package org.apache.activemq.security;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import javax.naming.Binding;
import javax.naming.InvalidNameException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.event.EventDirContext;
import javax.naming.event.NamespaceChangeListener;
import javax.naming.event.NamingEvent;
import javax.naming.event.NamingExceptionEvent;
import javax.naming.event.ObjectChangeListener;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import org.apache.activemq.command.ActiveMQDestination;
import org.apache.activemq.command.ActiveMQQueue;
import org.apache.activemq.command.ActiveMQTopic;
import org.apache.activemq.jaas.UserPrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import won.protocol.vocabulary.SCHEMA;

/* loaded from: input_file:org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap.class */
public class SimpleCachedLDAPAuthorizationMap implements AuthorizationMap {
    private long lastUpdated;
    protected DirContext context;
    private EventDirContext eventContext;
    private static final Logger LOG = LoggerFactory.getLogger(SimpleCachedLDAPAuthorizationMap.class);
    private static String ANY_DESCENDANT = "\\$";
    private final String initialContextFactory = "com.sun.jndi.ldap.LdapCtxFactory";
    private String connectionURL = "ldap://localhost:1024";
    private String connectionUsername = "uid=admin,ou=system";
    private String connectionPassword = "secret";
    private String connectionProtocol = SCHEMA.DEFAULT_PREFIX;
    private String authentication = "simple";
    private int queuePrefixLength = 4;
    private int topicPrefixLength = 4;
    private int tempPrefixLength = 4;
    private String queueSearchBase = "ou=Queue,ou=Destination,ou=ActiveMQ,ou=system";
    private String topicSearchBase = "ou=Topic,ou=Destination,ou=ActiveMQ,ou=system";
    private String tempSearchBase = "ou=Temp,ou=Destination,ou=ActiveMQ,ou=system";
    private String permissionGroupMemberAttribute = "member";
    private String adminPermissionGroupSearchFilter = "(cn=Admin)";
    private String readPermissionGroupSearchFilter = "(cn=Read)";
    private String writePermissionGroupSearchFilter = "(cn=Write)";
    private boolean legacyGroupMapping = true;
    private String groupObjectClass = "groupOfNames";
    private String userObjectClass = "person";
    private String groupNameAttribute = "cn";
    private String userNameAttribute = "uid";
    private int refreshInterval = -1;
    private boolean refreshDisabled = false;
    protected String groupClass = DefaultAuthorizationMap.DEFAULT_GROUP_CLASS;
    private final AtomicReference<DefaultAuthorizationMap> map = new AtomicReference<>(new DefaultAuthorizationMap());
    protected Map<ActiveMQDestination, AuthorizationEntry> entries = new ConcurrentHashMap();
    private final ThreadPoolExecutor updaterService = new ThreadPoolExecutor(0, 1, 60, TimeUnit.SECONDS, new LinkedBlockingQueue(2), new ThreadFactory() { // from class: org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.1
        @Override // java.util.concurrent.ThreadFactory
        public Thread newThread(Runnable runnable) {
            return new Thread(runnable, "SimpleCachedLDAPAuthorizationMap update thread");
        }
    });

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap$CachedLDAPAuthorizationMapNamespaceChangeListener.class */
    public class CachedLDAPAuthorizationMapNamespaceChangeListener implements NamespaceChangeListener, ObjectChangeListener {
        private final DestinationType destinationType;
        private final PermissionType permissionType;

        public CachedLDAPAuthorizationMapNamespaceChangeListener(DestinationType destinationType, PermissionType permissionType) {
            this.destinationType = destinationType;
            this.permissionType = permissionType;
        }

        public void namingExceptionThrown(NamingExceptionEvent namingExceptionEvent) {
            SimpleCachedLDAPAuthorizationMap.this.namingExceptionThrown(namingExceptionEvent);
        }

