package org.jboss.seam.security;

import java.io.Serializable;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import net.sf.ehcache.config.TimeoutBehaviorConfiguration;
import org.jboss.seam.annotations.intercept.AroundInvoke;
import org.jboss.seam.annotations.intercept.Interceptor;
import org.jboss.seam.annotations.intercept.InterceptorType;
import org.jboss.seam.annotations.security.PermissionCheck;
import org.jboss.seam.annotations.security.Restrict;
import org.jboss.seam.annotations.security.RoleCheck;
import org.jboss.seam.async.AsynchronousInterceptor;
import org.jboss.seam.intercept.AbstractInterceptor;
import org.jboss.seam.intercept.InvocationContext;
import org.jboss.seam.util.Strings;

@Interceptor(type = InterceptorType.CLIENT, around = {AsynchronousInterceptor.class})
/* loaded from: input_file:WEB-INF/lib/jboss-seam-2.3.0.Final.jar:org/jboss/seam/security/SecurityInterceptor.class */
public class SecurityInterceptor extends AbstractInterceptor implements Serializable {
    private static final long serialVersionUID = -6567750187000766925L;
    private volatile transient Map<Method, Restriction> restrictions = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/jboss-seam-2.3.0.Final.jar:org/jboss/seam/security/SecurityInterceptor$Restriction.class */
    public class Restriction {
        private String expression;
        private String permissionTarget;
        private String permissionAction;
        private Map<String, Object> methodRestrictions;
        private Map<Integer, Set<String>> paramRestrictions;
        private Set<String> roleRestrictions;

        private Restriction() {
        }

        public void setExpression(String str) {
            this.expression = str;
        }

        public void setPermissionTarget(String str) {
            this.permissionTarget = str;
        }

        public void setPermissionAction(String str) {
            this.permissionAction = str;
        }

        public void addMethodRestriction(Object obj, String str) {
            if (this.methodRestrictions == null) {
                this.methodRestrictions = new HashMap();
            }
            this.methodRestrictions.put(str, obj);
        }

        public void addRoleRestriction(String str) {
            if (this.roleRestrictions == null) {
                this.roleRestrictions = new HashSet();
            }
            this.roleRestrictions.add(str);
        }

        public void addParameterRestriction(int i, String str) {
            Set<String> set;
            if (this.paramRestrictions == null) {
                this.paramRestrictions = new HashMap();
            }
            if (this.paramRestrictions.containsKey(Integer.valueOf(i))) {
                set = this.paramRestrictions.get(Integer.valueOf(i));
            } else {
                set = new HashSet();
                this.paramRestrictions.put(Integer.valueOf(i), set);
            }
            set.add(str);
        }

        public void check(Object[] objArr) {
            if (Identity.isSecurityEnabled()) {
                if (this.expression != null) {
                    Identity.instance().checkRestriction(this.expression);
                }
                if (this.methodRestrictions != null) {
                    for (String str : this.methodRestrictions.keySet()) {
                        Identity.instance().checkPermission(this.methodRestrictions.get(str), str);
                    }
                }
                if (this.paramRestrictions != null) {
                    for (Integer num : this.paramRestrictions.keySet()) {
                        Iterator<String> it = this.paramRestrictions.get(num).iterator();
                        while (it.hasNext()) {
                            Identity.instance().checkPermission(objArr[num.intValue()], it.next());
                        }
                    }
                }
                if (this.roleRestrictions != null) {
                    Iterator<String> it2 = this.roleRestrictions.iterator();
                    while (it2.hasNext()) {
                        Identity.instance().checkRole(it2.next());
                    }
                }
                if (this.permissionTarget == null || this.permissionAction == null) {
                    return;
                }
                Identity.instance().checkPermission(this.permissionTarget, this.permissionAction);
            }
        }
    }

