package org.jboss.security.authorization.modules.ejb;

import java.lang.reflect.Method;
import java.security.Principal;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.RunAs;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.modules.AuthorizationModuleDelegate;
import org.jboss.security.authorization.resources.EJBResource;
import org.jboss.security.identity.Role;
import org.jboss.security.identity.RoleGroup;
import org.jboss.security.identity.plugins.SimpleRole;
import org.jboss.security.identity.plugins.SimpleRoleGroup;
import org.jboss.security.javaee.SecurityRoleRef;

/* loaded from: classes2.dex */
public class EJBPolicyModuleDelegate extends AuthorizationModuleDelegate {
    protected String ejbName = null;
    protected Method ejbMethod = null;
    protected Principal ejbPrincipal = null;
    private RoleGroup methodRoles = null;
    private String methodInterface = null;
    protected RunAs callerRunAs = null;
    protected String roleName = null;
    private Boolean roleRefCheck = Boolean.FALSE;
    protected Set<SecurityRoleRef> securityRoleReferences = null;
    private final Role ANYBODY_ROLE = new SimpleRole("<ANYBODY>");
    protected boolean ejbRestrictions = false;

    /* JADX WARN: Removed duplicated region for block: B:21:0x00b2  */
    /* JADX WARN: Removed duplicated region for block: B:23:? A[RETURN, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private int process(org.jboss.security.identity.RoleGroup r13) {
        /*
            r12 = this;
            java.lang.reflect.Method r0 = r12.ejbMethod
            if (r0 != 0) goto Ld
            org.jboss.security.PicketBoxMessages r13 = org.jboss.security.PicketBoxMessages.MESSAGES
            java.lang.String r0 = "ejbMethod"
            java.lang.IllegalStateException r13 = r13.invalidNullProperty(r0)
            throw r13
        Ld:
            org.jboss.security.identity.RoleGroup r0 = r12.methodRoles
            r1 = -1
            if (r0 != 0) goto L20
            java.lang.reflect.Method r13 = r12.ejbMethod
            java.lang.String r13 = r13.getName()
            org.jboss.security.PicketBoxLogger r0 = org.jboss.security.PicketBoxLogger.LOGGER
            java.lang.String r2 = r12.methodInterface
            r0.traceNoMethodPermissions(r13, r2)
            return r1
        L20:
            org.jboss.security.PicketBoxLogger r0 = org.jboss.security.PicketBoxLogger.LOGGER
            java.lang.reflect.Method r2 = r12.ejbMethod
            java.lang.String r2 = r2.getName()
            java.lang.String r3 = r12.methodInterface
            org.jboss.security.identity.RoleGroup r4 = r12.methodRoles
            java.lang.String r4 = r4.toString()
            r0.debugEJBPolicyModuleDelegateState(r2, r3, r4)
            org.jboss.security.identity.RoleGroup r0 = r12.methodRoles
            org.jboss.security.identity.Role r2 = r12.ANYBODY_ROLE
            boolean r0 = r0.containsAll(r2)
            r2 = 0
            r3 = 1
            if (r0 != 0) goto Laf
            org.jboss.security.RunAs r0 = r12.callerRunAs
            if (r0 != 0) goto L73
            if (r13 != 0) goto L4e
            org.jboss.security.PicketBoxMessages r13 = org.jboss.security.PicketBoxMessages.MESSAGES
            java.lang.String r0 = "principalRole"
            java.lang.IllegalStateException r13 = r13.invalidNullProperty(r0)
            throw r13
        L4e:
            org.jboss.security.identity.RoleGroup r0 = r12.methodRoles
            boolean r0 = r0.containsAtleastOneRole(r13)
            if (r0 != 0) goto Laf
            java.lang.reflect.Method r0 = r12.ejbMethod
            java.lang.String r7 = r0.getName()
            org.jboss.security.PicketBoxLogger r4 = org.jboss.security.PicketBoxLogger.LOGGER
            java.security.Principal r5 = r12.ejbPrincipal
            java.lang.String r6 = r12.ejbName
            java.lang.String r8 = r12.methodInterface
            org.jboss.security.identity.RoleGroup r0 = r12.methodRoles
            java.lang.String r9 = r0.toString()
            java.lang.String r10 = r13.toString()
            r11 = 0
            r4.debugInsufficientMethodPermissions(r5, r6, r7, r8, r9, r10, r11)
            goto Lb0
        L73:
            org.jboss.security.RunAs r13 = r12.callerRunAs
            boolean r13 = r13 instanceof org.jboss.security.RunAsIdentity
            if (r13 == 0) goto Laf
            org.jboss.security.RunAs r13 = r12.callerRunAs
            org.jboss.security.RunAsIdentity r13 = (org.jboss.security.RunAsIdentity) r13
            org.jboss.security.identity.plugins.SimpleRoleGroup r0 = new org.jboss.security.identity.plugins.SimpleRoleGroup
            java.util.Set r4 = r13.getRunAsRoles()
            r0.<init>(r4)
            org.jboss.security.identity.RoleGroup r4 = r12.methodRoles
            boolean r0 = r0.containsAtleastOneRole(r4)
            if (r0 != 0) goto Laf
            java.lang.reflect.Method r0 = r12.ejbMethod
            java.lang.String r7 = r0.getName()
            org.jboss.security.PicketBoxLogger r4 = org.jboss.security.PicketBoxLogger.LOGGER
            java.security.Principal r5 = r12.ejbPrincipal
            java.lang.String r6 = r12.ejbName
            java.lang.String r8 = r12.methodInterface
            org.jboss.security.identity.RoleGroup r0 = r12.methodRoles
            java.lang.String r9 = r0.toString()
            r10 = 0
            java.util.Set r13 = r13.getRunAsRoles()
            java.lang.String r11 = r13.toString()
            r4.debugInsufficientMethodPermissions(r5, r6, r7, r8, r9, r10, r11)
            goto Lb0
        Laf:
            r2 = r3
        Lb0:
            if (r2 == 0) goto Lb3
            r1 = r3
        Lb3:
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: org.jboss.security.authorization.modules.ejb.EJBPolicyModuleDelegate.process(org.jboss.security.identity.RoleGroup):int");
    }