        public void objectAdded(NamingEvent namingEvent) {
            if (this.permissionType != null) {
                SimpleCachedLDAPAuthorizationMap.this.objectAdded(namingEvent, this.destinationType, this.permissionType);
            }
        }

        public void objectRemoved(NamingEvent namingEvent) {
            if (this.permissionType != null) {
                SimpleCachedLDAPAuthorizationMap.this.objectRemoved(namingEvent, this.destinationType, this.permissionType);
            }
        }

        public void objectRenamed(NamingEvent namingEvent) {
            SimpleCachedLDAPAuthorizationMap.this.objectRenamed(namingEvent, this.destinationType, this.permissionType);
        }

        public void objectChanged(NamingEvent namingEvent) {
            if (this.permissionType != null) {
                SimpleCachedLDAPAuthorizationMap.this.objectChanged(namingEvent, this.destinationType, this.permissionType);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap$DestinationType.class */
    public enum DestinationType {
        QUEUE,
        TOPIC,
        TEMP
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/activemq/security/SimpleCachedLDAPAuthorizationMap$PermissionType.class */
    public enum PermissionType {
        READ,
        WRITE,
        ADMIN
    }

    public SimpleCachedLDAPAuthorizationMap() {
        this.updaterService.setRejectedExecutionHandler(new ThreadPoolExecutor.DiscardPolicy());
    }

    protected DirContext createContext() throws NamingException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        if (this.connectionUsername == null || "".equals(this.connectionUsername)) {
            throw new NamingException("Empty username is not allowed");
        }
        hashtable.put("java.naming.security.principal", this.connectionUsername);
        if (this.connectionPassword == null || "".equals(this.connectionPassword)) {
            throw new NamingException("Empty password is not allowed");
        }
        hashtable.put("java.naming.security.credentials", this.connectionPassword);
        hashtable.put("java.naming.security.protocol", this.connectionProtocol);
        hashtable.put("java.naming.provider.url", this.connectionURL);
        hashtable.put("java.naming.security.authentication", this.authentication);
        return new InitialDirContext(hashtable);
    }

    protected boolean isContextAlive() {
        boolean z = false;
        if (this.context != null) {
            try {
                this.context.getAttributes("");
                z = true;
            } catch (Exception e) {
            }
        }
        return z;
    }

    protected DirContext open() throws NamingException {
        if (isContextAlive()) {
            return this.context;
        }
        try {
            this.context = createContext();
            if (this.refreshInterval == -1 && !this.refreshDisabled) {
                this.eventContext = (EventDirContext) this.context.lookup("");
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(2);
                for (PermissionType permissionType : PermissionType.values()) {
                    this.eventContext.addNamingListener(this.queueSearchBase, getFilterForPermissionType(permissionType), searchControls, new CachedLDAPAuthorizationMapNamespaceChangeListener(DestinationType.QUEUE, permissionType));
                }
                this.eventContext.addNamingListener(this.queueSearchBase, "cn=*", new SearchControls(), new CachedLDAPAuthorizationMapNamespaceChangeListener(DestinationType.QUEUE, null));
                for (PermissionType permissionType2 : PermissionType.values()) {
                    this.eventContext.addNamingListener(this.topicSearchBase, getFilterForPermissionType(permissionType2), searchControls, new CachedLDAPAuthorizationMapNamespaceChangeListener(DestinationType.TOPIC, permissionType2));
                }
                this.eventContext.addNamingListener(this.topicSearchBase, "cn=*", new SearchControls(), new CachedLDAPAuthorizationMapNamespaceChangeListener(DestinationType.TOPIC, null));
                for (PermissionType permissionType3 : PermissionType.values()) {
                    this.eventContext.addNamingListener(this.tempSearchBase, getFilterForPermissionType(permissionType3), searchControls, new CachedLDAPAuthorizationMapNamespaceChangeListener(DestinationType.TEMP, permissionType3));
                }
            }
            return this.context;
        } catch (NamingException e) {
            this.context = null;
            throw e;
        }
    }

