package org.jboss.security.plugins.javaee;

import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.audit.AuditLevel;
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.resources.WebResource;
import org.jboss.security.callbacks.SecurityContextCallbackHandler;
import org.jboss.security.identity.plugins.SimpleRole;
import org.jboss.security.identity.plugins.SimpleRoleGroup;
import org.jboss.security.javaee.AbstractWebAuthorizationHelper;

/* JADX WARN: Classes with same name are omitted:
  input_file:eap6/api-jars/picketbox-4.0.7.Final.jar:org/jboss/security/plugins/javaee/WebAuthorizationHelper.class
 */
/* loaded from: input_file:eap7/api-jars/picketbox-4.9.4.Final.jar:org/jboss/security/plugins/javaee/WebAuthorizationHelper.class */
public class WebAuthorizationHelper extends AbstractWebAuthorizationHelper {
    @Override // org.jboss.security.javaee.AbstractWebAuthorizationHelper
    public boolean checkResourcePermission(Map<String, Object> map, ServletRequest servletRequest, ServletResponse servletResponse, Subject subject, String str, String str2) {
        return checkResourcePermission(map, servletRequest, servletResponse, subject, str, str2, null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v47, types: [org.jboss.security.identity.RoleGroup] */
    /* JADX WARN: Type inference failed for: r5v0, types: [org.jboss.security.plugins.javaee.WebAuthorizationHelper] */
    @Override // org.jboss.security.javaee.AbstractWebAuthorizationHelper
    public boolean checkResourcePermission(Map<String, Object> map, ServletRequest servletRequest, ServletResponse servletResponse, Subject subject, String str, String str2, List<String> list) {
        SimpleRoleGroup simpleRoleGroup;
        boolean z;
        if (str == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextID");
        }
        if (servletRequest == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("request");
        }
        if (servletResponse == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("response");
        }
        if (str2 == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("canonicalRequestURI");
        }
        AuthorizationManager authorizationManager = this.securityContext.getAuthorizationManager();
        if (authorizationManager == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullProperty("AuthorizationManager");
        }
        WebResource webResource = new WebResource(Collections.unmodifiableMap(map));
        webResource.setPolicyContextID(str);
        webResource.setServletRequest(servletRequest);
        webResource.setServletResponse(servletResponse);
        webResource.setCallerSubject(subject);
        webResource.setCanonicalRequestURI(str2);
        SecurityContextCallbackHandler securityContextCallbackHandler = new SecurityContextCallbackHandler(this.securityContext);
        if (list == null) {
            simpleRoleGroup = authorizationManager.getSubjectRoles(subject, securityContextCallbackHandler);
        } else {
            simpleRoleGroup = new SimpleRoleGroup("Roles");
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                simpleRoleGroup.addRole(new SimpleRole(it.next()));
            }
        }
        try {
            int authorize = authorizationManager.authorize(webResource, subject, simpleRoleGroup);
            z = authorize == 1;
            String str3 = authorize == 1 ? AuditLevel.SUCCESS : AuditLevel.FAILURE;
            if (this.enableAudit) {
                authorizationAudit(str3, webResource, null);
            }
        } catch (AuthorizationException e) {
            z = false;
            PicketBoxLogger.LOGGER.debugFailureExecutingMethod("hasResourcePermission", e);
            if (this.enableAudit) {
                authorizationAudit(AuditLevel.ERROR, webResource, e);
            }
        }
        return z;
    }

