package org.jboss.ejb3.security;

import java.security.GeneralSecurityException;
import java.security.Principal;
import javax.ejb.EJBAccessException;
import javax.security.auth.Subject;
import org.jboss.aop.joinpoint.Invocation;
import org.jboss.aspects.security.AuthenticationInterceptor;
import org.jboss.ejb3.Container;
import org.jboss.ejb3.EJBContainer;
import org.jboss.ejb3.annotation.SecurityDomain;
import org.jboss.logging.Logger;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.RealmMapping;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SecurityRolesAssociation;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.plugins.SecurityContextAssociation;

/* loaded from: input_file:org/jboss/ejb3/security/Ejb3AuthenticationInterceptor.class */
public class Ejb3AuthenticationInterceptor extends AuthenticationInterceptor {
    private static final Logger log = Logger.getLogger(Ejb3AuthenticationInterceptor.class);
    private EJBContainer container;
    protected RealmMapping realmMapping;
    private AuthenticationInterceptor unauthenticatedAuthenticationInterceptor;

    /* loaded from: input_file:org/jboss/ejb3/security/Ejb3AuthenticationInterceptor$TrustedPrincipal.class */
    class TrustedPrincipal extends SimplePrincipal {
        private static final long serialVersionUID = 1;

        public TrustedPrincipal(String str) {
            super(str);
        }
    }

    public Ejb3AuthenticationInterceptor(final AuthenticationManager authenticationManager, Container container) {
        super(authenticationManager);
        this.container = (EJBContainer) container;
        this.realmMapping = (RealmMapping) authenticationManager;
        this.unauthenticatedAuthenticationInterceptor = new AuthenticationInterceptor(null) { // from class: org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.1
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.jboss.aspects.security.AuthenticationInterceptor
            public void authenticate(Invocation invocation) throws Exception {
                super.authenticate(invocation);
                if (authenticationManager != null) {
                    SecurityContextAssociation.setSecurityContext(SecurityActions.createSecurityContext((Principal) invocation.getMetaData("security", "principal"), null, new Subject(), authenticationManager.getSecurityDomain()));
                }
            }
        };
    }

    @Override // org.jboss.aspects.security.AuthenticationInterceptor
    protected void handleGeneralSecurityException(GeneralSecurityException generalSecurityException) {
        log.debug("Authentication failure", generalSecurityException);
        throw new EJBAccessException("Authentication failure");
    }

    @Override // org.jboss.aspects.security.AuthenticationInterceptor, org.jboss.aop.advice.Interceptor
    public Object invoke(Invocation invocation) throws Throwable {
        SecurityDomain securityDomain = (SecurityDomain) this.container.resolveAnnotation(SecurityDomain.class);
        if (securityDomain != null && securityDomain.unauthenticatedPrincipal() != null && securityDomain.unauthenticatedPrincipal().length() != 0) {
            Principal principal = (Principal) invocation.getMetaData("security", "principal");
            if (principal == null) {
                principal = SecurityAssociation.getPrincipal();
            }
            if (principal == null) {
                principal = new TrustedPrincipal(securityDomain.unauthenticatedPrincipal());
                invocation.getMetaData().addMetaData("security", "principal", principal);
            }
            if (principal != null && (principal instanceof TrustedPrincipal)) {
                return this.unauthenticatedAuthenticationInterceptor.invoke(invocation);
            }
        }
        try {
            if (this.container.getAssemblyDescriptor() != null) {
                SecurityRolesAssociation.setSecurityRoles(null);
            }
            return super.invoke(invocation);
        } finally {
            SecurityRolesAssociation.setSecurityRoles(null);
        }
    }
}
