package org.apache.activemq.shiro.authc;

import org.apache.activemq.broker.ConnectionContext;
import org.apache.activemq.command.ConnectionInfo;
import org.apache.activemq.security.SecurityContext;
import org.apache.activemq.shiro.ConnectionReference;
import org.apache.activemq.shiro.env.EnvironmentFilter;
import org.apache.activemq.shiro.subject.ConnectionSubjectResolver;
import org.apache.activemq.shiro.subject.SubjectConnectionReference;
import org.apache.activemq.shiro.subject.SubjectSecurityContext;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/activemq/shiro/authc/AuthenticationFilter.class */
public class AuthenticationFilter extends EnvironmentFilter {
    private static final Logger LOG = LoggerFactory.getLogger(AuthenticationFilter.class);
    private AuthenticationPolicy authenticationPolicy = new DefaultAuthenticationPolicy();
    private AuthenticationTokenFactory authenticationTokenFactory = new DefaultAuthenticationTokenFactory();

    public AuthenticationPolicy getAuthenticationPolicy() {
        return this.authenticationPolicy;
    }

    public void setAuthenticationPolicy(AuthenticationPolicy authenticationPolicy) {
        this.authenticationPolicy = authenticationPolicy;
    }

    public AuthenticationTokenFactory getAuthenticationTokenFactory() {
        return this.authenticationTokenFactory;
    }

    public void setAuthenticationTokenFactory(AuthenticationTokenFactory authenticationTokenFactory) {
        this.authenticationTokenFactory = authenticationTokenFactory;
    }

    protected Subject getSubject(ConnectionReference connectionReference) {
        return new ConnectionSubjectResolver(connectionReference).getSubject();
    }

    public void addConnection(ConnectionContext connectionContext, ConnectionInfo connectionInfo) throws Exception {
        if (isEnabled()) {
            Subject subject = getSubject(new ConnectionReference(connectionContext, connectionInfo, getEnvironment()));
            if (!subject.isAuthenticated()) {
                SubjectConnectionReference subjectConnectionReference = new SubjectConnectionReference(connectionContext, connectionInfo, getEnvironment(), subject);
                if (this.authenticationPolicy.isAuthenticationRequired(subjectConnectionReference)) {
                    AuthenticationToken authenticationToken = this.authenticationTokenFactory.getAuthenticationToken(subjectConnectionReference);
                    if (authenticationToken == null) {
                        throw new AuthenticationException("Unable to obtain authentication credentials for newly established connection.  Authentication is required.");
                    }
                    subject.login(authenticationToken);
                }
            }
        }
        super.addConnection(connectionContext, connectionInfo);
    }

    public void removeConnection(ConnectionContext connectionContext, ConnectionInfo connectionInfo, Throwable th) throws Exception {
        Subject subject;
        Subject subject2;
        try {
            super.removeConnection(connectionContext, connectionInfo, th);
            SecurityContext securityContext = connectionContext.getSecurityContext();
            if (!(securityContext instanceof SubjectSecurityContext) || (subject2 = ((SubjectSecurityContext) securityContext).getSubject()) == null) {
                return;
            }
            try {
                subject2.logout();
            } catch (Throwable th2) {
                LOG.info("Unable to cleanly logout connection Subject during connection removal.  This is unexpected but not critical: it can be safely ignored because the connection will no longer be used.", th2);
            }
        } catch (Throwable th3) {
            SecurityContext securityContext2 = connectionContext.getSecurityContext();
            if ((securityContext2 instanceof SubjectSecurityContext) && (subject = ((SubjectSecurityContext) securityContext2).getSubject()) != null) {
                try {
                    subject.logout();
                } catch (Throwable th4) {
                    LOG.info("Unable to cleanly logout connection Subject during connection removal.  This is unexpected but not critical: it can be safely ignored because the connection will no longer be used.", th4);
                }
            }
            throw th3;
        }
    }
}
