package org.apache.activemq.security;

import java.util.Set;
import org.apache.activemq.broker.Broker;
import org.apache.activemq.broker.BrokerFilter;
import org.apache.activemq.broker.ConnectionContext;
import org.apache.activemq.broker.ProducerBrokerExchange;
import org.apache.activemq.broker.region.Destination;
import org.apache.activemq.broker.region.Subscription;
import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.command.ActiveMQQueue;
import org.apache.activemq.command.ActiveMQTopic;
import org.apache.activemq.command.ConsumerInfo;
import org.apache.activemq.command.DestinationInfo;
import org.apache.activemq.command.Message;
import org.apache.activemq.command.ProducerInfo;

/* loaded from: input_file:WEB-INF/lib/activemq-core-5.4.2-fuse-05-05.jar:org/apache/activemq/security/AuthorizationBroker.class */
public class AuthorizationBroker extends BrokerFilter implements SecurityAdminMBean {
    private final AuthorizationMap authorizationMap;

    public AuthorizationBroker(Broker broker, AuthorizationMap authorizationMap) {
        super(broker);
        this.authorizationMap = authorizationMap;
    }

    @Override // org.apache.activemq.broker.BrokerFilter, org.apache.activemq.broker.Broker
    public void addDestinationInfo(ConnectionContext connectionContext, DestinationInfo destinationInfo) throws Exception {
        addDestination(connectionContext, destinationInfo.getDestination(), true);
        super.addDestinationInfo(connectionContext, destinationInfo);
    }

    @Override // org.apache.activemq.broker.BrokerFilter, org.apache.activemq.broker.region.Region
    public Destination addDestination(ConnectionContext connectionContext, ActiveMQDestination activeMQDestination, boolean z) throws Exception {
        SecurityContext securityContext = connectionContext.getSecurityContext();
        if (securityContext == null) {
            throw new SecurityException("User is not authenticated.");
        }
        if (getDestinationMap().get(activeMQDestination) != null) {
            return super.addDestination(connectionContext, activeMQDestination, z);
        }
        if (!securityContext.isBrokerContext()) {
            Set<?> adminACLs = !activeMQDestination.isTemporary() ? this.authorizationMap.getAdminACLs(activeMQDestination) : this.authorizationMap.getTempDestinationAdminACLs();
            if (adminACLs != null && !securityContext.isInOneOf(adminACLs)) {
                throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to create: " + activeMQDestination);
            }
        }
        return super.addDestination(connectionContext, activeMQDestination, z);
    }

    @Override // org.apache.activemq.broker.BrokerFilter, org.apache.activemq.broker.region.Region
    public void removeDestination(ConnectionContext connectionContext, ActiveMQDestination activeMQDestination, long j) throws Exception {
        SecurityContext securityContext = connectionContext.getSecurityContext();
        if (securityContext == null) {
            throw new SecurityException("User is not authenticated.");
        }
        Set<?> adminACLs = !activeMQDestination.isTemporary() ? this.authorizationMap.getAdminACLs(activeMQDestination) : this.authorizationMap.getTempDestinationAdminACLs();
        if (!securityContext.isBrokerContext() && adminACLs != null && !securityContext.isInOneOf(adminACLs)) {
            throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to remove: " + activeMQDestination);
        }
        super.removeDestination(connectionContext, activeMQDestination, j);
    }

    @Override // org.apache.activemq.broker.BrokerFilter, org.apache.activemq.broker.region.Region
    public Subscription addConsumer(ConnectionContext connectionContext, ConsumerInfo consumerInfo) throws Exception {
        SecurityContext securityContext = connectionContext.getSecurityContext();
        if (securityContext == null) {
            throw new SecurityException("User is not authenticated.");
        }
        Set<?> readACLs = !consumerInfo.getDestination().isTemporary() ? this.authorizationMap.getReadACLs(consumerInfo.getDestination()) : this.authorizationMap.getTempDestinationReadACLs();
        if (!securityContext.isBrokerContext() && readACLs != null && !securityContext.isInOneOf(readACLs)) {
            throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to read from: " + consumerInfo.getDestination());
        }
        securityContext.getAuthorizedReadDests().put(consumerInfo.getDestination(), consumerInfo.getDestination());
        return super.addConsumer(connectionContext, consumerInfo);
    }

