package org.jboss.security.plugins.javaee;

import java.lang.reflect.Method;
import java.security.CodeSource;
import java.security.Principal;
import java.util.HashMap;
import java.util.Set;
import javax.naming.InitialContext;
import javax.security.auth.Subject;
import org.jboss.logging.Logger;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.RunAs;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.resources.EJBResource;
import org.jboss.security.callbacks.SecurityContextCallbackHandler;
import org.jboss.security.identity.RoleGroup;
import org.jboss.security.javaee.AbstractEJBAuthorizationHelper;
import org.jboss.security.javaee.SecurityRoleRef;

/* loaded from: input_file:org/jboss/security/plugins/javaee/EJBAuthorizationHelper.class */
public class EJBAuthorizationHelper extends AbstractEJBAuthorizationHelper {
    protected static Logger log = Logger.getLogger(EJBAuthorizationHelper.class);

    public boolean authorize(String str, Method method, Principal principal, String str2, CodeSource codeSource, Subject subject, RunAs runAs, String str3, RoleGroup roleGroup) {
        boolean z;
        if (str3 == null) {
            throw new IllegalArgumentException("ContextID is null");
        }
        AuthorizationManager authorizationManager = this.securityContext.getAuthorizationManager();
        HashMap hashMap = new HashMap();
        try {
            if (this.policyRegistration == null) {
                this.policyRegistration = getPolicyRegistrationFromJNDI();
            }
        } catch (Exception e) {
            log.error("Error getting Policy Registration", e);
        }
        hashMap.put("policyRegistration", this.policyRegistration);
        EJBResource eJBResource = new EJBResource(hashMap);
        eJBResource.setEjbVersion(this.version);
        eJBResource.setPolicyContextID(str3);
        eJBResource.setCallerRunAsIdentity(runAs);
        eJBResource.setEjbName(str);
        eJBResource.setEjbMethod(method);
        eJBResource.setPrincipal(principal);
        eJBResource.setEjbMethodInterface(str2);
        eJBResource.setCodeSource(codeSource);
        eJBResource.setCallerRunAsIdentity(runAs);
        eJBResource.setCallerSubject(subject);
        eJBResource.setEjbMethodRoles(roleGroup);
        try {
            z = authorizationManager.authorize(eJBResource, subject, authorizationManager.getSubjectRoles(subject, new SecurityContextCallbackHandler(this.securityContext))) == 1;
            authorizationAudit(z ? "Success" : "Failure", eJBResource, null);
        } catch (Exception e2) {
            z = false;
            if (log.isTraceEnabled()) {
                log.trace("Error in authorization:", e2);
            }
            authorizationAudit("Error", eJBResource, e2);
        }
        return z;
    }

    public boolean isCallerInRole(String str, String str2, Principal principal, Subject subject, String str3, Set<SecurityRoleRef> set) {
        return isCallerInRole(str, str2, principal, subject, str3, set, false);
    }

    public boolean isCallerInRole(String str, String str2, Principal principal, Subject subject, String str3, Set<SecurityRoleRef> set, boolean z) {
        boolean z2;
        if (str3 == null) {
            throw new IllegalArgumentException("ContextID is null");
        }
        AuthorizationManager authorizationManager = this.securityContext.getAuthorizationManager();
        if (authorizationManager == null) {
            throw new IllegalStateException("AuthorizationManager is null");
        }
        HashMap hashMap = new HashMap();
        try {
            if (this.policyRegistration == null) {
                this.policyRegistration = getPolicyRegistrationFromJNDI();
            }
        } catch (Exception e) {
            log.error("Error getting Policy Registration", e);
        }
        hashMap.put("policyRegistration", this.policyRegistration);
        hashMap.put("roleName", str);
        hashMap.put("roleRefPermissionCheck", Boolean.TRUE);
        EJBResource eJBResource = new EJBResource(hashMap);
        eJBResource.setPolicyContextID(str3);
        RunAs incomingRunAs = this.securityContext.getIncomingRunAs();
        eJBResource.setEjbVersion(this.version);
        eJBResource.setEjbName(str2);
        eJBResource.setPrincipal(principal);
        eJBResource.setCallerRunAsIdentity(incomingRunAs);
        eJBResource.setSecurityRoleReferences(set);
        eJBResource.setEnforceEJBRestrictions(z);
        eJBResource.setCallerSubject(subject);
        try {
            z2 = authorizationManager.authorize(eJBResource, subject, authorizationManager.getSubjectRoles(subject, new SecurityContextCallbackHandler(this.securityContext))) == 1;
        } catch (Exception e2) {
            z2 = false;
            if (log.isTraceEnabled()) {
                log.trace(str + "::isCallerInRole check failed:" + e2.getLocalizedMessage(), e2);
            }
            authorizationAudit("Error", eJBResource, e2);
        }
        return z2;
    }

    public String getEJBVersion() {
        return this.version;
    }

    public void setEJBVersion(String str) {
        if (!EJBResource.EJB_VERSION_1_1.equalsIgnoreCase(str) && !EJBResource.EJB_VERSION_2_0.equalsIgnoreCase(str) && !EJBResource.EJB_VERSION_3_0.equalsIgnoreCase(str)) {
            throw new IllegalArgumentException("Invalid ejbVersion:" + str);
        }
        this.version = str;
    }

    private PolicyRegistration getPolicyRegistrationFromJNDI() throws Exception {
        return (PolicyRegistration) new InitialContext().lookup("java:/policyRegistration");
    }
}
