package org.jboss.seam.security.extension;

import java.lang.annotation.Annotation;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.enterprise.context.spi.CreationalContext;
import javax.enterprise.event.Observes;
import javax.enterprise.inject.spi.AfterBeanDiscovery;
import javax.enterprise.inject.spi.AnnotatedMethod;
import javax.enterprise.inject.spi.AnnotatedType;
import javax.enterprise.inject.spi.Bean;
import javax.enterprise.inject.spi.BeanManager;
import javax.enterprise.inject.spi.Extension;
import javax.enterprise.inject.spi.ProcessAnnotatedType;
import javax.enterprise.util.Nonbinding;
import org.jboss.seam.security.AuthorizationException;
import org.jboss.seam.security.SecurityDefinitionException;
import org.jboss.seam.security.annotations.Secures;
import org.jboss.seam.security.annotations.SecurityBindingType;
import org.jboss.seam.solder.reflection.annotated.AnnotatedTypeBuilder;
import org.jboss.seam.solder.reflection.annotated.InjectableMethod;

/* loaded from: input_file:WEB-INF/lib/seam-security-3.0.0-SNAPSHOT.jar:org/jboss/seam/security/extension/SecurityExtension.class */
public class SecurityExtension implements Extension {
    private BeanManager beanManager;
    private Set<Authorizer> authorizers = new HashSet();
    private Set<AnnotatedType<?>> securedTypes = new HashSet();
    private Map<Method, Set<Authorizer>> methodAuthorizers = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/seam-security-3.0.0-SNAPSHOT.jar:org/jboss/seam/security/extension/SecurityExtension$Authorizer.class */
    public class Authorizer {
        private Annotation binding;
        private Map<Method, Object> memberValues = new HashMap();
        private AnnotatedMethod<?> implementationMethod;
        private Bean<?> targetBean;
        private InjectableMethod<?> injectableMethod;

        public Authorizer(Annotation annotation, AnnotatedMethod<?> annotatedMethod) {
            this.binding = annotation;
            this.implementationMethod = annotatedMethod;
            try {
                for (Method method : annotation.annotationType().getDeclaredMethods()) {
                    if (!method.isAnnotationPresent(Nonbinding.class)) {
                        this.memberValues.put(method, method.invoke(annotation, new Object[0]));
                    }
                }
            } catch (IllegalAccessException e) {
                throw new SecurityDefinitionException("Error reading security binding members", e);
            } catch (InvocationTargetException e2) {
                throw new SecurityDefinitionException("Error reading security binding members", e2);
            }
        }

        public void authorize() {
            if (this.targetBean == null) {
                lookupTargetBean();
            }
            CreationalContext createCreationalContext = SecurityExtension.this.beanManager.createCreationalContext(this.targetBean);
            if (this.injectableMethod.invoke(SecurityExtension.this.beanManager.getReference(this.targetBean, this.implementationMethod.getJavaMember().getDeclaringClass(), createCreationalContext), createCreationalContext, null).equals(Boolean.FALSE)) {
                throw new AuthorizationException("Authorization check failed");
            }
        }

        private synchronized void lookupTargetBean() {
            if (this.targetBean == null) {
                Method javaMember = this.implementationMethod.getJavaMember();
                Set beans = SecurityExtension.this.beanManager.getBeans(javaMember.getDeclaringClass(), new Annotation[0]);
                if (beans.size() == 1) {
                    this.targetBean = (Bean) beans.iterator().next();
                } else {
                    if (beans.isEmpty()) {
                        throw new IllegalStateException("Exception looking up authorizer method bean - no beans found for method [" + javaMember.getDeclaringClass() + "." + javaMember.getName() + "]");
                    }
                    if (beans.size() > 1) {
                        throw new IllegalStateException("Exception looking up authorizer method bean - multiple beans found for method [" + javaMember.getDeclaringClass().getName() + "." + javaMember.getName() + "]");
                    }
                }
                this.injectableMethod = new InjectableMethod<>(this.implementationMethod, this.targetBean, SecurityExtension.this.beanManager);
            }
        }

