package org.openremote.manager.mqtt;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import io.micrometer.core.instrument.MeterRegistry;
import io.netty.channel.ChannelId;
import java.lang.System;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.ServiceLoader;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
import org.apache.activemq.artemis.api.core.ActiveMQException;
import org.apache.activemq.artemis.api.core.ActiveMQExceptionType;
import org.apache.activemq.artemis.api.core.SimpleString;
import org.apache.activemq.artemis.api.core.client.ActiveMQClient;
import org.apache.activemq.artemis.api.core.client.ClientSession;
import org.apache.activemq.artemis.api.core.client.ClientSessionFactory;
import org.apache.activemq.artemis.api.core.client.ServerLocator;
import org.apache.activemq.artemis.api.core.management.CoreNotificationType;
import org.apache.activemq.artemis.api.core.management.ManagementHelper;
import org.apache.activemq.artemis.core.client.impl.ClientSessionInternal;
import org.apache.activemq.artemis.core.config.Configuration;
import org.apache.activemq.artemis.core.config.MetricsConfiguration;
import org.apache.activemq.artemis.core.config.WildcardConfiguration;
import org.apache.activemq.artemis.core.config.impl.ConfigurationImpl;
import org.apache.activemq.artemis.core.config.impl.SecurityConfiguration;
import org.apache.activemq.artemis.core.protocol.mqtt.MQTTUtil;
import org.apache.activemq.artemis.core.remoting.FailureListener;
import org.apache.activemq.artemis.core.remoting.impl.invm.InVMConnection;
import org.apache.activemq.artemis.core.server.ServerSession;
import org.apache.activemq.artemis.core.server.embedded.EmbeddedActiveMQ;
import org.apache.activemq.artemis.core.server.metrics.plugins.SimpleMetricsPlugin;
import org.apache.activemq.artemis.core.server.plugin.ActiveMQServerConnectionPlugin;
import org.apache.activemq.artemis.core.server.plugin.ActiveMQServerSessionPlugin;
import org.apache.activemq.artemis.core.settings.impl.AddressFullMessagePolicy;
import org.apache.activemq.artemis.core.settings.impl.AddressSettings;
import org.apache.activemq.artemis.core.settings.impl.PageFullMessagePolicy;
import org.apache.activemq.artemis.spi.core.protocol.RemotingConnection;
import org.apache.activemq.artemis.spi.core.security.jaas.GuestLoginModule;
import org.apache.activemq.artemis.spi.core.security.jaas.PrincipalConversionLoginModule;
import org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal;
import org.apache.activemq.artemis.spi.core.security.jaas.UserPrincipal;
import org.apache.camel.builder.RouteBuilder;
import org.apache.http.client.utils.URIBuilder;
import org.keycloak.KeycloakPrincipal;
import org.openremote.container.message.MessageBrokerService;
import org.openremote.container.security.keycloak.KeycloakIdentityProvider;
import org.openremote.container.timer.TimerService;
import org.openremote.container.util.MapAccess;
import org.openremote.manager.asset.AssetProcessingService;
import org.openremote.manager.asset.AssetStorageService;
import org.openremote.manager.event.ClientEventService;
import org.openremote.manager.gateway.GatewayConnector;
import org.openremote.manager.map.MapService;
import org.openremote.manager.security.AuthorisationService;
import org.openremote.manager.security.ManagerIdentityService;
import org.openremote.manager.security.ManagerKeycloakIdentityProvider;
import org.openremote.manager.security.MultiTenantClientCredentialsGrantsLoginModule;
import org.openremote.model.Container;
import org.openremote.model.ContainerService;
import org.openremote.model.PersistenceEvent;
import org.openremote.model.asset.UserAssetLink;
import org.openremote.model.security.User;
import org.openremote.model.syslog.SyslogCategory;
import org.openremote.model.util.Debouncer;
import org.openremote.model.util.TextUtil;
import org.openremote.model.util.UniqueIdentifierGenerator;

