package org.apache.qpid.server.security.access.plugins;

import java.security.AccessControlException;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.log4j.Logger;
import org.apache.qpid.server.model.AbstractConfiguredObject;
import org.apache.qpid.server.model.AccessControlProvider;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.ManagedAttributeField;
import org.apache.qpid.server.model.ManagedObjectFactoryConstructor;
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.security.AccessControl;
import org.apache.qpid.server.security.access.Operation;

/* loaded from: input_file:org/apache/qpid/server/security/access/plugins/ACLFileAccessControlProviderImpl.class */
public class ACLFileAccessControlProviderImpl extends AbstractConfiguredObject<ACLFileAccessControlProviderImpl> implements ACLFileAccessControlProvider<ACLFileAccessControlProviderImpl> {
    private static final Logger LOGGER = Logger.getLogger(ACLFileAccessControlProviderImpl.class);
    protected DefaultAccessControl _accessControl;
    protected final Broker _broker;
    private AtomicReference<State> _state;

    @ManagedAttributeField
    private String _path;

    /* JADX WARN: Multi-variable type inference failed */
    @ManagedObjectFactoryConstructor
    public ACLFileAccessControlProviderImpl(Map<String, Object> map, Broker broker) {
        super(parentsMap(new ConfiguredObject[]{broker}), map);
        this._state = new AtomicReference<>(State.UNINITIALIZED);
        this._broker = broker;
    }

    public void onValidate() {
        super.onValidate();
        if (!isDurable()) {
            throw new IllegalArgumentException(getClass().getSimpleName() + " must be durable");
        }
    }

    protected void validateChange(ConfiguredObject<?> configuredObject, Set<String> set) {
        super.validateChange(configuredObject, set);
        if (set.contains("durable") && !configuredObject.isDurable()) {
            throw new IllegalArgumentException(getClass().getSimpleName() + " must be durable");
        }
    }

    protected void onOpen() {
        super.onOpen();
        this._accessControl = new DefaultAccessControl(getPath(), this._broker);
    }

    @Override // org.apache.qpid.server.security.access.plugins.ACLFileAccessControlProvider
    public String getPath() {
        return this._path;
    }

    public State getState() {
        return this._state.get();
    }

    public <C extends ConfiguredObject> Collection<C> getChildren(Class<C> cls) {
        return Collections.emptySet();
    }

    @StateTransition(currentState = {State.UNINITIALIZED, State.QUIESCED, State.ERRORED}, desiredState = State.ACTIVE)
    private void activate() {
        if (this._broker.isManagementMode()) {
            this._state.set(this._accessControl.validate() ? State.QUIESCED : State.ERRORED);
            return;
        }
        try {
            this._accessControl.open();
            this._state.set(State.ACTIVE);
        } catch (RuntimeException e) {
            this._state.set(State.ERRORED);
            if (!this._broker.isManagementMode()) {
                throw e;
            }
            LOGGER.warn("Failed to activate ACL provider: " + getName(), e);
        }
    }

    protected void onClose() {
        super.onClose();
        this._accessControl.close();
    }

    @StateTransition(currentState = {State.UNINITIALIZED}, desiredState = State.QUIESCED)
    private void startQuiesced() {
        this._state.set(State.QUIESCED);
    }

    @StateTransition(currentState = {State.ACTIVE, State.QUIESCED, State.ERRORED}, desiredState = State.DELETED)
    private void doDelete() {
        close();
        this._state.set(State.DELETED);
        deleted();
    }

    protected void authoriseSetDesiredState(State state) throws AccessControlException {
        if (state == State.DELETED && !this._broker.getSecurityManager().authoriseConfiguringBroker(getName(), AccessControlProvider.class, Operation.DELETE)) {
            throw new AccessControlException("Deletion of AccessControlProvider is denied");
        }
    }

    protected void authoriseSetAttributes(ConfiguredObject<?> configuredObject, Set<String> set) throws AccessControlException {
        if (!this._broker.getSecurityManager().authoriseConfiguringBroker(getName(), AccessControlProvider.class, Operation.UPDATE)) {
            throw new AccessControlException("Setting of AccessControlProvider attributes is denied");
        }
    }

    public AccessControl getAccessControl() {
        return this._accessControl;
    }
}
