package org.wildfly.extension.messaging.activemq;

import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.activemq.artemis.core.security.CheckType;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager;
import org.jboss.as.security.plugins.SecurityDomainContext;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityContextAssociation;
import org.jboss.security.SecurityContextFactory;
import org.jboss.security.SimplePrincipal;
import org.wildfly.extension.messaging.activemq.logging.MessagingLogger;

/* loaded from: input_file:wildfly.zip:modules/system/layers/base/org/wildfly/extension/messaging-activemq/main/wildfly-messaging-activemq-23.0.2.Final.jar:org/wildfly/extension/messaging/activemq/WildFlySecurityManager.class */
public class WildFlySecurityManager implements ActiveMQSecurityManager {
    private SecurityDomainContext securityDomainContext;
    private String defaultUser;
    private String defaultPassword;

    public WildFlySecurityManager(SecurityDomainContext securityDomainContext) {
        this.defaultUser = null;
        this.defaultPassword = null;
        this.securityDomainContext = securityDomainContext;
        this.defaultUser = DefaultCredentials.getUsername();
        this.defaultPassword = DefaultCredentials.getPassword();
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager
    public boolean validateUser(String str, String str2) {
        if (this.defaultUser.equals(str) && this.defaultPassword.equals(str2)) {
            return true;
        }
        if (this.securityDomainContext == null) {
            throw MessagingLogger.ROOT_LOGGER.securityDomainContextNotSet();
        }
        return this.securityDomainContext.getAuthenticationManager().isValid(new SimplePrincipal(str), str2, new Subject());
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager
    public boolean validateUserAndRole(final String str, final String str2, final Set<Role> set, final CheckType checkType) {
        if (this.defaultUser.equals(str) && this.defaultPassword.equals(str2)) {
            return true;
        }
        if (this.securityDomainContext == null) {
            throw MessagingLogger.ROOT_LOGGER.securityDomainContextNotSet();
        }
        final Subject subject = new Subject();
        boolean isValid = this.securityDomainContext.getAuthenticationManager().isValid(new SimplePrincipal(str), str2, subject);
        if (isValid) {
            isValid = ((Boolean) AccessController.doPrivileged(new PrivilegedAction<Boolean>() { // from class: org.wildfly.extension.messaging.activemq.WildFlySecurityManager.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Boolean run() {
                    SecurityContext createSecurityContext;
                    SimplePrincipal simplePrincipal = new SimplePrincipal(str);
                    SecurityContext securityContext = SecurityContextAssociation.getSecurityContext();
                    if (securityContext == null) {
                        try {
                            createSecurityContext = SecurityContextFactory.createSecurityContext(simplePrincipal, str2, subject, WildFlySecurityManager.this.securityDomainContext.getAuthenticationManager().getSecurityDomain());
                        } catch (Exception e) {
                            throw new RuntimeException(e);
                        }
                    } else {
                        createSecurityContext = securityContext;
                        createSecurityContext.getUtil().createSubjectInfo(simplePrincipal, str2, subject);
                    }
                    SecurityContextAssociation.setSecurityContext(createSecurityContext);
                    HashSet hashSet = new HashSet();
                    for (Role role : set) {
                        if (checkType.hasRole(role)) {
                            hashSet.add(new SimplePrincipal(role.getName()));
                        }
                    }
                    boolean doesUserHaveRole = WildFlySecurityManager.this.securityDomainContext.getAuthorizationManager().doesUserHaveRole(new SimplePrincipal(str), hashSet);
                    SecurityContextAssociation.setSecurityContext(securityContext);
                    return Boolean.valueOf(doesUserHaveRole);
                }
            })).booleanValue();
        }
        return isValid;
    }
}
