package org.jboss.security.integration.ejb;

import java.lang.reflect.Method;
import java.security.CodeSource;
import java.security.Principal;
import java.util.HashMap;
import java.util.Set;
import javax.security.auth.Subject;
import org.jboss.security.AuthorizationManager;
import org.jboss.security.RealmMapping;
import org.jboss.security.RunAs;
import org.jboss.security.SecurityContext;
import org.jboss.security.SecurityRoleRef;
import org.jboss.security.audit.AuditLevel;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.resources.EJBResource;

/* loaded from: input_file:org/jboss/security/integration/ejb/EJBAuthorizationHelper.class */
public class EJBAuthorizationHelper extends SecurityHelper {
    public EJBAuthorizationHelper(SecurityContext securityContext) {
        super(securityContext);
    }

    public boolean authorize(String str, Method method, Principal principal, String str2, CodeSource codeSource, Subject subject, RunAs runAs, Set<Principal> set) {
        boolean z;
        AuthorizationManager authorizationManager = this.securityContext.getAuthorizationManager();
        HashMap hashMap = new HashMap();
        hashMap.put(ResourceKeys.AUTHORIZATION_MANAGER, authorizationManager);
        EJBResource eJBResource = new EJBResource(hashMap);
        eJBResource.setCallerRunAsIdentity(runAs);
        eJBResource.setEjbName(str);
        eJBResource.setEjbMethod(method);
        eJBResource.setPrincipal(principal);
        eJBResource.setEjbMethodInterface(str2);
        eJBResource.setCodeSource(codeSource);
        eJBResource.setCallerRunAsIdentity(runAs);
        eJBResource.setCallerSubject(subject);
        eJBResource.setMethodRoles(set);
        try {
            z = authorizationManager.authorize(eJBResource) == 1;
            authorizationAudit(z ? AuditLevel.SUCCESS : AuditLevel.FAILURE, eJBResource, null);
        } catch (Exception e) {
            z = false;
            if (log.isTraceEnabled()) {
                log.trace("Error in authorization:", e);
            }
            authorizationAudit(AuditLevel.ERROR, eJBResource, e);
        }
        return z;
    }

    public Principal getCallerPrincipal(RealmMapping realmMapping) {
        Principal callerPrincipal = SecurityActions.getCallerPrincipal(this.securityContext);
        if (realmMapping != null) {
            callerPrincipal = realmMapping.getPrincipal(callerPrincipal);
        }
        return callerPrincipal;
    }

    public boolean isCallerInRole(String str, String str2, Principal principal, Set<SecurityRoleRef> set) {
        boolean z;
        AuthorizationManager authorizationManager = this.securityContext.getAuthorizationManager();
        if (authorizationManager == null) {
            throw new IllegalStateException("AuthorizationManager is null");
        }
        HashMap hashMap = new HashMap();
        hashMap.put(ResourceKeys.AUTHORIZATION_MANAGER, authorizationManager);
        hashMap.put(ResourceKeys.ROLENAME, str);
        hashMap.put(ResourceKeys.ROLEREF_PERM_CHECK, Boolean.TRUE);
        EJBResource eJBResource = new EJBResource(hashMap);
        RunAs incomingRunAs = this.securityContext.getIncomingRunAs();
        eJBResource.setEjbName(str2);
        eJBResource.setPrincipal(principal);
        eJBResource.setCallerRunAsIdentity(incomingRunAs);
        eJBResource.setSecurityRoleReferences(set);
        try {
            z = authorizationManager.authorize(eJBResource) == 1;
        } catch (Exception e) {
            z = false;
            if (log.isTraceEnabled()) {
                log.trace(str + "::isCallerInRole check failed:" + e.getLocalizedMessage());
            }
            authorizationAudit(AuditLevel.ERROR, eJBResource, e);
        }
        return z;
    }
}
