package org.jboss.ejb3.security;

import java.util.HashSet;
import java.util.Set;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJBAccessException;
import org.jboss.aop.joinpoint.Invocation;
import org.jboss.aop.joinpoint.MethodInvocation;
import org.jboss.ejb3.Container;
import org.jboss.ejb3.EJBContainer;
import org.jboss.logging.Logger;
import org.jboss.security.AnybodyPrincipal;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.NobodyPrincipal;
import org.jboss.security.RealmMapping;
import org.jboss.security.SimplePrincipal;

/* loaded from: input_file:org/jboss/ejb3/security/RoleBasedAuthorizationInterceptor.class */
public final class RoleBasedAuthorizationInterceptor extends org.jboss.aspects.security.RoleBasedAuthorizationInterceptor {
    private static final Logger log = Logger.getLogger(RoleBasedAuthorizationInterceptor.class);
    public static final String AUTHORIZATION = "AUTHORIZATION";
    public static final String IGNORE_AUTHORIZATION = "IGNORE_AUTHORIZATION";
    private EJBContainer container;

    public RoleBasedAuthorizationInterceptor(AuthenticationManager authenticationManager, RealmMapping realmMapping, Container container) {
        super(authenticationManager, realmMapping);
        this.container = (EJBContainer) container;
    }

    protected Set getRoleSet(Invocation invocation) {
        Class[] clsArr = {DenyAll.class, PermitAll.class, RolesAllowed.class};
        Object resolveAnnotation = this.container.resolveAnnotation(((MethodInvocation) invocation).getActualMethod(), clsArr);
        int i = 0;
        while (resolveAnnotation == null && i < 3) {
            int i2 = i;
            i++;
            resolveAnnotation = this.container.resolveAnnotation(clsArr[i2]);
        }
        HashSet hashSet = new HashSet();
        if (resolveAnnotation == null) {
            hashSet.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
        } else if (resolveAnnotation instanceof DenyAll) {
            hashSet.add(NobodyPrincipal.NOBODY_PRINCIPAL);
        } else if (resolveAnnotation instanceof PermitAll) {
            hashSet.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
        } else if (resolveAnnotation instanceof RolesAllowed) {
            RolesAllowed rolesAllowed = (RolesAllowed) resolveAnnotation;
            for (int i3 = 0; i3 < rolesAllowed.value().length; i3++) {
                hashSet.add(new SimplePrincipal(rolesAllowed.value()[i3]));
            }
        } else {
            hashSet.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
        }
        return hashSet;
    }

    public Object invoke(Invocation invocation) throws Throwable {
        try {
            return invocation.getMetaData(AUTHORIZATION, IGNORE_AUTHORIZATION) != null ? invocation.invokeNext() : super.invoke(invocation);
        } catch (SecurityException e) {
            log.debug("Authorization failure", e);
            throw new EJBAccessException("Authorization failure");
        }
    }
}