    protected void query() throws Exception {
        DirContext open = open();
        SearchControls searchControls = new SearchControls();
        searchControls.setSearchScope(2);
        DefaultAuthorizationMap defaultAuthorizationMap = new DefaultAuthorizationMap();
        for (PermissionType permissionType : PermissionType.values()) {
            try {
                processQueryResults(defaultAuthorizationMap, open.search(this.queueSearchBase, getFilterForPermissionType(permissionType), searchControls), DestinationType.QUEUE, permissionType);
            } catch (Exception e) {
                LOG.error("Policy not applied!.  Error processing policy under '{}' with filter '{}'", new Object[]{this.queueSearchBase, getFilterForPermissionType(permissionType)}, e);
            }
        }
        for (PermissionType permissionType2 : PermissionType.values()) {
            try {
                processQueryResults(defaultAuthorizationMap, open.search(this.topicSearchBase, getFilterForPermissionType(permissionType2), searchControls), DestinationType.TOPIC, permissionType2);
            } catch (Exception e2) {
                LOG.error("Policy not applied!.  Error processing policy under '{}' with filter '{}'", new Object[]{this.topicSearchBase, getFilterForPermissionType(permissionType2)}, e2);
            }
        }
        for (PermissionType permissionType3 : PermissionType.values()) {
            try {
                processQueryResults(defaultAuthorizationMap, open.search(this.tempSearchBase, getFilterForPermissionType(permissionType3), searchControls), DestinationType.TEMP, permissionType3);
            } catch (Exception e3) {
                LOG.error("Policy not applied!.  Error processing policy under '{}' with filter '{}'", new Object[]{this.tempSearchBase, getFilterForPermissionType(permissionType3)}, e3);
            }
        }
        defaultAuthorizationMap.setAuthorizationEntries(new ArrayList(this.entries.values()));
        defaultAuthorizationMap.setGroupClass(this.groupClass);
        this.map.set(defaultAuthorizationMap);
        updated();
    }

    protected void processQueryResults(DefaultAuthorizationMap defaultAuthorizationMap, NamingEnumeration<SearchResult> namingEnumeration, DestinationType destinationType, PermissionType permissionType) throws Exception {
        while (namingEnumeration.hasMore()) {
            SearchResult searchResult = (SearchResult) namingEnumeration.next();
            try {
                applyACL(getEntry(defaultAuthorizationMap, new LdapName(searchResult.getNameInNamespace()), destinationType), searchResult, permissionType);
            } catch (Exception e) {
                LOG.error("Policy not applied!  Error parsing authorization policy entry under {}", searchResult.getNameInNamespace(), e);
            }
        }
    }

    protected void updated() {
        this.lastUpdated = System.currentTimeMillis();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v12, types: [org.apache.activemq.security.AuthorizationEntry] */
    /* JADX WARN: Type inference failed for: r0v14, types: [org.apache.activemq.security.AuthorizationEntry] */
    protected AuthorizationEntry getEntry(DefaultAuthorizationMap defaultAuthorizationMap, LdapName ldapName, DestinationType destinationType) {
        TempDestinationAuthorizationEntry tempDestinationAuthorizationEntry = null;
        switch (destinationType) {
            case TEMP:
                if (ldapName.size() == getPrefixLengthForDestinationType(destinationType) + 1) {
                    tempDestinationAuthorizationEntry = defaultAuthorizationMap.getTempDestinationAuthorizationEntry();
                    if (tempDestinationAuthorizationEntry == null) {
                        tempDestinationAuthorizationEntry = new TempDestinationAuthorizationEntry();
                        defaultAuthorizationMap.setTempDestinationAuthorizationEntry(tempDestinationAuthorizationEntry);
                        break;
                    }
                } else {
                    throw new IllegalArgumentException("Malformed policy structure for a temporary destination policy entry.  The permission group entries should be immediately below the temporary policy base DN.");
                }
                break;
            case QUEUE:
            case TOPIC:
                if (ldapName.size() == getPrefixLengthForDestinationType(destinationType) + 2) {
                    ActiveMQDestination formatDestination = formatDestination(ldapName, destinationType);
                    if (formatDestination != null) {
                        tempDestinationAuthorizationEntry = this.entries.get(formatDestination);
                        if (tempDestinationAuthorizationEntry == null) {
                            tempDestinationAuthorizationEntry = new AuthorizationEntry();
                            tempDestinationAuthorizationEntry.setDestination(formatDestination);
                            this.entries.put(formatDestination, tempDestinationAuthorizationEntry);
                            break;
                        }
                    }
                } else {
                    throw new IllegalArgumentException("Malformed policy structure for a queue or topic destination policy entry.  The destination pattern and permission group entries should be nested below the queue or topic policy base DN.");
                }
                break;
            default:
                throw new IllegalArgumentException("Unknown destination type " + destinationType);
        }
        return tempDestinationAuthorizationEntry;
    }