/* loaded from: input_file:org/openremote/manager/mqtt/MQTTBrokerService.class */
public class MQTTBrokerService extends RouteBuilder implements ContainerService, ActiveMQServerConnectionPlugin, ActiveMQServerSessionPlugin {
    public static final String MQTT_FORCE_USER_DISCONNECT_DEBOUNCE_MILLIS = "MQTT_FORCE_USER_DISCONNECT_DEBOUNCE_MILLIS";
    public static final int PRIORITY = 0;
    public static final String MQTT_SERVER_LISTEN_HOST = "MQTT_SERVER_LISTEN_HOST";
    public static final String MQTT_SERVER_LISTEN_PORT = "MQTT_SERVER_LISTEN_PORT";
    public static final String ANONYMOUS_USERNAME = "anonymous";
    protected AssetStorageService assetStorageService;
    protected AuthorisationService authorisationService;
    protected ManagerKeycloakIdentityProvider identityProvider;
    protected ClientEventService clientEventService;
    protected MessageBrokerService messageBrokerService;
    protected ExecutorService executorService;
    protected TimerService timerService;
    protected AssetProcessingService assetProcessingService;
    protected Debouncer<String> userAssetDisconnectDebouncer;
    protected Cache<String, RemotingConnection> disconnectedConnectionCache;
    protected boolean active;
    protected String host;
    protected int port;
    protected Configuration serverConfiguration;
    protected EmbeddedActiveMQ server;
    protected ActiveMQORSecurityManager securityManager;
    protected ServerLocator serverLocator;
    protected ClientSessionFactory sessionFactory;
    public static int MQTT_FORCE_USER_DISCONNECT_DEBOUNCE_MILLIS_DEFAULT = 5000;
    protected static final System.Logger LOG = System.getLogger(MQTTBrokerService.class.getName() + "." + SyslogCategory.API.name());
    protected final WildcardConfiguration wildcardConfiguration = new WildcardConfiguration();
    protected List<MQTTHandler> customHandlers = new ArrayList();
    protected ConcurrentMap<String, RemotingConnection> clientIDConnectionMap = new ConcurrentHashMap();
    protected ConcurrentMap<String, RemotingConnection> connectionIDConnectionMap = new ConcurrentHashMap();
    protected ConcurrentMap<String, List<PersistenceEvent<UserAssetLink>>> userAssetLinkChangeMap = new ConcurrentHashMap();

