package org.jboss.security.authorization.modules.ejb;

import java.lang.reflect.Method;
import java.security.CodeSource;
import java.security.Permission;
import java.security.Policy;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.security.acl.Group;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import org.jboss.logging.Logger;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.SimpleGroup;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
import org.jboss.security.plugins.JBossSecurityContext;

/* loaded from: input_file:org/jboss/security/authorization/modules/ejb/EJBJACCPolicyModuleDelegate.class */
public class EJBJACCPolicyModuleDelegate extends AuthorizationModuleDelegate {
    private String ejbName = null;
    private Method ejbMethod = null;
    private Subject callerSubject = null;
    private String methodInterface = null;
    private CodeSource ejbCS = null;
    private String roleName = null;
    private Boolean roleRefCheck = Boolean.FALSE;
    private Group securityContextRoles = null;

    public EJBJACCPolicyModuleDelegate() {
        log = Logger.getLogger(getClass());
        this.trace = log.isTraceEnabled();
    }

    @Override // org.jboss.security.authorization.modules.AuthorizationModuleDelegate
    public int authorize(Resource resource) {
        Map map = resource.getMap();
        if (map == null) {
            throw new IllegalStateException("Map from the Resource is null");
        }
        if (map.size() == 0) {
            throw new IllegalStateException("Map from the Resource is size zero");
        }
        PolicyRegistration policyRegistration = (PolicyRegistration) map.get("authorizationManager");
        if (policyRegistration != null) {
            this.authzManager = policyRegistration;
        }
        this.callerSubject = (Subject) map.get("caller.subject");
        this.ejbCS = (CodeSource) map.get("ejb.codeSource");
        this.ejbMethod = (Method) map.get("ejb.method");
        this.ejbName = (String) map.get("ejb.name");
        this.methodInterface = (String) map.get("ejb.methodInterface");
        this.roleName = (String) map.get("roleName");
        AuthorizationManager authorizationManager = (AuthorizationManager) map.get("authorizationManager");
        if (authorizationManager != null) {
            this.securityContextRoles = getGroupFromRoleSet(authorizationManager.getUserRoles((Principal) map.get("ejb.principal")));
        }
        this.roleRefCheck = (Boolean) map.get("roleRefPermissionCheck");
        return this.roleRefCheck == Boolean.TRUE ? checkRoleRef() : process();
    }

    @Override // org.jboss.security.authorization.modules.AuthorizationModuleDelegate
    public void setPolicyRegistrationManager(PolicyRegistration policyRegistration) {
        this.authzManager = policyRegistration;
    }

    private int process() {
        EJBMethodPermission eJBMethodPermission = new EJBMethodPermission(this.ejbName, this.methodInterface, this.ejbMethod);
        boolean checkWithPolicy = checkWithPolicy(eJBMethodPermission);
        if (!checkWithPolicy) {
            String str = "Denied: " + eJBMethodPermission + ", caller=" + this.callerSubject;
            if (this.trace) {
                log.trace("EJB Jacc Delegate:" + str);
            }
        }
        return checkWithPolicy ? 1 : -1;
    }

    private int checkRoleRef() {
        EJBRoleRefPermission eJBRoleRefPermission = new EJBRoleRefPermission(this.ejbName, this.roleName);
        boolean checkWithPolicy = checkWithPolicy(eJBRoleRefPermission);
        if (!checkWithPolicy) {
            String str = "Denied: " + eJBRoleRefPermission + ", caller=" + this.callerSubject;
            if (this.trace) {
                log.trace("EJB Jacc Delegate:" + str);
            }
        }
        return checkWithPolicy ? 1 : -1;
    }

    private Principal[] getPrincipalSet() {
        Principal[] principalArr = null;
        if (this.trace) {
            log.trace("Roles used for checking from the context:" + this.securityContextRoles);
        }
        if (this.securityContextRoles != null) {
            HashSet hashSet = new HashSet();
            Enumeration<? extends Principal> members = this.securityContextRoles.members();
            while (members.hasMoreElements()) {
                hashSet.add(members.nextElement());
            }
            principalArr = new Principal[hashSet.size()];
            hashSet.toArray(principalArr);
        }
        return principalArr;
    }

    private boolean checkWithPolicy(Permission permission) {
        return Policy.getPolicy().implies(new ProtectionDomain(this.ejbCS, null, null, getPrincipalSet()), permission);
    }

    private Group getGroupFromRoleSet(Set<Principal> set) {
        SimpleGroup simpleGroup = new SimpleGroup(JBossSecurityContext.ROLES);
        Iterator<Principal> it = set.iterator();
        while (it.hasNext()) {
            simpleGroup.addMember(it.next());
        }
        return simpleGroup;
    }
}