    protected void applyACL(AuthorizationEntry authorizationEntry, SearchResult searchResult, PermissionType permissionType) throws NamingException {
        NamingEnumeration all = searchResult.getAttributes().get(this.permissionGroupMemberAttribute).getAll();
        HashSet hashSet = new HashSet();
        while (all.hasMoreElements()) {
            String str = (String) all.nextElement();
            boolean z = false;
            boolean z2 = false;
            String str2 = null;
            if (this.legacyGroupMapping) {
                z = true;
                str2 = str.replaceAll("(cn|CN)=", "");
            } else {
                try {
                    Attributes attributes = this.context.getAttributes(str, new String[]{"objectClass", this.groupNameAttribute, this.userNameAttribute});
                    NamingEnumeration all2 = attributes.get("objectClass").getAll();
                    while (true) {
                        if (!all2.hasMoreElements()) {
                            break;
                        }
                        String str3 = (String) all2.nextElement();
                        if (str3.equalsIgnoreCase(this.groupObjectClass)) {
                            z = true;
                            Attribute attribute = attributes.get(this.groupNameAttribute);
                            if (attribute == null) {
                                LOG.error("Policy not applied! Group {} does not have name attribute {} under entry {}", new Object[]{str, this.groupNameAttribute, searchResult.getNameInNamespace()});
                                break;
                            }
                            str2 = (String) attribute.get();
                        }
                        if (str3.equalsIgnoreCase(this.userObjectClass)) {
                            z2 = true;
                            Attribute attribute2 = attributes.get(this.userNameAttribute);
                            if (attribute2 == null) {
                                LOG.error("Policy not applied! User {} does not have name attribute {} under entry {}", new Object[]{str, this.userNameAttribute, searchResult.getNameInNamespace()});
                                break;
                            }
                            str2 = (String) attribute2.get();
                        }
                    }
                } catch (NamingException e) {
                    LOG.error("Policy not applied! Unknown member {} in policy entry {}", new Object[]{str, searchResult.getNameInNamespace()}, e);
                }
            }
            if ((!z && !z2) || (z && z2)) {
                LOG.error("Policy not applied! Can't determine type of member {} under entry {}", str, searchResult.getNameInNamespace());
            } else if (str2 != null) {
                DefaultAuthorizationMap defaultAuthorizationMap = this.map.get();
                if (z && !z2) {
                    try {
                        hashSet.add(DefaultAuthorizationMap.createGroupPrincipal(str2, defaultAuthorizationMap.getGroupClass()));
                    } catch (Exception e2) {
                        NamingException namingException = new NamingException("Can't create a group " + str2 + " of class " + defaultAuthorizationMap.getGroupClass());
                        namingException.initCause(e2);
                        throw namingException;
                    }
                } else if (!z && z2) {
                    hashSet.add(new UserPrincipal(str2));
                }
            } else {
                continue;
            }
        }
        try {
            applyAcl(authorizationEntry, permissionType, hashSet);
        } catch (Exception e3) {
            LOG.error("Policy not applied! Error adding principals to ACL under {}", searchResult.getNameInNamespace(), e3);
        }
    }

