package org.apache.activemq.artemis.core.server.impl;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.event.EventDirContext;
import javax.naming.event.NamespaceChangeListener;
import javax.naming.event.NamingEvent;
import javax.naming.event.NamingExceptionEvent;
import javax.naming.event.ObjectChangeListener;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
import org.apache.activemq.artemis.core.server.SecuritySettingPlugin;
import org.apache.activemq.artemis.core.settings.HierarchicalRepository;
import org.jboss.logging.Logger;

/* loaded from: input_file:artemis-server-2.0.0.jar:org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.class */
public class LegacyLDAPSecuritySettingPlugin implements SecuritySettingPlugin {
    private static final Logger logger = Logger.getLogger(LegacyLDAPSecuritySettingPlugin.class);
    private static final long serialVersionUID = 4793109879399750045L;
    public static final String INITIAL_CONTEXT_FACTORY = "initialContextFactory";
    public static final String CONNECTION_URL = "connectionURL";
    public static final String CONNECTION_USERNAME = "connectionUsername";
    public static final String CONNECTION_PASSWORD = "connectionPassword";
    public static final String CONNECTION_PROTOCOL = "connectionProtocol";
    public static final String AUTHENTICATION = "authentication";
    public static final String ROLE_ATTRIBUTE = "roleAttribute";
    public static final String FILTER = "filter";
    public static final String DESTINATION_BASE = "destinationBase";
    public static final String ADMIN_PERMISSION_VALUE = "adminPermissionValue";
    public static final String READ_PERMISSION_VALUE = "readPermissionValue";
    public static final String WRITE_PERMISSION_VALUE = "writePermissionValue";
    public static final String ENABLE_LISTENER = "enableListener";
    private String connectionUsername;
    private String connectionPassword;
    private String connectionProtocol;
    private DirContext context;
    private EventDirContext eventContext;
    private Map<String, Set<Role>> securityRoles;
    private HierarchicalRepository<Set<Role>> securityRepository;
    private String initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
    private String connectionURL = "ldap://localhost:1024";
    private String authentication = "simple";
    private String destinationBase = "ou=destinations,o=ActiveMQ,ou=system";
    private String filter = "(cn=*)";
    private String roleAttribute = "uniqueMember";
    private String adminPermissionValue = "admin";
    private String readPermissionValue = "read";
    private String writePermissionValue = "write";
    private boolean enableListener = true;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:artemis-server-2.0.0.jar:org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin$LDAPNamespaceChangeListener.class */
    public class LDAPNamespaceChangeListener implements NamespaceChangeListener, ObjectChangeListener {
        protected LDAPNamespaceChangeListener() {
        }

        public void namingExceptionThrown(NamingExceptionEvent namingExceptionEvent) {
            LegacyLDAPSecuritySettingPlugin.this.namingExceptionThrown(namingExceptionEvent);
        }

        public void objectAdded(NamingEvent namingEvent) {
            LegacyLDAPSecuritySettingPlugin.this.objectAdded(namingEvent);
        }

        public void objectRemoved(NamingEvent namingEvent) {
            LegacyLDAPSecuritySettingPlugin.this.objectRemoved(namingEvent);
        }

        public void objectRenamed(NamingEvent namingEvent) {
            LegacyLDAPSecuritySettingPlugin.this.objectRenamed(namingEvent);
        }

        public void objectChanged(NamingEvent namingEvent) {
            LegacyLDAPSecuritySettingPlugin.this.objectChanged(namingEvent);
        }
    }

