package org.apache.activemq.artemis.spi.core.security;

import java.io.Serializable;
import java.security.Principal;
import java.security.acl.Group;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.activemq.artemis.core.security.CheckType;
import org.apache.activemq.artemis.core.security.Role;
import org.jboss.logging.Logger;

/* loaded from: input_file:WEB-INF/lib/artemis-server-1.1.0.wildfly-024.jar:org/apache/activemq/artemis/spi/core/security/JAASSecurityManager.class */
public class JAASSecurityManager implements ActiveMQSecurityManager {
    private static final Logger logger = Logger.getLogger((Class<?>) JAASSecurityManager.class);
    private String configurationName;
    private CallbackHandler callbackHandler;
    private Configuration config;

    /* loaded from: input_file:WEB-INF/lib/artemis-server-1.1.0.wildfly-024.jar:org/apache/activemq/artemis/spi/core/security/JAASSecurityManager$SimplePrincipal.class */
    public static class SimplePrincipal implements Principal, Serializable {
        private static final long serialVersionUID = 1;
        private final String name;

        public SimplePrincipal(String str) {
            this.name = str;
        }

        @Override // java.security.Principal
        public boolean equals(Object obj) {
            boolean equals;
            if (!(obj instanceof Principal)) {
                return false;
            }
            String name = ((Principal) obj).getName();
            if (this.name == null) {
                equals = name == null;
            } else {
                equals = this.name.equals(name);
            }
            return equals;
        }

        @Override // java.security.Principal
        public int hashCode() {
            if (this.name == null) {
                return 0;
            }
            return this.name.hashCode();
        }

        @Override // java.security.Principal
        public String toString() {
            return this.name;
        }

        @Override // java.security.Principal
        public String getName() {
            return this.name;
        }
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager
    public boolean validateUser(String str, String str2) {
        try {
            getAuthenticatedSubject(str, str2);
            return true;
        } catch (LoginException e) {
            return false;
        }
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager
    public boolean validateUserAndRole(String str, String str2, Set<Role> set, CheckType checkType) {
        try {
            Subject authenticatedSubject = getAuthenticatedSubject(str, str2);
            boolean z = true;
            if (authenticatedSubject != null) {
                Set<Principal> rolePrincipals = getRolePrincipals(checkType, set);
                boolean z2 = false;
                Group subjectRoles = getSubjectRoles(authenticatedSubject);
                if (subjectRoles != null) {
                    Iterator<Principal> it = rolePrincipals.iterator();
                    while (!z2 && it.hasNext()) {
                        z2 = subjectRoles.isMember(it.next());
                    }
                }
                z = z2;
                if (logger.isTraceEnabled()) {
                    logger.trace("user " + str + (z ? " is " : " is NOT ") + "authorized");
                }
            }
            return z;
        } catch (LoginException e) {
            return false;
        }
    }

    private Subject getAuthenticatedSubject(String str, String str2) throws LoginException {
        SimplePrincipal simplePrincipal = str == null ? null : new SimplePrincipal(str);
        char[] cArr = null;
        if (str2 != null) {
            cArr = str2.toCharArray();
        }
        Subject subject = new Subject();
        if (str != null) {
            subject.getPrincipals().add(simplePrincipal);
        }
        subject.getPrivateCredentials().add(cArr);
        LoginContext loginContext = new LoginContext(this.configurationName, subject, this.callbackHandler, this.config);
        loginContext.login();
        return loginContext.getSubject();
    }

    private Group getSubjectRoles(Subject subject) {
        Group group = null;
        for (Group group2 : subject.getPrincipals(Group.class)) {
            if (group2.getName().equals("Roles")) {
                group = group2;
            }
        }
        return group;
    }

    private Set<Principal> getRolePrincipals(CheckType checkType, Set<Role> set) {
        HashSet hashSet = new HashSet();
        for (Role role : set) {
            if (checkType.hasRole(role)) {
                hashSet.add(new SimplePrincipal(role.getName()));
            }
        }
        return hashSet;
    }

    public void setConfigurationName(String str) {
        this.configurationName = str;
    }

    public void setCallbackHandler(CallbackHandler callbackHandler) {
        this.callbackHandler = callbackHandler;
    }

    public void setConfiguration(Configuration configuration) {
        this.config = configuration;
    }
}
