package org.jboss.ejb3.security.helpers;

import java.security.Principal;
import java.security.PrivilegedActionException;
import java.util.HashSet;
import javax.ejb.Stateless;
import javax.naming.InitialContext;
import javax.security.jacc.PolicyContext;
import org.jboss.aop.joinpoint.Invocation;
import org.jboss.aspects.currentinvocation.CurrentInvocation;
import org.jboss.ejb3.annotation.SecurityDomain;
import org.jboss.ejb3.interceptors.container.InvocationHelper;
import org.jboss.metadata.ejb.jboss.JBossEnterpriseBeanMetaData;
import org.jboss.metadata.javaee.spec.SecurityRoleRefMetaData;
import org.jboss.metadata.javaee.spec.SecurityRoleRefsMetaData;
import org.jboss.security.RealmMapping;
import org.jboss.security.SecurityContext;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.javaee.AbstractEJBAuthorizationHelper;
import org.jboss.security.javaee.SecurityHelperFactory;
import org.jboss.security.javaee.SecurityRoleRef;

/* loaded from: input_file:org/jboss/ejb3/security/helpers/EJBContextHelper.class */
public class EJBContextHelper {
    static final /* synthetic */ boolean $assertionsDisabled;

    public Principal getCallerPrincipal(SecurityContext securityContext, RealmMapping realmMapping, SecurityDomain securityDomain) {
        String unauthenticatedPrincipal;
        Invocation currentInvocation = getCurrentInvocation("getCallerPrincipal");
        if (isStateless(currentInvocation) && isLifecycleCallback(currentInvocation)) {
            throw new IllegalStateException("getCallerPrincipal is not allowed in a stateless lifecycle callback (EJB3 4.5.2)");
        }
        Principal principal = null;
        if (securityContext == null) {
            String unauthenticatedPrincipal2 = securityDomain.unauthenticatedPrincipal();
            if (unauthenticatedPrincipal2 != null && unauthenticatedPrincipal2.length() > 0 && securityDomain.unauthenticatedPrincipal() != null) {
                principal = new SimplePrincipal(unauthenticatedPrincipal2);
            }
        } else {
            try {
                AbstractEJBAuthorizationHelper eJBAuthorizationHelper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext);
                eJBAuthorizationHelper.setPolicyRegistration(getPolicyRegistration());
                principal = eJBAuthorizationHelper.getCallerPrincipal();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        if (principal == null) {
            principal = securityContext.getUtil().getUserPrincipal();
            if (realmMapping != null) {
                principal = realmMapping.getPrincipal(principal);
            }
        }
        if (principal == null && (unauthenticatedPrincipal = securityDomain.unauthenticatedPrincipal()) != null && unauthenticatedPrincipal.length() > 0 && securityDomain.unauthenticatedPrincipal() != null) {
            principal = new SimplePrincipal(unauthenticatedPrincipal);
        }
        return principal;
    }

    private static Invocation getCurrentInvocation(String str) {
        Invocation currentInvocation = CurrentInvocation.getCurrentInvocation();
        if (isInjection(currentInvocation)) {
            throw new IllegalStateException(str + " not allowed during injection (EJB3 4.4.1 & 4.5.2)");
        }
        return currentInvocation;
    }

    public boolean isCallerInRole(SecurityContext securityContext, SecurityDomain securityDomain, RealmMapping realmMapping, JBossEnterpriseBeanMetaData jBossEnterpriseBeanMetaData, String str, String str2) {
        SecurityRoleRefsMetaData securityRoleRefs;
        Invocation currentInvocation = getCurrentInvocation("isCallerInRole");
        if (isStateless(currentInvocation) && isLifecycleCallback(currentInvocation)) {
            throw new IllegalStateException("getCallerPrincipal is not allowed in a stateless lifecycle callback (EJB3 4.5.2)");
        }
        if (securityContext == null) {
            try {
                securityContext = SecurityActions.createSecurityContext(securityDomain.value());
            } catch (PrivilegedActionException e) {
                throw new RuntimeException(e);
            }
        }
        HashSet<SecurityRoleRefMetaData> hashSet = new HashSet();
        if (jBossEnterpriseBeanMetaData != null && (securityRoleRefs = jBossEnterpriseBeanMetaData.getSecurityRoleRefs()) != null) {
            hashSet.addAll(securityRoleRefs);
        }
        HashSet hashSet2 = new HashSet();
        for (SecurityRoleRefMetaData securityRoleRefMetaData : hashSet) {
            hashSet2.add(new SecurityRoleRef(securityRoleRefMetaData.getRoleName(), securityRoleRefMetaData.getRoleLink(), null));
        }
        Principal callerPrincipal = getCallerPrincipal(securityContext, realmMapping, securityDomain);
        try {
            AbstractEJBAuthorizationHelper eJBAuthorizationHelper = SecurityHelperFactory.getEJBAuthorizationHelper(securityContext);
            eJBAuthorizationHelper.setPolicyRegistration(getPolicyRegistration());
            try {
                return eJBAuthorizationHelper.isCallerInRole(str, str2, callerPrincipal, SecurityActions.getActiveSubject(), getContextID(), hashSet2);
            } catch (Exception e2) {
                throw new RuntimeException(e2);
            }
        } catch (Exception e3) {
            throw new RuntimeException(e3);
        }
    }

    private static boolean isInjection(Invocation invocation) {
        return InvocationHelper.isInjection(invocation);
    }

    private static boolean isLifecycleCallback(Invocation invocation) {
        return InvocationHelper.isLifecycleCallback(invocation);
    }

    private static boolean isStateless(Invocation invocation) {
        if ($assertionsDisabled || invocation != null) {
            return invocation.getAdvisor().resolveAnnotation(Stateless.class) != null;
        }
        throw new AssertionError("inv is null");
    }

    private PolicyRegistration getPolicyRegistration() {
        try {
            return (PolicyRegistration) new InitialContext().lookup("java:/policyRegistration");
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private String getContextID() {
        String contextID = PolicyContext.getContextID();
        if (contextID == null) {
            throw new IllegalStateException("No policy context id is set");
        }
        return contextID;
    }

    static {
        $assertionsDisabled = !EJBContextHelper.class.desiredAssertionStatus();
    }
}
