package org.apache.activemq.security;

import java.text.MessageFormat;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.apache.activemq.advisory.AdvisorySupport;
import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.filter.DestinationMap;
import org.apache.activemq.jaas.GroupPrincipal;
import org.apache.activemq.jaas.LDAPLoginModule;
import org.jruby.ext.openssl.impl.ASN1Registry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.PropertyAccessor;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-338.zip:modules/system/layers/fuse/org/apache/activemq/main/activemq-broker-5.11.0.redhat-630338.jar:org/apache/activemq/security/LDAPAuthorizationMap.class */
public class LDAPAuthorizationMap implements AuthorizationMap {
    public static final String INITIAL_CONTEXT_FACTORY = "initialContextFactory";
    public static final String CONNECTION_URL = "connectionURL";
    public static final String CONNECTION_USERNAME = "connectionUsername";
    public static final String CONNECTION_PASSWORD = "connectionPassword";
    public static final String CONNECTION_PROTOCOL = "connectionProtocol";
    public static final String AUTHENTICATION = "authentication";
    public static final String TOPIC_SEARCH_MATCHING = "topicSearchMatching";
    public static final String TOPIC_SEARCH_SUBTREE = "topicSearchSubtree";
    public static final String QUEUE_SEARCH_MATCHING = "queueSearchMatching";
    public static final String QUEUE_SEARCH_SUBTREE = "queueSearchSubtree";
    public static final String ADMIN_BASE = "adminBase";
    public static final String ADMIN_ATTRIBUTE = "adminAttribute";
    public static final String READ_BASE = "readBase";
    public static final String READ_ATTRIBUTE = "readAttribute";
    public static final String WRITE_BASE = "writeBAse";
    public static final String WRITE_ATTRIBUTE = "writeAttribute";
    private static final Logger LOG = LoggerFactory.getLogger(LDAPLoginModule.class);
    private String initialContextFactory;
    private String connectionURL;
    private String connectionUsername;
    private String connectionPassword;
    private String connectionProtocol;
    private String authentication;
    private DirContext context;
    private MessageFormat topicSearchMatchingFormat;
    private MessageFormat queueSearchMatchingFormat;
    private String advisorySearchBase;
    private String tempSearchBase;
    private boolean topicSearchSubtreeBool;
    private boolean queueSearchSubtreeBool;
    private boolean useAdvisorySearchBase;
    private String adminBase;
    private String adminAttribute;
    private String readBase;
    private String readAttribute;
    private String writeBase;
    private String writeAttribute;

    public LDAPAuthorizationMap() {
        this.advisorySearchBase = "uid=ActiveMQ.Advisory,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com";
        this.tempSearchBase = "uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com";
        this.topicSearchSubtreeBool = true;
        this.queueSearchSubtreeBool = true;
        this.useAdvisorySearchBase = true;
        this.initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
        this.connectionURL = "ldap://localhost:10389";
        this.connectionUsername = "uid=admin,ou=system";
        this.connectionPassword = "secret";
        this.connectionProtocol = "s";
        this.authentication = BeanDefinitionParserDelegate.DEPENDENCY_CHECK_SIMPLE_ATTRIBUTE_VALUE;
        this.topicSearchMatchingFormat = new MessageFormat("uid={0},ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com");
        this.queueSearchMatchingFormat = new MessageFormat("uid={0},ou=queues,ou=destinations,o=ActiveMQ,dc=example,dc=com");
        this.adminBase = "(cn=admin)";
        this.adminAttribute = ASN1Registry.LN_uniqueMember;
        this.readBase = "(cn=read)";
        this.readAttribute = ASN1Registry.LN_uniqueMember;
        this.writeBase = "(cn=write)";
        this.writeAttribute = ASN1Registry.LN_uniqueMember;
    }

