package org.jboss.security.authorization.modules.ejb;

import java.util.Map;
import javax.security.auth.Subject;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.authorization.PolicyRegistration;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.resources.EJBResource;
import org.jboss.security.identity.RoleGroup;
import org.jboss.security.xacml.interfaces.PolicyDecisionPoint;
import org.jboss.security.xacml.interfaces.RequestContext;

/* loaded from: input_file:WEB-INF/lib/picketbox.jar:org/jboss/security/authorization/modules/ejb/EJBXACMLPolicyModuleDelegate.class */
public class EJBXACMLPolicyModuleDelegate extends EJBPolicyModuleDelegate {
    private String policyContextID;

    @Override // org.jboss.security.authorization.modules.ejb.EJBPolicyModuleDelegate, org.jboss.security.authorization.modules.AuthorizationModuleDelegate
    public int authorize(Resource resource, Subject subject, RoleGroup roleGroup) {
        if (!(resource instanceof EJBResource)) {
            throw PicketBoxMessages.MESSAGES.invalidType(EJBResource.class.getName());
        }
        EJBResource eJBResource = (EJBResource) resource;
        Map<String, Object> map = resource.getMap();
        if (map == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullProperty("resourceMap");
        }
        this.policyRegistration = (PolicyRegistration) map.get(ResourceKeys.POLICY_REGISTRATION);
        if (this.policyRegistration == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullProperty(ResourceKeys.POLICY_REGISTRATION);
        }
        this.callerRunAs = eJBResource.getCallerRunAsIdentity();
        this.ejbName = eJBResource.getEjbName();
        this.ejbMethod = eJBResource.getEjbMethod();
        this.ejbPrincipal = eJBResource.getPrincipal();
        this.policyContextID = eJBResource.getPolicyContextID();
        if (this.policyContextID == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullProperty("contextID");
        }
        this.securityRoleReferences = eJBResource.getSecurityRoleReferences();
        this.roleName = (String) map.get(ResourceKeys.ROLENAME);
        return checkBooleanValue((Boolean) map.get(ResourceKeys.ROLEREF_PERM_CHECK)).booleanValue() ? checkRoleRef(roleGroup) : process(roleGroup);
    }

    private int process(RoleGroup roleGroup) {
        int i;
        RequestContext createXACMLRequest;
        PolicyDecisionPoint pdp;
        EJBXACMLUtil eJBXACMLUtil = new EJBXACMLUtil();
        try {
            createXACMLRequest = eJBXACMLUtil.createXACMLRequest(this.ejbName, this.ejbMethod, this.ejbPrincipal, roleGroup);
            pdp = eJBXACMLUtil.getPDP(this.policyRegistration, this.policyContextID);
        } catch (Exception e) {
            PicketBoxLogger.LOGGER.debugIgnoredException(e);
            i = -1;
        }
        if (pdp == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullProperty("PDP");
        }
        i = pdp.evaluate(createXACMLRequest).getDecision() == 0 ? 1 : -1;
        return i;
    }

    private Boolean checkBooleanValue(Boolean bool) {
        return bool == null ? Boolean.FALSE : bool;
    }
}
