package org.apache.qpid.server.security;

import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.Collections;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.security.auth.Subject;
import javax.security.auth.SubjectDomainCombiner;
import org.apache.qpid.server.model.AccessControlProvider;
import org.apache.qpid.server.model.Binding;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.BrokerLogInclusionRule;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.Connection;
import org.apache.qpid.server.model.Consumer;
import org.apache.qpid.server.model.Exchange;
import org.apache.qpid.server.model.ExclusivityPolicy;
import org.apache.qpid.server.model.Group;
import org.apache.qpid.server.model.GroupMember;
import org.apache.qpid.server.model.LifetimePolicy;
import org.apache.qpid.server.model.Model;
import org.apache.qpid.server.model.PreferencesProvider;
import org.apache.qpid.server.model.Queue;
import org.apache.qpid.server.model.RemoteReplicationNode;
import org.apache.qpid.server.model.Session;
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.User;
import org.apache.qpid.server.model.VirtualHost;
import org.apache.qpid.server.model.VirtualHostAlias;
import org.apache.qpid.server.model.VirtualHostLogInclusionRule;
import org.apache.qpid.server.model.VirtualHostLogger;
import org.apache.qpid.server.model.VirtualHostNode;
import org.apache.qpid.server.queue.QueueConsumer;
import org.apache.qpid.server.security.access.ObjectProperties;
import org.apache.qpid.server.security.access.ObjectType;
import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.security.access.OperationLoggingDetails;
import org.apache.qpid.server.security.auth.AuthenticatedPrincipal;
import org.apache.qpid.server.security.auth.TaskPrincipal;
import org.apache.qpid.server.transport.AMQPConnection;

/* loaded from: input_file:org/apache/qpid/server/security/SecurityManager.class */
public class SecurityManager {
    private static final SystemPrincipal SYSTEM_PRINCIPAL = new SystemPrincipal();
    private static final Subject SYSTEM = new Subject(true, Collections.singleton(SYSTEM_PRINCIPAL), Collections.emptySet(), Collections.emptySet());
    private final boolean _managementMode;
    private final ConfiguredObject<?> _aclProvidersParent;
    private final ConcurrentMap<PublishAccessCheckCacheEntry, PublishAccessCheck> _publishAccessCheckCache = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/qpid/server/security/SecurityManager$AccessCheck.class */
    public abstract class AccessCheck {
        private AccessCheck() {
        }

        abstract Result allowed(AccessControl accessControl);
    }

    /* loaded from: input_file:org/apache/qpid/server/security/SecurityManager$PublishAccessCheck.class */
    private class PublishAccessCheck extends AccessCheck {
        private final ObjectProperties _props;

        public PublishAccessCheck(ObjectProperties objectProperties) {
            super();
            this._props = objectProperties;
        }

        @Override // org.apache.qpid.server.security.SecurityManager.AccessCheck
        Result allowed(AccessControl accessControl) {
            return accessControl.authorise(Operation.PUBLISH, ObjectType.EXCHANGE, this._props);
        }
    }

    /* loaded from: input_file:org/apache/qpid/server/security/SecurityManager$PublishAccessCheckCacheEntry.class */
    public static class PublishAccessCheckCacheEntry {
        private final boolean _immediate;
        private final String _routingKey;
        private final String _exchangeName;
        private final String _virtualHostName;

        public PublishAccessCheckCacheEntry(boolean z, String str, String str2, String str3) {
            this._immediate = z;
            this._routingKey = str;
            this._exchangeName = str2;
            this._virtualHostName = str3;
        }

        public int hashCode() {
            return (31 * ((31 * ((31 * ((31 * 1) + (this._exchangeName == null ? 0 : this._exchangeName.hashCode()))) + (this._immediate ? 1231 : 1237))) + (this._routingKey == null ? 0 : this._routingKey.hashCode()))) + (this._virtualHostName == null ? 0 : this._virtualHostName.hashCode());
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            PublishAccessCheckCacheEntry publishAccessCheckCacheEntry = (PublishAccessCheckCacheEntry) obj;
            if (this._exchangeName == null) {
                if (publishAccessCheckCacheEntry._exchangeName != null) {
                    return false;
                }
            } else if (!this._exchangeName.equals(publishAccessCheckCacheEntry._exchangeName)) {
                return false;
            }
            if (this._immediate != publishAccessCheckCacheEntry._immediate) {
                return false;
            }
            if (this._routingKey == null) {
                if (publishAccessCheckCacheEntry._routingKey != null) {
                    return false;
                }
            } else if (!this._routingKey.equals(publishAccessCheckCacheEntry._routingKey)) {
                return false;
            }
            return this._virtualHostName == null ? publishAccessCheckCacheEntry._virtualHostName == null : this._virtualHostName.equals(publishAccessCheckCacheEntry._virtualHostName);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/qpid/server/security/SecurityManager$SystemPrincipal.class */
    public static final class SystemPrincipal implements Principal {
        private SystemPrincipal() {
        }