    public LDAPAuthorizationMap(Map<String, String> map) {
        this.advisorySearchBase = "uid=ActiveMQ.Advisory,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com";
        this.tempSearchBase = "uid=ActiveMQ.Temp,ou=topics,ou=destinations,o=ActiveMQ,dc=example,dc=com";
        this.topicSearchSubtreeBool = true;
        this.queueSearchSubtreeBool = true;
        this.useAdvisorySearchBase = true;
        this.initialContextFactory = map.get(INITIAL_CONTEXT_FACTORY);
        this.connectionURL = map.get(CONNECTION_URL);
        this.connectionUsername = map.get(CONNECTION_USERNAME);
        this.connectionPassword = map.get(CONNECTION_PASSWORD);
        this.connectionProtocol = map.get(CONNECTION_PROTOCOL);
        this.authentication = map.get(AUTHENTICATION);
        this.adminBase = map.get(ADMIN_BASE);
        this.adminAttribute = map.get(ADMIN_ATTRIBUTE);
        this.readBase = map.get(READ_BASE);
        this.readAttribute = map.get(READ_ATTRIBUTE);
        this.writeBase = map.get(WRITE_BASE);
        this.writeAttribute = map.get(WRITE_ATTRIBUTE);
        String str = map.get(TOPIC_SEARCH_MATCHING);
        String str2 = map.get(TOPIC_SEARCH_SUBTREE);
        String str3 = map.get(QUEUE_SEARCH_MATCHING);
        String str4 = map.get(QUEUE_SEARCH_SUBTREE);
        this.topicSearchMatchingFormat = new MessageFormat(str);
        this.queueSearchMatchingFormat = new MessageFormat(str3);
        this.topicSearchSubtreeBool = Boolean.valueOf(str2).booleanValue();
        this.queueSearchSubtreeBool = Boolean.valueOf(str4).booleanValue();
    }

    @Override // org.apache.activemq.security.AuthorizationMap
    public Set<GroupPrincipal> getTempDestinationAdminACLs() {
        try {
            this.context = open();
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(new String[]{this.adminAttribute});
            return getACLs(this.tempSearchBase, searchControls, this.adminBase, this.adminAttribute);
        } catch (NamingException e) {
            LOG.error(e.toString());
            return new HashSet();
        }
    }

    @Override // org.apache.activemq.security.AuthorizationMap
    public Set<GroupPrincipal> getTempDestinationReadACLs() {
        try {
            this.context = open();
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(new String[]{this.readAttribute});
            return getACLs(this.tempSearchBase, searchControls, this.readBase, this.readAttribute);
        } catch (NamingException e) {
            LOG.error(e.toString());
            return new HashSet();
        }
    }

    @Override // org.apache.activemq.security.AuthorizationMap
    public Set<GroupPrincipal> getTempDestinationWriteACLs() {
        try {
            this.context = open();
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(new String[]{this.writeAttribute});
            return getACLs(this.tempSearchBase, searchControls, this.writeBase, this.writeAttribute);
        } catch (NamingException e) {
            LOG.error(e.toString());
            return new HashSet();
        }
    }

    @Override // org.apache.activemq.security.AuthorizationMap
    public Set<GroupPrincipal> getAdminACLs(ActiveMQDestination activeMQDestination) {
        return activeMQDestination.isComposite() ? getCompositeACLs(activeMQDestination, this.adminBase, this.adminAttribute) : getACLs(activeMQDestination, this.adminBase, this.adminAttribute);
    }

    @Override // org.apache.activemq.security.AuthorizationMap
    public Set<GroupPrincipal> getReadACLs(ActiveMQDestination activeMQDestination) {
        return activeMQDestination.isComposite() ? getCompositeACLs(activeMQDestination, this.readBase, this.readAttribute) : getACLs(activeMQDestination, this.readBase, this.readAttribute);
    }

