package org.jboss.security.authorization.modules.ejb;

import com.sun.xacml.Indenter;
import com.sun.xacml.attr.DateTimeAttribute;
import com.sun.xacml.attr.StringAttribute;
import com.sun.xacml.attr.TimeAttribute;
import com.sun.xacml.ctx.Attribute;
import com.sun.xacml.ctx.RequestCtx;
import com.sun.xacml.ctx.Subject;
import java.io.ByteArrayOutputStream;
import java.net.URI;
import java.security.Principal;
import java.security.acl.Group;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.jacc.PolicyContext;
import org.jboss.logging.Logger;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.jacc.SubjectPolicyContextHandler;

/* loaded from: input_file:org/jboss/security/authorization/modules/ejb/EJBXACMLUtil.class */
public class EJBXACMLUtil {
    private static Logger log = Logger.getLogger(EJBXACMLUtil.class);
    private boolean trace = log.isTraceEnabled();

    public RequestCtx createXACMLRequest(String str, String str2, Principal principal, AuthorizationManager authorizationManager) throws Exception {
        String userName = getUserName();
        Set userRoles = authorizationManager.getUserRoles(principal);
        Attribute attribute = new Attribute(new URI("urn:oasis:names:tc:xacml:1.0:subject:subject-id"), (String) null, (DateTimeAttribute) null, new StringAttribute(userName));
        HashSet hashSet = new HashSet();
        hashSet.add(attribute);
        hashSet.addAll(getXACMLRoleSet(userRoles));
        HashSet hashSet2 = new HashSet();
        hashSet2.add(new Subject(hashSet));
        Attribute attribute2 = new Attribute(new URI("urn:oasis:names:tc:xacml:1.0:resource:resource-id"), (String) null, (DateTimeAttribute) null, new StringAttribute(str));
        HashSet hashSet3 = new HashSet();
        hashSet3.add(attribute2);
        HashSet hashSet4 = new HashSet();
        hashSet4.add(new Attribute(new URI("urn:oasis:names:tc:xacml:1.0:action:action-id"), (String) null, (DateTimeAttribute) null, new StringAttribute(str2)));
        HashSet hashSet5 = new HashSet();
        hashSet5.add(new Attribute(new URI("urn:oasis:names:tc:xacml:1.0:environment:current-time"), (String) null, (DateTimeAttribute) null, new TimeAttribute()));
        RequestCtx requestCtx = new RequestCtx(hashSet2, hashSet3, hashSet4, hashSet5);
        if (this.trace) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            requestCtx.encode(byteArrayOutputStream, new Indenter());
            log.trace("XACML Request:" + byteArrayOutputStream.toString());
            byteArrayOutputStream.close();
        }
        return requestCtx;
    }

    private Set getXACMLRoleSet(Set set) throws Exception {
        URI uri = new URI("urn:oasis:names:tc:xacml:2.0:example:attribute:role");
        HashSet hashSet = new HashSet();
        Iterator it = set != null ? set.iterator() : null;
        while (it != null && it.hasNext()) {
            SimplePrincipal simplePrincipal = (Principal) it.next();
            if (simplePrincipal instanceof SimplePrincipal) {
                hashSet.add(new Attribute(uri, (String) null, (DateTimeAttribute) null, new StringAttribute(simplePrincipal.getName())));
            }
        }
        return hashSet;
    }

    private String getUserName() throws Exception {
        String str = "";
        Iterator<Principal> it = ((javax.security.auth.Subject) PolicyContext.getContext(SubjectPolicyContextHandler.SUBJECT_CONTEXT_KEY)).getPrincipals().iterator();
        while (it.hasNext()) {
            SimplePrincipal simplePrincipal = (Principal) it.next();
            if ((simplePrincipal instanceof SimplePrincipal) && !(simplePrincipal instanceof Group)) {
                str = simplePrincipal.getName();
            }
        }
        return str;
    }
}