    @Override // org.apache.activemq.broker.BrokerFilter, org.apache.activemq.broker.Broker, org.apache.activemq.broker.region.Region
    public void addProducer(ConnectionContext connectionContext, ProducerInfo producerInfo) throws Exception {
        SecurityContext securityContext = connectionContext.getSecurityContext();
        if (securityContext == null) {
            throw new SecurityException("User is not authenticated.");
        }
        if (!securityContext.isBrokerContext() && producerInfo.getDestination() != null) {
            Set<?> writeACLs = !producerInfo.getDestination().isTemporary() ? this.authorizationMap.getWriteACLs(producerInfo.getDestination()) : this.authorizationMap.getTempDestinationWriteACLs();
            if (writeACLs != null && !securityContext.isInOneOf(writeACLs)) {
                throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to write to: " + producerInfo.getDestination());
            }
            securityContext.getAuthorizedWriteDests().put(producerInfo.getDestination(), producerInfo.getDestination());
        }
        super.addProducer(connectionContext, producerInfo);
    }

    @Override // org.apache.activemq.broker.BrokerFilter, org.apache.activemq.broker.region.Region
    public void send(ProducerBrokerExchange producerBrokerExchange, Message message) throws Exception {
        SecurityContext securityContext = producerBrokerExchange.getConnectionContext().getSecurityContext();
        if (securityContext == null) {
            throw new SecurityException("User is not authenticated.");
        }
        if (!securityContext.isBrokerContext() && !securityContext.getAuthorizedWriteDests().contains(message.getDestination())) {
            Set<?> writeACLs = !message.getDestination().isTemporary() ? this.authorizationMap.getWriteACLs(message.getDestination()) : this.authorizationMap.getTempDestinationWriteACLs();
            if (writeACLs != null && !securityContext.isInOneOf(writeACLs)) {
                throw new SecurityException("User " + securityContext.getUserName() + " is not authorized to write to: " + message.getDestination());
            }
            securityContext.getAuthorizedWriteDests().put(message.getDestination(), message.getDestination());
        }
        super.send(producerBrokerExchange, message);
    }

    @Override // org.apache.activemq.security.SecurityAdminMBean
    public void addQueueRole(String str, String str2, String str3) {
        addDestinationRole(new ActiveMQQueue(str), str2, str3);
    }

    @Override // org.apache.activemq.security.SecurityAdminMBean
    public void addTopicRole(String str, String str2, String str3) {
        addDestinationRole(new ActiveMQTopic(str), str2, str3);
    }

    @Override // org.apache.activemq.security.SecurityAdminMBean
    public void removeQueueRole(String str, String str2, String str3) {
        removeDestinationRole(new ActiveMQQueue(str), str2, str3);
    }

    @Override // org.apache.activemq.security.SecurityAdminMBean
    public void removeTopicRole(String str, String str2, String str3) {
        removeDestinationRole(new ActiveMQTopic(str), str2, str3);
    }

    public void addDestinationRole(javax.jms.Destination destination, String str, String str2) {
    }

    public void removeDestinationRole(javax.jms.Destination destination, String str, String str2) {
    }

    @Override // org.apache.activemq.security.SecurityAdminMBean
    public void addRole(String str) {
    }

    @Override // org.apache.activemq.security.SecurityAdminMBean
    public void addUserRole(String str, String str2) {
    }

    @Override // org.apache.activemq.security.SecurityAdminMBean
    public void removeRole(String str) {
    }

    @Override // org.apache.activemq.security.SecurityAdminMBean
    public void removeUserRole(String str, String str2) {
    }
}
