package org.apache.activemq.artemis.spi.core.security;

import java.lang.invoke.MethodHandles;
import java.security.Principal;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.activemq.artemis.core.persistence.StorageManager;
import org.apache.activemq.artemis.core.persistence.config.PersistedRole;
import org.apache.activemq.artemis.core.persistence.config.PersistedUser;
import org.apache.activemq.artemis.core.security.CheckType;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.core.security.User;
import org.apache.activemq.artemis.core.server.ActiveMQMessageBundle;
import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
import org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal;
import org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal;
import org.apache.activemq.artemis.utils.ClassloadingUtil;
import org.apache.activemq.artemis.utils.SecurityManagerUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:artemis-server-2.31.0.jar:org/apache/activemq/artemis/spi/core/security/ActiveMQBasicSecurityManager.class */
public class ActiveMQBasicSecurityManager implements ActiveMQSecurityManager5, UserManagement {
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    public static final String BOOTSTRAP_USER = "bootstrapUser";
    public static final String BOOTSTRAP_PASSWORD = "bootstrapPassword";
    public static final String BOOTSTRAP_ROLE = "bootstrapRole";
    public static final String BOOTSTRAP_USER_FILE = "bootstrapUserFile";
    public static final String BOOTSTRAP_ROLE_FILE = "bootstrapRoleFile";
    private Map<String, String> properties;
    private String rolePrincipalClass = RolePrincipal.class.getName();
    private StorageManager storageManager;

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager
    public ActiveMQBasicSecurityManager init(Map<String, String> map) {
        if ((map.containsKey(BOOTSTRAP_USER) && map.containsKey(BOOTSTRAP_PASSWORD) && map.containsKey(BOOTSTRAP_ROLE)) || (map.containsKey(BOOTSTRAP_USER_FILE) && map.containsKey(BOOTSTRAP_ROLE_FILE))) {
            this.properties = map;
        } else {
            ActiveMQServerLogger.LOGGER.noBootstrapCredentialsFound();
        }
        return this;
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager
    public boolean validateUser(String str, String str2) {
        throw new UnsupportedOperationException("Invoke authenticate(String, String, RemotingConnection, String) instead");
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager5
    public Subject authenticate(String str, String str2, RemotingConnection remotingConnection, String str3) {
        PersistedUser persistedUser;
        try {
            if (!this.storageManager.isStarted() || this.storageManager.getPersistedUsers() == null || (persistedUser = this.storageManager.getPersistedUsers().get(str)) == null || !new User(persistedUser.getUsername(), persistedUser.getPassword()).isValid(str, str2)) {
                return null;
            }
            Subject subject = new Subject();
            subject.getPrincipals().add(new UserPrincipal(str));
            Iterator<String> it = getRole(str).getRoles().iterator();
            while (it.hasNext()) {
                subject.getPrincipals().add((Principal) SecurityManagerUtil.createGroupPrincipal(it.next(), this.rolePrincipalClass));
            }
            return subject;
        } catch (Exception e) {
            logger.debug("Couldn't validate user", e);
            return null;
        }
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager
    public boolean validateUserAndRole(String str, String str2, Set<Role> set, CheckType checkType) {
        throw new UnsupportedOperationException("Invoke authorize(Subject, Set<Role>, CheckType, String) instead");
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager5
    public boolean authorize(Subject subject, Set<Role> set, CheckType checkType, String str) {
        boolean authorize = SecurityManagerUtil.authorize(subject, set, checkType, this.rolePrincipalClass);
        if (authorize) {
            logger.trace("user is authorized");
        } else {
            logger.trace("user is NOT authorized");
        }
        return authorize;
    }

    @Override // org.apache.activemq.artemis.spi.core.security.UserManagement
    public synchronized void addNewUser(String str, String str2, String... strArr) throws Exception {
        if (str == null) {
            throw ActiveMQMessageBundle.BUNDLE.nullUser();
        }
        if (str2 == null) {
            throw ActiveMQMessageBundle.BUNDLE.nullPassword();
        }
        if (userExists(str)) {
            throw ActiveMQMessageBundle.BUNDLE.userAlreadyExists(str);
        }
        this.storageManager.storeUser(new PersistedUser(str, str2));
        this.storageManager.storeRole(new PersistedRole(str, Arrays.asList(strArr)));
    }