    @Override // org.jboss.security.javaee.AbstractWebAuthorizationHelper
    public boolean hasRole(String str, Principal principal, String str2, Set<Principal> set, String str3, Subject subject) {
        return hasRole(str, principal, str2, set, str3, subject, null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v54, types: [org.jboss.security.identity.RoleGroup] */
    /* JADX WARN: Type inference failed for: r5v0, types: [org.jboss.security.plugins.javaee.WebAuthorizationHelper] */
    @Override // org.jboss.security.javaee.AbstractWebAuthorizationHelper
    public boolean hasRole(String str, Principal principal, String str2, Set<Principal> set, String str3, Subject subject, List<String> list) {
        SimpleRoleGroup simpleRoleGroup;
        boolean z;
        if (str == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument(ResourceKeys.ROLENAME);
        }
        if (str3 == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextID");
        }
        if (subject == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("callerSubject");
        }
        AuthorizationManager authorizationManager = this.securityContext.getAuthorizationManager();
        if (authorizationManager == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullProperty("AuthorizationManager");
        }
        HashMap hashMap = new HashMap();
        hashMap.put(ResourceKeys.ROLENAME, str);
        hashMap.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
        hashMap.put(ResourceKeys.PRINCIPAL_ROLES, set);
        hashMap.put(ResourceKeys.POLICY_REGISTRATION, getPolicyRegistration());
        WebResource webResource = new WebResource(Collections.unmodifiableMap(hashMap));
        webResource.setPolicyContextID(str3);
        webResource.setPrincipal(principal);
        webResource.setServletName(str2);
        webResource.setCallerSubject(subject);
        SecurityContextCallbackHandler securityContextCallbackHandler = new SecurityContextCallbackHandler(this.securityContext);
        if (list == null) {
            simpleRoleGroup = authorizationManager.getSubjectRoles(subject, securityContextCallbackHandler);
        } else {
            simpleRoleGroup = new SimpleRoleGroup("Roles");
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                simpleRoleGroup.addRole(new SimpleRole(it.next()));
            }
        }
        try {
            z = authorizationManager.authorize(webResource, subject, simpleRoleGroup) == 1;
            String str4 = z ? AuditLevel.SUCCESS : AuditLevel.FAILURE;
            if (this.enableAudit) {
                authorizationAudit(str4, webResource, null);
            }
        } catch (AuthorizationException e) {
            z = false;
            PicketBoxLogger.LOGGER.debugFailureExecutingMethod("hasRole", e);
            if (this.enableAudit) {
                authorizationAudit(AuditLevel.ERROR, webResource, e);
            }
        }
        return z;
    }

    @Override // org.jboss.security.javaee.AbstractWebAuthorizationHelper
    public boolean hasUserDataPermission(Map<String, Object> map, ServletRequest servletRequest, ServletResponse servletResponse, String str, Subject subject) {
        return hasUserDataPermission(map, servletRequest, servletResponse, str, subject, null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v48, types: [org.jboss.security.identity.RoleGroup] */
    /* JADX WARN: Type inference failed for: r5v0, types: [org.jboss.security.plugins.javaee.WebAuthorizationHelper] */
    @Override // org.jboss.security.javaee.AbstractWebAuthorizationHelper
    public boolean hasUserDataPermission(Map<String, Object> map, ServletRequest servletRequest, ServletResponse servletResponse, String str, Subject subject, List<String> list) {
        SimpleRoleGroup simpleRoleGroup;
        boolean z;
        if (str == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextID");
        }
        if (subject == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("callerSubject");
        }
        if (servletRequest == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("request");
        }
        if (servletResponse == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("response");
        }
        AuthorizationManager authorizationManager = this.securityContext.getAuthorizationManager();
        if (authorizationManager == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullProperty("AuthorizationManager");
        }
        map.put(ResourceKeys.POLICY_REGISTRATION, getPolicyRegistration());
        WebResource webResource = new WebResource(Collections.unmodifiableMap(map));
        webResource.setPolicyContextID(str);
        webResource.setServletRequest(servletRequest);
        webResource.setServletResponse(servletResponse);
        webResource.setCallerSubject(subject);
        SecurityContextCallbackHandler securityContextCallbackHandler = new SecurityContextCallbackHandler(this.securityContext);
        if (list == null) {
            simpleRoleGroup = authorizationManager.getSubjectRoles(subject, securityContextCallbackHandler);
        } else {
            simpleRoleGroup = new SimpleRoleGroup("Roles");
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                simpleRoleGroup.addRole(new SimpleRole(it.next()));
            }
        }
        try {
            z = authorizationManager.authorize(webResource, subject, simpleRoleGroup) == 1;
            String str2 = z ? AuditLevel.SUCCESS : AuditLevel.FAILURE;
            if (this.enableAudit) {
                authorizationAudit(str2, webResource, null);
            }
        } catch (AuthorizationException e) {
            z = false;
            PicketBoxLogger.LOGGER.debugFailureExecutingMethod("hasUserDataPermission", e);
            if (this.enableAudit) {
                authorizationAudit(AuditLevel.ERROR, webResource, e);
            }
        }
        return z;
    }
}
