package org.jboss.as.ejb3.security;

import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.jboss.as.ee.component.ComponentConfiguration;
import org.jboss.as.ee.component.ViewConfiguration;
import org.jboss.as.ee.component.ViewConfigurator;
import org.jboss.as.ee.component.ViewDescription;
import org.jboss.as.ee.component.serialization.WriteReplaceInterface;
import org.jboss.as.ejb3.EjbLogger;
import org.jboss.as.ejb3.EjbMessages;
import org.jboss.as.ejb3.component.EJBComponentDescription;
import org.jboss.as.ejb3.component.EJBViewDescription;
import org.jboss.as.ejb3.component.MethodIntf;
import org.jboss.as.ejb3.deployment.ApplicableMethodInformation;
import org.jboss.as.ejb3.util.MethodInfoHelper;
import org.jboss.as.server.deployment.Attachments;
import org.jboss.as.server.deployment.DeploymentPhaseContext;
import org.jboss.as.server.deployment.DeploymentUnit;
import org.jboss.as.server.deployment.DeploymentUnitProcessingException;
import org.jboss.as.server.deployment.reflect.ClassReflectionIndexUtil;
import org.jboss.as.server.deployment.reflect.DeploymentReflectionIndex;
import org.jboss.invocation.ImmediateInterceptorFactory;
import org.jboss.metadata.javaee.spec.SecurityRolesMetaData;

/* loaded from: input_file:org/jboss/as/ejb3/security/EJBSecurityViewConfigurator.class */
public class EJBSecurityViewConfigurator implements ViewConfigurator {
    public void configure(DeploymentPhaseContext deploymentPhaseContext, ComponentConfiguration componentConfiguration, ViewDescription viewDescription, ViewConfiguration viewConfiguration) throws DeploymentUnitProcessingException {
        if (!(componentConfiguration.getComponentDescription() instanceof EJBComponentDescription)) {
            throw EjbMessages.MESSAGES.invalidEjbComponent(componentConfiguration.getComponentName(), componentConfiguration.getComponentClass());
        }
        DeploymentReflectionIndex deploymentReflectionIndex = (DeploymentReflectionIndex) deploymentPhaseContext.getDeploymentUnit().getAttachment(Attachments.REFLECTION_INDEX);
        EJBComponentDescription eJBComponentDescription = (EJBComponentDescription) componentConfiguration.getComponentDescription();
        if (eJBComponentDescription.getSecurityDomain() == null) {
            EjbLogger.ROOT_LOGGER.debug("Security is *not* enabled on EJB: " + eJBComponentDescription.getEJBName() + ", since no explicit security domain is configured for the bean, nor is there any default security domain configured in the EJB3 subsystem");
            return;
        }
        String viewClassName = viewDescription.getViewClassName();
        EJBViewDescription eJBViewDescription = (EJBViewDescription) viewDescription;
        DeploymentUnit deploymentUnit = deploymentPhaseContext.getDeploymentUnit();
        String name = deploymentUnit.getName();
        if (deploymentUnit.getParent() != null) {
            name = deploymentUnit.getParent().getName() + "!" + name;
        }
        boolean z = false;
        List<Method> cachedMethods = viewConfiguration.getProxyFactory().getCachedMethods();
        ArrayList<Method> arrayList = new ArrayList();
        for (Method method : cachedMethods) {
            if (Modifier.isPublic(method.getModifiers()) && method.getDeclaringClass() != WriteReplaceInterface.class) {
                boolean handlePermissions = handlePermissions(name, componentConfiguration, viewConfiguration, deploymentReflectionIndex, viewClassName, eJBViewDescription, method, eJBComponentDescription.getDescriptorMethodPermissions(), false);
                if (!handlePermissions) {
                    handlePermissions = handlePermissions(name, componentConfiguration, viewConfiguration, deploymentReflectionIndex, viewClassName, eJBViewDescription, method, eJBComponentDescription.getAnnotationMethodPermissions(), true);
                }
                if (handlePermissions) {
                    z = true;
                } else {
                    arrayList.add(method);
                }
            }
        }
        boolean z2 = z || hasSecurityMetaData(eJBComponentDescription);
        viewConfiguration.addViewInterceptor(new SecurityContextInterceptorFactory(z2), 592);
        if (!z2) {
            EjbLogger.ROOT_LOGGER.debug("Security is *not* enabled on EJB: " + eJBComponentDescription.getEJBName() + ", no security interceptors will apply");
            return;
        }
        Boolean isMissingMethodPermissionsDeniedAccess = ((EJBComponentDescription) componentConfiguration.getComponentDescription()).isMissingMethodPermissionsDeniedAccess();
        if (isMissingMethodPermissionsDeniedAccess == null || isMissingMethodPermissionsDeniedAccess.booleanValue()) {
            for (Method method2 : arrayList) {
                viewConfiguration.addViewInterceptor(method2, new ImmediateInterceptorFactory(new AuthorizationInterceptor(EJBMethodSecurityAttribute.denyAll(), viewClassName, method2, name)), 768);
            }
        }
    }

