package org.jboss.security.plugins.javaee;

import java.lang.reflect.Method;
import java.security.CodeSource;
import java.security.Principal;
import java.util.HashMap;
import java.util.Set;
import javax.naming.InitialContext;
import javax.security.auth.Subject;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.RunAs;
import org.jboss.security.audit.AuditLevel;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.resources.EJBResource;
import org.jboss.security.callbacks.SecurityContextCallbackHandler;
import org.jboss.security.identity.RoleGroup;
import org.jboss.security.javaee.AbstractEJBAuthorizationHelper;
import org.jboss.security.javaee.SecurityRoleRef;
import org.jboss.security.javaee.exceptions.MissingArgumentsException;
import org.jboss.security.javaee.exceptions.WrongEEResourceException;

/* loaded from: input_file:WEB-INF/lib/picketbox-4.1.1.Final-redhat-1.jar:org/jboss/security/plugins/javaee/EJBAuthorizationHelper.class */
public class EJBAuthorizationHelper extends AbstractEJBAuthorizationHelper {
    protected String POLICY_REGISTRATION_JNDI = "java:/policyRegistration";

    @Override // org.jboss.security.javaee.AbstractEJBAuthorizationHelper
    public boolean authorize(String str, Method method, Principal principal, String str2, CodeSource codeSource, Subject subject, RunAs runAs, String str3, RoleGroup roleGroup) {
        boolean z;
        if (str == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("ejbName");
        }
        if (method == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("ejbMethod");
        }
        if (codeSource == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("ejbCodeSource");
        }
        if (str3 == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextID");
        }
        if (subject == null && runAs == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("callerSubject");
        }
        AuthorizationManager authorizationManager = this.securityContext.getAuthorizationManager();
        if (authorizationManager == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullProperty("AuthorizationManager");
        }
        HashMap hashMap = new HashMap();
        try {
            if (this.policyRegistration == null) {
                this.policyRegistration = getPolicyRegistrationFromJNDI();
            }
        } catch (Exception e) {
            PicketBoxLogger.LOGGER.debugIgnoredException(e);
        }
        hashMap.put(ResourceKeys.POLICY_REGISTRATION, this.policyRegistration);
        EJBResource eJBResource = new EJBResource(hashMap);
        eJBResource.setEjbVersion(this.version);
        eJBResource.setPolicyContextID(str3);
        eJBResource.setCallerRunAsIdentity(runAs);
        eJBResource.setEjbName(str);
        eJBResource.setEjbMethod(method);
        eJBResource.setPrincipal(principal);
        eJBResource.setEjbMethodInterface(str2);
        eJBResource.setCodeSource(codeSource);
        eJBResource.setCallerRunAsIdentity(runAs);
        eJBResource.setCallerSubject(subject);
        eJBResource.setEjbMethodRoles(roleGroup);
        try {
            z = authorizationManager.authorize(eJBResource, subject, authorizationManager.getSubjectRoles(subject, new SecurityContextCallbackHandler(this.securityContext))) == 1;
            authorizationAudit(z ? AuditLevel.SUCCESS : AuditLevel.FAILURE, eJBResource, null);
        } catch (Exception e2) {
            z = false;
            PicketBoxLogger.LOGGER.debugAuthorizationError(e2);
            authorizationAudit(AuditLevel.ERROR, eJBResource, e2);
        }
        return z;
    }

    @Override // org.jboss.security.javaee.AbstractEJBAuthorizationHelper
    public boolean isCallerInRole(String str, String str2, Principal principal, Subject subject, String str3, Set<SecurityRoleRef> set) {
        return isCallerInRole(str, str2, principal, subject, str3, set, false);
    }

    @Override // org.jboss.security.javaee.AbstractEJBAuthorizationHelper
    public boolean isCallerInRole(Resource resource, String str) throws WrongEEResourceException, MissingArgumentsException {
        boolean z;
        EJBResource eJBResource = (EJBResource) resource;
        if (str == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument(ResourceKeys.ROLENAME);
        }
        if (eJBResource.getEjbName() == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("ejbName");
        }
        if (eJBResource.getPolicyContextID() == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextID");
        }
        AuthorizationManager authorizationManager = this.securityContext.getAuthorizationManager();
        Subject callerSubject = eJBResource.getCallerSubject();
        if (authorizationManager == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullProperty("AuthorizationManager");
        }
        try {
            if (this.policyRegistration == null) {
                this.policyRegistration = getPolicyRegistrationFromJNDI();
            }
        } catch (Exception e) {
            PicketBoxLogger.LOGGER.debugIgnoredException(e);
        }
        eJBResource.add(ResourceKeys.POLICY_REGISTRATION, this.policyRegistration);
        eJBResource.add(ResourceKeys.ROLENAME, str);
        eJBResource.add(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
        try {
            z = authorizationManager.authorize(eJBResource, callerSubject, authorizationManager.getSubjectRoles(callerSubject, new SecurityContextCallbackHandler(this.securityContext))) == 1;
        } catch (Exception e2) {
            z = false;
            PicketBoxLogger.LOGGER.debugFailureExecutingMethod("isCallerInRole", e2);
            authorizationAudit(AuditLevel.ERROR, eJBResource, e2);
        }
        return z;
    }