        @Override // java.security.Principal
        public String getName() {
            return "SYSTEM";
        }
    }

    public SecurityManager(ConfiguredObject<?> configuredObject, boolean z) {
        this._managementMode = z;
        this._aclProvidersParent = configuredObject;
    }

    public static Subject getSubjectWithAddedSystemRights() {
        Subject subject = Subject.getSubject(AccessController.getContext());
        Subject subject2 = subject == null ? new Subject() : new Subject(false, subject.getPrincipals(), subject.getPublicCredentials(), subject.getPrivateCredentials());
        subject2.getPrincipals().addAll(SYSTEM.getPrincipals());
        subject2.setReadOnly();
        return subject2;
    }

    public static Subject getSystemTaskSubject(String str) {
        return getSystemSubject(new TaskPrincipal(str));
    }

    public static AccessControlContext getSystemTaskControllerContext(String str, Principal principal) {
        final Subject systemTaskSubject = getSystemTaskSubject(str, principal);
        final AccessControlContext context = AccessController.getContext();
        return (AccessControlContext) AccessController.doPrivileged(new PrivilegedAction<AccessControlContext>() { // from class: org.apache.qpid.server.security.SecurityManager.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public AccessControlContext run() {
                return systemTaskSubject == null ? new AccessControlContext(context, null) : new AccessControlContext(context, new SubjectDomainCombiner(systemTaskSubject));
            }
        });
    }

    public static Subject getSystemTaskSubject(String str, Principal principal) {
        return getSystemSubject(new TaskPrincipal(str), principal);
    }

    private static Subject getSystemSubject(Principal... principalArr) {
        Subject subject = new Subject(false, SYSTEM.getPrincipals(), SYSTEM.getPublicCredentials(), SYSTEM.getPrivateCredentials());
        if (principalArr != null) {
            for (Principal principal : principalArr) {
                subject.getPrincipals().add(principal);
            }
        }
        subject.setReadOnly();
        return subject;
    }

    public static boolean isSystemProcess() {
        return isSystemSubject(Subject.getSubject(AccessController.getContext()));
    }

    public static boolean isSystemSubject(Subject subject) {
        return subject != null && subject.getPrincipals().contains(SYSTEM_PRINCIPAL);
    }

    public static AuthenticatedPrincipal getCurrentUser() {
        AuthenticatedPrincipal authenticatedPrincipal;
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (subject != null) {
            Set principals = subject.getPrincipals(AuthenticatedPrincipal.class);
            authenticatedPrincipal = (principals == null || principals.isEmpty()) ? null : (AuthenticatedPrincipal) principals.iterator().next();
        } else {
            authenticatedPrincipal = null;
        }
        return authenticatedPrincipal;
    }

    public static AccessControlContext getAccessControlContextFromSubject(final Subject subject) {
        final AccessControlContext context = AccessController.getContext();
        return (AccessControlContext) AccessController.doPrivileged(new PrivilegedAction<AccessControlContext>() { // from class: org.apache.qpid.server.security.SecurityManager.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public AccessControlContext run() {
                return subject == null ? new AccessControlContext(context, null) : new AccessControlContext(context, new SubjectDomainCombiner(subject));
            }
        });
    }

    private boolean checkAllPlugins(AccessCheck accessCheck) {
        return checkAllPlugins(accessCheck, Subject.getSubject(AccessController.getContext()));
    }

    private boolean checkAllPlugins(AccessCheck accessCheck, Subject subject) {
        Collection<C> children;
        if (isSystemSubject(subject) || this._managementMode || (children = this._aclProvidersParent.getChildren(AccessControlProvider.class)) == 0 || children.isEmpty()) {
            return true;
        }
        AccessControlProvider accessControlProvider = (AccessControlProvider) children.iterator().next();
        if (accessControlProvider == null || accessControlProvider.getState() != State.ACTIVE || accessControlProvider.getAccessControl() == null) {
            return false;
        }
        Result allowed = accessCheck.allowed(accessControlProvider.getAccessControl());
        if (allowed == Result.DEFER) {
            allowed = accessControlProvider.getAccessControl().getDefault();
        }
        return allowed != Result.DENIED;
    }