    @Override // org.apache.activemq.artemis.spi.core.security.UserManagement
    public synchronized void removeUser(String str) throws Exception {
        if (!userExists(str)) {
            throw ActiveMQMessageBundle.BUNDLE.userDoesNotExist(str);
        }
        this.storageManager.deleteUser(str);
        this.storageManager.deleteRole(str);
    }

    @Override // org.apache.activemq.artemis.spi.core.security.UserManagement
    public synchronized Map<String, Set<String>> listUser(String str) {
        if (str != null && str.length() != 0 && !userExists(str)) {
            throw ActiveMQMessageBundle.BUNDLE.userDoesNotExist(str);
        }
        HashMap hashMap = new HashMap();
        if (str == null || str.length() <= 0) {
            for (String str2 : this.storageManager.getPersistedUsers().keySet()) {
                hashMap.put(str2, new HashSet(getRole(str2).getRoles()));
            }
        } else {
            hashMap.put(str, new HashSet(getRole(str).getRoles()));
        }
        return hashMap;
    }

    @Override // org.apache.activemq.artemis.spi.core.security.UserManagement
    public synchronized void updateUser(String str, String str2, String... strArr) throws Exception {
        if (!userExists(str)) {
            throw ActiveMQMessageBundle.BUNDLE.userDoesNotExist(str);
        }
        if (str2 != null) {
            this.storageManager.deleteUser(str);
            this.storageManager.storeUser(new PersistedUser(str, str2));
        }
        if (strArr == null || strArr.length <= 0) {
            return;
        }
        this.storageManager.deleteRole(str);
        this.storageManager.storeRole(new PersistedRole(str, Arrays.asList(strArr)));
    }

    public void completeInit(StorageManager storageManager) {
        this.storageManager = storageManager;
        if (this.properties != null && this.properties.containsKey(BOOTSTRAP_USER_FILE) && this.properties.containsKey(BOOTSTRAP_ROLE_FILE)) {
            Properties loadProperties = ClassloadingUtil.loadProperties(this.properties.get(BOOTSTRAP_USER_FILE));
            Map<String, Set<String>> invertProperties = invertProperties(ClassloadingUtil.loadProperties(this.properties.get(BOOTSTRAP_ROLE_FILE)));
            for (String str : loadProperties.stringPropertyNames()) {
                addOrUpdateUser(str, loadProperties.getProperty(str), (String[]) invertProperties.get(str).toArray(new String[0]));
            }
            return;
        }
        if (this.properties != null && this.properties.containsKey(BOOTSTRAP_USER) && this.properties.containsKey(BOOTSTRAP_PASSWORD) && this.properties.containsKey(BOOTSTRAP_ROLE)) {
            addOrUpdateUser(this.properties.get(BOOTSTRAP_USER), this.properties.get(BOOTSTRAP_PASSWORD), this.properties.get(BOOTSTRAP_ROLE));
        }
    }

    private void addOrUpdateUser(String str, String str2, String... strArr) {
        try {
            if (userExists(str)) {
                updateUser(str, str2, strArr);
            } else {
                addNewUser(str, str2, strArr);
            }
        } catch (Exception e) {
            ActiveMQServerLogger.LOGGER.failedToCreateBootstrapCredentials(str, e);
        }
    }

    private Map<String, Set<String>> invertProperties(Properties properties) {
        HashMap hashMap = new HashMap();
        for (Map.Entry entry : properties.entrySet()) {
            for (String str : ((String) entry.getValue()).split(",")) {
                Set set = (Set) hashMap.get(str);
                if (set == null) {
                    set = new HashSet();
                    hashMap.put(str, set);
                }
                set.add((String) entry.getKey());
            }
        }
        return hashMap;
    }

    private boolean userExists(String str) {
        return (str == null || this.storageManager.getPersistedUsers() == null || !this.storageManager.getPersistedUsers().containsKey(str)) ? false : true;
    }

    private PersistedRole getRole(String str) {
        return this.storageManager.getPersistedRoles().get(str);
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager
    public /* bridge */ /* synthetic */ ActiveMQSecurityManager init(Map map) {
        return init((Map<String, String>) map);
    }
}
