package org.apache.activemq.security;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.apache.activemq.broker.Broker;
import org.apache.activemq.broker.ConnectionContext;
import org.apache.activemq.command.ConnectionInfo;
import org.apache.activemq.jaas.GroupPrincipal;

/* loaded from: input_file:WEB-INF/lib/activemq-broker-5.11.0.redhat-630376.jar:org/apache/activemq/security/SimpleAuthenticationBroker.class */
public class SimpleAuthenticationBroker extends AbstractAuthenticationBroker {
    private boolean anonymousAccessAllowed;
    private String anonymousUser;
    private String anonymousGroup;
    private Map<String, String> userPasswords;
    private Map<String, Set<Principal>> userGroups;

    public SimpleAuthenticationBroker(Broker broker, Map<String, String> map, Map<String, Set<Principal>> map2) {
        super(broker);
        this.anonymousAccessAllowed = false;
        this.userPasswords = map;
        this.userGroups = map2;
    }

    public void setAnonymousAccessAllowed(boolean z) {
        this.anonymousAccessAllowed = z;
    }

    public void setAnonymousUser(String str) {
        this.anonymousUser = str;
    }

    public void setAnonymousGroup(String str) {
        this.anonymousGroup = str;
    }

    public void setUserPasswords(Map<String, String> map) {
        this.userPasswords = map;
    }

    public void setUserGroups(Map<String, Set<Principal>> map) {
        this.userGroups = map;
    }

    @Override // org.apache.activemq.broker.BrokerFilter, org.apache.activemq.broker.Broker
    public void addConnection(ConnectionContext connectionContext, ConnectionInfo connectionInfo) throws Exception {
        SecurityContext securityContext = connectionContext.getSecurityContext();
        if (securityContext == null) {
            securityContext = authenticate(connectionInfo.getUserName(), connectionInfo.getPassword(), null);
            connectionContext.setSecurityContext(securityContext);
            this.securityContexts.add(securityContext);
        }
        try {
            super.addConnection(connectionContext, connectionInfo);
        } catch (Exception e) {
            this.securityContexts.remove(securityContext);
            connectionContext.setSecurityContext(null);
            throw e;
        }
    }

    @Override // org.apache.activemq.security.AuthenticationBroker
    public SecurityContext authenticate(String str, String str2, X509Certificate[] x509CertificateArr) throws SecurityException {
        SecurityContext securityContext;
        if (this.anonymousAccessAllowed && str == null && str2 == null) {
            securityContext = new SecurityContext(this.anonymousUser) { // from class: org.apache.activemq.security.SimpleAuthenticationBroker.1
                @Override // org.apache.activemq.security.SecurityContext
                public Set<Principal> getPrincipals() {
                    HashSet hashSet = new HashSet();
                    hashSet.add(new GroupPrincipal(SimpleAuthenticationBroker.this.anonymousGroup));
                    return hashSet;
                }
            };
        } else {
            String str3 = this.userPasswords.get(str);
            if (str3 == null || !str3.equals(str2)) {
                throw new SecurityException("User name [" + str + "] or password is invalid.");
            }
            final Set<Principal> set = this.userGroups.get(str);
            securityContext = new SecurityContext(str) { // from class: org.apache.activemq.security.SimpleAuthenticationBroker.2
                @Override // org.apache.activemq.security.SecurityContext
                public Set<Principal> getPrincipals() {
                    return set;
                }
            };
        }
        return securityContext;
    }
}
