package com.cvicse.inforsuitemq.security;

import com.cvicse.inforsuitemq.broker.ConnectionContext;
import com.cvicse.inforsuitemq.broker.region.Destination;
import com.cvicse.inforsuitemq.broker.region.DestinationFilter;
import com.cvicse.inforsuitemq.broker.region.Subscription;
import com.cvicse.inforsuitemq.command.InforsuiteMQDestination;
import java.util.Set;

/* JADX WARN: Classes with same name are omitted:
  input_file:com/cvicse/inforsuitemq/advisory/inforsuitemq-broker-9.1.0.jar:com/cvicse/inforsuitemq/security/AuthorizationDestinationFilter.class
 */
/* loaded from: input_file:com/cvicse/inforsuitemq/security/AuthorizationDestinationFilter.class */
public class AuthorizationDestinationFilter extends DestinationFilter {
    private final AuthorizationBroker broker;

    public AuthorizationDestinationFilter(Destination destination, AuthorizationBroker authorizationBroker) {
        super(destination);
        this.broker = authorizationBroker;
    }

    @Override // com.cvicse.inforsuitemq.broker.region.DestinationFilter, com.cvicse.inforsuitemq.broker.region.Destination
    public void addSubscription(ConnectionContext connectionContext, Subscription subscription) throws Exception {
        SecurityContext checkSecurityContext = this.broker.checkSecurityContext(connectionContext);
        AuthorizationMap authorizationMap = this.broker.getAuthorizationMap();
        InforsuiteMQDestination inforsuiteMQDestination = this.next.getInforsuiteMQDestination();
        Set<?> readACLs = !inforsuiteMQDestination.isTemporary() ? authorizationMap.getReadACLs(inforsuiteMQDestination) : authorizationMap.getTempDestinationReadACLs();
        if (!checkSecurityContext.isBrokerContext() && readACLs != null && !checkSecurityContext.isInOneOf(readACLs)) {
            throw new SecurityException("User " + checkSecurityContext.getUserName() + " is not authorized to read from: " + inforsuiteMQDestination);
        }
        super.addSubscription(connectionContext, subscription);
    }
}
