package org.jboss.jmx.connector.invoker;

import java.security.Principal;
import java.security.acl.Group;
import java.util.HashSet;
import java.util.Iterator;
import javax.security.auth.Subject;
import org.jboss.security.SecurityConstants;
import org.jboss.security.SimplePrincipal;

/* loaded from: input_file:lib/jboss-as-server-5.1.0.GA.jar:org/jboss/jmx/connector/invoker/RolesAuthorization.class */
public class RolesAuthorization {
    private HashSet requiredRoles = new HashSet();

    public RolesAuthorization() {
        this.requiredRoles.add(new SimplePrincipal("JBossAdmin"));
    }

    public void setRequiredRoles(HashSet hashSet) {
        this.requiredRoles = hashSet;
    }

    public void authorize(Principal principal, Subject subject, String str, String str2) {
        boolean z;
        Group group = null;
        Iterator it = subject.getPrincipals(Group.class).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Group group2 = (Group) it.next();
            if (group2.getName().equals(SecurityConstants.ROLES_IDENTIFIER)) {
                group = group2;
                break;
            }
        }
        if (group == null) {
            throw new SecurityException("Subject has no Roles");
        }
        Iterator it2 = this.requiredRoles.iterator();
        boolean z2 = false;
        while (true) {
            z = z2;
            if (!it2.hasNext() || z) {
                break;
            }
            z2 = group.isMember((Principal) it2.next());
        }
        if (!z) {
            throw new SecurityException("Authorization failure, requiredRoles=" + this.requiredRoles + ", callerRoles=" + group);
        }
    }
}