    @Override // org.jboss.security.javaee.AbstractEJBAuthorizationHelper
    public boolean isCallerInRole(String str, String str2, Principal principal, Subject subject, String str3, Set<SecurityRoleRef> set, boolean z) {
        boolean z2;
        if (str == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument(ResourceKeys.ROLENAME);
        }
        if (str2 == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("ejbName");
        }
        if (str3 == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextID");
        }
        AuthorizationManager authorizationManager = this.securityContext.getAuthorizationManager();
        if (authorizationManager == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullProperty("AuthorizationManager");
        }
        HashMap hashMap = new HashMap();
        try {
            if (this.policyRegistration == null) {
                this.policyRegistration = getPolicyRegistrationFromJNDI();
            }
        } catch (Exception e) {
            PicketBoxLogger.LOGGER.debugIgnoredException(e);
        }
        hashMap.put(ResourceKeys.POLICY_REGISTRATION, this.policyRegistration);
        hashMap.put(ResourceKeys.ROLENAME, str);
        hashMap.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
        EJBResource eJBResource = new EJBResource(hashMap);
        eJBResource.setPolicyContextID(str3);
        RunAs incomingRunAs = SecurityActions.getIncomingRunAs(this.securityContext);
        eJBResource.setEjbVersion(this.version);
        eJBResource.setEjbName(str2);
        eJBResource.setPrincipal(principal);
        eJBResource.setCallerRunAsIdentity(incomingRunAs);
        eJBResource.setSecurityRoleReferences(set);
        eJBResource.setEnforceEJBRestrictions(z);
        eJBResource.setCallerSubject(subject);
        try {
            z2 = authorizationManager.authorize(eJBResource, subject, authorizationManager.getSubjectRoles(subject, new SecurityContextCallbackHandler(this.securityContext))) == 1;
        } catch (Exception e2) {
            z2 = false;
            PicketBoxLogger.LOGGER.debugFailureExecutingMethod("isCallerInRole", e2);
            authorizationAudit(AuditLevel.ERROR, eJBResource, e2);
        }
        return z2;
    }

    @Override // org.jboss.security.javaee.AbstractEJBAuthorizationHelper
    public String getEJBVersion() {
        return this.version;
    }

    @Override // org.jboss.security.javaee.AbstractEJBAuthorizationHelper
    public void setEJBVersion(String str) {
        if (!EJBResource.EJB_VERSION_1_1.equalsIgnoreCase(str) && !EJBResource.EJB_VERSION_2_0.equalsIgnoreCase(str) && !EJBResource.EJB_VERSION_3_0.equalsIgnoreCase(str)) {
            throw PicketBoxMessages.MESSAGES.invalidEJBVersion(str);
        }
        this.version = str;
    }

    @Override // org.jboss.security.javaee.AbstractEJBAuthorizationHelper
    public boolean authorize(Resource resource) throws WrongEEResourceException, MissingArgumentsException {
        boolean z;
        if (!(resource instanceof EJBResource)) {
            throw PicketBoxMessages.MESSAGES.invalidType(EJBResource.class.getName());
        }
        EJBResource eJBResource = (EJBResource) resource;
        validateEJBResource(eJBResource);
        AuthorizationManager authorizationManager = this.securityContext.getAuthorizationManager();
        if (authorizationManager == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullProperty("AuthorizationManager");
        }
        try {
            if (this.policyRegistration == null) {
                this.policyRegistration = getPolicyRegistrationFromJNDI();
            }
        } catch (Exception e) {
            PicketBoxLogger.LOGGER.debugIgnoredException(e);
        }
        Subject callerSubject = eJBResource.getCallerSubject();
        eJBResource.add(ResourceKeys.POLICY_REGISTRATION, this.policyRegistration);
        try {
            z = authorizationManager.authorize(eJBResource, callerSubject, authorizationManager.getSubjectRoles(callerSubject, new SecurityContextCallbackHandler(this.securityContext))) == 1;
            authorizationAudit(z ? AuditLevel.SUCCESS : AuditLevel.FAILURE, eJBResource, null);
        } catch (Exception e2) {
            z = false;
            PicketBoxLogger.LOGGER.debugAuthorizationError(e2);
            authorizationAudit(AuditLevel.ERROR, eJBResource, e2);
        }
        return z;
    }

    private void validateEJBResource(EJBResource eJBResource) throws MissingArgumentsException {
        if (eJBResource.getEjbName() == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("ejbName");
        }
        if (eJBResource.getEjbMethod() == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("ejbMethod");
        }
        if (eJBResource.getCodeSource() == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("ejbCodeSource");
        }
        if (eJBResource.getPolicyContextID() == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("contextID");
        }
        if (eJBResource.getCallerSubject() == null && eJBResource.getCallerRunAsIdentity() == null) {
            throw new MissingArgumentsException(PicketBoxMessages.MESSAGES.missingCallerInfoMessage());
        }
    }

    private PolicyRegistration getPolicyRegistrationFromJNDI() throws Exception {
        return (PolicyRegistration) new InitialContext().lookup(this.POLICY_REGISTRATION_JNDI);
    }
}
