package org.codehaus.activemq.security.jassjacc;

import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Iterator;
import javax.jms.JMSException;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.codehaus.activemq.broker.BrokerClient;
import org.codehaus.activemq.message.ActiveMQDestination;
import org.codehaus.activemq.message.ActiveMQMessage;
import org.codehaus.activemq.message.ConnectionInfo;
import org.codehaus.activemq.message.ConsumerInfo;
import org.codehaus.activemq.message.ProducerInfo;
import org.codehaus.activemq.security.SecurityAdapter;

/* loaded from: input_file:activemq-ra-1.5.rar:activemq-core-1.5.jar:org/codehaus/activemq/security/jassjacc/JassJaccSecurityAdapter.class */
public class JassJaccSecurityAdapter implements SecurityAdapter {
    private static final Log log;
    private String jassConfiguration;
    static Class class$org$codehaus$activemq$security$jassjacc$JassJaccSecurityAdapter;

    public JassJaccSecurityAdapter(String str) {
        this.jassConfiguration = str;
    }

    protected AccessControlContext getAccessControlContext(BrokerClient brokerClient) {
        Subject subject = brokerClient.getSubject();
        if (subject == null) {
            throw new IllegalArgumentException("Subject must not be null");
        }
        return (AccessControlContext) Subject.doAsPrivileged(subject, new PrivilegedAction(this) { // from class: org.codehaus.activemq.security.jassjacc.JassJaccSecurityAdapter.1
            private final JassJaccSecurityAdapter this$0;

            {
                this.this$0 = this;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return AccessController.getContext();
            }
        }, (AccessControlContext) null);
    }

    protected static String getBrokerName(BrokerClient brokerClient) {
        return brokerClient.getBrokerConnector().getBrokerInfo().getBrokerName();
    }

    @Override // org.codehaus.activemq.security.SecurityAdapter
    public void authorizeConnection(BrokerClient brokerClient, ConnectionInfo connectionInfo) throws JMSException {
        Class cls;
        Thread currentThread = Thread.currentThread();
        if (class$org$codehaus$activemq$security$jassjacc$JassJaccSecurityAdapter == null) {
            cls = class$("org.codehaus.activemq.security.jassjacc.JassJaccSecurityAdapter");
            class$org$codehaus$activemq$security$jassjacc$JassJaccSecurityAdapter = cls;
        } else {
            cls = class$org$codehaus$activemq$security$jassjacc$JassJaccSecurityAdapter;
        }
        currentThread.setContextClassLoader(cls.getClassLoader());
        brokerClient.setSubject(doJassLogin(connectionInfo));
        PolicyContext.setContextID(getBrokerPoicyContextId(brokerClient));
        AccessControlContext accessControlContext = getAccessControlContext(brokerClient);
        if (accessControlContext != null) {
            accessControlContext.checkPermission(new JMSBrokerPermission(getBrokerName(brokerClient), JMSBrokerPermission.CONNECT_ACTION));
        }
    }

    private static String getBrokerPoicyContextId(BrokerClient brokerClient) {
        return getBrokerPolicyContextId(getBrokerName(brokerClient));
    }

    private static String getBrokerPolicyContextId(String str) {
        return new StringBuffer().append("org.codehaus.activemq.broker:").append(str).toString();
    }

    private Subject doJassLogin(ConnectionInfo connectionInfo) throws JMSException {
        try {
            LoginContext loginContext = new LoginContext(this.jassConfiguration, new UsernamePasswordCallback(connectionInfo.getUserName(), connectionInfo.getPassword()));
            loginContext.login();
            return loginContext.getSubject();
        } catch (Exception e) {
            throw new JMSException(new StringBuffer().append("Login failed: ").append(e.getMessage()).toString()).initCause(e);
        }
    }

    @Override // org.codehaus.activemq.security.SecurityAdapter
    public void authorizeConsumer(BrokerClient brokerClient, ConsumerInfo consumerInfo) throws JMSException {
        PolicyContext.setContextID(getDestinationPoicyContextId(brokerClient, consumerInfo.getDestination()));
        AccessControlContext accessControlContext = getAccessControlContext(brokerClient);
        if (accessControlContext != null) {
            accessControlContext.checkPermission(new JMSDestinationPermission(consumerInfo.getDestination().getPhysicalName(), JMSDestinationPermission.CONSUME_ACTION));
        }
    }

    private static String getDestinationPoicyContextId(BrokerClient brokerClient, ActiveMQDestination activeMQDestination) {
        return getDestinationPoicyContextId(getBrokerName(brokerClient), activeMQDestination);
    }

    private static String getDestinationPoicyContextId(String str, ActiveMQDestination activeMQDestination) {
        return new StringBuffer().append(activeMQDestination.isTopic() ? "org.codehaus.activemq.topic:" : "org.codehaus.activemq.queue:").append(str).append(":").append(activeMQDestination.getPhysicalName()).toString();
    }