    protected void applyAcl(AuthorizationEntry authorizationEntry, PermissionType permissionType, Set<Object> set) {
        switch (permissionType) {
            case READ:
                authorizationEntry.setReadACLs(set);
                return;
            case WRITE:
                authorizationEntry.setWriteACLs(set);
                return;
            case ADMIN:
                authorizationEntry.setAdminACLs(set);
                return;
            default:
                throw new IllegalArgumentException("Unknown permission " + permissionType + ".");
        }
    }

    protected ActiveMQDestination formatDestination(LdapName ldapName, DestinationType destinationType) {
        ActiveMQDestination formatDestination;
        switch (destinationType) {
            case QUEUE:
            case TOPIC:
                if (ldapName.size() == getPrefixLengthForDestinationType(destinationType) + 2) {
                    formatDestination = formatDestination(ldapName.getRdn(ldapName.size() - 2), destinationType);
                } else {
                    if (ldapName.size() != getPrefixLengthForDestinationType(destinationType) + 1) {
                        throw new IllegalArgumentException("Malformed DN for representing a permission or destination entry.");
                    }
                    formatDestination = formatDestination(ldapName.getRdn(ldapName.size() - 1), destinationType);
                }
                return formatDestination;
            default:
                throw new IllegalArgumentException("Cannot format destination for destination type " + destinationType);
        }
    }

    protected ActiveMQDestination formatDestination(Rdn rdn, DestinationType destinationType) {
        ActiveMQDestination activeMQTopic;
        switch (destinationType) {
            case QUEUE:
                activeMQTopic = new ActiveMQQueue(formatDestinationName(rdn));
                break;
            case TOPIC:
                activeMQTopic = new ActiveMQTopic(formatDestinationName(rdn));
                break;
            default:
                throw new IllegalArgumentException("Unknown destination type: " + destinationType);
        }
        return activeMQTopic;
    }

    protected String formatDestinationName(Rdn rdn) {
        return rdn.getValue().toString().replaceAll(ANY_DESCENDANT, ">");
    }

    protected <T> Set<T> transcribeSet(Set<T> set) {
        if (set != null) {
            return new HashSet(set);
        }
        return null;
    }

    protected String getFilterForPermissionType(PermissionType permissionType) {
        String str;
        switch (permissionType) {
            case READ:
                str = this.readPermissionGroupSearchFilter;
                break;
            case WRITE:
                str = this.writePermissionGroupSearchFilter;
                break;
            case ADMIN:
                str = this.adminPermissionGroupSearchFilter;
                break;
            default:
                throw new IllegalArgumentException("Unknown permission type " + permissionType);
        }
        return str;
    }

    protected int getPrefixLengthForDestinationType(DestinationType destinationType) {
        int i;
        switch (destinationType) {
            case TEMP:
                i = this.tempPrefixLength;
                break;
            case QUEUE:
                i = this.queuePrefixLength;
                break;
            case TOPIC:
                i = this.topicPrefixLength;
                break;
            default:
                throw new IllegalArgumentException("Unknown permission type " + destinationType);
        }
        return i;
    }

