package org.jboss.aspects.security;

import java.security.Principal;
import java.util.HashSet;
import java.util.Set;
import org.jboss.aop.advice.Interceptor;
import org.jboss.aop.joinpoint.Invocation;
import org.jboss.logging.Logger;
import org.jboss.security.AnybodyPrincipal;
import org.jboss.security.AuthenticationManager;
import org.jboss.security.NobodyPrincipal;
import org.jboss.security.RealmMapping;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SimplePrincipal;

/* loaded from: input_file:org/jboss/aspects/security/RoleBasedAuthorizationInterceptor.class */
public class RoleBasedAuthorizationInterceptor implements Interceptor {
    protected Logger log = Logger.getLogger(getClass());
    protected AuthenticationManager securityManager;
    protected RealmMapping realmMapping;
    static Class class$org$jboss$aspects$security$Exclude;
    static Class class$org$jboss$aspects$security$Unchecked;
    static Class class$org$jboss$aspects$security$Permissions;

    public RoleBasedAuthorizationInterceptor(AuthenticationManager authenticationManager, RealmMapping realmMapping) {
        this.securityManager = authenticationManager;
        this.realmMapping = realmMapping;
    }

    @Override // org.jboss.aop.advice.Interceptor
    public String getName() {
        return "RoleBasedAuthorizationInterceptor";
    }

    protected Set getRoleSet(Invocation invocation) {
        Set set = (Set) invocation.getMetaData("security", "roles");
        if (set == null) {
            set = getAnnotationRoleSet(invocation);
        }
        return set;
    }

    protected Set getAnnotationRoleSet(Invocation invocation) {
        Class cls;
        Class cls2;
        Class cls3;
        HashSet hashSet = new HashSet();
        if (class$org$jboss$aspects$security$Exclude == null) {
            cls = class$("org.jboss.aspects.security.Exclude");
            class$org$jboss$aspects$security$Exclude = cls;
        } else {
            cls = class$org$jboss$aspects$security$Exclude;
        }
        if (((Exclude) invocation.resolveAnnotation(cls)) != null) {
            hashSet.add(NobodyPrincipal.NOBODY_PRINCIPAL);
            return hashSet;
        }
        if (class$org$jboss$aspects$security$Unchecked == null) {
            cls2 = class$("org.jboss.aspects.security.Unchecked");
            class$org$jboss$aspects$security$Unchecked = cls2;
        } else {
            cls2 = class$org$jboss$aspects$security$Unchecked;
        }
        if (((Unchecked) invocation.resolveAnnotation(cls2)) != null) {
            hashSet.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
            return hashSet;
        }
        if (class$org$jboss$aspects$security$Permissions == null) {
            cls3 = class$("org.jboss.aspects.security.Permissions");
            class$org$jboss$aspects$security$Permissions = cls3;
        } else {
            cls3 = class$org$jboss$aspects$security$Permissions;
        }
        Permissions permissions = (Permissions) invocation.resolveAnnotation(cls3);
        if (permissions == null) {
            hashSet.add(AnybodyPrincipal.ANYBODY_PRINCIPAL);
            return hashSet;
        }
        for (int i = 0; i < permissions.value().length; i++) {
            hashSet.add(new SimplePrincipal(permissions.value()[i]));
        }
        return hashSet;
    }

    @Override // org.jboss.aop.advice.Interceptor
    public Object invoke(Invocation invocation) throws Throwable {
        if (this.securityManager == null) {
            return invocation.invokeNext();
        }
        if (this.realmMapping == null) {
            throw new SecurityException("Role mapping manager has not been set");
        }
        Set roleSet = getRoleSet(invocation);
        if (roleSet == null) {
            this.log.error("No method permissions assigned.");
            throw new SecurityException("No method permissions assigned.");
        }
        RunAsIdentity peekRunAsIdentity = SecurityActions.peekRunAsIdentity();
        if (!roleSet.contains(AnybodyPrincipal.ANYBODY_PRINCIPAL)) {
            if (peekRunAsIdentity == null) {
                Principal principal = SecurityActions.getPrincipal();
                if (!this.realmMapping.doesUserHaveRole(principal, roleSet)) {
                    String stringBuffer = new StringBuffer().append("Insufficient permissions, principal=").append(principal).append(", requiredRoles=").append(roleSet).append(", principalRoles=").append(this.realmMapping.getUserRoles(principal)).toString();
                    this.log.error(stringBuffer);
                    throw new SecurityException(stringBuffer);
                }
            } else if (!peekRunAsIdentity.doesUserHaveRole(roleSet)) {
                String stringBuffer2 = new StringBuffer().append("Insufficient permissions, runAsPrincipal=").append(peekRunAsIdentity.getName()).append(", requiredRoles=").append(roleSet).append(", runAsRoles=").append(peekRunAsIdentity.getRunAsRoles()).toString();
                this.log.error(stringBuffer2);
                throw new SecurityException(stringBuffer2);
            }
        }
        return invocation.invokeNext();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