    @Override // org.codehaus.activemq.security.SecurityAdapter
    public void authorizeProducer(BrokerClient brokerClient, ProducerInfo producerInfo) throws JMSException {
        PolicyContext.setContextID(getDestinationPoicyContextId(brokerClient, producerInfo.getDestination()));
        AccessControlContext accessControlContext = getAccessControlContext(brokerClient);
        if (accessControlContext != null) {
            accessControlContext.checkPermission(new JMSDestinationPermission(producerInfo.getDestination().getPhysicalName(), JMSDestinationPermission.PRODUCE_ACTION));
        }
    }

    @Override // org.codehaus.activemq.security.SecurityAdapter
    public void authorizeSendMessage(BrokerClient brokerClient, ActiveMQMessage activeMQMessage) throws JMSException {
        PolicyContext.setContextID(getDestinationPoicyContextId(brokerClient, activeMQMessage.getJMSActiveMQDestination()));
        AccessControlContext accessControlContext = getAccessControlContext(brokerClient);
        if (accessControlContext != null) {
            ((ActiveMQDestination) activeMQMessage.getJMSDestination()).getPhysicalName();
            accessControlContext.checkPermission(new JMSDestinationPermission(activeMQMessage.getJMSActiveMQDestination().getPhysicalName(), JMSDestinationPermission.SEND_ACTION));
        }
    }

    public static void secure(BrokerSecurityConfig brokerSecurityConfig) {
        try {
            PolicyConfiguration policyConfiguration = PolicyConfigurationFactory.getPolicyConfigurationFactory().getPolicyConfiguration(getBrokerPolicyContextId(brokerSecurityConfig.getBrokerName()), true);
            Iterator it = brokerSecurityConfig.getConnectRoles().iterator();
            while (it.hasNext()) {
                policyConfiguration.addToRole((String) it.next(), new JMSBrokerPermission(brokerSecurityConfig.getBrokerName(), JMSBrokerPermission.CONNECT_ACTION));
            }
            policyConfiguration.commit();
        } catch (PolicyContextException e) {
            e.printStackTrace();
        } catch (ClassNotFoundException e2) {
            e2.printStackTrace();
        }
    }

    public static void secure(DestinationSecurityConfig destinationSecurityConfig) {
        try {
            PolicyConfiguration policyConfiguration = PolicyConfigurationFactory.getPolicyConfigurationFactory().getPolicyConfiguration(getDestinationPoicyContextId(destinationSecurityConfig.getBrokerName(), destinationSecurityConfig.getDestination()), true);
            Iterator it = destinationSecurityConfig.getConsumeRoles().iterator();
            while (it.hasNext()) {
                policyConfiguration.addToRole((String) it.next(), new JMSDestinationPermission(destinationSecurityConfig.getDestination().getPhysicalName(), JMSDestinationPermission.CONSUME_ACTION));
            }
            Iterator it2 = destinationSecurityConfig.getProduceRoles().iterator();
            while (it2.hasNext()) {
                policyConfiguration.addToRole((String) it2.next(), new JMSDestinationPermission(destinationSecurityConfig.getDestination().getPhysicalName(), JMSDestinationPermission.PRODUCE_ACTION));
            }
            Iterator it3 = destinationSecurityConfig.getSendRoles().iterator();
            while (it3.hasNext()) {
                policyConfiguration.addToRole((String) it3.next(), new JMSDestinationPermission(destinationSecurityConfig.getDestination().getPhysicalName(), JMSDestinationPermission.SEND_ACTION));
            }
            policyConfiguration.commit();
        } catch (PolicyContextException e) {
            e.printStackTrace();
        } catch (ClassNotFoundException e2) {
            e2.printStackTrace();
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$codehaus$activemq$security$jassjacc$JassJaccSecurityAdapter == null) {
            cls = class$("org.codehaus.activemq.security.jassjacc.JassJaccSecurityAdapter");
            class$org$codehaus$activemq$security$jassjacc$JassJaccSecurityAdapter = cls;
        } else {
            cls = class$org$codehaus$activemq$security$jassjacc$JassJaccSecurityAdapter;
        }
        log = LogFactory.getLog(cls);
    }
}