    public int getPriority() {
        return 0;
    }

    public void init(final Container container) throws Exception {
        this.host = MapAccess.getString(container.getConfig(), MQTT_SERVER_LISTEN_HOST, "0.0.0.0");
        this.port = MapAccess.getInteger(container.getConfig(), MQTT_SERVER_LISTEN_PORT, 1883);
        int integer = MapAccess.getInteger(container.getConfig(), MQTT_FORCE_USER_DISCONNECT_DEBOUNCE_MILLIS, MQTT_FORCE_USER_DISCONNECT_DEBOUNCE_MILLIS_DEFAULT);
        this.assetStorageService = (AssetStorageService) container.getService(AssetStorageService.class);
        this.authorisationService = (AuthorisationService) container.getService(AuthorisationService.class);
        this.clientEventService = (ClientEventService) container.getService(ClientEventService.class);
        ManagerIdentityService service = container.getService(ManagerIdentityService.class);
        this.messageBrokerService = container.getService(MessageBrokerService.class);
        this.executorService = container.getExecutor();
        this.timerService = container.getService(TimerService.class);
        this.assetProcessingService = (AssetProcessingService) container.getService(AssetProcessingService.class);
        this.userAssetDisconnectDebouncer = new Debouncer<>(container.getScheduledExecutor(), str -> {
            processUserAssetLinkChange(str, this.userAssetLinkChangeMap.remove(str));
        }, integer);
        this.disconnectedConnectionCache = CacheBuilder.newBuilder().maximumSize(GatewayConnector.RESPONSE_TIMEOUT_MILLIS).expireAfterWrite(3000L, TimeUnit.MILLISECONDS).build();
        if (service.isKeycloakEnabled()) {
            this.active = true;
            this.identityProvider = (ManagerKeycloakIdentityProvider) service.getIdentityProvider();
            container.getService(MessageBrokerService.class).getContext().addRoutes(this);
        } else {
            LOG.log(System.Logger.Level.WARNING, "MQTT connections are not supported when not using Keycloak identity provider");
            this.active = false;
        }
        this.serverConfiguration = new ConfigurationImpl();
        this.serverConfiguration.addAcceptorConfiguration("in-vm", "vm://0?protocols=core");
        this.serverConfiguration.addAcceptorConfiguration("tcp", new URIBuilder().setScheme("tcp").setHost(this.host).setPort(this.port).setParameter("protocols", "MQTT").setParameter("allowLinkStealing", "true").setParameter("defaultMqttSessionExpiryInterval", "0").build().toString());
        this.serverConfiguration.registerBrokerPlugin(this);
        if (container.getMeterRegistry() != null) {
            this.serverConfiguration.setMetricsConfiguration(new MetricsConfiguration().setJvmMemory(false).setPlugin(new SimpleMetricsPlugin() { // from class: org.openremote.manager.mqtt.MQTTBrokerService.1
                public MeterRegistry getRegistry() {
                    return container.getMeterRegistry();
                }
            }));
        }
        this.serverConfiguration.setWildCardConfiguration(this.wildcardConfiguration);
        this.serverConfiguration.setLiteralMatchMarkers("()");
        this.serverConfiguration.addAddressSetting(this.wildcardConfiguration.getAnyWordsString(), new AddressSettings().setDeadLetterAddress(SimpleString.of("ActiveMQ.DLQ")).setExpiryAddress(SimpleString.of("ActiveMQ.expired")).setAutoDeleteCreatedQueues(true).setAutoDeleteAddresses(true).setAutoDeleteAddressesSkipUsageCheck(true).setAutoDeleteAddressesDelay(86400000L).setAutoDeleteQueuesMessageCount(-1L).setAutoDeleteQueuesDelay(0L).setDefaultConsumerWindowSize(-1).setPageLimitMessages(0L).setAddressFullMessagePolicy(AddressFullMessagePolicy.FAIL).setPageFullMessagePolicy(PageFullMessagePolicy.FAIL).setEnableMetrics(false));
        this.serverConfiguration.setPersistenceEnabled(false);
        this.serverConfiguration.setAuthenticationCacheSize(0L);
        this.serverConfiguration.setAuthorizationCacheSize(0L);
        this.customHandlers = (List) StreamSupport.stream(ServiceLoader.load(MQTTHandler.class).spliterator(), false).sorted(Comparator.comparingInt((v0) -> {
            return v0.getPriority();
        })).collect(Collectors.toList());
        for (MQTTHandler mQTTHandler : this.customHandlers) {
            try {
                mQTTHandler.init(container, this.serverConfiguration);
            } catch (Exception e) {
                LOG.log(System.Logger.Level.WARNING, "MQTT custom handler threw an exception whilst initialising: handler=" + mQTTHandler.getName(), e);
                throw e;
            }
        }
    }

