package org.apache.qpid.server.security.auth.manager;

import java.security.AccessControlException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.log4j.Logger;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
import org.apache.qpid.server.model.AbstractConfiguredObject;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.model.IntegrityViolationException;
import org.apache.qpid.server.model.ManagedAttributeField;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.PreferencesProvider;
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.model.User;
import org.apache.qpid.server.model.VirtualHostAlias;
import org.apache.qpid.server.model.port.AbstractPortWithAuthProvider;
import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.security.auth.manager.AbstractAuthenticationManager;

/* loaded from: input_file:org/apache/qpid/server/security/auth/manager/AbstractAuthenticationManager.class */
public abstract class AbstractAuthenticationManager<T extends AbstractAuthenticationManager<T>> extends AbstractConfiguredObject<T> implements AuthenticationProvider<T> {
    private static final Logger LOGGER = Logger.getLogger(AbstractAuthenticationManager.class);
    private final Broker _broker;
    private PreferencesProvider _preferencesProvider;
    private AtomicReference<State> _state;

    @ManagedAttributeField
    private List<String> _secureOnlyMechanisms;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAuthenticationManager(Map<String, Object> map, Broker broker) {
        super(parentsMap(broker), map);
        this._state = new AtomicReference<>(State.UNINITIALIZED);
        this._broker = broker;
    }

    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void onValidate() {
        super.onValidate();
        Collection<C> children = getChildren(PreferencesProvider.class);
        if (children != 0 && children.size() > 1) {
            throw new IllegalConfigurationException("Only one preference provider can be configured for an authentication provider");
        }
        if (!isDurable()) {
            throw new IllegalArgumentException(getClass().getSimpleName() + " must be durable");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void validateChange(ConfiguredObject<?> configuredObject, Set<String> set) {
        super.validateChange(configuredObject, set);
        if (set.contains(ConfiguredObject.DURABLE) && !configuredObject.isDurable()) {
            throw new IllegalArgumentException(getClass().getSimpleName() + " must be durable");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final Broker getBroker() {
        return this._broker;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public void onOpen() {
        super.onOpen();
        Collection<C> children = getChildren(PreferencesProvider.class);
        if (children == 0 || children.isEmpty()) {
            return;
        }
        this._preferencesProvider = (PreferencesProvider) children.iterator().next();
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public Collection<VirtualHostAlias> getVirtualHostPortBindings() {
        return null;
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public SubjectCreator getSubjectCreator(boolean z) {
        return new SubjectCreator(this, this._broker.getGroupProviders(), z);
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public PreferencesProvider getPreferencesProvider() {
        return this._preferencesProvider;
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public void setPreferencesProvider(PreferencesProvider preferencesProvider) {
        this._preferencesProvider = preferencesProvider;
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public void recoverUser(User user) {
        throw new IllegalConfigurationException("Cannot associate  " + user + " with authentication provider " + this);
    }

    @Override // org.apache.qpid.server.model.ConfiguredObject
    public State getState() {
        return this._state.get();
    }

    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    public <C extends ConfiguredObject> C addChild(Class<C> cls, Map<String, Object> map, ConfiguredObject... configuredObjectArr) {
        if (cls != PreferencesProvider.class) {
            throw new IllegalArgumentException("Cannot create child of class " + cls.getSimpleName());
        }
        PreferencesProvider preferencesProvider = (PreferencesProvider) getObjectFactory().create(PreferencesProvider.class, new HashMap(map), this);
        this._preferencesProvider = preferencesProvider;
        return preferencesProvider;
    }

    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    protected void authoriseSetDesiredState(State state) throws AccessControlException {
        if (state == State.DELETED && !this._broker.getSecurityManager().authoriseConfiguringBroker(getName(), AuthenticationProvider.class, Operation.DELETE)) {
            throw new AccessControlException("Deletion of authentication provider is denied");
        }
    }

    @Override // org.apache.qpid.server.model.AbstractConfiguredObject
    protected void authoriseSetAttributes(ConfiguredObject<?> configuredObject, Set<String> set) throws AccessControlException {
        if (!this._broker.getSecurityManager().authoriseConfiguringBroker(getName(), AuthenticationProvider.class, Operation.UPDATE)) {
            throw new AccessControlException("Setting of authentication provider attributes is denied");
        }
    }

    @StateTransition(currentState = {State.UNINITIALIZED}, desiredState = State.QUIESCED)
    protected void startQuiesced() {
        this._state.set(State.QUIESCED);
    }

    @StateTransition(currentState = {State.UNINITIALIZED, State.QUIESCED, State.QUIESCED}, desiredState = State.ACTIVE)
    protected void activate() {
        try {
            this._state.set(State.ACTIVE);
        } catch (RuntimeException e) {
            this._state.set(State.ERRORED);
            if (!this._broker.isManagementMode()) {
                throw e;
            }
            LOGGER.warn("Failed to activate authentication provider: " + getName(), e);
        }
    }

    @StateTransition(currentState = {State.ACTIVE, State.QUIESCED, State.ERRORED}, desiredState = State.DELETED)
    protected void doDelete() {
        String name = getName();
        for (Port port : new ArrayList(this._broker.getPorts())) {
            if ((port instanceof AbstractPortWithAuthProvider) && ((AbstractPortWithAuthProvider) port).getAuthenticationProvider() == this) {
                throw new IntegrityViolationException("Authentication provider '" + name + "' is set on port " + port.getName());
            }
        }
        close();
        if (this._preferencesProvider != null) {
            this._preferencesProvider.delete();
        }
        deleted();
        this._state.set(State.DELETED);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean updateState(State state, State state2) {
        return this._state.compareAndSet(state, state2);
    }

    @Override // org.apache.qpid.server.model.AbstractConfiguredObject, org.apache.qpid.server.model.ConfiguredObject
    public Object getAttribute(String str) {
        return "state".equals(str) ? getState() : super.getAttribute(str);
    }

    @Override // org.apache.qpid.server.model.AuthenticationProvider
    public final List<String> getSecureOnlyMechanisms() {
        return this._secureOnlyMechanisms;
    }
}