    @Override // org.apache.activemq.artemis.core.server.SecuritySettingPlugin
    public LegacyLDAPSecuritySettingPlugin init(Map<String, String> map) {
        if (map != null) {
            this.initialContextFactory = getOption(map, INITIAL_CONTEXT_FACTORY, this.initialContextFactory);
            this.connectionURL = getOption(map, CONNECTION_URL, this.connectionURL);
            this.connectionUsername = getOption(map, CONNECTION_USERNAME, this.connectionUsername);
            this.connectionPassword = getOption(map, CONNECTION_PASSWORD, this.connectionPassword);
            this.connectionProtocol = getOption(map, CONNECTION_PROTOCOL, this.connectionProtocol);
            this.authentication = getOption(map, AUTHENTICATION, this.authentication);
            this.destinationBase = getOption(map, DESTINATION_BASE, this.destinationBase);
            this.filter = getOption(map, FILTER, this.filter);
            this.roleAttribute = getOption(map, ROLE_ATTRIBUTE, this.roleAttribute);
            this.adminPermissionValue = getOption(map, ADMIN_PERMISSION_VALUE, this.adminPermissionValue);
            this.readPermissionValue = getOption(map, READ_PERMISSION_VALUE, this.readPermissionValue);
            this.writePermissionValue = getOption(map, WRITE_PERMISSION_VALUE, this.writePermissionValue);
            this.enableListener = getOption(map, ENABLE_LISTENER, Boolean.TRUE.toString()).equalsIgnoreCase(Boolean.TRUE.toString());
        }
        return this;
    }

    private String getOption(Map<String, String> map, String str, String str2) {
        String str3 = map.get(str);
        if (str3 == null) {
            str3 = str2;
        }
        return str3;
    }

    public String getRoleAttribute() {
        return this.roleAttribute;
    }

    public SecuritySettingPlugin setRoleAttribute(String str) {
        this.roleAttribute = str;
        return this;
    }

    public String getFilter() {
        return this.filter;
    }

    public LegacyLDAPSecuritySettingPlugin setFilter(String str) {
        this.filter = str;
        return this;
    }

    public String getDestinationBase() {
        return this.destinationBase;
    }

    public LegacyLDAPSecuritySettingPlugin setDestinationBase(String str) {
        this.destinationBase = str;
        return this;
    }

    public String getAuthentication() {
        return this.authentication;
    }

    public LegacyLDAPSecuritySettingPlugin setAuthentication(String str) {
        this.authentication = str;
        return this;
    }

    public String getConnectionPassword() {
        return this.connectionPassword;
    }

    public LegacyLDAPSecuritySettingPlugin setConnectionPassword(String str) {
        this.connectionPassword = str;
        return this;
    }

    public String getConnectionProtocol() {
        return this.connectionProtocol;
    }

    public LegacyLDAPSecuritySettingPlugin setConnectionProtocol(String str) {
        this.connectionProtocol = str;
        return this;
    }

    public String getConnectionURL() {
        return this.connectionURL;
    }

    public LegacyLDAPSecuritySettingPlugin setConnectionURL(String str) {
        this.connectionURL = str;
        return this;
    }

    public String getConnectionUsername() {
        return this.connectionUsername;
    }

    public LegacyLDAPSecuritySettingPlugin setConnectionUsername(String str) {
        this.connectionUsername = str;
        return this;
    }

    public String getInitialContextFactory() {
        return this.initialContextFactory;
    }

    public String getAdminPermissionValue() {
        return this.adminPermissionValue;
    }

    public LegacyLDAPSecuritySettingPlugin setAdminPermissionValue(String str) {
        this.adminPermissionValue = str;
        return this;
    }

    public String getReadPermissionValue() {
        return this.readPermissionValue;
    }

    public LegacyLDAPSecuritySettingPlugin setReadPermissionValue(String str) {
        this.readPermissionValue = str;
        return this;
    }

    public String getWritePermissionValue() {
        return this.writePermissionValue;
    }

    public LegacyLDAPSecuritySettingPlugin setWritePermissionValue(String str) {
        this.writePermissionValue = str;
        return this;
    }

    public LegacyLDAPSecuritySettingPlugin setInitialContextFactory(String str) {
        this.initialContextFactory = str;
        return this;
    }

    public boolean isEnableListener() {
        return this.enableListener;
    }

    public LegacyLDAPSecuritySettingPlugin setEnableListener(boolean z) {
        this.enableListener = z;
        return this;
    }

    protected boolean isContextAlive() {
        boolean z = false;
        if (this.context != null) {
            try {
                this.context.getAttributes("");
                z = true;
            } catch (Exception e) {
            }
        }
        return z;
    }

