package org.apache.activemq.shiro.authc;

import java.util.Collection;
import org.apache.activemq.shiro.ConnectionReference;
import org.apache.activemq.shiro.subject.SubjectConnectionReference;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.eclipse.aether.util.artifact.JavaScopes;

/* loaded from: input_file:org/apache/activemq/shiro/authc/DefaultAuthenticationPolicy.class */
public class DefaultAuthenticationPolicy implements AuthenticationPolicy {
    private boolean vmConnectionAuthenticationRequired = false;
    private String systemAccountUsername = JavaScopes.SYSTEM;
    private String systemAccountRealmName = IniSecurityManagerFactory.INI_REALM_NAME;
    private boolean anonymousAccessAllowed = false;
    private String anonymousAccountUsername = "anonymous";
    private String anonymousAccountRealmName = IniSecurityManagerFactory.INI_REALM_NAME;

    public boolean isVmConnectionAuthenticationRequired() {
        return this.vmConnectionAuthenticationRequired;
    }

    public void setVmConnectionAuthenticationRequired(boolean z) {
        this.vmConnectionAuthenticationRequired = z;
    }

    public String getSystemAccountUsername() {
        return this.systemAccountUsername;
    }

    public void setSystemAccountUsername(String str) {
        this.systemAccountUsername = str;
    }

    public String getSystemAccountRealmName() {
        return this.systemAccountRealmName;
    }

    public void setSystemAccountRealmName(String str) {
        this.systemAccountRealmName = str;
    }

    public boolean isAnonymousAccessAllowed() {
        return this.anonymousAccessAllowed;
    }

    public void setAnonymousAccessAllowed(boolean z) {
        this.anonymousAccessAllowed = z;
    }

    public String getAnonymousAccountUsername() {
        return this.anonymousAccountUsername;
    }

    public void setAnonymousAccountUsername(String str) {
        this.anonymousAccountUsername = str;
    }

    public String getAnonymousAccountRealmName() {
        return this.anonymousAccountRealmName;
    }

    public void setAnonymousAccountRealmName(String str) {
        this.anonymousAccountRealmName = str;
    }

    protected boolean credentialsAvailable(ConnectionReference connectionReference) {
        return (connectionReference.getConnectionInfo().getUserName() == null && connectionReference.getConnectionInfo().getPassword() == null) ? false : true;
    }

    @Override // org.apache.activemq.shiro.authc.AuthenticationPolicy
    public boolean isAuthenticationRequired(SubjectConnectionReference subjectConnectionReference) {
        Subject subject = subjectConnectionReference.getSubject();
        if (subject.isAuthenticated()) {
            return false;
        }
        if (isAnonymousAccessAllowed() && isAnonymousAccount(subject)) {
            return false;
        }
        return isVmConnectionAuthenticationRequired() || !isSystemAccount(subject);
    }

    protected boolean isAnonymousAccount(Subject subject) {
        PrincipalCollection principals = subject.getPrincipals();
        return principals != null && matches(principals, this.anonymousAccountUsername, this.anonymousAccountRealmName);
    }

    protected boolean isSystemAccount(Subject subject) {
        PrincipalCollection principals = subject.getPrincipals();
        return principals != null && matches(principals, this.systemAccountUsername, this.systemAccountRealmName);
    }

    protected boolean matches(PrincipalCollection principalCollection, String str, String str2) {
        Collection fromRealm = principalCollection.fromRealm(str2);
        return (fromRealm == null || fromRealm.isEmpty() || !fromRealm.iterator().next().equals(str)) ? false : true;
    }

    protected boolean isSystemConnection(ConnectionReference connectionReference) {
        return connectionReference.getConnectionContext().getConnection().getRemoteAddress().startsWith("vm:");
    }

    @Override // org.apache.activemq.shiro.authc.AuthenticationPolicy
    public void customizeSubject(Subject.Builder builder, ConnectionReference connectionReference) {
        if (!credentialsAvailable(connectionReference) && isAssumeIdentity(connectionReference)) {
            builder.principals(createAssumedIdentity(connectionReference));
        }
    }

    protected boolean isAssumeIdentity(ConnectionReference connectionReference) {
        return isAnonymousAccessAllowed() || (isSystemConnection(connectionReference) && !isVmConnectionAuthenticationRequired());
    }

    protected PrincipalCollection createAssumedIdentity(ConnectionReference connectionReference) {
        String str = this.anonymousAccountUsername;
        String str2 = this.anonymousAccountRealmName;
        if (isSystemConnection(connectionReference)) {
            str = this.systemAccountUsername;
            str2 = this.systemAccountRealmName;
        }
        return new SimplePrincipalCollection(str, str2);
    }
}
