package org.jboss.ejb.plugins;

import org.jboss.ejb.Container;
import org.jboss.invocation.Invocation;
import org.jboss.metadata.ApplicationMetaData;
import org.jboss.metadata.AssemblyDescriptorMetaData;
import org.jboss.metadata.BeanMetaData;
import org.jboss.metadata.SecurityIdentityMetaData;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.RunAs;
import org.jboss.security.RunAsIdentity;

/* loaded from: input_file:org/jboss/ejb/plugins/RunAsSecurityInterceptor.class */
public class RunAsSecurityInterceptor extends AbstractInterceptor {
    protected RunAs runAsIdentity;
    protected AuthenticationManager securityManager;

    @Override // org.jboss.ejb.plugins.AbstractInterceptor, org.jboss.ejb.ContainerPlugin
    public void setContainer(Container container) {
        super.setContainer(container);
        if (container != null) {
            BeanMetaData beanMetaData = container.getBeanMetaData();
            ApplicationMetaData applicationMetaData = beanMetaData.getApplicationMetaData();
            AssemblyDescriptorMetaData assemblyDescriptor = applicationMetaData.getAssemblyDescriptor();
            SecurityIdentityMetaData securityIdentityMetaData = beanMetaData.getSecurityIdentityMetaData();
            if (securityIdentityMetaData != null && !securityIdentityMetaData.getUseCallerIdentity()) {
                String runAsRoleName = securityIdentityMetaData.getRunAsRoleName();
                String runAsPrincipalName = securityIdentityMetaData.getRunAsPrincipalName();
                if (runAsPrincipalName == null) {
                    runAsPrincipalName = applicationMetaData.getUnauthenticatedPrincipal();
                }
                this.runAsIdentity = new RunAsIdentity(runAsRoleName, runAsPrincipalName, assemblyDescriptor.getSecurityRoleNamesByPrincipal(runAsPrincipalName));
            }
            this.securityManager = container.getSecurityManager();
        }
    }

    @Override // org.jboss.ejb.plugins.AbstractInterceptor
    public void start() throws Exception {
        super.start();
    }

    @Override // org.jboss.ejb.plugins.AbstractInterceptor, org.jboss.ejb.Interceptor
    public Object invokeHome(Invocation invocation) throws Exception {
        return process(invocation, false);
    }

    @Override // org.jboss.ejb.plugins.AbstractInterceptor, org.jboss.ejb.Interceptor
    public Object invoke(Invocation invocation) throws Exception {
        return process(invocation, true);
    }

    public Object process(Invocation invocation, boolean z) throws Exception {
        String securityDomain = this.securityManager != null ? this.securityManager.getSecurityDomain() : "other";
        if (this.log.isTraceEnabled()) {
            this.log.trace("Bean:" + this.container.getServiceName() + " securityDomain=" + securityDomain + " isInvokeMethod=" + z);
        }
        if (SecurityActions.getSecurityContext() == null) {
            SecurityActions.createAndSetSecurityContext(invocation.getPrincipal(), invocation.getCredential(), securityDomain);
        }
        SecurityActions.pushRunAsIdentity(this.runAsIdentity);
        SecurityActions.pushCallerRunAsIdentity(this.runAsIdentity);
        if (this.log.isTraceEnabled()) {
            this.log.trace("Security Context = " + SecurityActions.trace(SecurityActions.getSecurityContext()));
        }
        try {
            if (z) {
                Object invoke = getNext().invoke(invocation);
                SecurityActions.popRunAsIdentity();
                SecurityActions.popCallerRunAsIdentity();
                return invoke;
            }
            Object invokeHome = getNext().invokeHome(invocation);
            SecurityActions.popRunAsIdentity();
            SecurityActions.popCallerRunAsIdentity();
            return invokeHome;
        } catch (Throwable th) {
            SecurityActions.popRunAsIdentity();
            SecurityActions.popCallerRunAsIdentity();
            throw th;
        }
    }
}