        public boolean matchesBinding(Annotation annotation) {
            if (!annotation.annotationType().equals(this.binding.annotationType())) {
                return false;
            }
            for (Method method : annotation.annotationType().getDeclaredMethods()) {
                if (!method.isAnnotationPresent(Nonbinding.class)) {
                    if (!this.memberValues.containsKey(method)) {
                        return false;
                    }
                    try {
                        if (!this.memberValues.get(method).equals(method.invoke(annotation, new Object[0]))) {
                            return false;
                        }
                    } catch (IllegalAccessException e) {
                        throw new SecurityDefinitionException("Error reading security binding members", e);
                    } catch (InvocationTargetException e2) {
                        throw new SecurityDefinitionException("Error reading security binding members", e2);
                    }
                }
            }
            return true;
        }

        public Method getImplementationMethod() {
            return this.implementationMethod.getJavaMember();
        }

        public boolean equals(Object obj) {
            return false;
        }

        public int hashCode() {
            return 0;
        }
    }

    public <X> void processAnnotatedType(@Observes ProcessAnnotatedType<X> processAnnotatedType, BeanManager beanManager) {
        AnnotatedTypeBuilder<X> annotatedTypeBuilder = null;
        AnnotatedType<?> annotatedType = processAnnotatedType.getAnnotatedType();
        boolean z = false;
        Iterator it = annotatedType.getAnnotations().iterator();
        while (it.hasNext()) {
            if (((Annotation) it.next()).annotationType().isAnnotationPresent(SecurityBindingType.class)) {
                annotatedTypeBuilder = new AnnotatedTypeBuilder().readFromType(annotatedType);
                annotatedTypeBuilder.addToClass(SecurityInterceptorBindingLiteral.INSTANCE);
                z = true;
            }
        }
        if (!z) {
            for (AnnotatedMethod<? super X> annotatedMethod : annotatedType.getMethods()) {
                if (annotatedMethod.isAnnotationPresent(Secures.class)) {
                    registerAuthorizer(annotatedMethod);
                } else {
                    Iterator it2 = annotatedMethod.getAnnotations().iterator();
                    while (true) {
                        if (!it2.hasNext()) {
                            break;
                        }
                        if (((Annotation) it2.next()).annotationType().isAnnotationPresent(SecurityBindingType.class)) {
                            if (annotatedTypeBuilder == null) {
                                annotatedTypeBuilder = new AnnotatedTypeBuilder().readFromType(annotatedType);
                            }
                            annotatedTypeBuilder.addToMethod((AnnotatedMethod) annotatedMethod, (Annotation) SecurityInterceptorBindingLiteral.INSTANCE);
                            z = true;
                        }
                    }
                }
            }
        }
        if (z) {
            this.securedTypes.add(annotatedType);
        }
        if (annotatedTypeBuilder != null) {
            processAnnotatedType.setAnnotatedType(annotatedTypeBuilder.create());
        }
    }

    public void validateBindings(@Observes AfterBeanDiscovery afterBeanDiscovery, BeanManager beanManager) {
        this.beanManager = beanManager;
        for (AnnotatedType<?> annotatedType : this.securedTypes) {
            for (Annotation annotation : annotatedType.getJavaClass().getAnnotations()) {
                boolean z = false;
                if (annotation.annotationType().isAnnotationPresent(SecurityBindingType.class)) {
                    Iterator<Authorizer> it = this.authorizers.iterator();
                    while (true) {
                        if (it.hasNext()) {
                            if (it.next().matchesBinding(annotation)) {
                                z = true;
                                break;
                            }
                        } else {
                            break;
                        }
                    }
                    if (!z) {
                        afterBeanDiscovery.addDefinitionError(new SecurityDefinitionException("Secured type " + annotatedType.getJavaClass().getName() + " has no matching authorizer method for security binding @" + annotation.annotationType().getName()));
                    }
                }
            }
            for (AnnotatedMethod annotatedMethod : annotatedType.getMethods()) {
                Iterator it2 = annotatedMethod.getAnnotations().iterator();
                while (true) {
                    if (it2.hasNext()) {
                        if (((Annotation) it2.next()).annotationType().isAnnotationPresent(SecurityBindingType.class)) {
                            registerSecuredMethod(annotatedMethod.getJavaMember());
                            break;
                        }
                    } else {
                        break;
                    }
                }
            }
        }
        this.securedTypes.clear();
        this.securedTypes = null;
    }

