package org.jboss.security.authorization.modules.web;

import java.util.Map;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.servlet.http.HttpServletRequest;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
import org.jboss.security.authorization.resources.WebResource;
import org.jboss.security.identity.RoleGroup;
import org.jboss.security.xacml.interfaces.RequestContext;

/* loaded from: input_file:WEB-INF/lib/picketbox-4.0.19.SP8-redhat-1.jar:org/jboss/security/authorization/modules/web/WebXACMLPolicyModuleDelegate.class */
public class WebXACMLPolicyModuleDelegate extends AuthorizationModuleDelegate {
    private String policyContextID = null;

    @Override // org.jboss.security.authorization.modules.AuthorizationModuleDelegate
    public int authorize(Resource resource, Subject subject, RoleGroup roleGroup) {
        if (!(resource instanceof WebResource)) {
            throw PicketBoxMessages.MESSAGES.invalidType(WebResource.class.getName());
        }
        WebResource webResource = (WebResource) resource;
        Map<String, Object> map = resource.getMap();
        if (map == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullProperty("resourceMap");
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) webResource.getServletRequest();
        this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
        if (this.policyRegistration == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullProperty(ResourceKeys.POLICY_REGISTRATION);
        }
        this.policyContextID = webResource.getPolicyContextID();
        Boolean checkBooleanValue = checkBooleanValue((Boolean) map.get(ResourceKeys.USERDATA_PERM_CHECK));
        Boolean checkBooleanValue2 = checkBooleanValue((Boolean) map.get(ResourceKeys.ROLEREF_PERM_CHECK));
        if (checkBooleanValue.booleanValue() || checkBooleanValue2.booleanValue()) {
            return 1;
        }
        if (httpServletRequest == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullProperty("servletRequest");
        }
        return process(httpServletRequest, roleGroup);
    }

    private Boolean checkBooleanValue(Boolean bool) {
        return bool == null ? Boolean.FALSE : bool;
    }

    private int process(HttpServletRequest httpServletRequest, RoleGroup roleGroup) {
        int i;
        if (httpServletRequest.getUserPrincipal() == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullProperty("userPrincipal");
        }
        WebXACMLUtil webXACMLUtil = new WebXACMLUtil();
        try {
            RequestContext createXACMLRequest = webXACMLUtil.createXACMLRequest(httpServletRequest, roleGroup);
            if (this.policyContextID == null) {
                this.policyContextID = PolicyContext.getContextID();
            }
            i = webXACMLUtil.getPDP(this.policyRegistration, this.policyContextID).evaluate(createXACMLRequest).getDecision() == 0 ? 1 : -1;
        } catch (Exception e) {
            PicketBoxLogger.LOGGER.debugIgnoredException(e);
            i = -1;
        }
        return i;
    }
}