    protected void open() throws NamingException {
        if (isContextAlive()) {
            return;
        }
        this.context = createContext();
        this.eventContext = (EventDirContext) this.context.lookup("");
        SearchControls searchControls = new SearchControls();
        searchControls.setReturningAttributes(new String[]{this.roleAttribute});
        searchControls.setSearchScope(2);
        if (this.enableListener) {
            this.eventContext.addNamingListener(this.destinationBase, this.filter, searchControls, new LDAPNamespaceChangeListener());
        }
    }

    private DirContext createContext() throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", this.initialContextFactory);
        if (this.connectionUsername == null || "".equals(this.connectionUsername)) {
            throw new NamingException("Empty username is not allowed");
        }
        hashtable.put("java.naming.security.principal", this.connectionUsername);
        if (this.connectionPassword == null || "".equals(this.connectionPassword)) {
            throw new NamingException("Empty password is not allowed");
        }
        hashtable.put("java.naming.security.credentials", this.connectionPassword);
        hashtable.put("java.naming.security.protocol", this.connectionProtocol);
        hashtable.put("java.naming.provider.url", this.connectionURL);
        hashtable.put("java.naming.security.authentication", this.authentication);
        return new InitialDirContext(hashtable);
    }

    @Override // org.apache.activemq.artemis.core.server.SecuritySettingPlugin
    public Map<String, Set<Role>> getSecurityRoles() {
        if (this.securityRoles == null) {
            populateSecurityRoles();
        }
        return this.securityRoles;
    }

    private LegacyLDAPSecuritySettingPlugin populateSecurityRoles() {
        ActiveMQServerLogger.LOGGER.populatingSecurityRolesFromLDAP(this.connectionURL);
        try {
            open();
            SearchControls searchControls = new SearchControls();
            searchControls.setReturningAttributes(new String[]{this.roleAttribute});
            searchControls.setSearchScope(2);
            this.securityRoles = new HashMap();
            try {
                NamingEnumeration search = this.context.search(this.destinationBase, this.filter, searchControls);
                while (search.hasMore()) {
                    processSearchResult(this.securityRoles, (SearchResult) search.next());
                }
            } catch (Exception e) {
                ActiveMQServerLogger.LOGGER.errorPopulatingSecurityRolesFromLDAP(e);
            }
            return this;
        } catch (Exception e2) {
            ActiveMQServerLogger.LOGGER.errorOpeningContextForLDAP(e2);
            return this;
        }
    }

    @Override // org.apache.activemq.artemis.core.server.SecuritySettingPlugin
    public void setSecurityRepository(HierarchicalRepository<Set<Role>> hierarchicalRepository) {
        this.securityRepository = hierarchicalRepository;
    }

    private void processSearchResult(Map<String, Set<Role>> map, SearchResult searchResult) throws NamingException {
        Attributes attributes = searchResult.getAttributes();
        if (attributes == null || attributes.size() == 0) {
            return;
        }
        LdapName ldapName = new LdapName(searchResult.getName());
        logger.debug("LDAP search result : " + ldapName);
        String str = null;
        String str2 = null;
        String str3 = "unknown";
        for (Rdn rdn : ldapName.getRdns()) {
            if (rdn.getType().equals("cn")) {
                logger.debug("\tPermission type: " + rdn.getValue());
                str = rdn.getValue().toString();
            }
            if (rdn.getType().equals("uid")) {
                logger.debug("\tDestination name: " + rdn.getValue());
                str2 = rdn.getValue().toString();
            }
            if (rdn.getType().equals("ou")) {
                String obj = rdn.getValue().toString();
                if (obj.toLowerCase().contains("queue")) {
                    str3 = "queue";
                } else if (obj.toLowerCase().contains("topic")) {
                    str3 = "topic";
                }
                logger.debug("\tDestination type: " + str3);
            }
        }
        logger.debug("\tAttributes: " + attributes);
        NamingEnumeration all = attributes.get(this.roleAttribute).getAll();
        Set<Role> set = map.get(str2);
        boolean z = false;
        if (set == null) {
            set = new HashSet();
        } else {
            z = true;
        }
        while (all.hasMore()) {
            LdapName ldapName2 = new LdapName((String) all.next());
            String obj2 = ldapName2.getRdn(ldapName2.size() - 1).getValue().toString();
            logger.debug("\tRole name: " + obj2);
            set.add(new Role(obj2, str.equalsIgnoreCase(this.writePermissionValue), str.equalsIgnoreCase(this.readPermissionValue), str.equalsIgnoreCase(this.adminPermissionValue), str.equalsIgnoreCase(this.adminPermissionValue), str.equalsIgnoreCase(this.adminPermissionValue), str.equalsIgnoreCase(this.adminPermissionValue), false, str.equalsIgnoreCase(this.readPermissionValue)));
        }
        if (z) {
            return;
        }
        map.put(str2, set);
    }