    protected void checkForUpdates() {
        if (this.context == null || !this.refreshDisabled) {
            if (this.context == null || !(this.refreshDisabled || this.refreshInterval == -1 || System.currentTimeMillis() < this.lastUpdated + this.refreshInterval)) {
                this.updaterService.execute(new Runnable() { // from class: org.apache.activemq.security.SimpleCachedLDAPAuthorizationMap.2
                    @Override // java.lang.Runnable
                    public void run() {
                        if (SimpleCachedLDAPAuthorizationMap.this.context == null || !(SimpleCachedLDAPAuthorizationMap.this.refreshDisabled || SimpleCachedLDAPAuthorizationMap.this.refreshInterval == -1 || System.currentTimeMillis() < SimpleCachedLDAPAuthorizationMap.this.lastUpdated + SimpleCachedLDAPAuthorizationMap.this.refreshInterval)) {
                            if (!SimpleCachedLDAPAuthorizationMap.this.isContextAlive()) {
                                try {
                                    SimpleCachedLDAPAuthorizationMap.this.context = SimpleCachedLDAPAuthorizationMap.this.createContext();
                                } catch (NamingException e) {
                                    return;
                                }
                            }
                            SimpleCachedLDAPAuthorizationMap.this.entries.clear();
                            SimpleCachedLDAPAuthorizationMap.LOG.debug("Updating authorization map!");
                            try {
                                SimpleCachedLDAPAuthorizationMap.this.query();
                            } catch (Exception e2) {
                                SimpleCachedLDAPAuthorizationMap.LOG.error("Error updating authorization map.  Partial policy may be applied until the next successful update.", (Throwable) e2);
                            }
                        }
                    }
                });
            }
        }
    }

    @Override // org.apache.activemq.security.AuthorizationMap
    public Set<Object> getTempDestinationAdminACLs() {
        checkForUpdates();
        return transcribeSet(this.map.get().getTempDestinationAdminACLs());
    }

    @Override // org.apache.activemq.security.AuthorizationMap
    public Set<Object> getTempDestinationReadACLs() {
        checkForUpdates();
        return transcribeSet(this.map.get().getTempDestinationReadACLs());
    }

    @Override // org.apache.activemq.security.AuthorizationMap
    public Set<Object> getTempDestinationWriteACLs() {
        checkForUpdates();
        return transcribeSet(this.map.get().getTempDestinationWriteACLs());
    }

    @Override // org.apache.activemq.security.AuthorizationMap
    public Set<Object> getAdminACLs(ActiveMQDestination activeMQDestination) {
        checkForUpdates();
        return this.map.get().getAdminACLs(activeMQDestination);
    }

    @Override // org.apache.activemq.security.AuthorizationMap
    public Set<Object> getReadACLs(ActiveMQDestination activeMQDestination) {
        checkForUpdates();
        return this.map.get().getReadACLs(activeMQDestination);
    }

    @Override // org.apache.activemq.security.AuthorizationMap
    public Set<Object> getWriteACLs(ActiveMQDestination activeMQDestination) {
        checkForUpdates();
        return this.map.get().getWriteACLs(activeMQDestination);
    }

    public void objectAdded(NamingEvent namingEvent, DestinationType destinationType, PermissionType permissionType) {
        LOG.debug("Adding object: {}", namingEvent.getNewBinding());
        SearchResult searchResult = (SearchResult) namingEvent.getNewBinding();
        try {
            DefaultAuthorizationMap defaultAuthorizationMap = this.map.get();
            AuthorizationEntry entry = getEntry(defaultAuthorizationMap, new LdapName(searchResult.getName()), destinationType);
            applyACL(entry, searchResult, permissionType);
            if (!(entry instanceof TempDestinationAuthorizationEntry)) {
                defaultAuthorizationMap.put(entry.getDestination(), entry);
            }
        } catch (InvalidNameException e) {
            LOG.error("Policy not applied!  Error parsing DN for addition of {}", searchResult.getName(), e);
        } catch (Exception e2) {
            LOG.error("Policy not applied!  Error processing object addition for addition of {}", searchResult.getName(), e2);
        }
    }