    public void authoriseMethod(final Operation operation, final String str, final String str2, final String str3) {
        if (!checkAllPlugins(new AccessCheck() { // from class: org.apache.qpid.server.security.SecurityManager.3
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.apache.qpid.server.security.SecurityManager.AccessCheck
            Result allowed(AccessControl accessControl) {
                ObjectProperties objectProperties = new ObjectProperties();
                objectProperties.setName(str2);
                if (str != null) {
                    objectProperties.put(ObjectProperties.Property.COMPONENT, str);
                }
                if (str3 != null) {
                    objectProperties.put(ObjectProperties.Property.VIRTUALHOST_NAME, str3);
                }
                return accessControl.authorise(operation, ObjectType.METHOD, objectProperties);
            }
        })) {
            throw new AccessControlException("Permission denied: " + operation.name() + " " + str2);
        }
    }

    public void accessManagement() {
        if (!checkAllPlugins(new AccessCheck() { // from class: org.apache.qpid.server.security.SecurityManager.4
            @Override // org.apache.qpid.server.security.SecurityManager.AccessCheck
            Result allowed(AccessControl accessControl) {
                return accessControl.authorise(Operation.ACCESS, ObjectType.MANAGEMENT, ObjectProperties.EMPTY);
            }
        })) {
            throw new AccessControlException("User is not authorised for management");
        }
    }

    public void authoriseCreateConnection(AMQPConnection<?> aMQPConnection) {
        String virtualHostName = aMQPConnection.getVirtualHostName();
        ObjectProperties objectProperties = new ObjectProperties(virtualHostName);
        objectProperties.put(ObjectProperties.Property.VIRTUALHOST_NAME, virtualHostName);
        if (!checkAllPlugins(ObjectType.VIRTUALHOST, objectProperties, Operation.ACCESS)) {
            throw new AccessControlException("Permission denied: " + virtualHostName);
        }
    }

    public void authoriseCreate(ConfiguredObject<?> configuredObject) {
        authorise(Operation.CREATE, configuredObject);
    }

    public void authoriseUpdate(ConfiguredObject<?> configuredObject) {
        authorise(Operation.UPDATE, configuredObject);
    }

    public void authoriseDelete(ConfiguredObject<?> configuredObject) {
        authorise(Operation.DELETE, configuredObject);
    }

    public void authorise(Operation operation, ConfiguredObject<?> configuredObject) {
        if (isSystemProcess() || this._managementMode || isAllowedOperation(operation, configuredObject)) {
            return;
        }
        Class<? extends ConfiguredObject> categoryClass = configuredObject.getCategoryClass();
        ObjectType aCLObjectTypeManagingConfiguredObjectOfCategory = getACLObjectTypeManagingConfiguredObjectOfCategory(categoryClass);
        if (aCLObjectTypeManagingConfiguredObjectOfCategory == null) {
            throw new IllegalArgumentException("Cannot identify object type for category " + categoryClass);
        }
        ObjectProperties aCLObjectProperties = getACLObjectProperties(configuredObject, operation);
        Operation validateAuthoriseOperation = validateAuthoriseOperation(operation, categoryClass);
        if (checkAllPlugins(aCLObjectTypeManagingConfiguredObjectOfCategory, aCLObjectProperties, validateAuthoriseOperation)) {
            return;
        }
        StringBuilder sb = new StringBuilder(String.format("Permission %s %s is denied for : %s %s '%s'", validateAuthoriseOperation.name(), aCLObjectTypeManagingConfiguredObjectOfCategory.name(), operation.name(), categoryClass.getSimpleName(), (String) configuredObject.getAttribute(ConfiguredObject.NAME)));
        Collection<Class<? extends ConfiguredObject>> parentTypes = getModel().getParentTypes(categoryClass);
        if (parentTypes != null) {
            sb.append(" on");
            for (Class<? extends ConfiguredObject> cls : parentTypes) {
                String simpleName = cls.getSimpleName();
                ConfiguredObject parent = configuredObject.getParent(cls);
                sb.append(" ").append(simpleName);
                if (parent != null) {
                    sb.append(" '").append(parent.getAttribute(ConfiguredObject.NAME)).append("'");
                }
            }
        }
        throw new AccessControlException(sb.toString());
    }

