package org.apache.qpid.server.model.port;

import java.util.Map;
import java.util.Set;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.ManagedAttributeField;
import org.apache.qpid.server.model.port.AbstractClientAuthCapablePortWithAuthProvider;

/* loaded from: input_file:org/apache/qpid/server/model/port/AbstractClientAuthCapablePortWithAuthProvider.class */
public abstract class AbstractClientAuthCapablePortWithAuthProvider<X extends AbstractClientAuthCapablePortWithAuthProvider<X>> extends AbstractPortWithAuthProvider<X> implements ClientAuthCapablePort<X> {
    public static final String DEFAULT_AMQP_NEED_CLIENT_AUTH = "false";
    public static final String DEFAULT_AMQP_WANT_CLIENT_AUTH = "false";

    @ManagedAttributeField
    private boolean _needClientAuth;

    @ManagedAttributeField
    private boolean _wantClientAuth;

    public AbstractClientAuthCapablePortWithAuthProvider(Map<String, Object> map, Broker<?> broker) {
        super(map, broker);
    }

    @Override // org.apache.qpid.server.model.port.ClientAuthCapablePort
    public boolean getNeedClientAuth() {
        return this._needClientAuth;
    }

    @Override // org.apache.qpid.server.model.port.ClientAuthCapablePort
    public boolean getWantClientAuth() {
        return this._wantClientAuth;
    }

    @Override // org.apache.qpid.server.model.port.AbstractPort, org.apache.qpid.server.model.AbstractConfiguredObject
    public void onValidate() {
        super.onValidate();
        boolean z = getNeedClientAuth() || getWantClientAuth();
        if (z && (getTrustStores() == null || getTrustStores().isEmpty())) {
            throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust stores configured.");
        }
        boolean isUsingTLSTransport = isUsingTLSTransport();
        if (z && !isUsingTLSTransport) {
            throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but doesn't use SSL transport.");
        }
    }

    @Override // org.apache.qpid.server.model.port.AbstractPort, org.apache.qpid.server.model.AbstractConfiguredObject
    protected void validateChange(ConfiguredObject<?> configuredObject, Set<String> set) {
        super.validateChange(configuredObject, set);
        ClientAuthCapablePort clientAuthCapablePort = (ClientAuthCapablePort) configuredObject;
        boolean z = clientAuthCapablePort.getNeedClientAuth() || clientAuthCapablePort.getWantClientAuth();
        if (!isUsingTLSTransport(clientAuthCapablePort.getTransports())) {
            if (z) {
                throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but doesn't use SSL transport.");
            }
        } else if ((clientAuthCapablePort.getTrustStores() == null || clientAuthCapablePort.getTrustStores().isEmpty()) && z) {
            throw new IllegalConfigurationException("Can't create port which requests SSL client certificates but has no trust store configured.");
        }
    }
}
