package org.apache.activemq.shiro.authz;

import org.apache.activemq.broker.ConnectionContext;
import org.apache.activemq.broker.ProducerBrokerExchange;
import org.apache.activemq.broker.region.Destination;
import org.apache.activemq.broker.region.Subscription;
import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.command.ConsumerInfo;
import org.apache.activemq.command.DestinationInfo;
import org.apache.activemq.command.Message;
import org.apache.activemq.command.ProducerInfo;
import org.apache.activemq.security.SecurityContext;
import org.apache.activemq.shiro.env.EnvironmentFilter;
import org.apache.activemq.shiro.subject.ConnectionSubjectResolver;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;

/* loaded from: input_file:org/apache/activemq/shiro/authz/AuthorizationFilter.class */
public class AuthorizationFilter extends EnvironmentFilter {
    private ActionPermissionResolver actionPermissionResolver = new DestinationActionPermissionResolver();

    public ActionPermissionResolver getActionPermissionResolver() {
        return this.actionPermissionResolver;
    }

    public void setActionPermissionResolver(ActionPermissionResolver actionPermissionResolver) {
        this.actionPermissionResolver = actionPermissionResolver;
    }

    protected Subject getSubject(ConnectionContext connectionContext) {
        return new ConnectionSubjectResolver(connectionContext).getSubject();
    }

    protected String toString(Subject subject) {
        PrincipalCollection principals = subject.getPrincipals();
        return (principals == null || principals.isEmpty()) ? "" : "[" + principals.toString() + "] ";
    }

    protected void assertAuthorized(DestinationAction destinationAction) {
        assertAuthorized(destinationAction, destinationAction.getVerb());
    }

    protected boolean isSystemBroker(DestinationAction destinationAction) {
        SecurityContext securityContext = destinationAction.getConnectionContext().getSecurityContext();
        return securityContext != null && securityContext.isBrokerContext();
    }

    protected void assertAuthorized(DestinationAction destinationAction, String str) {
        if (!isEnabled() || isSystemBroker(destinationAction)) {
            return;
        }
        Subject subject = getSubject(destinationAction.getConnectionContext());
        if (!subject.isPermittedAll(this.actionPermissionResolver.getPermissions(destinationAction))) {
            throw new UnauthorizedException(createUnauthorizedMessage(subject, destinationAction, str));
        }
    }

    protected String createUnauthorizedMessage(Subject subject, DestinationAction destinationAction, String str) {
        return "Subject " + toString(subject) + "is not authorized to " + str + " destination: " + destinationAction.getDestination();
    }

    public void addDestinationInfo(ConnectionContext connectionContext, DestinationInfo destinationInfo) throws Exception {
        assertAuthorized(new DestinationAction(connectionContext, destinationInfo.getDestination(), "create"));
        super.addDestinationInfo(connectionContext, destinationInfo);
    }

    public Destination addDestination(ConnectionContext connectionContext, ActiveMQDestination activeMQDestination, boolean z) throws Exception {
        assertAuthorized(new DestinationAction(connectionContext, activeMQDestination, "create"));
        return super.addDestination(connectionContext, activeMQDestination, z);
    }

    public void removeDestination(ConnectionContext connectionContext, ActiveMQDestination activeMQDestination, long j) throws Exception {
        assertAuthorized(new DestinationAction(connectionContext, activeMQDestination, "remove"));
        super.removeDestination(connectionContext, activeMQDestination, j);
    }

    public void removeDestinationInfo(ConnectionContext connectionContext, DestinationInfo destinationInfo) throws Exception {
        assertAuthorized(new DestinationAction(connectionContext, destinationInfo.getDestination(), "remove"));
        super.removeDestinationInfo(connectionContext, destinationInfo);
    }

    public Subscription addConsumer(ConnectionContext connectionContext, ConsumerInfo consumerInfo) throws Exception {
        assertAuthorized(new DestinationAction(connectionContext, consumerInfo.getDestination(), "read"), "read from");
        return super.addConsumer(connectionContext, consumerInfo);
    }

    public void addProducer(ConnectionContext connectionContext, ProducerInfo producerInfo) throws Exception {
        if (producerInfo.getDestination() != null) {
            assertAuthorized(new DestinationAction(connectionContext, producerInfo.getDestination(), "write"), "write to");
        }
        super.addProducer(connectionContext, producerInfo);
    }

    public void send(ProducerBrokerExchange producerBrokerExchange, Message message) throws Exception {
        assertAuthorized(new DestinationAction(producerBrokerExchange.getConnectionContext(), message.getDestination(), "write"), "write to");
        super.send(producerBrokerExchange, message);
    }
}
