package org.apache.activemq.security;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Set;
import javax.naming.Binding;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.event.EventDirContext;
import javax.naming.event.NamespaceChangeListener;
import javax.naming.event.NamingEvent;
import javax.naming.event.NamingExceptionEvent;
import javax.naming.event.ObjectChangeListener;
import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.command.ActiveMQQueue;
import org.apache.activemq.command.ActiveMQTopic;
import org.apache.activemq.filter.DestinationFilter;
import org.apache.activemq.jaas.GroupPrincipal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.josql.functions.ConversionFunctions;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;

/* loaded from: input_file:WEB-INF/lib/activemq-core-5.4.2-fuse-05-01.jar:org/apache/activemq/security/CachedLDAPAuthorizationMap.class */
public class CachedLDAPAuthorizationMap extends DefaultAuthorizationMap implements NamespaceChangeListener, ObjectChangeListener, InitializingBean {
    private long lastUpdated;
    private DirContext context;
    private EventDirContext eventContext;
    private static final Log LOG = LogFactory.getLog(CachedLDAPAuthorizationMap.class);
    private static String ANY_DESCENDANT = "\\$";
    private String initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
    private String connectionURL = "ldap://localhost:1024";
    private String connectionUsername = "uid=admin,ou=system";
    private String connectionPassword = "secret";
    private String connectionProtocol = ConversionFunctions.SECOND;
    private String authentication = BeanDefinitionParserDelegate.DEPENDENCY_CHECK_SIMPLE_ATTRIBUTE_VALUE;
    private String baseDn = "ou=system";
    private int cnsLength = 5;
    private int refreshInterval = -1;
    HashMap<ActiveMQDestination, AuthorizationEntry> entries = new HashMap<>();

    protected DirContext open() throws NamingException {
        if (this.context != null) {
            return this.context;
        }
        try {
            Hashtable hashtable = new Hashtable();
            hashtable.put("java.naming.factory.initial", this.initialContextFactory);
            if (this.connectionUsername != null || !"".equals(this.connectionUsername)) {
                hashtable.put("java.naming.security.principal", this.connectionUsername);
            }
            if (this.connectionPassword != null || !"".equals(this.connectionPassword)) {
                hashtable.put("java.naming.security.credentials", this.connectionPassword);
            }
            hashtable.put("java.naming.security.protocol", this.connectionProtocol);
            hashtable.put("java.naming.provider.url", this.connectionURL);
            hashtable.put("java.naming.security.authentication", this.authentication);
            this.context = new InitialDirContext(hashtable);
            if (this.refreshInterval == -1) {
                this.eventContext = (EventDirContext) this.context.lookup("");
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                LOG.debug("Listening for: 'ou=Destination,ou=ActiveMQ," + this.baseDn + "'");
                this.eventContext.addNamingListener("ou=Destination,ou=ActiveMQ," + this.baseDn, "cn=*", searchControls, this);
            }
            return this.context;
        } catch (NamingException e) {
            LOG.error(e.toString());
            throw e;
        }
    }

    public void query() throws Exception {
        try {
            this.context = open();
        } catch (NamingException e) {
            LOG.error(e.toString());
        }
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        NamingEnumeration search = this.context.search("ou=Destination,ou=ActiveMQ," + this.baseDn, "(|(cn=admin)(cn=write)(cn=read))", searchControls);
        while (search.hasMore()) {
            SearchResult searchResult = (SearchResult) search.next();
            applyACL(getEntry(searchResult.getNameInNamespace()), searchResult);
        }
        setEntries(new ArrayList(this.entries.values()));
        updated();
    }

    protected void updated() {
        this.lastUpdated = System.currentTimeMillis();
    }

    protected AuthorizationEntry getEntry(String str) {
        String[] split = str.split(",");
        if (split.length == this.cnsLength && split[1].equals("ou=Temp")) {
            TempDestinationAuthorizationEntry tempDestinationAuthorizationEntry = getTempDestinationAuthorizationEntry();
            if (tempDestinationAuthorizationEntry == null) {
                tempDestinationAuthorizationEntry = new TempDestinationAuthorizationEntry();
                setTempDestinationAuthorizationEntry(tempDestinationAuthorizationEntry);
            }
            return tempDestinationAuthorizationEntry;
        }
        if (split.length != this.cnsLength + 1) {
            LOG.warn("Policy not applied! Wrong cn for authorization entry " + str);
        }
        ActiveMQDestination formatDestination = formatDestination(split[1], split[2]);
        if (formatDestination == null) {
            return null;
        }
        AuthorizationEntry authorizationEntry = this.entries.get(formatDestination);
        if (authorizationEntry == null) {
            authorizationEntry = new AuthorizationEntry();
            authorizationEntry.setDestination(formatDestination);
            this.entries.put(formatDestination, authorizationEntry);
        }
        return authorizationEntry;
    }

    protected ActiveMQDestination formatDestination(String str, String str2) {
        ActiveMQDestination activeMQDestination = null;
        if (str2.equalsIgnoreCase("ou=queue")) {
            activeMQDestination = new ActiveMQQueue(formatDestinationName(str));
        } else if (str2.equalsIgnoreCase("ou=topic")) {
            activeMQDestination = new ActiveMQTopic(formatDestinationName(str));
        } else {
            LOG.warn("Policy not applied! Unknown destination type " + str2);
        }
        return activeMQDestination;
    }

