package org.apache.camel.component.spring.security;

import java.util.List;
import javax.security.auth.Subject;
import org.apache.camel.CamelAuthorizationException;
import org.apache.camel.Exchange;
import org.apache.camel.Message;
import org.apache.camel.Processor;
import org.apache.camel.model.IdentifiedType;
import org.apache.camel.model.ProcessorDefinition;
import org.apache.camel.processor.DelegateProcessor;
import org.apache.camel.spi.AuthorizationPolicy;
import org.apache.camel.spi.RouteContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.event.AuthorizationFailureEvent;
import org.springframework.security.access.event.AuthorizedEvent;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.Assert;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-420.zip:modules/system/layers/fuse/org/apache/camel/component/spring/security/main/camel-spring-security-2.17.0.redhat-630420.jar:org/apache/camel/component/spring/security/SpringSecurityAuthorizationPolicy.class */
public class SpringSecurityAuthorizationPolicy extends IdentifiedType implements AuthorizationPolicy, InitializingBean, ApplicationEventPublisherAware {
    private static final Logger LOG = LoggerFactory.getLogger(SpringSecurityAuthorizationPolicy.class);
    private AccessDecisionManager accessDecisionManager;
    private AuthenticationManager authenticationManager;
    private AuthenticationAdapter authenticationAdapter;
    private ApplicationEventPublisher eventPublisher;
    private SpringSecurityAccessPolicy accessPolicy;
    private boolean alwaysReauthenticate;
    private boolean useThreadSecurityContext = true;

    /* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-420.zip:modules/system/layers/fuse/org/apache/camel/component/spring/security/main/camel-spring-security-2.17.0.redhat-630420.jar:org/apache/camel/component/spring/security/SpringSecurityAuthorizationPolicy$AuthorizeDelegateProcess.class */
    private class AuthorizeDelegateProcess extends DelegateProcessor {
        AuthorizeDelegateProcess(Processor processor) {
            super(processor);
        }

        @Override // org.apache.camel.processor.DelegateProcessor, org.apache.camel.Processor
        public void process(Exchange exchange) throws Exception {
            SpringSecurityAuthorizationPolicy.this.beforeProcess(exchange);
            processNext(exchange);
        }
    }

    @Override // org.apache.camel.spi.Policy
    public void beforeWrap(RouteContext routeContext, ProcessorDefinition<?> processorDefinition) {
    }

    @Override // org.apache.camel.spi.Policy
    public Processor wrap(RouteContext routeContext, Processor processor) {
        return new AuthorizeDelegateProcess(processor);
    }

    protected void beforeProcess(Exchange exchange) throws Exception {
        List<ConfigAttribute> configAttributes = this.accessPolicy.getConfigAttributes();
        try {
            Authentication authentication = getAuthentication(exchange.getIn());
            if (authentication == null) {
                throw new CamelAuthorizationException("Cannot find the Authentication instance.", exchange);
            }
            Authentication authenticateIfRequired = authenticateIfRequired(authentication);
            try {
                this.accessDecisionManager.decide(authenticateIfRequired, exchange, configAttributes);
                publishEvent(new AuthorizedEvent(exchange, configAttributes, authenticateIfRequired));
            } catch (AccessDeniedException e) {
                exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
                publishEvent(new AuthorizationFailureEvent(exchange, configAttributes, authenticateIfRequired, e));
                throw e;
            }
        } catch (RuntimeException e2) {
            exchange.getIn().setHeader(Exchange.AUTHENTICATION_FAILURE_POLICY_ID, getId());
            throw new CamelAuthorizationException("Cannot access the processor which has been protected.", exchange, e2);
        }
    }

    protected Authentication getAuthentication(Message message) {
        Subject subject = (Subject) message.getHeader(Exchange.AUTHENTICATION, Subject.class);
        Authentication authentication = null;
        if (subject != null) {
            authentication = getAuthenticationAdapter().toAuthentication(subject);
        }
        if (authentication == null && this.useThreadSecurityContext) {
            authentication = SecurityContextHolder.getContext().getAuthentication();
            LOG.debug("Get the authentication from SecurityContextHolder");
        }
        return authentication;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
        Assert.notNull(this.accessDecisionManager, "An AccessDecisionManager is required");
        Assert.notNull(this.accessPolicy, "The accessPolicy is required");
    }

    private Authentication authenticateIfRequired(Authentication authentication) {
        if (authentication.isAuthenticated() && !this.alwaysReauthenticate) {
            LOG.debug("Previously Authenticated: {}", authentication);
            return authentication;
        }
        Authentication authenticate = this.authenticationManager.authenticate(authentication);
        LOG.debug("Successfully Authenticated: {}", authenticate);
        return authenticate;
    }

    private void publishEvent(ApplicationEvent applicationEvent) {
        if (this.eventPublisher != null) {
            this.eventPublisher.publishEvent(applicationEvent);
        }
    }

    public AuthenticationAdapter getAuthenticationAdapter() {
        if (this.authenticationAdapter == null) {
            synchronized (this) {
                if (this.authenticationAdapter != null) {
                    return this.authenticationAdapter;
                }
                this.authenticationAdapter = new DefaultAuthenticationAdapter();
            }
        }
        return this.authenticationAdapter;
    }

    public void setAuthenticationAdapter(AuthenticationAdapter authenticationAdapter) {
        this.authenticationAdapter = authenticationAdapter;
    }

    public AccessDecisionManager getAccessDecisionManager() {
        return this.accessDecisionManager;
    }

    public AuthenticationManager getAuthenticationManager() {
        return this.authenticationManager;
    }

    @Override // org.springframework.context.ApplicationEventPublisherAware
    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.eventPublisher = applicationEventPublisher;
    }

    public void setSpringSecurityAccessPolicy(SpringSecurityAccessPolicy springSecurityAccessPolicy) {
        this.accessPolicy = springSecurityAccessPolicy;
    }

    public SpringSecurityAccessPolicy getSpringSecurityAccessPolicy() {
        return this.accessPolicy;
    }

    public boolean isAlwaysReauthenticate() {
        return this.alwaysReauthenticate;
    }

    public void setAlwaysReauthenticate(boolean z) {
        this.alwaysReauthenticate = z;
    }

    public boolean isUseThreadSecurityContext() {
        return this.useThreadSecurityContext;
    }

    public void setUseThreadSecurityContext(boolean z) {
        this.useThreadSecurityContext = z;
    }

    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
        this.accessDecisionManager = accessDecisionManager;
    }
}