    public void objectRemoved(NamingEvent namingEvent, DestinationType destinationType, PermissionType permissionType) {
        LOG.debug("Removing object: {}", namingEvent.getOldBinding());
        Binding oldBinding = namingEvent.getOldBinding();
        try {
            applyAcl(getEntry(this.map.get(), new LdapName(oldBinding.getName()), destinationType), permissionType, new HashSet());
        } catch (Exception e) {
            LOG.error("Policy not applied!  Error processing object removal for removal of {}", oldBinding.getName(), e);
        } catch (InvalidNameException e2) {
            LOG.error("Policy not applied!  Error parsing DN for object removal for removal of {}", oldBinding.getName(), e2);
        }
    }

    public void objectRenamed(NamingEvent namingEvent, DestinationType destinationType, PermissionType permissionType) {
        Binding oldBinding = namingEvent.getOldBinding();
        Binding newBinding = namingEvent.getNewBinding();
        LOG.debug("Renaming object: {} to {}", oldBinding, newBinding);
        try {
            ActiveMQDestination formatDestination = formatDestination(new LdapName(oldBinding.getName()), destinationType);
            LdapName ldapName = new LdapName(newBinding.getName());
            ActiveMQDestination formatDestination2 = formatDestination(ldapName, destinationType);
            if (permissionType != null) {
                objectRemoved(namingEvent, destinationType, permissionType);
                SearchControls searchControls = new SearchControls();
                searchControls.setSearchScope(0);
                boolean z = false;
                PermissionType[] values = PermissionType.values();
                int length = values.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    PermissionType permissionType2 = values[i];
                    if (this.context.search(ldapName, getFilterForPermissionType(permissionType2), searchControls).hasMore()) {
                        objectAdded(namingEvent, destinationType, permissionType2);
                        z = true;
                        break;
                    }
                    i++;
                }
                if (!z) {
                    LOG.error("Policy not applied!  Error processing object rename for rename of {} to {}. Could not determine permission type of new object.", oldBinding.getName(), newBinding.getName());
                }
            } else if (formatDestination != null && formatDestination2 != null) {
                AuthorizationEntry remove = this.entries.remove(formatDestination);
                if (remove != null) {
                    remove.setDestination(formatDestination2);
                    DefaultAuthorizationMap defaultAuthorizationMap = this.map.get();
                    defaultAuthorizationMap.put(formatDestination2, remove);
                    defaultAuthorizationMap.remove(formatDestination, remove);
                    this.entries.put(formatDestination2, remove);
                } else {
                    LOG.warn("No authorization entry for {}", formatDestination);
                }
            }
        } catch (InvalidNameException e) {
            LOG.error("Policy not applied!  Error parsing DN for object rename for rename of {} to {}", new Object[]{oldBinding.getName(), newBinding.getName()}, e);
        } catch (Exception e2) {
            LOG.error("Policy not applied!  Error processing object rename for rename of {} to {}", new Object[]{oldBinding.getName(), newBinding.getName()}, e2);
        }
    }

    public void objectChanged(NamingEvent namingEvent, DestinationType destinationType, PermissionType permissionType) {
        LOG.debug("Changing object {} to {}", namingEvent.getOldBinding(), namingEvent.getNewBinding());
        objectRemoved(namingEvent, destinationType, permissionType);
        objectAdded(namingEvent, destinationType, permissionType);
    }

    public void namingExceptionThrown(NamingExceptionEvent namingExceptionEvent) {
        this.context = null;
        LOG.error("Caught unexpected exception.", (Throwable) namingExceptionEvent.getException());
    }

    public void afterPropertiesSet() throws Exception {
        query();
    }

    public void destroy() throws Exception {
        if (this.eventContext != null) {
            this.eventContext.close();
            this.eventContext = null;
        }
        if (this.context != null) {
            this.context.close();
            this.context = null;
        }
    }

    public String getConnectionURL() {
        return this.connectionURL;
    }

    public void setConnectionURL(String str) {
        this.connectionURL = str;
    }

    public String getConnectionUsername() {
        return this.connectionUsername;
    }

