package org.apache.activemq.artemis.spi.core.security;

import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration;
import org.apache.activemq.artemis.core.remoting.CertificateUtil;
import org.apache.activemq.artemis.core.security.CheckType;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.core.server.ActiveMQServerLogger;
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
import org.apache.activemq.artemis.spi.core.security.jaas.JaasCallbackHandler;
import org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal;
import org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal;
import org.jboss.logging.Logger;

/* loaded from: input_file:artemis-server-2.6.4.jar:org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.class */
public class ActiveMQJAASSecurityManager implements ActiveMQSecurityManager3 {
    private static final Logger logger = Logger.getLogger(ActiveMQJAASSecurityManager.class);
    private static final String WILDCARD = "*";
    private String configurationName;
    private String certificateConfigurationName;
    private SecurityConfiguration configuration;
    private SecurityConfiguration certificateConfiguration;
    private String rolePrincipalClass = "org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal";

    public ActiveMQJAASSecurityManager() {
    }

    public ActiveMQJAASSecurityManager(String str) {
        this.configurationName = str;
    }

    public ActiveMQJAASSecurityManager(String str, String str2) {
        this.configurationName = str;
        this.certificateConfigurationName = str2;
    }

    public ActiveMQJAASSecurityManager(String str, SecurityConfiguration securityConfiguration) {
        this.configurationName = str;
        this.configuration = securityConfiguration;
    }

    public ActiveMQJAASSecurityManager(String str, String str2, SecurityConfiguration securityConfiguration, SecurityConfiguration securityConfiguration2) {
        this.configurationName = str;
        this.configuration = securityConfiguration;
        this.certificateConfigurationName = str2;
        this.certificateConfiguration = securityConfiguration2;
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager
    public boolean validateUser(String str, String str2) {
        throw new UnsupportedOperationException("Invoke validateUser(String, String, X509Certificate[]) instead");
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager3
    public String validateUser(String str, String str2, RemotingConnection remotingConnection) {
        try {
            return getUserFromSubject(getAuthenticatedSubject(str, str2, remotingConnection));
        } catch (LoginException e) {
            if (!logger.isDebugEnabled()) {
                return null;
            }
            logger.debug("Couldn't validate user", e);
            return null;
        }
    }

    public String getUserFromSubject(Subject subject) {
        String str = "";
        Iterator it = subject.getPrincipals(UserPrincipal.class).iterator();
        while (it.hasNext()) {
            str = ((UserPrincipal) it.next()).getName();
        }
        return str;
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager
    public boolean validateUserAndRole(String str, String str2, Set<Role> set, CheckType checkType) {
        throw new UnsupportedOperationException("Invoke validateUserAndRole(String, String, Set<Role>, CheckType, String, RemotingConnection) instead");
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager3
    public String validateUserAndRole(String str, String str2, Set<Role> set, CheckType checkType, String str3, RemotingConnection remotingConnection) {
        try {
            Subject authenticatedSubject = getAuthenticatedSubject(str, str2, remotingConnection);
            boolean z = false;
            if (authenticatedSubject != null) {
                Set<RolePrincipal> principalsInRole = getPrincipalsInRole(checkType, set);
                HashSet hashSet = new HashSet();
                try {
                    hashSet.addAll(authenticatedSubject.getPrincipals(Class.forName(this.rolePrincipalClass).asSubclass(Principal.class)));
                } catch (Exception e) {
                    ActiveMQServerLogger.LOGGER.failedToFindRolesForTheSubject(e);
                }
                if (hashSet.size() > 0 && principalsInRole.size() > 0) {
                    Iterator it = hashSet.iterator();
                    while (!z && it.hasNext()) {
                        Iterator<RolePrincipal> it2 = principalsInRole.iterator();
                        Principal principal = (Principal) it.next();
                        while (!z && it2.hasNext()) {
                            z = principal.equals(it2.next());
                        }
                    }
                }
                if (logger.isTraceEnabled()) {
                    logger.trace("user " + (z ? " is " : " is NOT ") + "authorized");
                }
            }
            if (z) {
                return getUserFromSubject(authenticatedSubject);
            }
            return null;
        } catch (LoginException e2) {
            if (!logger.isDebugEnabled()) {
                return null;
            }
            logger.debug("Couldn't validate user", e2);
            return null;
        }
    }

