package org.infinispan.security.impl;

import java.security.AccessController;
import java.security.Principal;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.log4j.spi.Configurator;
import org.infinispan.configuration.cache.AuthorizationConfiguration;
import org.infinispan.configuration.global.GlobalSecurityConfiguration;
import org.infinispan.security.AuthorizationPermission;
import org.infinispan.security.PrincipalRoleMapper;
import org.infinispan.security.Role;
import org.infinispan.util.logging.Log;
import org.infinispan.util.logging.LogFactory;

/* loaded from: input_file:WEB-INF/lib/infinispan-core-7.0.0.Alpha1.jar:org/infinispan/security/impl/AuthorizationHelper.class */
public class AuthorizationHelper {
    private static final Log log = LogFactory.getLog(AuthorizationHelper.class);

    public static void checkPermission(Subject subject, int i, AuthorizationPermission authorizationPermission) {
        if ((i & authorizationPermission.getMask()) != authorizationPermission.getMask()) {
            throw log.unauthorizedAccess(subject == null ? Configurator.NULL : subject.toString(), authorizationPermission.toString());
        }
    }

    public static void checkPermission(GlobalSecurityConfiguration globalSecurityConfiguration, AuthorizationConfiguration authorizationConfiguration, AuthorizationPermission authorizationPermission) {
        if (globalSecurityConfiguration.authorization().enabled()) {
            Subject subject = Subject.getSubject(AccessController.getContext());
            checkPermission(subject, computeSubjectRoleMask(subject, globalSecurityConfiguration, authorizationConfiguration), authorizationPermission);
        }
    }

    public static void checkPermission(GlobalSecurityConfiguration globalSecurityConfiguration, AuthorizationPermission authorizationPermission) {
        checkPermission(globalSecurityConfiguration, (AuthorizationConfiguration) null, authorizationPermission);
    }

    public static int computeSubjectRoleMask(Subject subject, GlobalSecurityConfiguration globalSecurityConfiguration, AuthorizationConfiguration authorizationConfiguration) {
        PrincipalRoleMapper principalRoleMapper = globalSecurityConfiguration.authorization().principalRoleMapper();
        int i = 0;
        Iterator<Principal> it = subject.getPrincipals().iterator();
        while (it.hasNext()) {
            Set<String> principalToRoles = principalRoleMapper.principalToRoles(it.next());
            if (principalToRoles != null) {
                for (String str : principalToRoles) {
                    if (authorizationConfiguration == null || authorizationConfiguration.roles().contains(str)) {
                        Role role = globalSecurityConfiguration.authorization().roles().get(str);
                        if (role != null) {
                            i |= role.getMask();
                        }
                    }
                }
            }
        }
        return i;
    }
}
