package org.glassfish.soteria.authorization;

import jakarta.ejb.EJBContext;
import jakarta.security.jacc.EJBRoleRefPermission;
import jakarta.security.jacc.PolicyContext;
import jakarta.security.jacc.PolicyContextException;
import jakarta.security.jacc.WebResourcePermission;
import jakarta.security.jacc.WebRoleRefPermission;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;

/* loaded from: input_file:MICRO-INF/runtime/jakarta.security.enterprise.jar:org/glassfish/soteria/authorization/JACC.class */
public class JACC {
    public static String SUBJECT_CONTAINER_KEY = "javax.security.auth.Subject.container";

    public static Subject getSubject() {
        return (Subject) getFromContext(SUBJECT_CONTAINER_KEY);
    }

    public static boolean isCallerInRole(String str) {
        Subject subject = getSubject();
        if (hasPermission(subject, new WebRoleRefPermission("", str))) {
            return true;
        }
        EJBContext eJBContext = EJB.getEJBContext();
        if (eJBContext == null) {
            return false;
        }
        String currentEJBName = EJB.getCurrentEJBName(eJBContext);
        return currentEJBName != null ? hasPermission(subject, new EJBRoleRefPermission(currentEJBName, str)) : eJBContext.isCallerInRole(str);
    }

    public static boolean hasAccessToWebResource(String str, String... strArr) {
        return hasPermission(getSubject(), new WebResourcePermission(str, strArr));
    }

    public static Set<String> getAllDeclaredCallerRoles() {
        PermissionCollection permissionCollection = getPermissionCollection(getSubject());
        permissionCollection.implies(new WebRoleRefPermission("", "nothing"));
        permissionCollection.implies(new EJBRoleRefPermission("", "nothing"));
        return filterRoles(permissionCollection);
    }

    public static boolean hasPermission(Subject subject, Permission permission) {
        return getPolicyPrivileged().implies(fromSubject(subject), permission);
    }

    public static PermissionCollection getPermissionCollection(Subject subject) {
        return getPolicyPrivileged().getPermissions(fromSubject(subject));
    }

    private static Policy getPolicyPrivileged() {
        return (Policy) AccessController.doPrivileged(new PrivilegedAction<Policy>() { // from class: org.glassfish.soteria.authorization.JACC.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Policy run() {
                return Policy.getPolicy();
            }
        });
    }

    public static Set<String> filterRoles(PermissionCollection permissionCollection) {
        HashSet hashSet = new HashSet();
        Iterator it = Collections.list(permissionCollection.elements()).iterator();
        while (it.hasNext()) {
            Permission permission = (Permission) it.next();
            if (isRolePermission(permission)) {
                String actions = permission.getActions();
                if (!hashSet.contains(actions) && isCallerInRole(actions)) {
                    hashSet.add(actions);
                }
            }
        }
        return hashSet;
    }

    public static ProtectionDomain fromSubject(Subject subject) {
        return new ProtectionDomain(new CodeSource((URL) null, (Certificate[]) null), null, null, subject != null ? (Principal[]) subject.getPrincipals().toArray(new Principal[subject.getPrincipals().size()]) : new Principal[0]);
    }

    public static <T> T getFromContext(final String str) {
        try {
            return (T) AccessController.doPrivileged(new PrivilegedExceptionAction<T>() { // from class: org.glassfish.soteria.authorization.JACC.2
                @Override // java.security.PrivilegedExceptionAction
                public T run() throws PolicyContextException {
                    return (T) PolicyContext.getContext(str);
                }
            });
        } catch (PrivilegedActionException e) {
            throw new IllegalStateException(e.getCause());
        }
    }

    public static boolean isRolePermission(Permission permission) {
        return (permission instanceof WebRoleRefPermission) || (permission instanceof EJBRoleRefPermission);
    }
}