    private boolean handlePermissions(String str, ComponentConfiguration componentConfiguration, ViewConfiguration viewConfiguration, DeploymentReflectionIndex deploymentReflectionIndex, String str2, EJBViewDescription eJBViewDescription, Method method, ApplicableMethodInformation<EJBMethodSecurityAttribute> applicableMethodInformation, boolean z) {
        EJBMethodSecurityAttribute viewAttribute = applicableMethodInformation.getViewAttribute(eJBViewDescription.getMethodIntf(), method.getName(), MethodInfoHelper.getCanonicalParameterTypes(method));
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(applicableMethodInformation.getAllAttributes(eJBViewDescription.getMethodIntf(), method.getDeclaringClass().getName(), method.getName(), MethodInfoHelper.getCanonicalParameterTypes(method)));
        if (viewAttribute == null) {
            viewAttribute = applicableMethodInformation.getViewAttribute(MethodIntf.BEAN, method.getName(), MethodInfoHelper.getCanonicalParameterTypes(method));
        }
        arrayList.addAll(applicableMethodInformation.getAllAttributes(MethodIntf.BEAN, method.getDeclaringClass().getName(), method.getName(), MethodInfoHelper.getCanonicalParameterTypes(method)));
        Method findMethod = ClassReflectionIndexUtil.findMethod(deploymentReflectionIndex, componentConfiguration.getComponentClass(), method);
        if (viewAttribute == null && findMethod != null) {
            viewAttribute = applicableMethodInformation.getAttribute(eJBViewDescription.getMethodIntf(), findMethod.getDeclaringClass().getName(), findMethod.getName(), MethodInfoHelper.getCanonicalParameterTypes(findMethod));
            if (viewAttribute == null) {
                viewAttribute = applicableMethodInformation.getAttribute(MethodIntf.BEAN, findMethod.getDeclaringClass().getName(), findMethod.getName(), MethodInfoHelper.getCanonicalParameterTypes(findMethod));
            }
        }
        if (findMethod != null) {
            arrayList.addAll(applicableMethodInformation.getAllAttributes(eJBViewDescription.getMethodIntf(), findMethod.getDeclaringClass().getName(), findMethod.getName(), MethodInfoHelper.getCanonicalParameterTypes(findMethod)));
            arrayList.addAll(applicableMethodInformation.getAllAttributes(MethodIntf.BEAN, findMethod.getDeclaringClass().getName(), findMethod.getName(), MethodInfoHelper.getCanonicalParameterTypes(findMethod)));
        }
        if (viewAttribute == null) {
            return false;
        }
        if (!z && !viewAttribute.isDenyAll() && !viewAttribute.isPermitAll()) {
            HashSet hashSet = new HashSet();
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                hashSet.addAll(((EJBMethodSecurityAttribute) it.next()).getRolesAllowed());
            }
            viewAttribute = EJBMethodSecurityAttribute.rolesAllowed(hashSet);
        }
        viewConfiguration.addViewInterceptor(method, new ImmediateInterceptorFactory(new AuthorizationInterceptor(viewAttribute, str2, method, str)), 768);
        return true;
    }

    private boolean hasSecurityMetaData(EJBComponentDescription eJBComponentDescription) {
        if (eJBComponentDescription.isExplicitSecurityDomainConfigured() || eJBComponentDescription.getRunAs() != null || eJBComponentDescription.getRunAsPrincipal() != null) {
            return true;
        }
        SecurityRolesMetaData securityRoles = eJBComponentDescription.getSecurityRoles();
        if (securityRoles != null && !securityRoles.isEmpty()) {
            return true;
        }
        Map<String, Collection<String>> securityRoleLinks = eJBComponentDescription.getSecurityRoleLinks();
        if (securityRoleLinks != null && !securityRoleLinks.isEmpty()) {
            return true;
        }
        Set<String> declaredRoles = eJBComponentDescription.getDeclaredRoles();
        return (declaredRoles == null || declaredRoles.isEmpty()) ? false : true;
    }
}