    @Override // org.jboss.security.authorization.modules.AuthorizationModuleDelegate
    public int authorize(Resource resource, Subject subject, RoleGroup roleGroup) {
        if (!(resource instanceof EJBResource)) {
            throw PicketBoxMessages.MESSAGES.invalidType(EJBResource.class.getName());
        }
        EJBResource eJBResource = (EJBResource) resource;
        Map<String, Object> map = resource.getMap();
        if (map == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullProperty("resourceMap");
        }
        this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
        this.roleName = (String) map.get(ResourceKeys.ROLENAME);
        this.roleRefCheck = (Boolean) map.get(ResourceKeys.ROLEREF_PERM_CHECK);
        this.callerRunAs = eJBResource.getCallerRunAsIdentity();
        this.ejbMethod = eJBResource.getEjbMethod();
        this.ejbName = eJBResource.getEjbName();
        this.ejbPrincipal = eJBResource.getPrincipal();
        this.methodInterface = eJBResource.getEjbMethodInterface();
        this.methodRoles = eJBResource.getEjbMethodRoles();
        this.securityRoleReferences = eJBResource.getSecurityRoleReferences();
        this.ejbRestrictions = eJBResource.isEnforceEJBRestrictions();
        return this.roleRefCheck == Boolean.TRUE ? checkRoleRef(roleGroup) : process(roleGroup);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int checkRoleRef(RoleGroup roleGroup) {
        boolean z;
        boolean z2;
        if (this.ejbPrincipal == null && this.callerRunAs == null) {
            return -1;
        }
        Iterator<SecurityRoleRef> it = this.securityRoleReferences.iterator();
        while (true) {
            z = false;
            if (!it.hasNext()) {
                z2 = false;
                break;
            }
            SecurityRoleRef next = it.next();
            if (next.getName().equals(this.roleName)) {
                this.roleName = next.getLink();
                z2 = true;
                break;
            }
        }
        if (!z2 && this.ejbRestrictions) {
            throw PicketBoxMessages.MESSAGES.noMatchingRoleFoundInDescriptor(this.roleName);
        }
        SimpleRole simpleRole = new SimpleRole(this.roleName);
        if (this.callerRunAs == null) {
            z = roleGroup.containsRole(simpleRole);
        } else if (this.callerRunAs instanceof RunAsIdentity) {
            z = new SimpleRoleGroup(((RunAsIdentity) this.callerRunAs).getRunAsRoles()).containsRole(simpleRole);
        }
        return z ? 1 : -1;
    }
}
