package org.jboss.jmx.connector.invoker;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import javax.management.ObjectName;
import javax.naming.InitialContext;
import org.jboss.mx.interceptor.AbstractInterceptor;
import org.jboss.mx.server.Invocation;
import org.jboss.mx.server.InvocationException;
import org.jboss.security.RealmMapping;
import org.jboss.security.SimplePrincipal;

/* loaded from: input_file:org/jboss/jmx/connector/invoker/AuthorizationInterceptor.class */
public class AuthorizationInterceptor extends AbstractInterceptor {
    private String azclassname = null;
    private RealmMapping realm;
    static Class class$java$security$Principal;
    static Class class$java$util$Collection;
    static Class class$java$lang$String;

    public void setSecurityDomain(String str) {
        try {
            this.realm = (RealmMapping) new InitialContext().lookup(str);
        } catch (Exception e) {
        }
    }

    public void setAuthorizingClass(String str) {
        System.out.println(new StringBuffer().append("Authorizing Class=").append(str).toString());
        this.azclassname = str;
    }

    public Object invoke(Invocation invocation) throws InvocationException {
        boolean z;
        if (invocation.getType() == "invoke" && invocation.getName().equals("invoke")) {
            org.jboss.invocation.Invocation invocation2 = (org.jboss.invocation.Invocation) invocation.getArgs()[0];
            Principal principal = invocation2.getPrincipal();
            if (invocation2 == null) {
                System.out.println("Invocation is null");
            }
            Object[] arguments = invocation2.getArguments();
            ObjectName objectName = (ObjectName) arguments[0];
            String str = (String) arguments[1];
            try {
                z = checkAuthorization(principal, objectName.getCanonicalName(), str);
            } catch (Exception e) {
                e.printStackTrace();
                z = false;
            }
            if (!z) {
                throw new InvocationException(new SecurityException(new StringBuffer().append("Failed to authorize principal=").append(principal).append(",MBean=").append(objectName).append(", Operation=").append(str).toString()));
            }
        }
        return invocation.nextInterceptor().invoke(invocation);
    }

    private boolean checkAuthorization(Principal principal, String str, String str2) throws Exception {
        Class<?> cls;
        Class<?> cls2;
        Class<?> cls3;
        Class<?> cls4;
        if (this.realm == null) {
            throw new InvocationException(new Exception("Security Domain not defined for Authorization Interceptor"));
        }
        Set userRoles = this.realm.getUserRoles(principal);
        if (!this.realm.doesUserHaveRole(principal, userRoles)) {
            throw new InvocationException(new Exception("Caller not defined in the roles"));
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = null;
        if (userRoles != null && !userRoles.isEmpty()) {
            it = userRoles.iterator();
        }
        while (it.hasNext()) {
            arrayList.add(((SimplePrincipal) it.next()).getName());
        }
        try {
            Class<?> loadClass = Thread.currentThread().getContextClassLoader().loadClass(this.azclassname);
            Object newInstance = loadClass.newInstance();
            Class<?>[] clsArr = new Class[4];
            if (class$java$security$Principal == null) {
                cls = class$("java.security.Principal");
                class$java$security$Principal = cls;
            } else {
                cls = class$java$security$Principal;
            }
            clsArr[0] = cls;
            if (class$java$util$Collection == null) {
                cls2 = class$("java.util.Collection");
                class$java$util$Collection = cls2;
            } else {
                cls2 = class$java$util$Collection;
            }
            clsArr[1] = cls2;
            if (class$java$lang$String == null) {
                cls3 = class$("java.lang.String");
                class$java$lang$String = cls3;
            } else {
                cls3 = class$java$lang$String;
            }
            clsArr[2] = cls3;
            if (class$java$lang$String == null) {
                cls4 = class$("java.lang.String");
                class$java$lang$String = cls4;
            } else {
                cls4 = class$java$lang$String;
            }
            clsArr[3] = cls4;
            return ((Boolean) loadClass.getMethod("authorize", clsArr).invoke(newInstance, principal, arrayList, str, str2)).booleanValue();
        } catch (Exception e) {
            throw new Exception(new StringBuffer().append(new StringBuffer().append("Define your own class which has a method authorize with signature").append("public Boolean authorize( Principal caller, Collection roles,String objectname,String opname)").toString()).append(". And replace ").append(this.azclassname).append(" its name").toString());
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }
}
