package org.wildfly.extension.camel.security;

import java.security.acl.Group;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.jboss.security.SimplePrincipal;
import org.wildfly.extension.camel.security.LoginContextBuilder;

/* loaded from: input_file:org/wildfly/extension/camel/security/DomainAuthorizationPolicy.class */
public class DomainAuthorizationPolicy extends AbstractAuthorizationPolicy {
    private final Set<String> requiredRoles = new HashSet();

    public DomainAuthorizationPolicy roles(String... strArr) {
        for (String str : strArr) {
            this.requiredRoles.add(str);
        }
        return this;
    }

    public void setRole(String str) {
        this.requiredRoles.add(str);
    }

    @Override // org.wildfly.extension.camel.security.AbstractAuthorizationPolicy
    protected LoginContext getLoginContext(String str, String str2, char[] cArr) throws LoginException {
        return new LoginContextBuilder(LoginContextBuilder.Type.AUTHENTICATION).domain(str).username(str2).password(cArr).build();
    }

    @Override // org.wildfly.extension.camel.security.AbstractAuthorizationPolicy
    protected void authorize(LoginContext loginContext) throws LoginException {
        HashSet hashSet = new HashSet(this.requiredRoles);
        Set<Group> principals = loginContext.getSubject().getPrincipals(Group.class);
        if (principals != null) {
            for (Group group : principals) {
                if ("Roles".equals(group.getName())) {
                    for (String str : this.requiredRoles) {
                        if (group.isMember(new SimplePrincipal(str))) {
                            hashSet.remove(str);
                        }
                    }
                }
            }
        }
        if (!hashSet.isEmpty()) {
            throw new LoginException("User does not have required roles: " + hashSet);
        }
    }
}