    public Set<Authorizer> lookupAuthorizerStack(Method method) {
        if (!this.methodAuthorizers.containsKey(method)) {
            registerSecuredMethod(method);
        }
        return this.methodAuthorizers.get(method);
    }

    protected void registerSecuredMethod(Method method) {
        if (this.methodAuthorizers.containsKey(method)) {
            return;
        }
        HashSet<Annotation> hashSet = new HashSet();
        for (Annotation annotation : method.getDeclaringClass().getAnnotations()) {
            if (annotation.annotationType().isAnnotationPresent(SecurityBindingType.class)) {
                hashSet.add(annotation);
            }
        }
        for (Annotation annotation2 : method.getAnnotations()) {
            if (annotation2.annotationType().isAnnotationPresent(SecurityBindingType.class)) {
                hashSet.add(annotation2);
            }
        }
        HashSet<Authorizer> hashSet2 = new HashSet();
        for (Annotation annotation3 : hashSet) {
            boolean z = false;
            for (Authorizer authorizer : this.authorizers) {
                if (authorizer.matchesBinding(annotation3)) {
                    if (z) {
                        StringBuilder sb = new StringBuilder();
                        sb.append("Matching authorizer methods found: [");
                        sb.append(authorizer.getImplementationMethod().getDeclaringClass().getName());
                        sb.append(".");
                        sb.append(authorizer.getImplementationMethod().getName());
                        sb.append("]");
                        for (Authorizer authorizer2 : hashSet2) {
                            if (authorizer2.matchesBinding(annotation3)) {
                                sb.append(", [");
                                sb.append(authorizer2.getImplementationMethod().getDeclaringClass().getName());
                                sb.append(".");
                                sb.append(authorizer2.getImplementationMethod().getName());
                                sb.append("]");
                            }
                        }
                        throw new SecurityDefinitionException("Ambiguous authorizers found for security binding type [@" + annotation3.annotationType().getName() + "] on method [" + method.getDeclaringClass().getName() + "." + method.getName() + "]. " + sb.toString());
                    }
                    hashSet2.add(authorizer);
                    z = true;
                }
            }
            if (!z) {
                throw new SecurityDefinitionException("No matching authorizer found for security binding type [@" + annotation3.annotationType().getName() + "] on method [" + method.getDeclaringClass().getName() + "." + method.getName() + "].");
            }
            this.methodAuthorizers.put(method, hashSet2);
        }
    }

    protected void registerAuthorizer(AnnotatedMethod<?> annotatedMethod) {
        if (!annotatedMethod.getJavaMember().getReturnType().equals(Boolean.class) && !annotatedMethod.getJavaMember().getReturnType().equals(Boolean.TYPE)) {
            throw new SecurityDefinitionException("Invalid authorizer method [" + annotatedMethod.getJavaMember().getDeclaringClass().getName() + "." + annotatedMethod.getJavaMember().getName() + "] - does not return a boolean.");
        }
        Annotation annotation = null;
        for (Annotation annotation2 : annotatedMethod.getAnnotations()) {
            if (annotation2.annotationType().isAnnotationPresent(SecurityBindingType.class)) {
                if (annotation != null) {
                    throw new SecurityDefinitionException("Invalid authorizer method [" + annotatedMethod.getJavaMember().getDeclaringClass().getName() + "." + annotatedMethod.getJavaMember().getName() + "] - declares multiple security binding types");
                }
                annotation = annotation2;
            }
        }
        this.authorizers.add(new Authorizer(annotation, annotatedMethod));
    }
}
