package org.jboss.mq.security;

import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import javax.jms.Destination;
import javax.jms.InvalidDestinationException;
import javax.jms.JMSException;
import javax.jms.JMSSecurityException;
import javax.jms.TemporaryQueue;
import javax.jms.TemporaryTopic;
import org.jboss.mq.ConnectionToken;
import org.jboss.mq.DurableSubscriptionID;
import org.jboss.mq.SpyDestination;
import org.jboss.mq.SpyMessage;
import org.jboss.mq.SpyTopic;
import org.jboss.mq.Subscription;
import org.jboss.mq.TransactionRequest;
import org.jboss.mq.server.JMSServerInterceptorSupport;

/* loaded from: input_file:org/jboss/mq/security/ServerSecurityInterceptor.class */
public class ServerSecurityInterceptor extends JMSServerInterceptorSupport {
    SecurityManager manager;
    private HashMap tempDests = new HashMap();

    public ServerSecurityInterceptor(SecurityManager securityManager) {
        this.manager = securityManager;
    }

    @Override // org.jboss.mq.server.JMSServerInterceptorSupport, org.jboss.mq.server.JMSServerInterceptor
    public String authenticate(String str, String str2) throws JMSException {
        this.log.trace(new StringBuffer().append("Authenticating user ").append(str).toString());
        return this.manager.authenticate(str, str2);
    }

    @Override // org.jboss.mq.server.JMSServerInterceptorSupport, org.jboss.mq.server.JMSServerInterceptor
    public void connectionClosing(ConnectionToken connectionToken) throws JMSException {
        super.connectionClosing(connectionToken);
        this.manager.logout(connectionToken);
        removeTemporaryDestinations(connectionToken);
    }

    @Override // org.jboss.mq.server.JMSServerInterceptorSupport, org.jboss.mq.server.JMSServerInterceptor
    public SpyMessage[] browse(ConnectionToken connectionToken, Destination destination, String str) throws JMSException {
        if (this.log.isTraceEnabled()) {
            this.log.trace(new StringBuffer().append("Checking browse authorize on ").append(connectionToken).append(" dest=").append(destination).toString());
        }
        if (authorizeRead(connectionToken, ((SpyDestination) destination).getName())) {
            return super.browse(connectionToken, destination, str);
        }
        throw new JMSSecurityException(new StringBuffer().append("Connection not authorized to browse to destination: ").append(destination).toString());
    }

    @Override // org.jboss.mq.server.JMSServerInterceptorSupport, org.jboss.mq.server.JMSServerInterceptor
    public SpyMessage receive(ConnectionToken connectionToken, int i, long j) throws JMSException {
        if (this.log.isTraceEnabled()) {
            this.log.trace(new StringBuffer().append("Checking receive authorize on ").append(connectionToken).append(" subId=").append(i).toString());
        }
        String name = super.getSubscription(connectionToken, i).destination.getName();
        if (authorizeRead(connectionToken, name)) {
            return super.receive(connectionToken, i, j);
        }
        throw new JMSSecurityException(new StringBuffer().append("Connection not authorized to receive from destination: ").append(name).toString());
    }

    @Override // org.jboss.mq.server.JMSServerInterceptorSupport, org.jboss.mq.server.JMSServerInterceptor
    public void subscribe(ConnectionToken connectionToken, Subscription subscription) throws JMSException {
        if (this.log.isTraceEnabled()) {
            this.log.trace(new StringBuffer().append("Checking subscribe authorize on ").append(connectionToken).append(" sub=").append(subscription).toString());
        }
        if (subscription == null) {
            throw new JMSException("The subscription is not allowed to be null");
        }
        if (subscription.destination == null) {
            throw new InvalidDestinationException("Destination is not allowed to be null");
        }
        SpyDestination spyDestination = subscription.destination;
        String name = spyDestination.getName();
        if ((spyDestination instanceof SpyTopic) && ((SpyTopic) spyDestination).getDurableSubscriptionID() != null && !authorizeCreate(connectionToken, name)) {
            throw new JMSSecurityException(new StringBuffer().append("Connection not authorized to do durable subscription on topic: ").append(name).toString());
        }
        if (!authorizeRead(connectionToken, name)) {
            throw new JMSSecurityException(new StringBuffer().append("Connection not authorized to subscribe to destination: ").append(name).toString());
        }
        super.subscribe(connectionToken, subscription);
    }

    @Override // org.jboss.mq.server.JMSServerInterceptorSupport, org.jboss.mq.server.JMSServerInterceptor
    public void addMessage(ConnectionToken connectionToken, SpyMessage spyMessage) throws JMSException {
        String name = ((SpyDestination) spyMessage.getJMSDestination()).getName();
        if (!authorizeWrite(connectionToken, name)) {
            throw new JMSSecurityException(new StringBuffer().append("Connection not authorized to addMessages to destination: ").append(name).toString());
        }
        super.addMessage(connectionToken, spyMessage);
    }

