package org.jboss.as.ejb3.security;

import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.function.Function;
import javax.security.jacc.EJBMethodPermission;
import org.jboss.as.ee.component.Component;
import org.jboss.as.ee.component.ComponentView;
import org.jboss.as.ejb3.component.EJBComponent;
import org.jboss.as.ejb3.component.MethodIntf;
import org.jboss.as.ejb3.logging.EjbLogger;
import org.jboss.invocation.Interceptor;
import org.jboss.invocation.InterceptorContext;
import org.jboss.metadata.ejb.spec.MethodInterfaceType;
import org.wildfly.clustering.ejb.BeanManagerFactoryServiceConfiguratorConfiguration;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.manager.WildFlySecurityManager;

/* loaded from: input_file:wildfly.zip:modules/system/layers/base/org/jboss/as/ejb3/main/wildfly-ejb3-23.0.2.Final.jar:org/jboss/as/ejb3/security/JaccInterceptor.class */
public class JaccInterceptor implements Interceptor {
    private static final Principal[] NO_PRINCIPALS = new Principal[0];
    private final String viewClassName;
    private final Method viewMethod;

    public JaccInterceptor(String str, Method method) {
        this.viewClassName = str;
        this.viewMethod = method;
    }

    @Override // org.jboss.invocation.Interceptor
    public Object processInvocation(InterceptorContext interceptorContext) throws Exception {
        Component component = (Component) interceptorContext.getPrivateData(Component.class);
        SecurityDomain securityDomain = (SecurityDomain) interceptorContext.getPrivateData(SecurityDomain.class);
        Assert.checkNotNullParam("securityDomain", securityDomain);
        SecurityIdentity currentSecurityIdentity = securityDomain.getCurrentSecurityIdentity();
        if (!(component instanceof EJBComponent)) {
            throw EjbLogger.ROOT_LOGGER.unexpectedComponent(component, EJBComponent.class);
        }
        Method method = interceptorContext.getMethod();
        ComponentView componentView = (ComponentView) interceptorContext.getPrivateData(ComponentView.class);
        String name = componentView.getViewClass().getName();
        if (!this.viewClassName.equals(name) || !this.viewMethod.equals(method)) {
            throw EjbLogger.ROOT_LOGGER.failProcessInvocation(getClass().getName(), method, name, this.viewMethod, this.viewClassName);
        }
        EJBComponent eJBComponent = (EJBComponent) component;
        if (WildFlySecurityManager.isChecking()) {
            try {
                AccessController.doPrivileged(() -> {
                    hasPermission(eJBComponent, componentView, method, currentSecurityIdentity);
                    return null;
                });
            } catch (PrivilegedActionException e) {
                throw e.getException();
            }
        } else {
            hasPermission(eJBComponent, componentView, method, currentSecurityIdentity);
        }
        return interceptorContext.proceed();
    }

    private EJBMethodPermission createEjbMethodPermission(Method method, EJBComponent eJBComponent, MethodInterfaceType methodInterfaceType) {
        return new EJBMethodPermission(eJBComponent.getComponentName(), methodInterfaceType.name(), method);
    }

    private void hasPermission(EJBComponent eJBComponent, ComponentView componentView, Method method, SecurityIdentity securityIdentity) {
        EJBMethodPermission createEjbMethodPermission = createEjbMethodPermission(method, eJBComponent, getMethodInterfaceType((MethodIntf) componentView.getPrivateData(MethodIntf.class)));
        if (!(WildFlySecurityManager.isChecking() ? (Policy) AccessController.doPrivileged(Policy::getPolicy) : Policy.getPolicy()).implies(new ProtectionDomain(componentView.getProxyClass().getProtectionDomain().getCodeSource(), null, null, getGrantedRoles(securityIdentity)), createEjbMethodPermission)) {
            throw EjbLogger.ROOT_LOGGER.invocationOfMethodNotAllowed(method, eJBComponent.getComponentName());
        }
    }

    protected MethodInterfaceType getMethodInterfaceType(MethodIntf methodIntf) {
        switch (methodIntf) {
            case HOME:
                return MethodInterfaceType.Home;
            case LOCAL_HOME:
                return MethodInterfaceType.LocalHome;
            case SERVICE_ENDPOINT:
                return MethodInterfaceType.ServiceEndpoint;
            case LOCAL:
                return MethodInterfaceType.Local;
            case REMOTE:
                return MethodInterfaceType.Remote;
            case TIMER:
                return MethodInterfaceType.Timer;
            case MESSAGE_ENDPOINT:
                return MethodInterfaceType.MessageEndpoint;
            default:
                return null;
        }
    }

    public static Principal[] getGrantedRoles(SecurityIdentity securityIdentity) {
        HashSet hashSet = new HashSet();
        Iterator<String> it = securityIdentity.getRoles(BeanManagerFactoryServiceConfiguratorConfiguration.DEFAULT_CONTAINER_NAME).iterator();
        while (it.hasNext()) {
            hashSet.add(it.next());
        }
        ArrayList arrayList = new ArrayList();
        Function function = str -> {
            return () -> {
                return str;
            };
        };
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            arrayList.add((Principal) function.apply((String) it2.next()));
        }
        return (Principal[]) arrayList.toArray(NO_PRINCIPALS);
    }
}