    @Override // org.apache.activemq.artemis.core.server.SecuritySettingPlugin
    public SecuritySettingPlugin stop() {
        try {
            this.eventContext.close();
        } catch (NamingException e) {
        }
        try {
            if (this.context != null) {
                this.context.close();
            }
        } catch (NamingException e2) {
        }
        return this;
    }

    public void objectAdded(NamingEvent namingEvent) {
        HashMap hashMap = new HashMap();
        try {
            processSearchResult(hashMap, (SearchResult) namingEvent.getNewBinding());
            for (Map.Entry<String, Set<Role>> entry : hashMap.entrySet()) {
                Set<Role> match = this.securityRepository.getMatch(entry.getKey());
                Iterator<Role> it = entry.getValue().iterator();
                while (it.hasNext()) {
                    match.add(it.next());
                }
            }
        } catch (NamingException e) {
            logger.warn("Failed to process an event", e.getMessage(), e);
        }
    }

    public void objectRemoved(NamingEvent namingEvent) {
        try {
            LdapName ldapName = new LdapName(namingEvent.getOldBinding().getName());
            String str = null;
            for (Rdn rdn : ldapName.getRdns()) {
                if (rdn.getType().equals("uid")) {
                    str = rdn.getValue().toString();
                }
            }
            Set<Role> match = this.securityRepository.getMatch(str);
            ArrayList arrayList = new ArrayList();
            for (Rdn rdn2 : ldapName.getRdns()) {
                if (rdn2.getValue().equals(this.writePermissionValue)) {
                    logger.debug("Removing write permission");
                    for (Role role : match) {
                        if (role.isSend()) {
                            arrayList.add(role);
                        }
                    }
                } else if (rdn2.getValue().equals(this.readPermissionValue)) {
                    logger.debug("Removing read permission");
                    for (Role role2 : match) {
                        if (role2.isConsume()) {
                            arrayList.add(role2);
                        }
                    }
                } else if (rdn2.getValue().equals(this.adminPermissionValue)) {
                    logger.debug("Removing admin permission");
                    for (Role role3 : match) {
                        if (role3.isCreateDurableQueue() || role3.isCreateNonDurableQueue() || role3.isDeleteDurableQueue() || role3.isDeleteNonDurableQueue()) {
                            arrayList.add(role3);
                        }
                    }
                }
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    match.remove((Role) it.next());
                }
            }
        } catch (NamingException e) {
            logger.warn("Failed to process an event", e.getMessage(), e);
        }
    }

    public void objectRenamed(NamingEvent namingEvent) {
    }

    public void objectChanged(NamingEvent namingEvent) {
        objectRemoved(namingEvent);
        objectAdded(namingEvent);
    }

    public void namingExceptionThrown(NamingExceptionEvent namingExceptionEvent) {
        this.context = null;
        ActiveMQServerLogger.LOGGER.error("Caught unexpected exception.", namingExceptionEvent.getException());
    }

    @Override // org.apache.activemq.artemis.core.server.SecuritySettingPlugin
    public /* bridge */ /* synthetic */ SecuritySettingPlugin init(Map map) {
        return init((Map<String, String>) map);
    }
}
