package org.jboss.security.authorization.modules.web;

import java.io.IOException;
import java.security.CodeSource;
import java.security.Permission;
import java.security.Policy;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import javax.servlet.http.HttpServletRequest;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.modules.AbstractJACCModuleDelegate;
import org.jboss.security.identity.Role;

/* loaded from: classes2.dex */
public class WebJACCPolicyModuleDelegate extends AbstractJACCModuleDelegate {
    private Policy policy = Policy.getPolicy();
    private HttpServletRequest request = null;
    private CodeSource webCS = null;
    private String canonicalRequestURI = null;

    private Boolean checkBooleanValue(Boolean bool) {
        return bool == null ? Boolean.FALSE : bool;
    }

    private boolean checkPolicy(Permission permission, Principal principal, Subject subject, Role role) {
        return checkPolicy(permission, getPrincipals(subject, role));
    }

    private boolean checkPolicy(Permission permission, Principal[] principalArr) {
        return this.policy.implies(new ProtectionDomain(this.webCS, null, null, principalArr), permission);
    }

    private boolean hasResourcePermission(Subject subject, Role role) throws IOException {
        Principal userPrincipal = this.request.getUserPrincipal();
        WebResourcePermission webResourcePermission = new WebResourcePermission(this.canonicalRequestURI, this.request.getMethod());
        boolean checkPolicy = checkPolicy(webResourcePermission, userPrincipal, subject, role);
        PicketBoxLogger.LOGGER.traceHasResourcePermission(webResourcePermission.toString(), checkPolicy);
        return checkPolicy;
    }

    private boolean hasRole(Principal principal, String str, Set<Principal> set, String str2) {
        if (str2 == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("servletName");
        }
        WebRoleRefPermission webRoleRefPermission = new WebRoleRefPermission(str2, str);
        Principal[] principalArr = {principal};
        if (set != null) {
            principalArr = new Principal[set.size()];
            set.toArray(principalArr);
        }
        boolean checkPolicy = checkPolicy(webRoleRefPermission, principalArr);
        PicketBoxLogger.LOGGER.traceHasRolePermission(webRoleRefPermission.toString(), checkPolicy);
        return checkPolicy;
    }

    private boolean hasUserDataPermission() throws IOException {
        boolean z;
        WebUserDataPermission webUserDataPermission = new WebUserDataPermission(this.canonicalRequestURI, this.request.getMethod());
        try {
            z = checkPolicy(webUserDataPermission, null);
        } catch (Exception e) {
            PicketBoxLogger.LOGGER.debugIgnoredException(e);
            z = false;
        }
        PicketBoxLogger.LOGGER.traceHasUserDataPermission(webUserDataPermission.toString(), z);
        return z;
    }

