package org.jboss.jmx.connector.invoker;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.UndeclaredThrowableException;
import java.security.Principal;
import javax.management.Attribute;
import javax.management.ObjectName;
import javax.security.auth.Subject;
import org.jboss.mx.interceptor.AbstractInterceptor;
import org.jboss.mx.server.Invocation;

/* loaded from: input_file:org/jboss/jmx/connector/invoker/AuthorizationInterceptor.class */
public class AuthorizationInterceptor extends AbstractInterceptor {
    protected Object authenticator = null;
    protected Method authorize;
    public static final String ATTRIBUTE_SET = "SetAttribute";

    public AuthorizationInterceptor() {
        try {
            setAuthorizingClass(RolesAuthorization.class);
        } catch (Exception e) {
        }
    }

    public void setAuthorizingClass(Class cls) throws Exception {
        this.authenticator = cls.newInstance();
        this.log.debug("Loaded authenticator: " + this.authenticator);
        this.authorize = cls.getMethod("authorize", Principal.class, Subject.class, String.class, String.class);
        this.log.debug("Found authorize(Principal, Subject, String, String)");
    }

    public Object invoke(Invocation invocation) throws Throwable {
        String str;
        if (invocation.getType() == "invoke" && invocation.getName().equals("invoke")) {
            org.jboss.invocation.Invocation invocation2 = (org.jboss.invocation.Invocation) invocation.getArgs()[0];
            Principal principal = invocation2.getPrincipal();
            Object[] arguments = invocation2.getArguments();
            if (arguments != null && arguments.length > 1) {
                ObjectName objectName = (ObjectName) arguments[0];
                Object obj = arguments[1];
                if (obj instanceof String) {
                    str = (String) obj;
                } else {
                    if (!(obj instanceof Attribute)) {
                        throw new IllegalArgumentException("Opname type not recognized");
                    }
                    str = ATTRIBUTE_SET;
                }
                try {
                    checkAuthorization(principal, objectName.getCanonicalName(), str);
                } catch (SecurityException e) {
                    throw e;
                } catch (Exception e2) {
                    SecurityException securityException = new SecurityException("Failed to authorize principal=" + principal + ",MBean=" + objectName + ", Operation=" + str);
                    securityException.initCause(e2);
                    throw securityException;
                }
            }
        }
        return invocation.nextInterceptor().invoke(invocation);
    }

    private void checkAuthorization(Principal principal, String str, String str2) throws Exception {
        Subject activeSubject = SecurityActions.getActiveSubject();
        if (activeSubject == null) {
            throw new SecurityException("No active Subject found, add the AuthenticationInterceptor");
        }
        if (this.log.isTraceEnabled()) {
            this.log.trace("[checkAuthorization:caller=" + principal + ":subject=" + activeSubject + "]");
        }
        try {
            this.authorize.invoke(this.authenticator, principal, activeSubject, str, str2);
            if (this.log.isTraceEnabled()) {
                this.log.trace("[checkAuthorization:Authorization passed]");
            }
        } catch (InvocationTargetException e) {
            Throwable targetException = e.getTargetException();
            if (!(targetException instanceof Exception)) {
                throw new UndeclaredThrowableException(targetException);
            }
            throw ((Exception) targetException);
        }
    }
}
