package com.adventnet.authentication.interceptor;

import com.adventnet.authentication.Credential;
import com.adventnet.authentication.util.AuthUtil;
import java.rmi.RemoteException;
import java.security.Principal;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.naming.InitialContext;
import org.jboss.ejb.Container;
import org.jboss.ejb.plugins.AbstractInterceptor;
import org.jboss.invocation.Invocation;
import org.jboss.metadata.BeanMetaData;
import org.jboss.metadata.SecurityIdentityMetaData;
import org.jboss.security.AnybodyPrincipal;
import org.jboss.security.RealmMapping;
import org.jboss.security.SecurityAssociation;
import org.jboss.security.SimplePrincipal;

/* loaded from: input_file:com/adventnet/authentication/interceptor/SecurityInterceptor.class */
public class SecurityInterceptor extends AbstractInterceptor {
    public static boolean enableMethodAuthorization = false;
    private Container container;
    private RealmMapping realmMapping;
    private Principal runAsRole;
    private Principal unAuth;
    private Logger logger;
    static Class class$com$adventnet$authentication$interceptor$SecurityInterceptor;
    private Credential emptyCredential = new Credential();
    private String ejbName = null;
    private boolean isCredentialSet = false;

    public SecurityInterceptor() {
        Class cls;
        this.logger = null;
        if (class$com$adventnet$authentication$interceptor$SecurityInterceptor == null) {
            cls = class$("com.adventnet.authentication.interceptor.SecurityInterceptor");
            class$com$adventnet$authentication$interceptor$SecurityInterceptor = cls;
        } else {
            cls = class$com$adventnet$authentication$interceptor$SecurityInterceptor;
        }
        this.logger = Logger.getLogger(cls.getName());
    }

    public void setContainer(Container container) {
        this.container = container;
        if (container != null) {
            BeanMetaData beanMetaData = container.getBeanMetaData();
            SecurityIdentityMetaData securityIdentityMetaData = beanMetaData.getSecurityIdentityMetaData();
            if (securityIdentityMetaData != null && !securityIdentityMetaData.getUseCallerIdentity()) {
                this.runAsRole = new SimplePrincipal(securityIdentityMetaData.getRunAsRoleName());
            }
            this.unAuth = new SimplePrincipal(beanMetaData.getApplicationMetaData().getUnauthenticatedPrincipal());
            this.ejbName = beanMetaData.getEjbName();
        }
    }

