package org.hornetq.core.security.impl;

import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.hornetq.api.core.SimpleString;
import org.hornetq.api.core.management.CoreNotificationType;
import org.hornetq.api.core.management.ManagementHelper;
import org.hornetq.core.security.CheckType;
import org.hornetq.core.security.Role;
import org.hornetq.core.security.SecurityStore;
import org.hornetq.core.server.HornetQMessageBundle;
import org.hornetq.core.server.HornetQServerLogger;
import org.hornetq.core.server.ServerSession;
import org.hornetq.core.server.management.Notification;
import org.hornetq.core.server.management.NotificationService;
import org.hornetq.core.settings.HierarchicalRepository;
import org.hornetq.core.settings.HierarchicalRepositoryChangeListener;
import org.hornetq.spi.core.security.HornetQSecurityManager;
import org.hornetq.utils.ConcurrentHashSet;
import org.hornetq.utils.TypedProperties;

/* loaded from: input_file:org/hornetq/core/security/impl/SecurityStoreImpl.class */
public class SecurityStoreImpl implements SecurityStore, HierarchicalRepositoryChangeListener {
    private final HierarchicalRepository<Set<Role>> securityRepository;
    private final HornetQSecurityManager securityManager;
    private final long invalidationInterval;
    private volatile long lastCheck;
    private final boolean securityEnabled;
    private final String managementClusterUser;
    private final String managementClusterPassword;
    private final NotificationService notificationService;
    private final boolean trace = HornetQServerLogger.LOGGER.isTraceEnabled();
    private final ConcurrentMap<String, ConcurrentHashSet<SimpleString>> cache = new ConcurrentHashMap();

    public SecurityStoreImpl(HierarchicalRepository<Set<Role>> hierarchicalRepository, HornetQSecurityManager hornetQSecurityManager, long j, boolean z, String str, String str2, NotificationService notificationService) {
        this.securityRepository = hierarchicalRepository;
        this.securityManager = hornetQSecurityManager;
        this.invalidationInterval = j;
        this.securityEnabled = z;
        this.managementClusterUser = str;
        this.managementClusterPassword = str2;
        this.notificationService = notificationService;
        this.securityRepository.registerListener(this);
    }

    @Override // org.hornetq.core.security.SecurityStore
    public boolean isSecurityEnabled() {
        return this.securityEnabled;
    }

    @Override // org.hornetq.core.security.SecurityStore
    public void stop() {
        this.securityRepository.unRegisterListener(this);
    }

    @Override // org.hornetq.core.security.SecurityStore
    public void authenticate(String str, String str2) throws Exception {
        if (this.securityEnabled) {
            if (this.managementClusterUser.equals(str)) {
                if (this.trace) {
                    HornetQServerLogger.LOGGER.trace("Authenticating cluster admin user");
                }
                if (!this.managementClusterPassword.equals(str2)) {
                    throw HornetQMessageBundle.BUNDLE.unableToValidateClusterUser(str);
                }
                return;
            }
            if (this.securityManager.validateUser(str, str2)) {
                return;
            }
            if (this.notificationService != null) {
                TypedProperties typedProperties = new TypedProperties();
                typedProperties.putSimpleStringProperty(ManagementHelper.HDR_USER, SimpleString.toSimpleString(str));
                this.notificationService.sendNotification(new Notification((String) null, CoreNotificationType.SECURITY_AUTHENTICATION_VIOLATION, typedProperties));
            }
            throw HornetQMessageBundle.BUNDLE.unableToValidateUser(str);
        }
    }

    @Override // org.hornetq.core.security.SecurityStore
    public void check(SimpleString simpleString, CheckType checkType, ServerSession serverSession) throws Exception {
        if (this.securityEnabled) {
            if (this.trace) {
                HornetQServerLogger.LOGGER.trace("checking access permissions to " + simpleString);
            }
            String username = serverSession.getUsername();
            if (checkCached(simpleString, username, checkType)) {
                return;
            }
            String simpleString2 = simpleString.toString();
            Set<Role> match = this.securityRepository.getMatch(simpleString2);
            if (this.managementClusterUser.equals(username) && serverSession.getPassword().equals(this.managementClusterPassword)) {
                return;
            }
            if (this.securityManager.validateUserAndRole(username, serverSession.getPassword(), match, checkType)) {
                ConcurrentHashSet<SimpleString> concurrentHashSet = new ConcurrentHashSet<>();
                ConcurrentHashSet<SimpleString> putIfAbsent = this.cache.putIfAbsent(username + "." + checkType.name(), concurrentHashSet);
                if (putIfAbsent != null) {
                    concurrentHashSet = putIfAbsent;
                }
                concurrentHashSet.add(simpleString);
                return;
            }
            if (this.notificationService != null) {
                TypedProperties typedProperties = new TypedProperties();
                typedProperties.putSimpleStringProperty(ManagementHelper.HDR_ADDRESS, simpleString);
                typedProperties.putSimpleStringProperty(ManagementHelper.HDR_CHECK_TYPE, new SimpleString(checkType.toString()));
                typedProperties.putSimpleStringProperty(ManagementHelper.HDR_USER, SimpleString.toSimpleString(username));
                this.notificationService.sendNotification(new Notification((String) null, CoreNotificationType.SECURITY_PERMISSION_VIOLATION, typedProperties));
            }
            throw HornetQMessageBundle.BUNDLE.userNoPermissions(serverSession.getUsername(), checkType, simpleString2);
        }
    }

    @Override // org.hornetq.core.settings.HierarchicalRepositoryChangeListener
    public void onChange() {
        invalidateCache();
    }

    private void invalidateCache() {
        this.cache.clear();
    }

    private boolean checkCached(SimpleString simpleString, String str, CheckType checkType) {
        long currentTimeMillis = System.currentTimeMillis();
        boolean z = false;
        if (currentTimeMillis - this.lastCheck > this.invalidationInterval) {
            invalidateCache();
            this.lastCheck = currentTimeMillis;
        } else {
            ConcurrentHashSet<SimpleString> concurrentHashSet = this.cache.get(str + "." + checkType.name());
            if (concurrentHashSet != null) {
                z = concurrentHashSet.contains(simpleString);
            }
        }
        return z;
    }
}
