package org.jboss.as.controller.access.permission;

import java.security.Permission;
import java.security.PermissionCollection;
import java.util.Enumeration;
import org.jboss.as.controller.ControlledProcessState;
import org.jboss.as.controller.access.Action;
import org.jboss.as.controller.access.AuthorizationResult;
import org.jboss.as.controller.access.Authorizer;
import org.jboss.as.controller.access.Caller;
import org.jboss.as.controller.access.Environment;
import org.jboss.as.controller.access.TargetAttribute;
import org.jboss.as.controller.access.TargetResource;
import org.jboss.dmr.ModelNode;

/* loaded from: input_file:org/jboss/as/controller/access/permission/ManagementPermissionAuthorizer.class */
public class ManagementPermissionAuthorizer implements Authorizer {
    private final PermissionFactory permissionFactory;

    public ManagementPermissionAuthorizer(PermissionFactory permissionFactory) {
        this.permissionFactory = permissionFactory;
    }

    @Override // org.jboss.as.controller.access.Authorizer
    public AuthorizationResult authorize(Caller caller, Environment environment, Action action, TargetAttribute targetAttribute) {
        return environment.getProcessState() == ControlledProcessState.State.STARTING ? AuthorizationResult.PERMITTED : authorize(this.permissionFactory.getUserPermissions(caller, environment, action, targetAttribute), this.permissionFactory.getRequiredPermissions(action, targetAttribute));
    }

    @Override // org.jboss.as.controller.access.Authorizer
    public AuthorizationResult authorize(Caller caller, Environment environment, Action action, TargetResource targetResource) {
        return environment.getProcessState() == ControlledProcessState.State.STARTING ? AuthorizationResult.PERMITTED : authorize(this.permissionFactory.getUserPermissions(caller, environment, action, targetResource), this.permissionFactory.getRequiredPermissions(action, targetResource));
    }

    private AuthorizationResult authorize(PermissionCollection permissionCollection, PermissionCollection permissionCollection2) {
        Enumeration<Permission> elements = permissionCollection2.elements();
        while (elements.hasMoreElements()) {
            if (!permissionCollection.implies(elements.nextElement())) {
                return new AuthorizationResult(AuthorizationResult.Decision.DENY, new ModelNode("Permission denied"));
            }
        }
        return AuthorizationResult.PERMITTED;
    }
}
