package org.jboss.security.integration.web;

import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.SecurityContext;
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.authorization.resources.WebResource;
import org.jboss.security.callbacks.SecurityContextCallbackHandler;
import org.jboss.security.integration.ejb.SecurityHelper;

/* loaded from: input_file:org/jboss/security/integration/web/WebAuthorizationHelper.class */
public class WebAuthorizationHelper extends SecurityHelper {
    private boolean enableAudit;

    public WebAuthorizationHelper(SecurityContext securityContext, boolean z) {
        super(securityContext);
        this.enableAudit = true;
        this.enableAudit = z;
    }

    public boolean checkResourcePermission(Map<String, Object> map, ServletRequest servletRequest, ServletResponse servletResponse, Subject subject, AuthorizationManager authorizationManager, String str) {
        boolean z;
        WebResource webResource = new WebResource(Collections.unmodifiableMap(map));
        webResource.setPolicyContextID(PolicyContext.getContextID());
        webResource.setServletRequest(servletRequest);
        webResource.setServletResponse(servletResponse);
        webResource.setCallerSubject(subject);
        webResource.setCanonicalRequestURI(str);
        try {
            int authorize = authorizationManager.authorize(webResource, subject, authorizationManager.getSubjectRoles(subject, new SecurityContextCallbackHandler(this.securityContext)));
            z = authorize == 1;
            String str2 = authorize == 1 ? "Success" : "Failure";
            if (this.enableAudit) {
                authorizationAudit(str2, webResource, null);
            }
        } catch (AuthorizationException e) {
            z = false;
            if (log.isTraceEnabled()) {
                log.trace("hasResourcePermission check failed:" + e.getLocalizedMessage());
            }
            if (this.enableAudit) {
                authorizationAudit("Error", webResource, e);
            }
        }
        return z;
    }

    public boolean hasRole(String str, Principal principal, String str2, Set<Principal> set, AuthorizationManager authorizationManager) {
        Subject subject;
        boolean z;
        HashMap hashMap = new HashMap();
        hashMap.put("roleName", str);
        hashMap.put("roleRefPermissionCheck", Boolean.TRUE);
        hashMap.put("principal.roles", set);
        hashMap.put("policyRegistration", authorizationManager);
        WebResource webResource = new WebResource(Collections.unmodifiableMap(hashMap));
        webResource.setPolicyContextID(PolicyContext.getContextID());
        webResource.setPrincipal(principal);
        webResource.setServletName(str2);
        try {
            subject = SecurityActions.getActiveSubject();
        } catch (Exception e) {
            log.trace("Exception in getting subject:", e);
            subject = this.securityContext.getUtil().getSubject();
        }
        webResource.setCallerSubject(subject);
        try {
            z = authorizationManager.authorize(webResource, subject, authorizationManager.getSubjectRoles(subject, new SecurityContextCallbackHandler(this.securityContext))) == 1;
            String str3 = z ? "Success" : "Failure";
            if (this.enableAudit) {
                authorizationAudit(str3, webResource, null);
            }
        } catch (AuthorizationException e2) {
            z = false;
            if (log.isTraceEnabled()) {
                log.trace("hasRole check failed:" + e2.getLocalizedMessage());
            }
            if (this.enableAudit) {
                authorizationAudit("Error", webResource, e2);
            }
        }
        return z;
    }

    public boolean hasUserDataPermission(Map<String, Object> map, ServletRequest servletRequest, ServletResponse servletResponse, AuthorizationManager authorizationManager) {
        Subject subject;
        boolean z;
        map.put("policyRegistration", authorizationManager);
        WebResource webResource = new WebResource(Collections.unmodifiableMap(map));
        webResource.setPolicyContextID(PolicyContext.getContextID());
        webResource.setServletRequest(servletRequest);
        webResource.setServletResponse(servletResponse);
        try {
            subject = SecurityActions.getActiveSubject();
        } catch (Exception e) {
            log.trace("Exception in getting subject:", e);
            subject = this.securityContext.getUtil().getSubject();
        }
        webResource.setCallerSubject(subject);
        try {
            z = authorizationManager.authorize(webResource, subject, authorizationManager.getSubjectRoles(subject, new SecurityContextCallbackHandler(this.securityContext))) == 1;
            String str = z ? "Success" : "Failure";
            if (this.enableAudit) {
                authorizationAudit(str, webResource, null);
            }
        } catch (AuthorizationException e2) {
            z = false;
            if (log.isTraceEnabled()) {
                log.trace("hasRole check failed:" + e2.getLocalizedMessage());
            }
            if (this.enableAudit) {
                authorizationAudit("Error", webResource, e2);
            }
        }
        return z;
    }
}
