package org.apache.activemq.security;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import org.apache.activemq.broker.Broker;
import org.apache.activemq.broker.ConnectionContext;
import org.apache.activemq.command.ConnectionInfo;
import org.apache.activemq.jaas.JassCredentialCallbackHandler;

/* loaded from: input_file:WEB-INF/lib/activemq-broker-5.11.0.redhat-630514.jar:org/apache/activemq/security/JaasAuthenticationBroker.class */
public class JaasAuthenticationBroker extends AbstractAuthenticationBroker {
    private final String jassConfiguration;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/activemq-broker-5.11.0.redhat-630514.jar:org/apache/activemq/security/JaasAuthenticationBroker$JaasSecurityContext.class */
    public static class JaasSecurityContext extends SecurityContext {
        private final Subject subject;

        public JaasSecurityContext(String str, Subject subject) {
            super(str);
            this.subject = subject;
        }

        @Override // org.apache.activemq.security.SecurityContext
        public Set<Principal> getPrincipals() {
            return this.subject.getPrincipals();
        }
    }

    public JaasAuthenticationBroker(Broker broker, String str) {
        super(broker);
        this.jassConfiguration = str;
    }

    @Override // org.apache.activemq.broker.BrokerFilter, org.apache.activemq.broker.Broker
    public void addConnection(ConnectionContext connectionContext, ConnectionInfo connectionInfo) throws Exception {
        if (connectionContext.getSecurityContext() != null) {
            super.addConnection(connectionContext, connectionInfo);
            return;
        }
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader());
        SecurityContext securityContext = null;
        try {
            try {
                securityContext = authenticate(connectionInfo.getUserName(), connectionInfo.getPassword(), null);
                connectionContext.setSecurityContext(securityContext);
                this.securityContexts.add(securityContext);
                super.addConnection(connectionContext, connectionInfo);
                Thread.currentThread().setContextClassLoader(contextClassLoader);
            } catch (Exception e) {
                if (securityContext != null) {
                    this.securityContexts.remove(securityContext);
                }
                connectionContext.setSecurityContext(null);
                throw e;
            }
        } catch (Throwable th) {
            Thread.currentThread().setContextClassLoader(contextClassLoader);
            throw th;
        }
    }

    @Override // org.apache.activemq.security.AuthenticationBroker
    public SecurityContext authenticate(String str, String str2, X509Certificate[] x509CertificateArr) throws SecurityException {
        try {
            LoginContext loginContext = new LoginContext(this.jassConfiguration, new JassCredentialCallbackHandler(str, str2));
            loginContext.login();
            return new JaasSecurityContext(str, loginContext.getSubject());
        } catch (Exception e) {
            throw new SecurityException("User name [" + str + "] or password is invalid.", e);
        }
    }
}
