package org.apache.activemq.artemis.spi.core.security;

import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration;
import org.apache.activemq.artemis.core.remoting.CertificateUtil;
import org.apache.activemq.artemis.core.security.CheckType;
import org.apache.activemq.artemis.core.security.Role;
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
import org.apache.activemq.artemis.spi.core.security.jaas.JaasCallbackHandler;
import org.apache.activemq.artemis.utils.SecurityManagerUtil;
import org.jboss.logging.Logger;

/* loaded from: input_file:artemis-server-2.19.1.jar:org/apache/activemq/artemis/spi/core/security/ActiveMQJAASSecurityManager.class */
public class ActiveMQJAASSecurityManager implements ActiveMQSecurityManager5 {
    private static final Logger logger = Logger.getLogger((Class<?>) ActiveMQJAASSecurityManager.class);
    private String configurationName;
    private String certificateConfigurationName;
    private SecurityConfiguration configuration;
    private SecurityConfiguration certificateConfiguration;
    private String rolePrincipalClass = "org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal";

    public ActiveMQJAASSecurityManager() {
    }

    public ActiveMQJAASSecurityManager(String str) {
        this.configurationName = str;
    }

    public ActiveMQJAASSecurityManager(String str, String str2) {
        this.configurationName = str;
        this.certificateConfigurationName = str2;
    }

    public ActiveMQJAASSecurityManager(String str, SecurityConfiguration securityConfiguration) {
        this.configurationName = str;
        this.configuration = securityConfiguration;
    }

    public ActiveMQJAASSecurityManager(String str, String str2, SecurityConfiguration securityConfiguration, SecurityConfiguration securityConfiguration2) {
        this.configurationName = str;
        this.configuration = securityConfiguration;
        this.certificateConfigurationName = str2;
        this.certificateConfiguration = securityConfiguration2;
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager
    public String getDomain() {
        return this.configurationName;
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager
    public boolean validateUser(String str, String str2) {
        throw new UnsupportedOperationException("Invoke validateUser(String, String, RemotingConnection, String) instead");
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager5
    public Subject authenticate(String str, String str2, RemotingConnection remotingConnection, String str3) {
        try {
            return getAuthenticatedSubject(str, str2, remotingConnection, str3);
        } catch (LoginException e) {
            if (!logger.isDebugEnabled()) {
                return null;
            }
            logger.debug("Couldn't validate user", e);
            return null;
        }
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager
    public boolean validateUserAndRole(String str, String str2, Set<Role> set, CheckType checkType) {
        throw new UnsupportedOperationException("Invoke validateUserAndRole(String, String, Set<Role>, CheckType, String, RemotingConnection, String) instead");
    }

    @Override // org.apache.activemq.artemis.spi.core.security.ActiveMQSecurityManager5
    public boolean authorize(Subject subject, Set<Role> set, CheckType checkType, String str) {
        boolean authorize = SecurityManagerUtil.authorize(subject, set, checkType, this.rolePrincipalClass);
        if (logger.isTraceEnabled()) {
            logger.trace("user " + (authorize ? " is " : " is NOT ") + "authorized");
        }
        return authorize;
    }

    private Subject getAuthenticatedSubject(String str, String str2, RemotingConnection remotingConnection, String str3) throws LoginException {
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        ClassLoader classLoader = getClass().getClassLoader();
        if (classLoader != contextClassLoader) {
            try {
                Thread.currentThread().setContextClassLoader(classLoader);
            } catch (Throwable th) {
                if (classLoader != contextClassLoader) {
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                }
                throw th;
            }
        }
        LoginContext loginContext = str3 != null ? new LoginContext(str3, (Subject) null, new JaasCallbackHandler(str, str2, remotingConnection), (Configuration) null) : (this.certificateConfigurationName == null || this.certificateConfigurationName.length() <= 0 || CertificateUtil.getCertsFromConnection(remotingConnection) == null) ? new LoginContext(this.configurationName, (Subject) null, new JaasCallbackHandler(str, str2, remotingConnection), this.configuration) : new LoginContext(this.certificateConfigurationName, (Subject) null, new JaasCallbackHandler(str, str2, remotingConnection), this.certificateConfiguration);
        try {
            loginContext.login();
            Subject subject = loginContext.getSubject();
            if (classLoader != contextClassLoader) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
            }
            return subject;
        } catch (LoginException e) {
            throw e;
        }
    }

    public void setConfigurationName(String str) {
        this.configurationName = str;
    }

    public void setConfiguration(SecurityConfiguration securityConfiguration) {
        this.configuration = securityConfiguration;
    }

    public void setCertificateConfigurationName(String str) {
        this.certificateConfigurationName = str;
    }

    public void setCertificateConfiguration(SecurityConfiguration securityConfiguration) {
        this.certificateConfiguration = securityConfiguration;
    }

    public SecurityConfiguration getConfiguration() {
        if (this.configuration == null) {
            this.configuration = new SecurityConfiguration();
        }
        return this.configuration;
    }

    public SecurityConfiguration getCertificateConfiguration() {
        if (this.certificateConfiguration == null) {
            this.certificateConfiguration = new SecurityConfiguration();
        }
        return this.certificateConfiguration;
    }

    public String getRolePrincipalClass() {
        return this.rolePrincipalClass;
    }

    public void setRolePrincipalClass(String str) {
        this.rolePrincipalClass = str;
    }
}
