package org.apache.activemq.artemis.core.server.plugin.impl;

import java.util.Map;
import java.util.concurrent.atomic.AtomicReference;
import javax.security.auth.Subject;
import org.apache.activemq.artemis.api.core.ActiveMQException;
import org.apache.activemq.artemis.core.server.ActiveMQServer;
import org.apache.activemq.artemis.core.server.ConsumerInfo;
import org.apache.activemq.artemis.core.server.MessageReference;
import org.apache.activemq.artemis.core.server.ServerConsumer;
import org.apache.activemq.artemis.core.server.plugin.ActiveMQServerPlugin;
import org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal;
import org.jboss.logging.Logger;

/* loaded from: input_file:artemis-server-2.19.1.jar:org/apache/activemq/artemis/core/server/plugin/impl/BrokerMessageAuthorizationPlugin.class */
public class BrokerMessageAuthorizationPlugin implements ActiveMQServerPlugin {
    private static final Logger logger = Logger.getLogger((Class<?>) BrokerMessageAuthorizationPlugin.class);
    private static final String ROLE_PROPERTY = "ROLE_PROPERTY";
    private final AtomicReference<ActiveMQServer> server = new AtomicReference<>();
    private String roleProperty = "requiredRole";

    @Override // org.apache.activemq.artemis.core.server.plugin.ActiveMQServerBasePlugin
    public void init(Map<String, String> map) {
        this.roleProperty = map.getOrDefault(ROLE_PROPERTY, "requiredRole");
    }

    @Override // org.apache.activemq.artemis.core.server.plugin.ActiveMQServerBasePlugin
    public void registered(ActiveMQServer activeMQServer) {
        this.server.set(activeMQServer);
    }

    @Override // org.apache.activemq.artemis.core.server.plugin.ActiveMQServerBasePlugin
    public void unregistered(ActiveMQServer activeMQServer) {
        this.server.set(null);
    }

    @Override // org.apache.activemq.artemis.core.server.plugin.ActiveMQServerMessagePlugin
    public boolean canAccept(ServerConsumer serverConsumer, MessageReference messageReference) throws ActiveMQException {
        String stringProperty = messageReference.getMessage().getStringProperty(this.roleProperty);
        if (stringProperty == null) {
            return true;
        }
        Subject subject = getSubject(serverConsumer);
        if (subject == null) {
            if (!logger.isDebugEnabled()) {
                return false;
            }
            logger.debug("Subject not found for consumer: " + serverConsumer.getID());
            return false;
        }
        boolean implies = new RolePrincipal(stringProperty).implies(subject);
        if (!implies && logger.isDebugEnabled()) {
            logger.debug("Message consumer: " + serverConsumer.getID() + " does not have required role `" + stringProperty + "` needed to receive message: " + messageReference.getMessageID());
        }
        return implies;
    }

    private Subject getSubject(ConsumerInfo consumerInfo) {
        ActiveMQServer activeMQServer = this.server.get();
        return activeMQServer.getSecurityStore().getSessionSubject(activeMQServer.getSessionByID(consumerInfo.getSessionName()));
    }
}