    public Container getContainer() {
        return this.container;
    }

    public void start() throws Exception {
        super.start();
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockSplitter
        jadx.core.utils.exceptions.JadxRuntimeException: Incorrect nodes count for selectOther: B:12:0x0044 in [B:6:0x003a, B:12:0x0044, B:8:0x003c]
        	at jadx.core.utils.BlockUtils.selectOther(BlockUtils.java:64)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.processBlocks(ResolveJavaJSR.java:101)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.lambda$resolveForRetBlock$1(ResolveJavaJSR.java:59)
        	at jadx.core.utils.BlockUtils.traversePredecessors(BlockUtils.java:548)
        	at jadx.core.utils.BlockUtils.visitPredecessorsUntil(BlockUtils.java:536)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.resolveForRetBlock(ResolveJavaJSR.java:52)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.resolve(ResolveJavaJSR.java:42)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.process(ResolveJavaJSR.java:27)
        	at jadx.core.dex.visitors.blocks.BlockSplitter.visit(BlockSplitter.java:72)
        */
    public java.lang.Object invokeHome(org.jboss.invocation.Invocation r5) throws java.lang.Exception {
        /*
            r4 = this;
            r0 = r4
            java.util.logging.Logger r0 = r0.logger
            java.lang.String r1 = "PRE:AuthenticationInterceptor"
            java.lang.String r2 = "Authenticate"
            r0.entering(r1, r2)
            r0 = r4
            r1 = r5
            r2 = 1
            r0.checkSecurityAssociation(r1, r2)
            r0 = r4
            java.security.Principal r0 = r0.runAsRole
            if (r0 == 0) goto L1f
            r0 = r4
            java.security.Principal r0 = r0.runAsRole
            org.jboss.security.SecurityAssociation.pushRunAsRole(r0)
        L1f:
            r0 = r4
            java.util.logging.Logger r0 = r0.logger     // Catch: java.lang.Throwable -> L3c
            java.lang.String r1 = "PRE:AuthenticationInterceptor"
            java.lang.String r2 = "Authenticate"
            r0.exiting(r1, r2)     // Catch: java.lang.Throwable -> L3c
            r0 = r4
            org.jboss.ejb.Interceptor r0 = r0.getNext()     // Catch: java.lang.Throwable -> L3c
            r1 = r5
            java.lang.Object r0 = r0.invokeHome(r1)     // Catch: java.lang.Throwable -> L3c
            r6 = r0
            r0 = r6
            r7 = r0
            r0 = jsr -> L44
        L3a:
            r1 = r7
            return r1
        L3c:
            r8 = move-exception
            r0 = jsr -> L44
        L41:
            r1 = r8
            throw r1
        L44:
            r9 = r0
            r0 = r4
            java.util.logging.Logger r0 = r0.logger
            java.lang.String r1 = "POST:AuthenticationInterceptor"
            java.lang.String r2 = "Authenticate"
            r0.entering(r1, r2)
            r0 = r4
            java.security.Principal r0 = r0.runAsRole
            if (r0 == 0) goto L5c
            java.security.Principal r0 = org.jboss.security.SecurityAssociation.popRunAsRole()
        L5c:
            r0 = r4
            java.util.logging.Logger r0 = r0.logger
            java.util.logging.Level r1 = java.util.logging.Level.FINEST
            java.lang.String r2 = "First bean in invocation path: resetting the credential"
            r0.log(r1, r2)
            r0 = r4
            boolean r0 = r0.isCredentialSet
            if (r0 == 0) goto L73
            com.adventnet.authentication.Credential r0 = com.adventnet.authentication.util.AuthUtil.popCredential()
        L73:
            r0 = r4
            java.util.logging.Logger r0 = r0.logger
            java.lang.String r1 = "POST:AuthenticationInterceptor"
            java.lang.String r2 = "Authenticate"
            r0.exiting(r1, r2)
            ret r9
        */
        throw new UnsupportedOperationException("Method not decompiled: com.adventnet.authentication.interceptor.SecurityInterceptor.invokeHome(org.jboss.invocation.Invocation):java.lang.Object");
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockSplitter
        jadx.core.utils.exceptions.JadxRuntimeException: Incorrect nodes count for selectOther: B:12:0x0044 in [B:6:0x003a, B:12:0x0044, B:8:0x003c]
        	at jadx.core.utils.BlockUtils.selectOther(BlockUtils.java:64)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.processBlocks(ResolveJavaJSR.java:101)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.lambda$resolveForRetBlock$1(ResolveJavaJSR.java:59)
        	at jadx.core.utils.BlockUtils.traversePredecessors(BlockUtils.java:548)
        	at jadx.core.utils.BlockUtils.visitPredecessorsUntil(BlockUtils.java:536)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.resolveForRetBlock(ResolveJavaJSR.java:52)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.resolve(ResolveJavaJSR.java:42)
        	at jadx.core.dex.visitors.blocks.ResolveJavaJSR.process(ResolveJavaJSR.java:27)
        	at jadx.core.dex.visitors.blocks.BlockSplitter.visit(BlockSplitter.java:72)
        */
    public java.lang.Object invoke(org.jboss.invocation.Invocation r5) throws java.lang.Exception {
        /*
            r4 = this;
            r0 = r4
            java.util.logging.Logger r0 = r0.logger
            java.lang.String r1 = "PRE:AuthenticationInterceptor"
            java.lang.String r2 = "Authenticate"
            r0.entering(r1, r2)
            r0 = r4
            r1 = r5
            r2 = 0
            r0.checkSecurityAssociation(r1, r2)
            r0 = r4
            java.security.Principal r0 = r0.runAsRole
            if (r0 == 0) goto L1f
            r0 = r4
            java.security.Principal r0 = r0.runAsRole
            org.jboss.security.SecurityAssociation.pushRunAsRole(r0)
        L1f:
            r0 = r4
            java.util.logging.Logger r0 = r0.logger     // Catch: java.lang.Throwable -> L3c
            java.lang.String r1 = "PRE:AuthenticationInterceptor"
            java.lang.String r2 = "Authenticate"
            r0.exiting(r1, r2)     // Catch: java.lang.Throwable -> L3c
            r0 = r4
            org.jboss.ejb.Interceptor r0 = r0.getNext()     // Catch: java.lang.Throwable -> L3c
            r1 = r5
            java.lang.Object r0 = r0.invoke(r1)     // Catch: java.lang.Throwable -> L3c
            r6 = r0
            r0 = r6
            r7 = r0
            r0 = jsr -> L44
        L3a:
            r1 = r7
            return r1
        L3c:
            r8 = move-exception
            r0 = jsr -> L44
        L41:
            r1 = r8
            throw r1
        L44:
            r9 = r0
            r0 = r4
            java.util.logging.Logger r0 = r0.logger
            java.lang.String r1 = "POST:AuthenticationInterceptor"
            java.lang.String r2 = "Authenticate"
            r0.entering(r1, r2)
            r0 = r4
            java.security.Principal r0 = r0.runAsRole
            if (r0 == 0) goto L5c
            java.security.Principal r0 = org.jboss.security.SecurityAssociation.popRunAsRole()
        L5c:
            r0 = r4
            java.util.logging.Logger r0 = r0.logger
            java.util.logging.Level r1 = java.util.logging.Level.FINEST
            java.lang.String r2 = "First bean in invocation path: resetting the credential"
            r0.log(r1, r2)
            r0 = r4
            boolean r0 = r0.isCredentialSet
            if (r0 == 0) goto L73
            com.adventnet.authentication.Credential r0 = com.adventnet.authentication.util.AuthUtil.popCredential()
        L73:
            r0 = r4
            java.util.logging.Logger r0 = r0.logger
            java.lang.String r1 = "POST:AuthenticationInterceptor"
            java.lang.String r2 = "Authenticate"
            r0.exiting(r1, r2)
            ret r9
        */
        throw new UnsupportedOperationException("Method not decompiled: com.adventnet.authentication.interceptor.SecurityInterceptor.invoke(org.jboss.invocation.Invocation):java.lang.Object");
    }