    public void start(Container container) throws Exception {
        if (this.active) {
            this.server = new EmbeddedActiveMQ();
            this.server.setConfiguration(this.serverConfiguration);
            this.securityManager = new ActiveMQORSecurityManager(this.authorisationService, this, str -> {
                return this.identityProvider.getKeycloakDeployment(str, ManagerKeycloakIdentityProvider.DEFAULT_REALM_KEYCLOAK_THEME_DEFAULT);
            }, MapService.OR_PATH_PREFIX_DEFAULT, new SecurityConfiguration(this) { // from class: org.openremote.manager.mqtt.MQTTBrokerService.2
                public AppConfigurationEntry[] getAppConfigurationEntry(String str2) {
                    return new AppConfigurationEntry[]{new AppConfigurationEntry(GuestLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, Map.of("debug", "true", "credentialsInvalidate", "true", "org.apache.activemq.jaas.guest.user", MQTTBrokerService.ANONYMOUS_USERNAME, "org.apache.activemq.jaas.guest.role", MQTTBrokerService.ANONYMOUS_USERNAME)), new AppConfigurationEntry(MultiTenantClientCredentialsGrantsLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUISITE, Map.of(MultiTenantClientCredentialsGrantsLoginModule.INCLUDE_REALM_ROLES_OPTION, "true", "role-principal-class", RolePrincipal.class.getName())), new AppConfigurationEntry(PrincipalConversionLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUISITE, Map.of("principalClassList", KeycloakPrincipal.class.getName()))};
                }
            });
            this.server.setSecurityManager(this.securityManager);
            this.server.start();
            LOG.log(System.Logger.Level.DEBUG, "Started MQTT broker");
            this.server.getActiveMQServer().getManagementService().addNotificationListener(notification -> {
                if (notification.getType() == CoreNotificationType.CONSUMER_CREATED || notification.getType() == CoreNotificationType.CONSUMER_CLOSED) {
                    boolean z = notification.getType() == CoreNotificationType.CONSUMER_CREATED;
                    String simpleString = notification.getProperties().getSimpleStringProperty(ManagementHelper.HDR_SESSION_NAME).toString();
                    String simpleString2 = notification.getProperties().getSimpleStringProperty(ManagementHelper.HDR_ADDRESS).toString();
                    ServerSession sessionByID = this.server.getActiveMQServer().getSessionByID(simpleString);
                    if (sessionByID.getRemotingConnection().getTransportConnection() instanceof InVMConnection) {
                        return;
                    }
                    if (z) {
                        onSubscribe(sessionByID.getRemotingConnection(), MQTTUtil.getMqttTopicFromCoreAddress(simpleString2, this.wildcardConfiguration));
                    } else {
                        onUnsubscribe(sessionByID.getRemotingConnection(), MQTTUtil.getMqttTopicFromCoreAddress(simpleString2, this.wildcardConfiguration));
                    }
                }
            });
            this.serverLocator = ActiveMQClient.createServerLocator("vm://0").setProducerWindowSize(-1);
            this.sessionFactory = this.serverLocator.createSessionFactory();
            for (MQTTHandler mQTTHandler : this.customHandlers) {
                try {
                    mQTTHandler.start(container);
                } catch (Exception e) {
                    LOG.log(System.Logger.Level.WARNING, "MQTT custom handler threw an exception whilst starting: handler=" + mQTTHandler.getName(), e);
                    throw e;
                }
            }
        }
    }

    public void configure() throws Exception {
        from("seda://PersistenceTopic?multipleConsumers=true&concurrentConsumers=1&waitForTaskToComplete=NEVER&purgeWhenStopping=true&discardIfNoConsumers=true&size=25000").routeId("Persistence-UserAndAssetLink").filter(body().isInstanceOf(PersistenceEvent.class)).process(exchange -> {
            PersistenceEvent<UserAssetLink> persistenceEvent = (PersistenceEvent) exchange.getIn().getBody(PersistenceEvent.class);
            Object entity = persistenceEvent.getEntity();
            if (!(entity instanceof User)) {
                Object entity2 = persistenceEvent.getEntity();
                if (entity2 instanceof UserAssetLink) {
                    String userId = ((UserAssetLink) entity2).getId().getUserId();
                    this.userAssetLinkChangeMap.computeIfAbsent(userId, str -> {
                        return Collections.synchronizedList(new ArrayList());
                    }).add(persistenceEvent);
                    this.userAssetDisconnectDebouncer.call(userId);
                    return;
                }
                return;
            }
            User user = (User) entity;
            if (user.isServiceAccount()) {
                boolean z = persistenceEvent.getCause() == PersistenceEvent.Cause.DELETE;
                if (persistenceEvent.getCause() == PersistenceEvent.Cause.UPDATE) {
                    z = persistenceEvent.hasPropertyChanged("enabled") || persistenceEvent.hasPropertyChanged("username") || persistenceEvent.hasPropertyChanged("secret");
                }
                if (z) {
                    LOG.log(System.Logger.Level.TRACE, "User modified or deleted so force closing any sessions for this user: " + String.valueOf(user));
                    getUserConnections(user.getId()).forEach(this::doForceDisconnect);
                }
            }
        });
    }