    public void setConnectionUsername(String str) {
        this.connectionUsername = str;
    }

    public String getConnectionPassword() {
        return this.connectionPassword;
    }

    public void setConnectionPassword(String str) {
        this.connectionPassword = str;
    }

    public String getConnectionProtocol() {
        return this.connectionProtocol;
    }

    public void setConnectionProtocol(String str) {
        this.connectionProtocol = str;
    }

    public String getAuthentication() {
        return this.authentication;
    }

    public void setAuthentication(String str) {
        this.authentication = str;
    }

    public String getQueueSearchBase() {
        return this.queueSearchBase;
    }

    public void setQueueSearchBase(String str) {
        try {
            this.queuePrefixLength = new LdapName(str).size();
            this.queueSearchBase = str;
        } catch (InvalidNameException e) {
            throw new IllegalArgumentException("Invalid base DN value " + str, e);
        }
    }

    public String getTopicSearchBase() {
        return this.topicSearchBase;
    }

    public void setTopicSearchBase(String str) {
        try {
            this.topicPrefixLength = new LdapName(str).size();
            this.topicSearchBase = str;
        } catch (InvalidNameException e) {
            throw new IllegalArgumentException("Invalid base DN value " + str, e);
        }
    }

    public String getTempSearchBase() {
        return this.tempSearchBase;
    }

    public void setTempSearchBase(String str) {
        try {
            this.tempPrefixLength = new LdapName(str).size();
            this.tempSearchBase = str;
        } catch (InvalidNameException e) {
            throw new IllegalArgumentException("Invalid base DN value " + str, e);
        }
    }

    public String getPermissionGroupMemberAttribute() {
        return this.permissionGroupMemberAttribute;
    }

    public void setPermissionGroupMemberAttribute(String str) {
        this.permissionGroupMemberAttribute = str;
    }

    public String getAdminPermissionGroupSearchFilter() {
        return this.adminPermissionGroupSearchFilter;
    }

    public void setAdminPermissionGroupSearchFilter(String str) {
        this.adminPermissionGroupSearchFilter = str;
    }

    public String getReadPermissionGroupSearchFilter() {
        return this.readPermissionGroupSearchFilter;
    }

    public void setReadPermissionGroupSearchFilter(String str) {
        this.readPermissionGroupSearchFilter = str;
    }

    public String getWritePermissionGroupSearchFilter() {
        return this.writePermissionGroupSearchFilter;
    }

    public void setWritePermissionGroupSearchFilter(String str) {
        this.writePermissionGroupSearchFilter = str;
    }

    public boolean isLegacyGroupMapping() {
        return this.legacyGroupMapping;
    }

    public void setLegacyGroupMapping(boolean z) {
        this.legacyGroupMapping = z;
    }

    public String getGroupObjectClass() {
        return this.groupObjectClass;
    }

    public void setGroupObjectClass(String str) {
        this.groupObjectClass = str;
    }

    public String getUserObjectClass() {
        return this.userObjectClass;
    }

    public void setUserObjectClass(String str) {
        this.userObjectClass = str;
    }

    public String getGroupNameAttribute() {
        return this.groupNameAttribute;
    }

    public void setGroupNameAttribute(String str) {
        this.groupNameAttribute = str;
    }

    public String getUserNameAttribute() {
        return this.userNameAttribute;
    }

    public void setUserNameAttribute(String str) {
        this.userNameAttribute = str;
    }

    public boolean isRefreshDisabled() {
        return this.refreshDisabled;
    }

    public void setRefreshDisabled(boolean z) {
        this.refreshDisabled = z;
    }

    public int getRefreshInterval() {
        return this.refreshInterval;
    }

    public void setRefreshInterval(int i) {
        this.refreshInterval = i;
    }

    public String getGroupClass() {
        return this.groupClass;
    }

    public void setGroupClass(String str) {
        this.groupClass = str;
        this.map.get().setGroupClass(str);
    }
}
