
                this.writeCache.add(destination);
                return;
            case 2:
                this.createCache.add(destination);
                return;
            default:
                throw new IllegalArgumentException(new StringBuffer().append("Invalid checkType:").append(checkType).toString());
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$jboss$jms$server$container$SecurityAspect == null) {
            cls = class$("org.jboss.jms.server.container.SecurityAspect");
            class$org$jboss$jms$server$container$SecurityAspect = cls;
        } else {
            cls = class$org$jboss$jms$server$container$SecurityAspect;
        }
        log = Logger.getLogger(cls);
    }
}
