package org.apache.qpid.server.model.port;

import java.util.Map;
import java.util.Set;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.Container;
import org.apache.qpid.server.model.ManagedAttributeField;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.model.port.AbstractClientAuthCapablePortWithAuthProvider;
import org.apache.qpid.server.security.ManagedPeerCertificateTrustStore;

/* loaded from: input_file:org/apache/qpid/server/model/port/AbstractClientAuthCapablePortWithAuthProvider.class */
public abstract class AbstractClientAuthCapablePortWithAuthProvider<X extends AbstractClientAuthCapablePortWithAuthProvider<X>> extends AbstractPortWithAuthProvider<X> implements ClientAuthCapablePort<X> {
    public static final String DEFAULT_AMQP_NEED_CLIENT_AUTH = "false";
    public static final String DEFAULT_AMQP_WANT_CLIENT_AUTH = "false";

    @ManagedAttributeField
    private boolean _needClientAuth;

    @ManagedAttributeField
    private boolean _wantClientAuth;

    @ManagedAttributeField
    private TrustStore<?> _clientCertRecorder;

    public AbstractClientAuthCapablePortWithAuthProvider(Map<String, Object> map, Container<?> container) {
        super(map, container);
    }

    @Override // org.apache.qpid.server.model.port.ClientAuthCapablePort
    public boolean getNeedClientAuth() {
        return this._needClientAuth;
    }

    @Override // org.apache.qpid.server.model.port.ClientAuthCapablePort
    public TrustStore<?> getClientCertRecorder() {
        return this._clientCertRecorder;
    }

    @Override // org.apache.qpid.server.model.port.ClientAuthCapablePort
    public boolean getWantClientAuth() {
        return this._wantClientAuth;
    }

    @Override // org.apache.qpid.server.model.port.AbstractPortWithAuthProvider, org.apache.qpid.server.model.port.AbstractPort, org.apache.qpid.server.model.AbstractConfiguredObject
    public void onValidate() {
        super.onValidate();
        boolean z = getNeedClientAuth() || getWantClientAuth();
        if (z && (getTrustStores() == null || getTrustStores().isEmpty())) {
            throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust stores configured.");
        }
        boolean isUsingTLSTransport = isUsingTLSTransport();
        if (z && !isUsingTLSTransport) {
            throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but doesn't use SSL transport.");
        }
        if (z && getClientCertRecorder() != null && !(getClientCertRecorder() instanceof ManagedPeerCertificateTrustStore)) {
            throw new IllegalConfigurationException("Only trust stores of type ManagedCertificateStore may be used as the client certificate recorder");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.port.AbstractPortWithAuthProvider, org.apache.qpid.server.model.port.AbstractPort, org.apache.qpid.server.model.AbstractConfiguredObject
    public void validateChange(ConfiguredObject<?> configuredObject, Set<String> set) {
        super.validateChange(configuredObject, set);
        ClientAuthCapablePort clientAuthCapablePort = (ClientAuthCapablePort) configuredObject;
        boolean z = clientAuthCapablePort.getNeedClientAuth() || clientAuthCapablePort.getWantClientAuth();
        if (isUsingTLSTransport(clientAuthCapablePort.getTransports())) {
            if ((clientAuthCapablePort.getTrustStores() == null || clientAuthCapablePort.getTrustStores().isEmpty()) && z) {
                throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust store configured.");
            }
        } else if (z) {
            throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but doesn't use SSL transport.");
        }
        if (z && clientAuthCapablePort.getClientCertRecorder() != null && !(clientAuthCapablePort.getClientCertRecorder() instanceof ManagedPeerCertificateTrustStore)) {
            throw new IllegalConfigurationException("Only trust stores of type ManagedCertificateStore may be used as the client certificate recorder");
        }
    }
}