    public void stop(Container container) throws Exception {
        this.userAssetDisconnectDebouncer.cancelAll(true);
        this.server.stop();
        LOG.log(System.Logger.Level.DEBUG, "Stopped MQTT broker");
        StreamSupport.stream(ServiceLoader.load(MQTTHandler.class).spliterator(), false).sorted(Comparator.comparingInt((v0) -> {
            return v0.getPriority();
        }).reversed()).forEach(mQTTHandler -> {
            try {
                mQTTHandler.stop();
            } catch (Exception e) {
                LOG.log(System.Logger.Level.WARNING, "MQTT custom handler threw an exception whilst stopping: handler=" + mQTTHandler.getName(), e);
            }
        });
    }

    public void afterCreateConnection(final RemotingConnection remotingConnection) throws ActiveMQException {
        remotingConnection.addFailureListener(new FailureListener() { // from class: org.openremote.manager.mqtt.MQTTBrokerService.3
            public void connectionFailed(ActiveMQException activeMQException, boolean z) {
                connectionFailed(activeMQException, z, null);
            }

            public void connectionFailed(ActiveMQException activeMQException, boolean z, String str) {
                RemotingConnection remove;
                MQTTBrokerService.this.connectionIDConnectionMap.remove(MQTTBrokerService.getConnectionIDString(remotingConnection));
                if (remotingConnection.getClientID() != null && (remove = MQTTBrokerService.this.clientIDConnectionMap.remove(remotingConnection.getClientID())) != null) {
                    MQTTBrokerService.this.disconnectedConnectionCache.put(remotingConnection.getClientID(), remove);
                }
                if (activeMQException.getType() == ActiveMQExceptionType.REMOTE_DISCONNECT) {
                    System.Logger logger = MQTTBrokerService.LOG;
                    System.Logger.Level level = System.Logger.Level.DEBUG;
                    RemotingConnection remotingConnection2 = remotingConnection;
                    logger.log(level, () -> {
                        return "Client disconnected: " + MQTTBrokerService.connectionToString(remotingConnection2);
                    });
                    Iterator<MQTTHandler> it = MQTTBrokerService.this.getCustomHandlers().iterator();
                    while (it.hasNext()) {
                        it.next().onDisconnect(remotingConnection);
                    }
                    return;
                }
                System.Logger logger2 = MQTTBrokerService.LOG;
                System.Logger.Level level2 = System.Logger.Level.DEBUG;
                RemotingConnection remotingConnection3 = remotingConnection;
                logger2.log(level2, () -> {
                    return "Client disconnected (failure=" + activeMQException.getMessage() + "): " + MQTTBrokerService.connectionToString(remotingConnection3);
                });
                Iterator<MQTTHandler> it2 = MQTTBrokerService.this.getCustomHandlers().iterator();
                while (it2.hasNext()) {
                    it2.next().onConnectionLost(remotingConnection);
                }
            }
        });
    }