    @Override // org.apache.activemq.security.AuthorizationMap
    public Set<GroupPrincipal> getWriteACLs(ActiveMQDestination activeMQDestination) {
        return activeMQDestination.isComposite() ? getCompositeACLs(activeMQDestination, this.writeBase, this.writeAttribute) : getACLs(activeMQDestination, this.writeBase, this.writeAttribute);
    }

    public String getAdminAttribute() {
        return this.adminAttribute;
    }

    public void setAdminAttribute(String str) {
        this.adminAttribute = str;
    }

    public String getAdminBase() {
        return this.adminBase;
    }

    public void setAdminBase(String str) {
        this.adminBase = str;
    }

    public String getAuthentication() {
        return this.authentication;
    }

    public void setAuthentication(String str) {
        this.authentication = str;
    }

    public String getConnectionPassword() {
        return this.connectionPassword;
    }

    public void setConnectionPassword(String str) {
        this.connectionPassword = str;
    }

    public String getConnectionProtocol() {
        return this.connectionProtocol;
    }

    public void setConnectionProtocol(String str) {
        this.connectionProtocol = str;
    }

    public String getConnectionURL() {
        return this.connectionURL;
    }

    public void setConnectionURL(String str) {
        this.connectionURL = str;
    }

    public String getConnectionUsername() {
        return this.connectionUsername;
    }

    public void setConnectionUsername(String str) {
        this.connectionUsername = str;
    }

    public DirContext getContext() {
        return this.context;
    }

    public void setContext(DirContext dirContext) {
        this.context = dirContext;
    }

    public String getInitialContextFactory() {
        return this.initialContextFactory;
    }

    public void setInitialContextFactory(String str) {
        this.initialContextFactory = str;
    }

    public MessageFormat getQueueSearchMatchingFormat() {
        return this.queueSearchMatchingFormat;
    }

    public void setQueueSearchMatchingFormat(MessageFormat messageFormat) {
        this.queueSearchMatchingFormat = messageFormat;
    }

    public boolean isQueueSearchSubtreeBool() {
        return this.queueSearchSubtreeBool;
    }

    public void setQueueSearchSubtreeBool(boolean z) {
        this.queueSearchSubtreeBool = z;
    }

    public String getReadAttribute() {
        return this.readAttribute;
    }

    public void setReadAttribute(String str) {
        this.readAttribute = str;
    }

    public String getReadBase() {
        return this.readBase;
    }

    public void setReadBase(String str) {
        this.readBase = str;
    }

    public MessageFormat getTopicSearchMatchingFormat() {
        return this.topicSearchMatchingFormat;
    }

    public void setTopicSearchMatchingFormat(MessageFormat messageFormat) {
        this.topicSearchMatchingFormat = messageFormat;
    }

    public boolean isTopicSearchSubtreeBool() {
        return this.topicSearchSubtreeBool;
    }

    public void setTopicSearchSubtreeBool(boolean z) {
        this.topicSearchSubtreeBool = z;
    }

    public String getWriteAttribute() {
        return this.writeAttribute;
    }

    public void setWriteAttribute(String str) {
        this.writeAttribute = str;
    }

    public String getWriteBase() {
        return this.writeBase;
    }

    public void setWriteBase(String str) {
        this.writeBase = str;
    }

    public boolean isUseAdvisorySearchBase() {
        return this.useAdvisorySearchBase;
    }

    public void setUseAdvisorySearchBase(boolean z) {
        this.useAdvisorySearchBase = z;
    }

    public String getAdvisorySearchBase() {
        return this.advisorySearchBase;
    }

    public void setAdvisorySearchBase(String str) {
        this.advisorySearchBase = str;
    }

    public String getTempSearchBase() {
        return this.tempSearchBase;
    }

    public void setTempSearchBase(String str) {
        this.tempSearchBase = str;
    }

    protected Set<GroupPrincipal> getCompositeACLs(ActiveMQDestination activeMQDestination, String str, String str2) {
        Set<GroupPrincipal> set = null;
        for (ActiveMQDestination activeMQDestination2 : activeMQDestination.getCompositeDestinations()) {
            set = DestinationMap.union(set, getACLs(activeMQDestination2, str, str2));
            if (set == null || set.isEmpty()) {
                break;
            }
        }
        return set;
    }