    @Override // org.jboss.seam.intercept.OptimizedInterceptor
    @AroundInvoke
    public Object aroundInvoke(InvocationContext invocationContext) throws Exception {
        Restriction restriction;
        Method method = invocationContext.getMethod();
        if (!"hashCode".equals(method.getName()) && (restriction = getRestriction(method)) != null) {
            restriction.check(invocationContext.getParameters());
        }
        return invocationContext.proceed();
    }

    private Restriction getRestriction(Method method) throws Exception {
        if (this.restrictions == null) {
            synchronized (this) {
                this.restrictions = new HashMap();
            }
        }
        if (!this.restrictions.containsKey(method)) {
            synchronized (this.restrictions) {
                if (!this.restrictions.containsKey(method)) {
                    Method method2 = getComponent().getBeanClass().getMethod(method.getName(), method.getParameterTypes());
                    Restrict restrict = null;
                    if (method2.isAnnotationPresent(Restrict.class)) {
                        restrict = (Restrict) method2.getAnnotation(Restrict.class);
                    } else if (getComponent().getBeanClass().isAnnotationPresent(Restrict.class) && !getComponent().isLifecycleMethod(method2)) {
                        restrict = (Restrict) getComponent().getBeanClass().getAnnotation(Restrict.class);
                    }
                    if (restrict != null) {
                        r9 = 0 == 0 ? new Restriction() : null;
                        if (Strings.isEmpty(restrict.value())) {
                            r9.setPermissionTarget(getComponent().getName());
                            r9.setPermissionAction(method2.getName());
                        } else {
                            r9.setExpression(restrict.value());
                        }
                    }
                    for (Annotation annotation : method2.getDeclaringClass().getAnnotations()) {
                        if (annotation.annotationType().isAnnotationPresent(RoleCheck.class)) {
                            if (r9 == null) {
                                r9 = new Restriction();
                            }
                            r9.addRoleRestriction(annotation.annotationType().getSimpleName().toLowerCase());
                        }
                    }
                    for (Annotation annotation2 : method2.getAnnotations()) {
                        if (annotation2.annotationType().isAnnotationPresent(PermissionCheck.class)) {
                            PermissionCheck permissionCheck = (PermissionCheck) annotation2.annotationType().getAnnotation(PermissionCheck.class);
                            Method[] declaredMethods = annotation2.annotationType().getDeclaredMethods();
                            Method method3 = 0 < declaredMethods.length ? declaredMethods[0] : null;
                            if (method3 != null) {
                                if (r9 == null) {
                                    r9 = new Restriction();
                                }
                                Object invoke = method3.invoke(annotation2, new Object[0]);
                                if (!invoke.equals(Void.TYPE)) {
                                    r9.addMethodRestriction(invoke, getPermissionAction(permissionCheck, annotation2));
                                }
                            }
                        }
                        if (annotation2.annotationType().isAnnotationPresent(RoleCheck.class)) {
                            if (r9 == null) {
                                r9 = new Restriction();
                            }
                            r9.addRoleRestriction(annotation2.annotationType().getSimpleName().toLowerCase());
                        }
                    }
                    for (int i = 0; i < method2.getParameterAnnotations().length; i++) {
                        for (Annotation annotation3 : method2.getParameterAnnotations()[i]) {
                            if (annotation3.annotationType().isAnnotationPresent(PermissionCheck.class)) {
                                PermissionCheck permissionCheck2 = (PermissionCheck) annotation3.annotationType().getAnnotation(PermissionCheck.class);
                                if (r9 == null) {
                                    r9 = new Restriction();
                                }
                                r9.addParameterRestriction(i, getPermissionAction(permissionCheck2, annotation3));
                            }
                        }
                    }
                    this.restrictions.put(method, r9);
                    return r9;
                }
            }
        }
        return this.restrictions.get(method);
    }

    private String getPermissionAction(PermissionCheck permissionCheck, Annotation annotation) {
        return !TimeoutBehaviorConfiguration.DEFAULT_PROPERTIES.equals(permissionCheck.value()) ? permissionCheck.value() : annotation.annotationType().getSimpleName().toLowerCase();
    }

    @Override // org.jboss.seam.intercept.OptimizedInterceptor
    public boolean isInterceptorEnabled() {
        return getComponent().isSecure() && !getComponent().beanClassHasAnnotation("javax.jws.WebService");
    }
}
