package org.apache.servicemix.jbi.security;

import java.security.Principal;
import java.util.Set;
import javax.jbi.JBIException;
import javax.jbi.messaging.MessageExchange;
import javax.jbi.servicedesc.ServiceEndpoint;
import javax.security.auth.Subject;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.servicemix.jbi.messaging.MessageExchangeImpl;
import org.apache.servicemix.jbi.nmr.DefaultBroker;
import org.apache.servicemix.jbi.security.acl.AuthorizationMap;

/* loaded from: input_file:WEB-INF/lib/servicemix-core-3.4.0.2-fuse.jar:org/apache/servicemix/jbi/security/SecuredBroker.class */
public class SecuredBroker extends DefaultBroker {
    private static final Log LOG = LogFactory.getLog(SecuredBroker.class);
    private AuthorizationMap authorizationMap;

    public SecuredBroker() {
    }

    public SecuredBroker(AuthorizationMap authorizationMap) {
        this.authorizationMap = authorizationMap;
    }

    public AuthorizationMap getAuthorizationMap() {
        return this.authorizationMap;
    }

    public void setAuthorizationMap(AuthorizationMap authorizationMap) {
        this.authorizationMap = authorizationMap;
    }

    @Override // org.apache.servicemix.jbi.nmr.DefaultBroker, org.apache.servicemix.jbi.nmr.Broker
    public void sendExchangePacket(MessageExchange messageExchange) throws JBIException {
        LOG.debug("send exchange with secure broker");
        MessageExchangeImpl messageExchangeImpl = (MessageExchangeImpl) messageExchange;
        if (messageExchangeImpl.getRole() == MessageExchange.Role.PROVIDER && messageExchangeImpl.getDestinationId() == null) {
            resolveAddress(messageExchangeImpl);
            ServiceEndpoint endpoint = messageExchangeImpl.getEndpoint();
            if (endpoint != null) {
                LOG.debug("service name :" + endpoint.getServiceName());
                LOG.debug("operation name :" + messageExchange.getOperation());
                Set<Principal> acls = this.authorizationMap.getAcls(endpoint, messageExchange.getOperation());
                if (!acls.contains(GroupPrincipal.ANY)) {
                    Subject securitySubject = messageExchangeImpl.getMessage(MessageExchangeImpl.IN).getSecuritySubject();
                    if (securitySubject == null) {
                        throw new SecurityException("User not authenticated");
                    }
                    LOG.debug("authorization for " + securitySubject);
                    acls.retainAll(securitySubject.getPrincipals());
                    if (acls.size() == 0) {
                        throw new SecurityException("Endpoint is not authorized for this user");
                    }
                }
            }
        }
        super.sendExchangePacket(messageExchange);
    }
}
