package org.apache.activemq.security;

import java.security.Principal;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArrayList;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import org.apache.activemq.broker.Broker;
import org.apache.activemq.broker.BrokerFilter;
import org.apache.activemq.broker.ConnectionContext;
import org.apache.activemq.command.ConnectionInfo;
import org.apache.activemq.jaas.JassCredentialCallbackHandler;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/activemq-core-5.3.0.jar:org/apache/activemq/security/JaasAuthenticationBroker.class
 */
/* loaded from: input_file:WEB-INF/lib/activemq-web-5.3.0.jar:org/apache/activemq/security/JaasAuthenticationBroker.class */
public class JaasAuthenticationBroker extends BrokerFilter {
    private final String jassConfiguration;
    private final CopyOnWriteArrayList<SecurityContext> securityContexts;

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/activemq-core-5.3.0.jar:org/apache/activemq/security/JaasAuthenticationBroker$JaasSecurityContext.class
     */
    /* loaded from: input_file:WEB-INF/lib/activemq-web-5.3.0.jar:org/apache/activemq/security/JaasAuthenticationBroker$JaasSecurityContext.class */
    static class JaasSecurityContext extends SecurityContext {
        private final Subject subject;

        public JaasSecurityContext(String str, Subject subject) {
            super(str);
            this.subject = subject;
        }

        @Override // org.apache.activemq.security.SecurityContext
        public Set<Principal> getPrincipals() {
            return this.subject.getPrincipals();
        }
    }

    public JaasAuthenticationBroker(Broker broker, String str) {
        super(broker);
        this.securityContexts = new CopyOnWriteArrayList<>();
        this.jassConfiguration = str;
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.apache.activemq.broker.BrokerFilter, org.apache.activemq.broker.Broker
    public void addConnection(ConnectionContext connectionContext, ConnectionInfo connectionInfo) throws Exception {
        if (connectionContext.getSecurityContext() == null) {
            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
            Thread.currentThread().setContextClassLoader(JaasAuthenticationBroker.class.getClassLoader());
            try {
                try {
                    LoginContext loginContext = new LoginContext(this.jassConfiguration, new JassCredentialCallbackHandler(connectionInfo.getUserName(), connectionInfo.getPassword()));
                    loginContext.login();
                    JaasSecurityContext jaasSecurityContext = new JaasSecurityContext(connectionInfo.getUserName(), loginContext.getSubject());
                    connectionContext.setSecurityContext(jaasSecurityContext);
                    this.securityContexts.add(jaasSecurityContext);
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                } catch (Exception e) {
                    throw ((SecurityException) new SecurityException("User name or password is invalid.").initCause(e));
                }
            } catch (Throwable th) {
                Thread.currentThread().setContextClassLoader(contextClassLoader);
                throw th;
            }
        }
        super.addConnection(connectionContext, connectionInfo);
    }

    @Override // org.apache.activemq.broker.BrokerFilter, org.apache.activemq.broker.Broker
    public void removeConnection(ConnectionContext connectionContext, ConnectionInfo connectionInfo, Throwable th) throws Exception {
        super.removeConnection(connectionContext, connectionInfo, th);
        if (this.securityContexts.remove(connectionContext.getSecurityContext())) {
            connectionContext.setSecurityContext(null);
        }
    }

    public void refresh() {
        Iterator<SecurityContext> it = this.securityContexts.iterator();
        while (it.hasNext()) {
            SecurityContext next = it.next();
            next.getAuthorizedReadDests().clear();
            next.getAuthorizedWriteDests().clear();
        }
    }
}