    private void validatePermissionChecks(Boolean bool, Boolean bool2, Boolean bool3) {
        if ((bool == Boolean.TRUE && bool2 == Boolean.TRUE && bool3 == Boolean.TRUE) || ((bool == Boolean.TRUE && bool2 == Boolean.TRUE) || (bool2 == Boolean.TRUE && bool3 == Boolean.TRUE))) {
            throw PicketBoxMessages.MESSAGES.invalidPermissionChecks();
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:17:0x00ab A[RETURN, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:18:0x00ad A[ORIG_RETURN, RETURN] */
    @Override // org.jboss.security.authorization.modules.AbstractJACCModuleDelegate, org.jboss.security.authorization.modules.AuthorizationModuleDelegate
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public int authorize(org.jboss.security.authorization.Resource r8, javax.security.auth.Subject r9, org.jboss.security.identity.RoleGroup r10) {
        /*
            r7 = this;
            boolean r0 = r8 instanceof org.jboss.security.authorization.resources.WebResource
            if (r0 != 0) goto L11
            org.jboss.security.PicketBoxMessages r8 = org.jboss.security.PicketBoxMessages.MESSAGES
            java.lang.Class<org.jboss.security.authorization.resources.WebResource> r9 = org.jboss.security.authorization.resources.WebResource.class
            java.lang.String r9 = r9.getName()
            java.lang.IllegalArgumentException r8 = r8.invalidType(r9)
            throw r8
        L11:
            r0 = r8
            org.jboss.security.authorization.resources.WebResource r0 = (org.jboss.security.authorization.resources.WebResource) r0
            java.util.Map r8 = r8.getMap()
            if (r8 != 0) goto L23
            org.jboss.security.PicketBoxMessages r8 = org.jboss.security.PicketBoxMessages.MESSAGES
            java.lang.String r9 = "resourceMap"
            java.lang.IllegalStateException r8 = r8.invalidNullProperty(r9)
            throw r8
        L23:
            javax.servlet.ServletRequest r1 = r0.getServletRequest()
            javax.servlet.http.HttpServletRequest r1 = (javax.servlet.http.HttpServletRequest) r1
            r7.request = r1
            java.security.CodeSource r1 = r0.getCodeSource()
            r7.webCS = r1
            java.lang.String r1 = r0.getCanonicalRequestURI()
            r7.canonicalRequestURI = r1
            java.lang.String r1 = "roleName"
            java.lang.Object r1 = r8.get(r1)
            java.lang.String r1 = (java.lang.String) r1
            java.lang.String r2 = "hasRole.Principal"
            java.lang.Object r2 = r8.get(r2)
            java.security.Principal r2 = (java.security.Principal) r2
            java.lang.String r3 = "principal.roles"
            java.lang.Object r3 = r8.get(r3)
            java.util.Set r3 = (java.util.Set) r3
            java.lang.String r0 = r0.getServletName()
            java.lang.String r4 = "resourcePermissionCheck"
            java.lang.Object r4 = r8.get(r4)
            java.lang.Boolean r4 = (java.lang.Boolean) r4
            java.lang.Boolean r4 = r7.checkBooleanValue(r4)
            java.lang.String r5 = "userDataPermissionCheck"
            java.lang.Object r5 = r8.get(r5)
            java.lang.Boolean r5 = (java.lang.Boolean) r5
            java.lang.Boolean r5 = r7.checkBooleanValue(r5)
            java.lang.String r6 = "roleRefPermissionCheck"
            java.lang.Object r8 = r8.get(r6)
            java.lang.Boolean r8 = (java.lang.Boolean) r8
            java.lang.Boolean r8 = r7.checkBooleanValue(r8)
            r7.validatePermissionChecks(r4, r5, r8)
            r6 = 0
            boolean r4 = r4.booleanValue()     // Catch: java.io.IOException -> La3
            if (r4 == 0) goto L87
            boolean r8 = r7.hasResourcePermission(r9, r10)     // Catch: java.io.IOException -> La3
        L85:
            r6 = r8
            goto La9
        L87:
            boolean r9 = r5.booleanValue()     // Catch: java.io.IOException -> La3
            if (r9 == 0) goto L92
            boolean r8 = r7.hasUserDataPermission()     // Catch: java.io.IOException -> La3
            goto L85
        L92:
            boolean r8 = r8.booleanValue()     // Catch: java.io.IOException -> La3
            if (r8 == 0) goto L9d
            boolean r8 = r7.hasRole(r2, r1, r3, r0)     // Catch: java.io.IOException -> La3
            goto L85
        L9d:
            org.jboss.security.PicketBoxLogger r8 = org.jboss.security.PicketBoxLogger.LOGGER     // Catch: java.io.IOException -> La3
            r8.debugInvalidWebJaccCheck()     // Catch: java.io.IOException -> La3
            goto La9
        La3:
            r8 = move-exception
            org.jboss.security.PicketBoxLogger r9 = org.jboss.security.PicketBoxLogger.LOGGER
            r9.debugIgnoredException(r8)
        La9:
            if (r6 == 0) goto Lad
            r8 = 1
            goto Lae
        Lad:
            r8 = -1
        Lae:
            return r8
        */
        throw new UnsupportedOperationException("Method not decompiled: org.jboss.security.authorization.modules.web.WebJACCPolicyModuleDelegate.authorize(org.jboss.security.authorization.Resource, javax.security.auth.Subject, org.jboss.security.identity.RoleGroup):int");
    }

    @Override // org.jboss.security.authorization.modules.AuthorizationModuleDelegate
    public void setPolicyRegistrationManager(PolicyRegistration policyRegistration) {
        this.policyRegistration = policyRegistration;
    }
}