    protected void applyACL(AuthorizationEntry authorizationEntry, SearchResult searchResult) throws NamingException {
        Attribute attribute = searchResult.getAttributes().get("cn");
        NamingEnumeration all = searchResult.getAttributes().get("member").getAll();
        HashSet hashSet = new HashSet();
        while (all.hasMoreElements()) {
            hashSet.add(new GroupPrincipal(((String) all.nextElement()).replaceAll("cn=", "")));
        }
        if (attribute.get().equals(SecurityAdminMBean.OPERATION_ADMIN)) {
            authorizationEntry.setAdminACLs(hashSet);
            return;
        }
        if (attribute.get().equals(SecurityAdminMBean.OPERATION_WRITE)) {
            authorizationEntry.setWriteACLs(hashSet);
        } else if (attribute.get().equals(SecurityAdminMBean.OPERATION_READ)) {
            authorizationEntry.setReadACLs(hashSet);
        } else {
            LOG.warn("Policy not applied! Unknown privilege " + searchResult.getName());
        }
    }

    protected String formatDestinationName(String str) {
        return str.replaceFirst("cn=", "").replaceAll(ANY_DESCENDANT, DestinationFilter.ANY_DESCENDENT);
    }

    protected boolean isPriviledge(Binding binding) {
        String name = binding.getName();
        return name.startsWith("cn=admin") || name.startsWith("cn=write") || name.startsWith("cn=read");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.activemq.security.DefaultAuthorizationMap
    public Set<AuthorizationEntry> getAllEntries(ActiveMQDestination activeMQDestination) {
        if (this.refreshInterval != -1 && System.currentTimeMillis() >= this.lastUpdated + this.refreshInterval) {
            reset();
            this.entries.clear();
            LOG.debug("Updating authorization map!");
            try {
                query();
            } catch (Exception e) {
                LOG.error("Error updating authorization map", e);
            }
        }
        return super.getAllEntries(activeMQDestination);
    }

    public void objectAdded(NamingEvent namingEvent) {
        AuthorizationEntry entry;
        LOG.debug("Adding object: " + namingEvent.getNewBinding());
        SearchResult newBinding = namingEvent.getNewBinding();
        if (isPriviledge(newBinding) && (entry = getEntry(newBinding.getName())) != null) {
            try {
                applyACL(entry, newBinding);
                if (!(entry instanceof TempDestinationAuthorizationEntry)) {
                    put(entry.getDestination(), entry);
                }
            } catch (NamingException e) {
                LOG.warn("Unable to add entry", e);
            }
        }
    }

    public void objectRemoved(NamingEvent namingEvent) {
        LOG.debug("Removing object: " + namingEvent.getOldBinding());
        Binding oldBinding = namingEvent.getOldBinding();
        if (isPriviledge(oldBinding)) {
            AuthorizationEntry entry = getEntry(oldBinding.getName());
            String[] split = oldBinding.getName().split(",");
            if (isPriviledge(oldBinding)) {
                if (split[0].equalsIgnoreCase("cn=admin")) {
                    entry.setAdminACLs(new HashSet());
                    return;
                }
                if (split[0].equalsIgnoreCase("cn=write")) {
                    entry.setWriteACLs(new HashSet());
                } else if (split[0].equalsIgnoreCase("cn=read")) {
                    entry.setReadACLs(new HashSet());
                } else {
                    LOG.warn("Policy not removed! Unknown privilege " + oldBinding.getName());
                }
            }
        }
    }

    public void objectRenamed(NamingEvent namingEvent) {
        Binding oldBinding = namingEvent.getOldBinding();
        Binding newBinding = namingEvent.getNewBinding();
        LOG.debug("Renaming object: " + oldBinding + " to " + newBinding);
        String[] split = oldBinding.getName().split(",");
        ActiveMQDestination formatDestination = formatDestination(split[0], split[1]);
        String[] split2 = newBinding.getName().split(",");
        ActiveMQDestination formatDestination2 = formatDestination(split2[0], split2[1]);
        if (formatDestination == null || formatDestination2 == null) {
            return;
        }
        AuthorizationEntry remove = this.entries.remove(formatDestination);
        if (remove == null) {
            LOG.warn("No authorization entry for " + formatDestination);
            return;
        }
        remove.setDestination(formatDestination2);
        put(formatDestination2, remove);
        remove(formatDestination, remove);
    }

    public void objectChanged(NamingEvent namingEvent) {
        LOG.debug("Changing object " + namingEvent.getOldBinding() + " to " + namingEvent.getNewBinding());
        objectRemoved(namingEvent);
        objectAdded(namingEvent);
    }

    public void namingExceptionThrown(NamingExceptionEvent namingExceptionEvent) {
        LOG.error("Caught Unexpected Exception", namingExceptionEvent.getException());
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        query();
    }

    public String getConnectionURL() {
        return this.connectionURL;
    }

    public void setConnectionURL(String str) {
        this.connectionURL = str;
    }

    public String getConnectionUsername() {
        return this.connectionUsername;
    }

    public void setConnectionUsername(String str) {
        this.connectionUsername = str;
    }

    public String getConnectionPassword() {
        return this.connectionPassword;
    }

    public void setConnectionPassword(String str) {
        this.connectionPassword = str;
    }

    public String getConnectionProtocol() {
        return this.connectionProtocol;
    }

    public void setConnectionProtocol(String str) {
        this.connectionProtocol = str;
    }

    public String getAuthentication() {
        return this.authentication;
    }

    public void setAuthentication(String str) {
        this.authentication = str;
    }

    public String getBaseDn() {
        return this.baseDn;
    }

    public void setBaseDn(String str) {
        this.baseDn = str;
        this.cnsLength = str.split(",").length + 4;
    }

    public int getRefreshInterval() {
        return this.refreshInterval;
    }

    public void setRefreshInterval(int i) {
        this.refreshInterval = i;
    }
}
