package org.apache.activemq.security;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import org.apache.activemq.broker.Broker;
import org.apache.activemq.broker.BrokerFilter;
import org.apache.activemq.broker.ConnectionContext;
import org.apache.activemq.command.ConnectionInfo;
import org.apache.activemq.jaas.JaasCertificateCallbackHandler;
import org.apache.activemq.jaas.UserPrincipal;

/* loaded from: input_file:WEB-INF/lib/activemq-core-5.4.1-fuse-02-00.jar:org/apache/activemq/security/JaasCertificateAuthenticationBroker.class */
public class JaasCertificateAuthenticationBroker extends BrokerFilter {
    private final String jaasConfiguration;

    public JaasCertificateAuthenticationBroker(Broker broker, String str) {
        super(broker);
        this.jaasConfiguration = str;
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.apache.activemq.broker.BrokerFilter, org.apache.activemq.broker.Broker
    public void addConnection(ConnectionContext connectionContext, ConnectionInfo connectionInfo) throws Exception {
        if (connectionContext.getSecurityContext() == null) {
            if (!(connectionInfo.getTransportContext() instanceof X509Certificate[])) {
                throw new SecurityException("Unable to authenticate transport without SSL certificate.");
            }
            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
            Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader());
            try {
                try {
                    LoginContext loginContext = new LoginContext(this.jaasConfiguration, new JaasCertificateCallbackHandler((X509Certificate[]) connectionInfo.getTransportContext()));
                    loginContext.login();
                    Subject subject = loginContext.getSubject();
                    String str = "";
                    Iterator<Principal> it = subject.getPrincipals().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Principal next = it.next();
                        if (next instanceof UserPrincipal) {
                            str = ((UserPrincipal) next).getName();
                            break;
                        }
                    }
                    connectionContext.setSecurityContext(new JaasCertificateSecurityContext(str, subject, (X509Certificate[]) connectionInfo.getTransportContext()));
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                } catch (Exception e) {
                    throw new SecurityException("User name or password is invalid: " + e.getMessage(), e);
                }
            } catch (Throwable th) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
                throw th;
            }
        }
        super.addConnection(connectionContext, connectionInfo);
    }

    @Override // org.apache.activemq.broker.BrokerFilter, org.apache.activemq.broker.Broker
    public void removeConnection(ConnectionContext connectionContext, ConnectionInfo connectionInfo, Throwable th) throws Exception {
        super.removeConnection(connectionContext, connectionInfo, th);
        connectionContext.setSecurityContext(null);
    }
}
