package net.sf.jguard.core.authorization;

import java.security.AccessController;
import java.security.Permission;
import java.security.Permissions;
import java.security.Policy;
import javax.security.auth.Subject;
import net.sf.jguard.core.authentication.AccessContext;
import net.sf.jguard.core.authorization.policy.AccessControllerUtils;
import net.sf.jguard.core.authorization.policy.JGuardPolicy;
import net.sf.jguard.core.filters.FilterChain;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/sf/jguard/core/authorization/PolicyDecisionPoint.class */
public class PolicyDecisionPoint {
    private static final Logger logger = LoggerFactory.getLogger(PolicyDecisionPoint.class.getName());
    private AuthorizationBindings authorizationBindings;

    public PolicyDecisionPoint(AuthorizationBindings authorizationBindings) {
        this.authorizationBindings = null;
        this.authorizationBindings = authorizationBindings;
    }

    public void process(AccessContext accessContext, FilterChain filterChain) {
        Permission permissionRequested = this.authorizationBindings.getPermissionRequested(accessContext);
        if (AccessControllerUtils.hasPermission(Subject.getSubject(AccessController.getContext()), permissionRequested)) {
            logger.debug(" authorize access to resource protected by permission " + permissionRequested.getClass().getName() + " name=" + permissionRequested.getName() + " actions=" + permissionRequested.getActions());
            this.authorizationBindings.doFilter(accessContext, filterChain);
        } else {
            this.authorizationBindings.setLastAccessDeniedPermission(accessContext, permissionRequested);
            logger.debug(" accessdenied phase ");
            this.authorizationBindings.accessDenied(accessContext);
        }
    }

    public void addAlwaysGrantedPermissionsToPolicy(Permissions permissions) {
        if (permissions == null) {
            return;
        }
        Policy policy = AccessControllerUtils.getPolicy();
        if (!JGuardPolicy.class.isAssignableFrom(policy.getClass())) {
            throw new UnsupportedOperationException(" the current java.security.Policy subclass is not a subclass of net.sf.jguard.core.authorization.policy.JGuardPolicy ");
        }
        ((JGuardPolicy) policy).addAlwaysGrantedPermissions(Thread.currentThread().getContextClassLoader(), permissions);
    }

    public AuthorizationBindings getAuthorizationBindings() {
        return this.authorizationBindings;
    }
}