    private boolean isAllowedOperation(Operation operation, ConfiguredObject<?> configuredObject) {
        if ((configuredObject instanceof Session) && (operation == Operation.CREATE || operation == Operation.UPDATE || operation == Operation.DELETE)) {
            return true;
        }
        if ((configuredObject instanceof Consumer) && (operation == Operation.UPDATE || operation == Operation.DELETE)) {
            return true;
        }
        if (configuredObject instanceof Connection) {
            return operation == Operation.UPDATE || operation == Operation.DELETE;
        }
        return false;
    }

    private Model getModel() {
        return this._aclProvidersParent.getModel();
    }

    private boolean checkAllPlugins(final ObjectType objectType, final ObjectProperties objectProperties, final Operation operation) {
        return checkAllPlugins(new AccessCheck() { // from class: org.apache.qpid.server.security.SecurityManager.5
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.apache.qpid.server.security.SecurityManager.AccessCheck
            Result allowed(AccessControl accessControl) {
                return accessControl.authorise(operation, objectType, objectProperties);
            }
        });
    }

    private Operation validateAuthoriseOperation(Operation operation, Class<? extends ConfiguredObject> cls) {
        if (operation == Operation.CREATE || operation == Operation.UPDATE) {
            if (Binding.class.isAssignableFrom(cls)) {
                return Operation.BIND;
            }
            if (Consumer.class.isAssignableFrom(cls)) {
                return Operation.CONSUME;
            }
            if (GroupMember.class.isAssignableFrom(cls)) {
                return Operation.UPDATE;
            }
            if (isBrokerType(cls)) {
                return Operation.CONFIGURE;
            }
        } else if (operation == Operation.DELETE) {
            if (Binding.class.isAssignableFrom(cls)) {
                return Operation.UNBIND;
            }
            if (isBrokerType(cls)) {
                return Operation.CONFIGURE;
            }
            if (GroupMember.class.isAssignableFrom(cls)) {
                return Operation.UPDATE;
            }
        }
        return operation;
    }

    private boolean isBrokerType(Class<? extends ConfiguredObject> cls) {
        return Broker.class.isAssignableFrom(cls) || PreferencesProvider.class.isAssignableFrom(cls) || BrokerLogInclusionRule.class.isAssignableFrom(cls) || VirtualHostAlias.class.isAssignableFrom(cls) || (!VirtualHostNode.class.isAssignableFrom(cls) && getModel().getChildTypes(Broker.class).contains(cls));
    }

    private ObjectProperties getACLObjectProperties(ConfiguredObject<?> configuredObject, Operation operation) {
        String str = (String) configuredObject.getAttribute(ConfiguredObject.NAME);
        Class<? extends ConfiguredObject> categoryClass = configuredObject.getCategoryClass();
        ObjectProperties objectProperties = new ObjectProperties(str);
        if (configuredObject instanceof Binding) {
            Exchange exchange = (Exchange) configuredObject.getParent(Exchange.class);
            Queue queue = (Queue) configuredObject.getParent(Queue.class);
            objectProperties.setName((String) exchange.getAttribute(ConfiguredObject.NAME));
            objectProperties.put(ObjectProperties.Property.QUEUE_NAME, (String) queue.getAttribute(ConfiguredObject.NAME));
            objectProperties.put(ObjectProperties.Property.ROUTING_KEY, (String) configuredObject.getAttribute(ConfiguredObject.NAME));
            objectProperties.put(ObjectProperties.Property.VIRTUALHOST_NAME, (String) ((VirtualHost) queue.getParent(VirtualHost.class)).getAttribute(ConfiguredObject.NAME));
            objectProperties.put(ObjectProperties.Property.TEMPORARY, Boolean.valueOf(queue.getAttribute(ConfiguredObject.LIFETIME_POLICY) != LifetimePolicy.PERMANENT));
            objectProperties.put(ObjectProperties.Property.DURABLE, (Boolean) queue.getAttribute(ConfiguredObject.DURABLE));
        } else if (configuredObject instanceof Queue) {
            setQueueProperties(configuredObject, objectProperties);
        } else if (configuredObject instanceof Exchange) {
            Object attribute = configuredObject.getAttribute(ConfiguredObject.LIFETIME_POLICY);
            objectProperties.put(ObjectProperties.Property.AUTO_DELETE, Boolean.valueOf(attribute != LifetimePolicy.PERMANENT));
            objectProperties.put(ObjectProperties.Property.TEMPORARY, Boolean.valueOf(attribute != LifetimePolicy.PERMANENT));
            objectProperties.put(ObjectProperties.Property.DURABLE, (Boolean) configuredObject.getAttribute(ConfiguredObject.DURABLE));
            objectProperties.put(ObjectProperties.Property.TYPE, (String) configuredObject.getAttribute(ConfiguredObject.TYPE));
            objectProperties.put(ObjectProperties.Property.VIRTUALHOST_NAME, (String) ((VirtualHost) configuredObject.getParent(VirtualHost.class)).getAttribute(ConfiguredObject.NAME));
        } else if (configuredObject instanceof QueueConsumer) {
            setQueueProperties((Queue) configuredObject.getParent(Queue.class), objectProperties);
        } else if (isBrokerType(categoryClass)) {
            Object[] objArr = new Object[3];
            objArr[0] = operation == null ? null : operation.name().toLowerCase();
            objArr[1] = categoryClass == null ? null : categoryClass.getSimpleName().toLowerCase();
            objArr[2] = str;
            objectProperties = new OperationLoggingDetails(String.format("%s %s '%s'", objArr));
        } else if (isVirtualHostType(categoryClass)) {
            objectProperties = new ObjectProperties((String) getModel().getAncestor(VirtualHost.class, configuredObject).getAttribute(ConfiguredObject.NAME));
        }
        return objectProperties;
    }

