package org.jboss.as.ejb3.security;

import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.jacc.PolicyContext;
import org.jboss.as.core.security.ServerSecurityManager;
import org.jboss.as.ee.component.Component;
import org.jboss.as.ee.component.ComponentView;
import org.jboss.as.ejb3.component.EJBComponent;
import org.jboss.as.ejb3.component.MethodIntf;
import org.jboss.as.ejb3.logging.EjbLogger;
import org.jboss.invocation.Interceptor;
import org.jboss.invocation.InterceptorContext;
import org.jboss.metadata.ejb.spec.MethodInterfaceType;
import org.jboss.security.AnybodyPrincipal;
import org.jboss.security.NobodyPrincipal;
import org.jboss.security.SimplePrincipal;
import org.wildfly.security.manager.WildFlySecurityManager;

/* loaded from: input_file:wildfly.zip:modules/system/layers/base/org/jboss/as/ejb3/main/wildfly-ejb3-23.0.2.Final.jar:org/jboss/as/ejb3/security/AuthorizationInterceptor.class */
public class AuthorizationInterceptor implements Interceptor {
    private final EJBMethodSecurityAttribute ejbMethodSecurityMetaData;
    private final String viewClassName;
    private final Method viewMethod;
    private final String contextID;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:wildfly.zip:modules/system/layers/base/org/jboss/as/ejb3/main/wildfly-ejb3-23.0.2.Final.jar:org/jboss/as/ejb3/security/AuthorizationInterceptor$SetContextIDAction.class */
    public static class SetContextIDAction implements PrivilegedAction<String> {
        private String contextID;

        SetContextIDAction(String str) {
            this.contextID = str;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public String run() {
            String contextID = PolicyContext.getContextID();
            PolicyContext.setContextID(this.contextID);
            return contextID;
        }
    }

    public AuthorizationInterceptor(EJBMethodSecurityAttribute eJBMethodSecurityAttribute, String str, Method method, String str2) {
        if (eJBMethodSecurityAttribute == null) {
            throw EjbLogger.ROOT_LOGGER.ejbMethodSecurityMetaDataIsNull();
        }
        if (str == null || str.trim().isEmpty()) {
            throw EjbLogger.ROOT_LOGGER.viewClassNameIsNull();
        }
        if (method == null) {
            throw EjbLogger.ROOT_LOGGER.viewMethodIsNull();
        }
        this.ejbMethodSecurityMetaData = eJBMethodSecurityAttribute;
        this.viewClassName = str;
        this.viewMethod = method;
        this.contextID = str2;
    }

    @Override // org.jboss.invocation.Interceptor
    public Object processInvocation(InterceptorContext interceptorContext) throws Exception {
        Component component = (Component) interceptorContext.getPrivateData(Component.class);
        if (!(component instanceof EJBComponent)) {
            throw EjbLogger.ROOT_LOGGER.unexpectedComponent(component, EJBComponent.class);
        }
        final Method method = interceptorContext.getMethod();
        final ComponentView componentView = (ComponentView) interceptorContext.getPrivateData(ComponentView.class);
        String name = componentView.getViewClass().getName();
        if (!this.viewClassName.equals(name) || !this.viewMethod.equals(method)) {
            throw EjbLogger.ROOT_LOGGER.failProcessInvocation(getClass().getName(), method, name, this.viewMethod, this.viewClassName);
        }
        final EJBComponent eJBComponent = (EJBComponent) component;
        final ServerSecurityManager securityManager = eJBComponent.getSecurityManager();
        final MethodInterfaceType methodInterfaceType = getMethodInterfaceType((MethodIntf) componentView.getPrivateData(MethodIntf.class));
        String contextID = setContextID(this.contextID);
        try {
            if (WildFlySecurityManager.isChecking()) {
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: org.jboss.as.ejb3.security.AuthorizationInterceptor.1
                        @Override // java.security.PrivilegedExceptionAction
                        /* renamed from: run, reason: merged with bridge method [inline-methods] */
                        public Object run2() {
                            if (securityManager.authorize(eJBComponent.getComponentName(), componentView.getProxyClass().getProtectionDomain().getCodeSource(), methodInterfaceType.name(), AuthorizationInterceptor.this.viewMethod, AuthorizationInterceptor.this.getMethodRolesAsPrincipals(), AuthorizationInterceptor.this.contextID)) {
                                return null;
                            }
                            throw EjbLogger.ROOT_LOGGER.invocationOfMethodNotAllowed(method, eJBComponent.getComponentName());
                        }
                    });
                } catch (PrivilegedActionException e) {
                    throw e.getException();
                }
            } else if (!securityManager.authorize(eJBComponent.getComponentName(), componentView.getProxyClass().getProtectionDomain().getCodeSource(), methodInterfaceType.name(), this.viewMethod, getMethodRolesAsPrincipals(), this.contextID)) {
                throw EjbLogger.ROOT_LOGGER.invocationOfMethodNotAllowed(method, eJBComponent.getComponentName());
            }
            Object proceed = interceptorContext.proceed();
            setContextID(contextID);
            return proceed;
        } catch (Throwable th) {
            setContextID(contextID);
            throw th;
        }
    }

    protected Set<Principal> getMethodRolesAsPrincipals() {
        HashSet hashSet = new HashSet();
        if (this.ejbMethodSecurityMetaData.isDenyAll()) {
            hashSet.add(NobodyPrincipal.NOBODY_PRINCIPAL);
        } else if (this.ejbMethodSecurityMetaData.isPermitAll()) {
            hashSet.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
        } else {
            Iterator<String> it = this.ejbMethodSecurityMetaData.getRolesAllowed().iterator();
            while (it.hasNext()) {
                hashSet.add(new SimplePrincipal(it.next()));
            }
        }
        return hashSet;
    }

    protected MethodInterfaceType getMethodInterfaceType(MethodIntf methodIntf) {
        switch (methodIntf) {
            case HOME:
                return MethodInterfaceType.Home;
            case LOCAL_HOME:
                return MethodInterfaceType.LocalHome;
            case SERVICE_ENDPOINT:
                return MethodInterfaceType.ServiceEndpoint;
            case LOCAL:
                return MethodInterfaceType.Local;
            case REMOTE:
                return MethodInterfaceType.Remote;
            case TIMER:
                return MethodInterfaceType.Timer;
            case MESSAGE_ENDPOINT:
                return MethodInterfaceType.MessageEndpoint;
            default:
                return null;
        }
    }

    protected String setContextID(String str) {
        if (WildFlySecurityManager.isChecking()) {
            return (String) AccessController.doPrivileged(new SetContextIDAction(str));
        }
        String contextID = PolicyContext.getContextID();
        PolicyContext.setContextID(str);
        return contextID;
    }
}
