package org.apache.qpid.server.security.access.config;

import java.security.AccessController;
import java.util.Collections;
import java.util.Map;
import javax.security.auth.Subject;
import org.apache.qpid.server.model.Model;
import org.apache.qpid.server.model.PermissionedObject;
import org.apache.qpid.server.security.AccessControl;
import org.apache.qpid.server.security.Result;
import org.apache.qpid.server.security.SecurityToken;
import org.apache.qpid.server.security.access.Operation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/qpid/server/security/access/config/RuleBasedAccessControl.class */
public class RuleBasedAccessControl implements AccessControl<CachingSecurityToken>, LegacyAccessControl {
    private static final Logger LOGGER = LoggerFactory.getLogger(RuleBasedAccessControl.class);
    private final LegacyAccessControlAdapter _adapter;
    private final RuleSet _ruleSet;

    public RuleBasedAccessControl(RuleSet ruleSet, Model model) {
        this._ruleSet = ruleSet;
        this._adapter = new LegacyAccessControlAdapter(this, model);
    }

    public Result getDefault() {
        return this._ruleSet.getDefault();
    }

    /* renamed from: newToken, reason: merged with bridge method [inline-methods] */
    public final CachingSecurityToken m11newToken() {
        return m10newToken(Subject.getSubject(AccessController.getContext()));
    }

    /* renamed from: newToken, reason: merged with bridge method [inline-methods] */
    public CachingSecurityToken m10newToken(Subject subject) {
        return new CachingSecurityToken(subject, this);
    }

    @Override // org.apache.qpid.server.security.access.config.LegacyAccessControl
    public final Result authorise(LegacyOperation legacyOperation, ObjectType objectType, ObjectProperties objectProperties) {
        Subject subject = Subject.getSubject(AccessController.getContext());
        if (subject == null || subject.getPrincipals().size() == 0) {
            return Result.DEFER;
        }
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Checking " + legacyOperation + " " + objectType);
        }
        try {
            return this._ruleSet.check(subject, legacyOperation, objectType, objectProperties);
        } catch (Exception e) {
            LOGGER.error("Unable to check " + legacyOperation + " " + objectType, e);
            return Result.DENIED;
        }
    }

    public Result authorise(CachingSecurityToken cachingSecurityToken, Operation operation, PermissionedObject permissionedObject) {
        return authorise(cachingSecurityToken, operation, permissionedObject, Collections.emptyMap());
    }

    public Result authorise(CachingSecurityToken cachingSecurityToken, Operation operation, PermissionedObject permissionedObject, Map<String, Object> map) {
        return cachingSecurityToken != null ? cachingSecurityToken.authorise(this, operation, permissionedObject, map) : authorise(operation, permissionedObject, map);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Result authorise(Operation operation, PermissionedObject permissionedObject, Map<String, Object> map) {
        return this._adapter.authorise(operation, permissionedObject, map);
    }

    public /* bridge */ /* synthetic */ Result authorise(SecurityToken securityToken, Operation operation, PermissionedObject permissionedObject, Map map) {
        return authorise((CachingSecurityToken) securityToken, operation, permissionedObject, (Map<String, Object>) map);
    }
}
