package org.jboss.as.ejb3.security;

import java.util.Map;
import java.util.Set;
import org.jboss.as.cli.Util;
import org.jboss.as.core.security.ServerSecurityManager;
import org.jboss.as.ee.component.Component;
import org.jboss.as.ee.component.ComponentInterceptorFactory;
import org.jboss.as.ejb3.component.EJBComponent;
import org.jboss.as.ejb3.logging.EjbLogger;
import org.jboss.as.security.service.SimpleSecurityManager;
import org.jboss.as.server.deployment.DeploymentUnit;
import org.jboss.invocation.Interceptor;
import org.jboss.invocation.InterceptorFactoryContext;
import org.jboss.metadata.javaee.spec.SecurityRolesMetaData;

/* loaded from: input_file:m2repo/org/wildfly/wildfly-ejb3/11.0.0.Final/wildfly-ejb3-11.0.0.Final.jar:org/jboss/as/ejb3/security/SecurityContextInterceptorFactory.class */
public class SecurityContextInterceptorFactory extends ComponentInterceptorFactory {
    private static final String DEFAULT_DOMAIN = "other";
    private final boolean securityRequired;
    private final boolean propagateSecurity;
    private final String policyContextID;

    public static String contextIdForDeployment(DeploymentUnit deploymentUnit) {
        String name = deploymentUnit.getName();
        if (deploymentUnit.getParent() != null) {
            name = deploymentUnit.getParent().getName() + Util.NOT_OPERATOR + name;
        }
        return name;
    }

    public SecurityContextInterceptorFactory(boolean z, String str) {
        this(z, true, str);
    }

    public SecurityContextInterceptorFactory(boolean z, boolean z2) {
        this(z, z2, null);
    }

    public SecurityContextInterceptorFactory(boolean z, boolean z2, String str) {
        this.securityRequired = z;
        this.propagateSecurity = z2;
        this.policyContextID = str;
    }

    @Override // org.jboss.as.ee.component.ComponentInterceptorFactory
    protected Interceptor create(Component component, InterceptorFactoryContext interceptorFactoryContext) {
        if (!(component instanceof EJBComponent)) {
            throw EjbLogger.ROOT_LOGGER.unexpectedComponent(component, EJBComponent.class);
        }
        EJBComponent eJBComponent = (EJBComponent) component;
        ServerSecurityManager securityManager = this.propagateSecurity ? eJBComponent.getSecurityManager() : new SimpleSecurityManager((SimpleSecurityManager) eJBComponent.getSecurityManager());
        EJBSecurityMetaData securityMetaData = eJBComponent.getSecurityMetaData();
        String securityDomain = securityMetaData.getSecurityDomain();
        if (securityDomain == null) {
            securityDomain = "other";
        }
        if (EjbLogger.ROOT_LOGGER.isTraceEnabled()) {
            EjbLogger.ROOT_LOGGER.trace("Using security domain: " + securityDomain + " for EJB " + eJBComponent.getComponentName());
        }
        String runAs = securityMetaData.getRunAs();
        String runAsPrincipal = securityMetaData.getRunAsPrincipal();
        SecurityRolesMetaData securityRoles = securityMetaData.getSecurityRoles();
        Set<String> set = null;
        Map<String, Set<String>> map = null;
        if (securityRoles != null) {
            map = securityRoles.getPrincipalVersusRolesMap();
            if (runAsPrincipal != null) {
                set = securityRoles.getSecurityRoleNamesByPrincipal(runAsPrincipal);
            }
        }
        SecurityContextInterceptorHolder securityContextInterceptorHolder = new SecurityContextInterceptorHolder();
        securityContextInterceptorHolder.setSecurityManager(securityManager).setSecurityDomain(securityDomain).setRunAs(runAs).setRunAsPrincipal(runAsPrincipal).setPolicyContextID(this.policyContextID).setExtraRoles(set).setPrincipalVsRolesMap(map).setSkipAuthentication(!this.securityRequired);
        return new SecurityContextInterceptor(securityContextInterceptorHolder);
    }
}
