package org.jboss.activemq.artemis.wildfly.security;

import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.HashSet;
import java.util.Set;
import javax.naming.InitialContext;
import javax.security.auth.Subject;
import org.apache.activemq.artemis.core.security.CheckType;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.core.server.ActiveMQComponent;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
import org.jboss.activemq.artemis.wildfly.ActiveMQJBossLogger;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.RealmMapping;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.SimplePrincipal;

/* loaded from: input_file:org/jboss/activemq/artemis/wildfly/security/JBossASSecurityManager.class */
public class JBossASSecurityManager implements ActiveMQSecurityManager, ActiveMQComponent {
    private RealmMapping realmMapping;
    private AuthenticationManager authenticationManager;
    private boolean started;
    private final boolean trace = ActiveMQJBossLogger.LOGGER.isTraceEnabled();
    private String securityDomainName = "java:/jaas/activemq";
    private boolean isAs5 = true;
    private boolean allowClientLogin = false;
    private boolean authoriseOnClientLogin = false;

    public boolean validateUser(String str, String str2) {
        SimplePrincipal simplePrincipal = new SimplePrincipal(str);
        char[] cArr = null;
        if (str2 != null) {
            cArr = str2.toCharArray();
        }
        return this.authenticationManager.isValid(simplePrincipal, cArr, new Subject());
    }

    public boolean validateUserAndRole(String str, String str2, Set<Role> set, CheckType checkType) {
        if (!this.allowClientLogin || !SecurityContextAssociation.isClient()) {
            return useConnectionAuthentication(str, str2, set, checkType);
        }
        if (this.authoriseOnClientLogin) {
            return useClientAuthentication(set, checkType);
        }
        return true;
    }

    private boolean useConnectionAuthentication(final String str, final String str2, final Set<Role> set, final CheckType checkType) {
        return ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: org.jboss.activemq.artemis.wildfly.security.JBossASSecurityManager.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Boolean run() {
                SimplePrincipal simplePrincipal = str == null ? null : new SimplePrincipal(str);
                char[] cArr = null;
                if (str2 != null) {
                    cArr = str2.toCharArray();
                }
                Subject subject = new Subject();
                boolean isValid = JBossASSecurityManager.this.authenticationManager.isValid(simplePrincipal, cArr, subject);
                if (isValid) {
                    JBossASSecurityManager.this.pushSecurityContext(simplePrincipal, cArr, subject);
                    isValid = JBossASSecurityManager.this.realmMapping.doesUserHaveRole(simplePrincipal, JBossASSecurityManager.this.getRolePrincipals(checkType, set));
                    if (JBossASSecurityManager.this.trace) {
                        ActiveMQJBossLogger.LOGGER.trace("user " + str + (isValid ? " is " : " is NOT ") + "authorized");
                    }
                    JBossASSecurityManager.this.popSecurityContext();
                }
                return Boolean.valueOf(isValid);
            }
        })).booleanValue();
    }

    private boolean useClientAuthentication(final Set<Role> set, final CheckType checkType) {
        return ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: org.jboss.activemq.artemis.wildfly.security.JBossASSecurityManager.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Boolean run() {
                SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
                Principal userPrincipal = securityContext.getUtil().getUserPrincipal();
                boolean isValid = JBossASSecurityManager.this.authenticationManager.isValid(userPrincipal, (char[]) securityContext.getUtil().getCredential(), securityContext.getSubjectInfo().getAuthenticatedSubject());
                if (isValid) {
                    isValid = JBossASSecurityManager.this.realmMapping.doesUserHaveRole(userPrincipal, JBossASSecurityManager.this.getRolePrincipals(checkType, set));
                    if (JBossASSecurityManager.this.trace) {
                        ActiveMQJBossLogger.LOGGER.trace("user " + userPrincipal.getName() + (isValid ? " is " : " is NOT ") + "authorized");
                    }
                }
                return Boolean.valueOf(isValid);
            }
        })).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void popSecurityContext() {
        if (this.isAs5) {
            SecurityActions.popSubjectContext();
        } else {
            AS4SecurityActions.popSubjectContext();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void pushSecurityContext(SimplePrincipal simplePrincipal, char[] cArr, Subject subject) {
        if (this.isAs5) {
            SecurityActions.pushSubjectContext(simplePrincipal, cArr, subject, this.securityDomainName);
        } else {
            AS4SecurityActions.pushSubjectContext(simplePrincipal, cArr, subject);
        }
    }

    public void addRole(String str, String str2) {
    }

    public void addUser(String str, String str2) {
    }

    public void removeRole(String str, String str2) {
    }

    public void removeUser(String str) {
    }

    public void setDefaultUser(String str) {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Set<Principal> getRolePrincipals(CheckType checkType, Set<Role> set) {
        HashSet hashSet = new HashSet();
        for (Role role : set) {
            if (checkType.hasRole(role)) {
                hashSet.add(new SimplePrincipal(role.getName()));
            }
        }
        return hashSet;
    }

    public void setRealmMapping(RealmMapping realmMapping) {
        this.realmMapping = realmMapping;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public synchronized void start() throws Exception {
        if (this.started) {
            return;
        }
        this.authenticationManager = (AuthenticationManager) new InitialContext().lookup(this.securityDomainName);
        this.realmMapping = this.authenticationManager;
        this.started = true;
    }

    public synchronized void stop() {
        if (this.started) {
            this.started = false;
        }
    }

    public synchronized boolean isStarted() {
        return this.started;
    }

    public void setSecurityDomainName(String str) {
        this.securityDomainName = str;
    }

    public void setAs5(boolean z) {
        this.isAs5 = z;
    }

    public void setAllowClientLogin(boolean z) {
        this.allowClientLogin = z;
    }

    public void setAuthoriseOnClientLogin(boolean z) {
        this.authoriseOnClientLogin = z;
    }
}