    public void afterCreateSession(ServerSession serverSession) throws ActiveMQException {
        RemotingConnection remotingConnection = serverSession.getRemotingConnection();
        if (remotingConnection == null || remotingConnection.getClientID() == null || (remotingConnection.getTransportConnection() instanceof InVMConnection)) {
            return;
        }
        String connectionIDString = getConnectionIDString(remotingConnection);
        this.clientIDConnectionMap.put(remotingConnection.getClientID(), remotingConnection);
        if (this.connectionIDConnectionMap.containsKey(connectionIDString)) {
            return;
        }
        LOG.log(System.Logger.Level.DEBUG, () -> {
            return "Client connected: " + connectionToString(remotingConnection);
        });
        this.connectionIDConnectionMap.put(connectionIDString, remotingConnection);
        Iterator<MQTTHandler> it = getCustomHandlers().iterator();
        while (it.hasNext()) {
            it.next().onConnect(remotingConnection);
        }
    }

    public void afterDestroyConnection(RemotingConnection remotingConnection) throws ActiveMQException {
    }

    public void onSubscribe(RemotingConnection remotingConnection, String str) {
        Topic parse = Topic.parse(str);
        LOG.log(System.Logger.Level.TRACE, () -> {
            return "onSubscribe '" + str + "': " + connectionToString(remotingConnection);
        });
        for (MQTTHandler mQTTHandler : getCustomHandlers()) {
            if (mQTTHandler.handlesTopic(parse)) {
                LOG.log(System.Logger.Level.DEBUG, () -> {
                    return "Client subscribed '" + str + "': " + connectionToString(remotingConnection);
                });
                mQTTHandler.onSubscribe(remotingConnection, parse);
                return;
            }
        }
    }

    public void onUnsubscribe(RemotingConnection remotingConnection, String str) {
        Topic parse = Topic.parse(str);
        LOG.log(System.Logger.Level.TRACE, () -> {
            return "onUnsubscribe '" + str + "': " + connectionToString(remotingConnection);
        });
        for (MQTTHandler mQTTHandler : getCustomHandlers()) {
            if (mQTTHandler.handlesTopic(parse)) {
                LOG.log(System.Logger.Level.DEBUG, () -> {
                    return "Client unsubscribed '" + str + "': " + connectionToString(remotingConnection);
                });
                mQTTHandler.onUnsubscribe(remotingConnection, parse);
                return;
            }
        }
    }

    public Iterable<MQTTHandler> getCustomHandlers() {
        return this.customHandlers;
    }

    public void processUserAssetLinkChange(String str, List<PersistenceEvent<UserAssetLink>> list) {
        if (TextUtil.isNullOrEmpty(str)) {
            return;
        }
        Set<RemotingConnection> userConnections = getUserConnections(str);
        Subject subject = (Subject) userConnections.stream().filter(remotingConnection -> {
            return remotingConnection.getSubject() != null;
        }).findFirst().map((v0) -> {
            return v0.getSubject();
        }).orElse(null);
        if (subject == null || !KeycloakIdentityProvider.getSecurityContext(subject).getToken().getRealmAccess().isUserInRole("restricted_user")) {
            return;
        }
        LOG.log(System.Logger.Level.TRACE, "User asset links modified for connected restricted user so passing to handlers to decide what to do: user=" + String.valueOf(subject));
        userConnections.forEach(remotingConnection2 -> {
            for (MQTTHandler mQTTHandler : this.customHandlers) {
                remotingConnection2.setSubject(subject);
                mQTTHandler.onUserAssetLinksChanged(remotingConnection2, list);
            }
        });
    }

    public Set<RemotingConnection> getUserConnections(String str) {
        return TextUtil.isNullOrEmpty(str) ? Collections.emptySet() : (Set) this.server.getActiveMQServer().getRemotingService().getConnections().stream().filter(remotingConnection -> {
            return str.equals(KeycloakIdentityProvider.getSubjectId(remotingConnection.getSubject()));
        }).collect(Collectors.toSet());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doForceDisconnect(RemotingConnection remotingConnection) {
        LOG.log(System.Logger.Level.DEBUG, "Force disconnecting client connection: " + connectionToString(remotingConnection));
        remotingConnection.disconnect(false);
        this.server.getActiveMQServer().getSecurityStore().invalidateAuthorizationCache();
    }