    private void checkSecurityAssociation(Invocation invocation, boolean z) throws Exception {
        Principal principal = invocation.getPrincipal();
        if (principal == null && this.unAuth != null) {
            principal = this.unAuth;
        }
        if (principal != null) {
            SecurityAssociation.setPrincipal(principal);
            this.logger.log(Level.FINEST, "Principal name {0}trying to invoke the method {1}", new Object[]{principal.getName(), invocation.getMethod().getName()});
        }
        Object credential = invocation.getCredential();
        this.isCredentialSet = false;
        if (credential != null && (credential instanceof Credential)) {
            SecurityAssociation.setCredential(credential);
            AuthUtil.pushCredential((Credential) credential);
            this.isCredentialSet = true;
        }
        lookupRealManager();
        if (this.realmMapping == null) {
            this.logger.log(Level.FINEST, "Realm Mapping manager is not available; hence returning without authorization");
            return;
        }
        Set methodPermissions = this.container.getMethodPermissions(invocation.getMethod(), invocation.getType());
        this.logger.log(Level.FINEST, "Method Roles are {0}", methodPermissions);
        if (methodPermissions == null) {
            this.logger.log(Level.FINEST, "this bean [ {0} ] is not secured; +no method permissions assigned to method:{1}", new Object[]{this.ejbName, invocation.getMethod().getName()});
            return;
        }
        Principal peekRunAsRole = SecurityAssociation.peekRunAsRole();
        if (peekRunAsRole != null) {
            if (!methodPermissions.contains(peekRunAsRole) && !methodPermissions.contains(AnybodyPrincipal.ANYBODY_PRINCIPAL)) {
                throw new RemoteException("checkSecurityAssociation", new SecurityException(new StringBuffer().append("Insufficient method permissions, runAsRole=").append(peekRunAsRole).append(", method=").append(invocation.getMethod().getName()).append(", requiredRoles=").append(methodPermissions).toString()));
            }
        } else if (!enableMethodAuthorization) {
            this.logger.log(Level.FINEST, "Method Authorization disabled");
            return;
        } else if (!this.realmMapping.doesUserHaveRole(principal, methodPermissions)) {
            throw new RemoteException("checkSecurityAssociation", new SecurityException(new StringBuffer().append("Insufficient method permissions, principal=").append(principal).append(", method=").append(invocation.getMethod().getName()).append(", requiredRoles=").append(methodPermissions).append(", principalRoles=").append(this.realmMapping.getUserRoles(principal)).toString()));
        }
        this.logger.log(Level.FINEST, "Method Authorization Successful");
    }

    public void sample(Object obj) {
    }

    public Map retrieveStatistic() {
        return null;
    }

    public void resetStatistic() {
    }

    private void lookupRealManager() {
        if (this.realmMapping != null) {
            return;
        }
        try {
            this.realmMapping = (RealmMapping) new InitialContext().lookup("simple");
        } catch (Exception e) {
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }
}