    protected Set<GroupPrincipal> getACLs(ActiveMQDestination activeMQDestination, String str, String str2) {
        try {
            this.context = open();
            String str3 = "";
            SearchControls searchControls = new SearchControls();
            if (AdvisorySupport.isAdvisoryTopic(activeMQDestination) && this.useAdvisorySearchBase) {
                str3 = this.advisorySearchBase;
            } else {
                if ((activeMQDestination.getDestinationType() & 1) == 1) {
                    str3 = this.queueSearchMatchingFormat.format(new String[]{activeMQDestination.getPhysicalName()});
                    if (this.queueSearchSubtreeBool) {
                        searchControls.setSearchScope(2);
                    } else {
                        searchControls.setSearchScope(1);
                    }
                }
                if ((activeMQDestination.getDestinationType() & 2) == 2) {
                    str3 = this.topicSearchMatchingFormat.format(new String[]{activeMQDestination.getPhysicalName()});
                    if (this.topicSearchSubtreeBool) {
                        searchControls.setSearchScope(2);
                    } else {
                        searchControls.setSearchScope(1);
                    }
                }
            }
            searchControls.setReturningAttributes(new String[]{str2});
            return getACLs(str3, searchControls, str, str2);
        } catch (NamingException e) {
            LOG.error(e.toString());
            return new HashSet();
        }
    }

    protected Set<GroupPrincipal> getACLs(String str, SearchControls searchControls, String str2, String str3) {
        try {
            HashSet hashSet = new HashSet();
            Set<String> hashSet2 = new HashSet();
            NamingEnumeration search = this.context.search(str, str2, searchControls);
            while (search.hasMore()) {
                Attributes attributes = ((SearchResult) search.next()).getAttributes();
                if (attributes != null) {
                    hashSet2 = addAttributeValues(str3, attributes, hashSet2);
                }
            }
            Iterator<String> it = hashSet2.iterator();
            while (it.hasNext()) {
                LdapName ldapName = new LdapName(it.next());
                Rdn rdn = ldapName.getRdn(ldapName.size() - 1);
                LOG.debug("Found role: [" + rdn.getValue().toString() + PropertyAccessor.PROPERTY_KEY_SUFFIX);
                hashSet.add(new GroupPrincipal(rdn.getValue().toString()));
            }
            return hashSet;
        } catch (NamingException e) {
            LOG.error(e.toString());
            return new HashSet();
        }
    }

    protected Set<String> addAttributeValues(String str, Attributes attributes, Set<String> set) throws NamingException {
        if (str == null || attributes == null) {
            return set;
        }
        if (set == null) {
            set = new HashSet();
        }
        Attribute attribute = attributes.get(str);
        if (attribute == null) {
            return set;
        }
        NamingEnumeration all = attribute.getAll();
        while (all.hasMore()) {
            set.add((String) all.next());
        }
        return set;
    }

    protected DirContext open() throws NamingException {
        if (this.context != null) {
            return this.context;
        }
        try {
            Hashtable hashtable = new Hashtable();
            hashtable.put("java.naming.factory.initial", this.initialContextFactory);
            if (this.connectionUsername == null || "".equals(this.connectionUsername)) {
                throw new NamingException("Empty username is not allowed");
            }
            hashtable.put("java.naming.security.principal", this.connectionUsername);
            if (this.connectionPassword == null || "".equals(this.connectionPassword)) {
                throw new NamingException("Empty password is not allowed");
            }
            hashtable.put("java.naming.security.credentials", this.connectionPassword);
            hashtable.put("java.naming.security.protocol", this.connectionProtocol);
            hashtable.put("java.naming.provider.url", this.connectionURL);
            hashtable.put("java.naming.security.authentication", this.authentication);
            this.context = new InitialDirContext(hashtable);
            return this.context;
        } catch (NamingException e) {
            LOG.error(e.toString());
            throw e;
        }
    }
}