    public boolean disconnectSession(String str) {
        RemotingConnection remotingConnection = this.connectionIDConnectionMap.get(str);
        if (remotingConnection == null) {
            return false;
        }
        LOG.log(System.Logger.Level.DEBUG, "Force disconnecting client connection: " + connectionToString(remotingConnection));
        doForceDisconnect(remotingConnection);
        return true;
    }

    public WildcardConfiguration getWildcardConfiguration() {
        return this.wildcardConfiguration;
    }

    public static String getConnectionIDString(RemotingConnection remotingConnection) {
        if (remotingConnection == null) {
            return null;
        }
        Object id = remotingConnection.getID();
        return id instanceof ChannelId ? ((ChannelId) id).asLongText() : id.toString();
    }

    public static String connectionToString(RemotingConnection remotingConnection) {
        if (remotingConnection == null) {
            return MapService.OR_PATH_PREFIX_DEFAULT;
        }
        String str = null;
        Subject subject = remotingConnection.getSubject();
        if (subject != null) {
            str = getSubjectName(subject);
        }
        return "connection=" + remotingConnection.getRemoteAddress() + ", clientID=" + remotingConnection.getClientID() + ", subject=" + str;
    }

    public static String getSubjectName(Subject subject) {
        return (String) subject.getPrincipals().stream().filter(principal -> {
            return principal instanceof UserPrincipal;
        }).findFirst().map((v0) -> {
            return v0.getName();
        }).orElse(KeycloakIdentityProvider.getSubjectNameAndRealm(subject));
    }

    public RemotingConnection getConnectionFromClientID(String str) {
        if (TextUtil.isNullOrEmpty(str)) {
            return null;
        }
        RemotingConnection remotingConnection = this.clientIDConnectionMap.get(str);
        if (remotingConnection == null) {
            Iterator it = this.server.getActiveMQServer().getRemotingService().getConnections().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                RemotingConnection remotingConnection2 = (RemotingConnection) it.next();
                if (Objects.equals(str, remotingConnection2.getClientID())) {
                    remotingConnection = remotingConnection2;
                    this.clientIDConnectionMap.put(str, remotingConnection);
                    break;
                }
            }
        }
        if (remotingConnection == null) {
            remotingConnection = (RemotingConnection) this.disconnectedConnectionCache.getIfPresent(str);
        }
        return remotingConnection;
    }

    protected void notifyConnectionAuthenticated(RemotingConnection remotingConnection) {
        if (remotingConnection.getSubject() != null) {
            LOG.log(System.Logger.Level.DEBUG, "Client connection authenticated: " + connectionToString(remotingConnection));
            Iterator<MQTTHandler> it = getCustomHandlers().iterator();
            while (it.hasNext()) {
                it.next().onConnectionAuthenticated(remotingConnection);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientSession createSession() throws Exception {
        ClientSessionInternal clientSessionInternal = null;
        try {
            clientSessionInternal = this.sessionFactory.createSession((String) null, (String) null, false, true, true, true, this.serverLocator.getAckBatchSize(), UniqueIdentifierGenerator.generateId("Internal client"));
            clientSessionInternal.addMetaData("jms-session", "Internal session");
            this.server.getActiveMQServer().getSessionByID(clientSessionInternal.getName()).disableSecurity();
            clientSessionInternal.start();
        } catch (Exception e) {
            LOG.log(System.Logger.Level.WARNING, "Failed to create MQTT client session", e);
        }
        return clientSessionInternal;
    }

    protected WildcardConfiguration getServerWildcardConfiguration() {
        return this.server.getConfiguration().getWildcardConfiguration();
    }

    public void authenticateConnection(RemotingConnection remotingConnection, String str, String str2, String str3) {
        if (remotingConnection != null) {
            remotingConnection.setSubject((Subject) null);
            this.securityManager.authenticate(str + ":" + str2, str3, remotingConnection, null);
            notifyConnectionAuthenticated(remotingConnection);
        }
    }
}