    private void setQueueProperties(ConfiguredObject<?> configuredObject, ObjectProperties objectProperties) {
        objectProperties.setName((String) configuredObject.getAttribute(ConfiguredObject.NAME));
        Object attribute = configuredObject.getAttribute(ConfiguredObject.LIFETIME_POLICY);
        objectProperties.put(ObjectProperties.Property.AUTO_DELETE, Boolean.valueOf(attribute != LifetimePolicy.PERMANENT));
        objectProperties.put(ObjectProperties.Property.TEMPORARY, Boolean.valueOf(attribute != LifetimePolicy.PERMANENT));
        objectProperties.put(ObjectProperties.Property.DURABLE, (Boolean) configuredObject.getAttribute(ConfiguredObject.DURABLE));
        objectProperties.put(ObjectProperties.Property.EXCLUSIVE, Boolean.valueOf(configuredObject.getAttribute("exclusive") != ExclusivityPolicy.NONE));
        Object attribute2 = configuredObject.getAttribute("alternateExchange");
        if (attribute2 != null) {
            objectProperties.put(ObjectProperties.Property.ALTERNATE, attribute2 instanceof ConfiguredObject ? (String) ((ConfiguredObject) attribute2).getAttribute(ConfiguredObject.NAME) : String.valueOf(attribute2));
        }
        String str = (String) configuredObject.getAttribute(Queue.OWNER);
        if (str != null) {
            objectProperties.put(ObjectProperties.Property.OWNER, str);
        }
        objectProperties.put(ObjectProperties.Property.VIRTUALHOST_NAME, (String) ((VirtualHost) configuredObject.getParent(VirtualHost.class)).getAttribute(ConfiguredObject.NAME));
    }

    private ObjectType getACLObjectTypeManagingConfiguredObjectOfCategory(Class<? extends ConfiguredObject> cls) {
        if (Binding.class.isAssignableFrom(cls)) {
            return ObjectType.EXCHANGE;
        }
        if (VirtualHostNode.class.isAssignableFrom(cls)) {
            return ObjectType.VIRTUALHOSTNODE;
        }
        if (isBrokerType(cls)) {
            return ObjectType.BROKER;
        }
        if (isVirtualHostType(cls)) {
            return ObjectType.VIRTUALHOST;
        }
        if (!Group.class.isAssignableFrom(cls) && !GroupMember.class.isAssignableFrom(cls)) {
            if (User.class.isAssignableFrom(cls)) {
                return ObjectType.USER;
            }
            if (Queue.class.isAssignableFrom(cls)) {
                return ObjectType.QUEUE;
            }
            if (!Exchange.class.isAssignableFrom(cls) && !Session.class.isAssignableFrom(cls)) {
                if (Consumer.class.isAssignableFrom(cls)) {
                    return ObjectType.QUEUE;
                }
                if (RemoteReplicationNode.class.isAssignableFrom(cls)) {
                    return ObjectType.VIRTUALHOSTNODE;
                }
                return null;
            }
            return ObjectType.EXCHANGE;
        }
        return ObjectType.GROUP;
    }

