package org.jboss.ejb3.security;

import java.lang.reflect.Method;
import javax.ejb.EJBAccessException;
import javax.security.auth.Subject;
import org.jboss.aop.advice.Interceptor;
import org.jboss.aop.joinpoint.Invocation;
import org.jboss.aop.joinpoint.MethodInvocation;
import org.jboss.ejb3.Container;
import org.jboss.ejb3.EJBContainer;
import org.jboss.ejb3.annotation.SecurityDomain;
import org.jboss.logging.Logger;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityIdentity;
import org.jboss.security.SecurityUtil;
import org.jboss.security.integration.JNDIBasedSecurityManagement;
import org.jboss.security.integration.ejb.EJBAuthenticationHelper;

/* loaded from: input_file:org/jboss/ejb3/security/Ejb3AuthenticationInterceptorv2.class */
public class Ejb3AuthenticationInterceptorv2 implements Interceptor {
    protected Logger log = Logger.getLogger(getClass());
    private EJBContainer container;

    public Ejb3AuthenticationInterceptorv2(Container container) {
        this.container = (EJBContainer) container;
    }

    @Override // org.jboss.aop.advice.Interceptor
    public String getName() {
        return getClass().getName();
    }

    @Override // org.jboss.aop.advice.Interceptor
    public Object invoke(Invocation invocation) throws Throwable {
        SecurityHelper securityHelper = new SecurityHelper();
        MethodInvocation methodInvocation = (MethodInvocation) invocation;
        Method method = methodInvocation.getMethod();
        if (securityHelper.isEJBTimeOutCallback(method) || securityHelper.containsTimeoutAnnotation(this.container, method) || securityHelper.isMDB(this.container)) {
            return invocation.invokeNext();
        }
        SecurityIdentity securityIdentity = null;
        SecurityContext securityContext = SecurityActions.getSecurityContext();
        SecurityContext securityContext2 = (SecurityContext) invocation.getMetaData("security", "context");
        SecurityDomain securityDomain = (SecurityDomain) this.container.resolveAnnotation(SecurityDomain.class);
        if ((securityDomain == null || securityDomain.value() == null || securityDomain.value().length() <= 0) ? false : true) {
            if (securityContext == null && securityContext2 == null) {
                securityContext = SecurityActions.createSecurityContext(securityDomain.value());
                SecurityActions.setSecurityContext(securityContext);
            }
            if (securityHelper.isLocalCall(methodInvocation)) {
                if (securityContext == null) {
                    throw new IllegalStateException("Security Context null on Local call");
                }
                securityIdentity = securityContext.getUtil().getSecurityIdentity();
            } else {
                if (securityContext2 == null && securityContext == null) {
                    throw new IllegalStateException("Security Context is not available");
                }
                if (securityContext2 != null) {
                    SecurityContext createSecurityContext = SecurityActions.createSecurityContext(securityContext2.getUtil().getUserPrincipal(), securityContext2.getUtil().getCredential(), null, SecurityUtil.unprefixSecurityDomain(securityDomain.value()));
                    SecurityActions.setSecurityContext(createSecurityContext);
                    createSecurityContext.getUtil().setSecurityIdentity(securityContext2.getUtil().getSecurityIdentity());
                }
            }
            securityContext = SecurityActions.getSecurityContext();
            securityContext.setSecurityManagement(new JNDIBasedSecurityManagement());
            EJBAuthenticationHelper eJBAuthenticationHelper = new EJBAuthenticationHelper(securityContext);
            if (!eJBAuthenticationHelper.isTrusted()) {
                Subject subject = new Subject();
                if (!eJBAuthenticationHelper.isValid(subject, method.getName())) {
                    throw new EJBAccessException("Invalid User");
                }
                eJBAuthenticationHelper.pushSubjectContext(subject);
            }
        } else if (securityContext2 != null) {
            SecurityActions.setSecurityContext(securityContext2);
        }
        if (securityContext != null) {
            try {
                SecurityActions.pushCallerRunAsIdentity(securityContext.getOutgoingRunAs());
            } catch (Throwable th) {
                if (securityHelper.isLocalCall(methodInvocation) && securityIdentity != null) {
                    SecurityActions.getSecurityContext().getUtil().setSecurityIdentity(securityIdentity);
                }
                throw th;
            }
        }
        Object invokeNext = invocation.invokeNext();
        if (securityHelper.isLocalCall(methodInvocation) && securityIdentity != null) {
            SecurityActions.getSecurityContext().getUtil().setSecurityIdentity(securityIdentity);
        }
        return invokeNext;
    }
}