    private Subject getAuthenticatedSubject(String str, String str2, RemotingConnection remotingConnection) throws LoginException {
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        ClassLoader classLoader = getClass().getClassLoader();
        if (classLoader != contextClassLoader) {
            try {
                Thread.currentThread().setContextClassLoader(classLoader);
            } catch (Throwable th) {
                if (classLoader != contextClassLoader) {
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                }
                throw th;
            }
        }
        LoginContext loginContext = (this.certificateConfigurationName == null || this.certificateConfigurationName.length() <= 0 || CertificateUtil.getCertsFromConnection(remotingConnection) == null) ? new LoginContext(this.configurationName, (Subject) null, new JaasCallbackHandler(str, str2, remotingConnection), this.configuration) : new LoginContext(this.certificateConfigurationName, (Subject) null, new JaasCallbackHandler(str, str2, remotingConnection), this.certificateConfiguration);
        loginContext.login();
        Subject subject = loginContext.getSubject();
        if (classLoader != contextClassLoader) {
            Thread.currentThread().setContextClassLoader(contextClassLoader);
        }
        return subject;
    }

    private Set<RolePrincipal> getPrincipalsInRole(CheckType checkType, Set<Role> set) {
        HashSet hashSet = new HashSet();
        for (Role role : set) {
            if (checkType.hasRole(role)) {
                try {
                    hashSet.add(createGroupPrincipal(role.getName(), this.rolePrincipalClass));
                } catch (Exception e) {
                    ActiveMQServerLogger.LOGGER.failedAddRolePrincipal(e);
                }
            }
        }
        return hashSet;
    }

    public void setConfigurationName(String str) {
        this.configurationName = str;
    }

    public void setConfiguration(SecurityConfiguration securityConfiguration) {
        this.configuration = securityConfiguration;
    }

    public void setCertificateConfigurationName(String str) {
        this.certificateConfigurationName = str;
    }

    public void setCertificateConfiguration(SecurityConfiguration securityConfiguration) {
        this.certificateConfiguration = securityConfiguration;
    }

    public SecurityConfiguration getConfiguration() {
        if (this.configuration == null) {
            this.configuration = new SecurityConfiguration();
        }
        return this.configuration;
    }

    public SecurityConfiguration getCertificateConfiguration() {
        if (this.certificateConfiguration == null) {
            this.certificateConfiguration = new SecurityConfiguration();
        }
        return this.certificateConfiguration;
    }

    public String getRolePrincipalClass() {
        return this.rolePrincipalClass;
    }

    public void setRolePrincipalClass(String str) {
        this.rolePrincipalClass = str;
    }

    public static Object createGroupPrincipal(String str, String str2) throws Exception {
        Object newInstance;
        if ("*".equals(str)) {
            return new Principal() { // from class: org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager.1
                @Override // java.security.Principal
                public String getName() {
                    return "*";
                }

                @Override // java.security.Principal
                public boolean equals(Object obj) {
                    return true;
                }

                @Override // java.security.Principal
                public int hashCode() {
                    return "*".hashCode();
                }
            };
        }
        Object[] objArr = {str};
        Class<?> cls = Class.forName(str2);
        Constructor<?>[] constructors = cls.getConstructors();
        int i = 0;
        while (i < constructors.length) {
            Class<?>[] parameterTypes = constructors[i].getParameterTypes();
            if (parameterTypes.length != 0 && parameterTypes[0].equals(String.class)) {
                break;
            }
            i++;
        }
        if (i < constructors.length) {
            newInstance = constructors[i].newInstance(objArr);
        } else {
            newInstance = cls.newInstance();
            Method[] methods = cls.getMethods();
            int i2 = 0;
            while (i2 < methods.length) {
                Class<?>[] parameterTypes2 = methods[i2].getParameterTypes();
                if (parameterTypes2.length != 0 && methods[i2].getName().equals("setName") && parameterTypes2[0].equals(String.class)) {
                    break;
                }
                i2++;
            }
            if (i2 >= methods.length) {
                throw new NoSuchMethodException();
            }
            methods[i2].invoke(newInstance, objArr);
        }
        return newInstance;
    }
}