    private boolean isVirtualHostType(Class<? extends ConfiguredObject> cls) {
        return VirtualHost.class.isAssignableFrom(cls) || VirtualHostLogger.class.isAssignableFrom(cls) || VirtualHostLogInclusionRule.class.isAssignableFrom(cls) || Connection.class.isAssignableFrom(cls);
    }

    public void authoriseUserUpdate(final String str) {
        AuthenticatedPrincipal currentUser = getCurrentUser();
        if (currentUser == null || !currentUser.getName().equals(str)) {
            final Operation operation = Operation.UPDATE;
            if (!checkAllPlugins(new AccessCheck() { // from class: org.apache.qpid.server.security.SecurityManager.6
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super();
                }

                @Override // org.apache.qpid.server.security.SecurityManager.AccessCheck
                Result allowed(AccessControl accessControl) {
                    return accessControl.authorise(operation, ObjectType.USER, new ObjectProperties(str));
                }
            })) {
                throw new AccessControlException("Do not have permission to perform the " + operation + " on the user " + str);
            }
        }
    }

    public void authorisePublish(boolean z, String str, String str2, String str3) {
        PublishAccessCheckCacheEntry publishAccessCheckCacheEntry = new PublishAccessCheckCacheEntry(z, str, str2, str3);
        PublishAccessCheck publishAccessCheck = this._publishAccessCheckCache.get(publishAccessCheckCacheEntry);
        if (publishAccessCheck == null) {
            publishAccessCheck = new PublishAccessCheck(new ObjectProperties(str3, str2, str, Boolean.valueOf(z)));
            this._publishAccessCheckCache.putIfAbsent(publishAccessCheckCacheEntry, publishAccessCheck);
        }
        if (!checkAllPlugins(publishAccessCheck)) {
            throw new AccessControlException("Permission denied, publish to: exchange-name '" + str2 + "'");
        }
    }

    public void authorisePublish(boolean z, String str, String str2, String str3, Subject subject) {
        PublishAccessCheckCacheEntry publishAccessCheckCacheEntry = new PublishAccessCheckCacheEntry(z, str, str2, str3);
        PublishAccessCheck publishAccessCheck = this._publishAccessCheckCache.get(publishAccessCheckCacheEntry);
        if (publishAccessCheck == null) {
            publishAccessCheck = new PublishAccessCheck(new ObjectProperties(str3, str2, str, Boolean.valueOf(z)));
            this._publishAccessCheckCache.putIfAbsent(publishAccessCheckCacheEntry, publishAccessCheck);
        }
        if (!checkAllPlugins(publishAccessCheck, subject)) {
            throw new AccessControlException("Permission denied, publish to: exchange-name '" + str2 + "'");
        }
    }

    public void authorisePurge(Queue queue) {
        final ObjectProperties objectProperties = new ObjectProperties();
        setQueueProperties(queue, objectProperties);
        if (!checkAllPlugins(new AccessCheck() { // from class: org.apache.qpid.server.security.SecurityManager.7
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.apache.qpid.server.security.SecurityManager.AccessCheck
            Result allowed(AccessControl accessControl) {
                return accessControl.authorise(Operation.PURGE, ObjectType.QUEUE, objectProperties);
            }
        })) {
            throw new AccessControlException("Permission denied: queue " + queue.getName());
        }
    }

    public void authoriseLogsAccess(ConfiguredObject configuredObject) {
        final ObjectType aCLObjectTypeManagingConfiguredObjectOfCategory = getACLObjectTypeManagingConfiguredObjectOfCategory(configuredObject.getCategoryClass());
        final ObjectProperties objectProperties = aCLObjectTypeManagingConfiguredObjectOfCategory == ObjectType.BROKER ? ObjectProperties.EMPTY : new ObjectProperties((String) configuredObject.getAttribute(ConfiguredObject.NAME));
        if (!checkAllPlugins(new AccessCheck() { // from class: org.apache.qpid.server.security.SecurityManager.8
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // org.apache.qpid.server.security.SecurityManager.AccessCheck
            Result allowed(AccessControl accessControl) {
                return accessControl.authorise(Operation.ACCESS_LOGS, aCLObjectTypeManagingConfiguredObjectOfCategory, objectProperties);
            }
        })) {
            throw new AccessControlException("Permission denied to access log content");
        }
    }
}
