package org.jboss.as.ejb3.security;

import jakarta.security.jacc.EJBMethodPermission;
import jakarta.security.jacc.EJBRoleRefPermission;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.security.Permission;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import org.jboss.as.ee.component.ComponentConfiguration;
import org.jboss.as.ee.component.ComponentConfigurator;
import org.jboss.as.ee.component.ComponentDescription;
import org.jboss.as.ee.component.ViewConfiguration;
import org.jboss.as.ee.component.serialization.WriteReplaceInterface;
import org.jboss.as.ejb3.component.EJBComponentDescription;
import org.jboss.as.ejb3.component.EJBViewConfiguration;
import org.jboss.as.ejb3.component.session.SessionBeanComponentDescription;
import org.jboss.as.ejb3.deployment.ApplicableMethodInformation;
import org.jboss.as.ejb3.deployment.EjbDeploymentAttachmentKeys;
import org.jboss.as.server.deployment.Attachments;
import org.jboss.as.server.deployment.DeploymentPhaseContext;
import org.jboss.as.server.deployment.DeploymentUnitProcessingException;
import org.jboss.as.server.deployment.reflect.ClassReflectionIndexUtil;
import org.jboss.as.server.deployment.reflect.DeploymentReflectionIndex;
import org.jboss.metadata.ejb.spec.MethodInterfaceType;
import org.jboss.metadata.javaee.spec.SecurityRoleMetaData;
import org.jboss.metadata.javaee.spec.SecurityRolesMetaData;

/* loaded from: input_file:org/jboss/as/ejb3/security/EjbJaccConfigurator.class */
public class EjbJaccConfigurator implements ComponentConfigurator {
    private static final String ANY_AUTHENTICATED_USER_ROLE = "**";

    public void configure(DeploymentPhaseContext deploymentPhaseContext, ComponentDescription componentDescription, ComponentConfiguration componentConfiguration) throws DeploymentUnitProcessingException {
        DeploymentReflectionIndex deploymentReflectionIndex = (DeploymentReflectionIndex) deploymentPhaseContext.getDeploymentUnit().getAttachment(Attachments.REFLECTION_INDEX);
        EJBComponentDescription eJBComponentDescription = (EJBComponentDescription) EJBComponentDescription.class.cast(componentDescription);
        EjbJaccConfig ejbJaccConfig = new EjbJaccConfig();
        deploymentPhaseContext.getDeploymentUnit().addToAttachmentList(EjbDeploymentAttachmentKeys.JACC_PERMISSIONS, ejbJaccConfig);
        for (ViewConfiguration viewConfiguration : componentConfiguration.getViews()) {
            for (Method method : viewConfiguration.getProxyFactory().getCachedMethods()) {
                if (Modifier.isPublic(method.getModifiers()) && method.getDeclaringClass() != WriteReplaceInterface.class) {
                    EJBViewConfiguration eJBViewConfiguration = (EJBViewConfiguration) EJBViewConfiguration.class.cast(viewConfiguration);
                    if (!createPermissions(ejbJaccConfig, eJBComponentDescription, eJBViewConfiguration, method, deploymentReflectionIndex, eJBComponentDescription.getDescriptorMethodPermissions())) {
                        createPermissions(ejbJaccConfig, eJBComponentDescription, eJBViewConfiguration, method, deploymentReflectionIndex, eJBComponentDescription.getAnnotationMethodPermissions());
                    }
                }
            }
        }
        HashSet<String> hashSet = new HashSet();
        SecurityRolesMetaData securityRoles = eJBComponentDescription.getSecurityRoles();
        if (securityRoles != null) {
            Iterator it = securityRoles.iterator();
            while (it.hasNext()) {
                hashSet.add(((SecurityRoleMetaData) it.next()).getRoleName());
            }
        }
        Iterator<Map.Entry<String, Permission>> it2 = ejbJaccConfig.getRoles().iterator();
        while (it2.hasNext()) {
            hashSet.add(it2.next().getKey());
        }
        hashSet.add(ANY_AUTHENTICATED_USER_ROLE);
        Map<String, Collection<String>> securityRoleLinks = eJBComponentDescription.getSecurityRoleLinks();
        for (Map.Entry<String, Collection<String>> entry : securityRoleLinks.entrySet()) {
            String key = entry.getKey();
            Iterator<String> it3 = entry.getValue().iterator();
            while (it3.hasNext()) {
                ejbJaccConfig.addRole(it3.next(), new EJBRoleRefPermission(eJBComponentDescription.getEJBName(), key));
            }
            hashSet.remove(key);
        }
        for (String str : eJBComponentDescription.getDeclaredRoles()) {
            if (!securityRoleLinks.containsKey(str)) {
                ejbJaccConfig.addRole(str, new EJBRoleRefPermission(eJBComponentDescription.getEJBName(), str));
            }
            hashSet.remove(str);
        }
        for (String str2 : hashSet) {
            ejbJaccConfig.addRole(str2, new EJBRoleRefPermission(eJBComponentDescription.getEJBName(), str2));
        }
        if ((eJBComponentDescription instanceof SessionBeanComponentDescription) && ((SessionBeanComponentDescription) SessionBeanComponentDescription.class.cast(eJBComponentDescription)).isStateful()) {
            ejbJaccConfig.addPermit(new EJBMethodPermission(eJBComponentDescription.getEJBName(), "getEJBObject", "Home", (String[]) null));
        }
    }

    protected boolean createPermissions(EjbJaccConfig ejbJaccConfig, EJBComponentDescription eJBComponentDescription, EJBViewConfiguration eJBViewConfiguration, Method method, DeploymentReflectionIndex deploymentReflectionIndex, ApplicableMethodInformation<EJBMethodSecurityAttribute> applicableMethodInformation) {
        EJBMethodSecurityAttribute viewAttribute = applicableMethodInformation.getViewAttribute(eJBViewConfiguration.getMethodIntf(), method);
        if (viewAttribute == null) {
            viewAttribute = applicableMethodInformation.getViewAttribute(MethodInterfaceType.Bean, method);
        }
        Method findMethod = ClassReflectionIndexUtil.findMethod(deploymentReflectionIndex, eJBViewConfiguration.getComponentConfiguration().getComponentClass(), method);
        if (viewAttribute == null && findMethod != null) {
            viewAttribute = applicableMethodInformation.getAttribute(eJBViewConfiguration.getMethodIntf(), findMethod);
            if (viewAttribute == null) {
                viewAttribute = applicableMethodInformation.getAttribute(MethodInterfaceType.Bean, findMethod);
            }
        }
        if (viewAttribute == null) {
            return false;
        }
        EJBMethodPermission eJBMethodPermission = new EJBMethodPermission(eJBComponentDescription.getEJBName(), eJBViewConfiguration.getMethodIntf().name(), method);
        if (viewAttribute.isPermitAll()) {
            ejbJaccConfig.addPermit(eJBMethodPermission);
        }
        if (viewAttribute.isDenyAll()) {
            ejbJaccConfig.addDeny(eJBMethodPermission);
        }
        Iterator<String> it = viewAttribute.getRolesAllowed().iterator();
        while (it.hasNext()) {
            ejbJaccConfig.addRole(it.next(), eJBMethodPermission);
        }
        return true;
    }
}