    @Override // org.jboss.mq.server.JMSServerInterceptorSupport, org.jboss.mq.server.JMSServerInterceptor
    public void transact(ConnectionToken connectionToken, TransactionRequest transactionRequest) throws JMSException {
        if (transactionRequest.messages != null) {
            if (transactionRequest.messages.length == 1) {
                String name = ((SpyDestination) transactionRequest.messages[0].getJMSDestination()).getName();
                if (!authorizeWrite(connectionToken, name)) {
                    throw new JMSSecurityException(new StringBuffer().append("Connection not authorized to addMessages to destination: ").append(name).toString());
                }
            } else if (transactionRequest.messages.length > 0) {
                HashSet hashSet = new HashSet();
                for (int i = 0; i < transactionRequest.messages.length; i++) {
                    hashSet.add(((SpyDestination) transactionRequest.messages[i].getJMSDestination()).getName());
                }
                Iterator it = hashSet.iterator();
                while (it.hasNext()) {
                    String str = (String) it.next();
                    if (!authorizeWrite(connectionToken, str)) {
                        throw new JMSSecurityException(new StringBuffer().append("Connection not authorized to addMessages to destination: ").append(str).toString());
                    }
                }
            }
        }
        super.transact(connectionToken, transactionRequest);
    }

    @Override // org.jboss.mq.server.JMSServerInterceptorSupport, org.jboss.mq.server.JMSServerInterceptor
    public void destroySubscription(ConnectionToken connectionToken, DurableSubscriptionID durableSubscriptionID) throws JMSException {
        SpyTopic durableTopic = super.getDurableTopic(durableSubscriptionID);
        if (durableTopic == null) {
            throw new InvalidDestinationException(new StringBuffer().append("No durable topic found for subscription ").append(durableSubscriptionID.getSubscriptionName()).toString());
        }
        if (!authorizeCreate(connectionToken, durableTopic.getName())) {
            throw new JMSSecurityException(new StringBuffer().append("Connection not authorized to unsubscribe from subscription: ").append(durableTopic.getName()).toString());
        }
        super.destroySubscription(connectionToken, durableSubscriptionID);
    }

    @Override // org.jboss.mq.server.JMSServerInterceptorSupport, org.jboss.mq.server.JMSServerInterceptor
    public TemporaryTopic getTemporaryTopic(ConnectionToken connectionToken) throws JMSException {
        TemporaryTopic temporaryTopic = super.getTemporaryTopic(connectionToken);
        addTemporaryDestination(connectionToken, temporaryTopic);
        return temporaryTopic;
    }

    @Override // org.jboss.mq.server.JMSServerInterceptorSupport, org.jboss.mq.server.JMSServerInterceptor
    public TemporaryQueue getTemporaryQueue(ConnectionToken connectionToken) throws JMSException {
        TemporaryQueue temporaryQueue = super.getTemporaryQueue(connectionToken);
        addTemporaryDestination(connectionToken, temporaryQueue);
        return temporaryQueue;
    }

    @Override // org.jboss.mq.server.JMSServerInterceptorSupport, org.jboss.mq.server.JMSServerInterceptor
    public void deleteTemporaryDestination(ConnectionToken connectionToken, SpyDestination spyDestination) throws JMSException {
        removeTemporaryDestination(connectionToken, spyDestination);
        super.deleteTemporaryDestination(connectionToken, spyDestination);
    }

    public boolean authorizeRead(ConnectionToken connectionToken, String str) throws JMSException {
        SecurityMetadata securityMetadata = this.manager.getSecurityMetadata(str);
        if (securityMetadata != null) {
            return this.manager.authorize(connectionToken, securityMetadata.getReadPrincipals());
        }
        this.log.warn(new StringBuffer().append("No security configuration avaliable for ").append(str).toString());
        return false;
    }

    public boolean authorizeWrite(ConnectionToken connectionToken, String str) throws JMSException {
        SecurityMetadata securityMetadata = this.manager.getSecurityMetadata(str);
        if (securityMetadata != null) {
            return this.manager.authorize(connectionToken, securityMetadata.getWritePrincipals());
        }
        this.log.warn(new StringBuffer().append("No security configuration avaliable for ").append(str).toString());
        return false;
    }

    public boolean authorizeCreate(ConnectionToken connectionToken, String str) throws JMSException {
        SecurityMetadata securityMetadata = this.manager.getSecurityMetadata(str);
        if (securityMetadata != null) {
            return this.manager.authorize(connectionToken, securityMetadata.getCreatePrincipals());
        }
        this.log.warn(new StringBuffer().append("No security configuration avaliable for ").append(str).toString());
        return false;
    }

    public void addTemporaryDestination(ConnectionToken connectionToken, Destination destination) {
        synchronized (this.tempDests) {
            HashSet hashSet = (HashSet) this.tempDests.get(connectionToken);
            if (hashSet == null) {
                hashSet = new HashSet();
                this.tempDests.put(connectionToken, hashSet);
            }
            hashSet.add(destination);
        }
    }

    public void removeTemporaryDestination(ConnectionToken connectionToken, SpyDestination spyDestination) {
        synchronized (this.tempDests) {
            HashSet hashSet = (HashSet) this.tempDests.get(connectionToken);
            if (hashSet == null) {
                return;
            }
            hashSet.remove(spyDestination);
            try {
                this.manager.removeDestination(spyDestination.getName());
            } catch (Exception e) {
                this.log.warn(new StringBuffer().append("Unable to remove temporary destination ").append(spyDestination).toString(), e);
            }
        }
    }

    public void removeTemporaryDestinations(ConnectionToken connectionToken) {
        synchronized (this.tempDests) {
            HashSet hashSet = (HashSet) this.tempDests.remove(connectionToken);
            if (hashSet == null) {
                return;
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                SpyDestination spyDestination = (SpyDestination) it.next();
                try {
                    this.manager.removeDestination(spyDestination.getName());
                } catch (Exception e) {
                    this.log.warn(new StringBuffer().append("Unable to remove temporary destination ").append(spyDestination).toString(), e);
                }
            }
        }
    }
}
