package org.hibernate.secure.internal;

import java.lang.reflect.UndeclaredThrowableException;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;

/* loaded from: input_file:WEB-INF/lib/hibernate-core-4.1.11.Final.jar:org/hibernate/secure/internal/JACCPermissions.class */
public class JACCPermissions {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/hibernate-core-4.1.11.Final.jar:org/hibernate/secure/internal/JACCPermissions$PolicyContextActions.class */
    public interface PolicyContextActions {
        public static final String SUBJECT_CONTEXT_KEY = "javax.security.auth.Subject.container";
        public static final PolicyContextActions PRIVILEGED = new PolicyContextActions() { // from class: org.hibernate.secure.internal.JACCPermissions.PolicyContextActions.1
            private final PrivilegedExceptionAction exAction = new PrivilegedExceptionAction() { // from class: org.hibernate.secure.internal.JACCPermissions.PolicyContextActions.1.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    return (Subject) PolicyContext.getContext(PolicyContextActions.SUBJECT_CONTEXT_KEY);
                }
            };

            @Override // org.hibernate.secure.internal.JACCPermissions.PolicyContextActions
            public Subject getContextSubject() throws PolicyContextException {
                try {
                    return (Subject) AccessController.doPrivileged(this.exAction);
                } catch (PrivilegedActionException e) {
                    PolicyContextException exception = e.getException();
                    if (exception instanceof PolicyContextException) {
                        throw exception;
                    }
                    throw new UndeclaredThrowableException(exception);
                }
            }
        };
        public static final PolicyContextActions NON_PRIVILEGED = new PolicyContextActions() { // from class: org.hibernate.secure.internal.JACCPermissions.PolicyContextActions.2
            @Override // org.hibernate.secure.internal.JACCPermissions.PolicyContextActions
            public Subject getContextSubject() throws PolicyContextException {
                return (Subject) PolicyContext.getContext(PolicyContextActions.SUBJECT_CONTEXT_KEY);
            }
        };

        Subject getContextSubject() throws PolicyContextException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hibernate-core-4.1.11.Final.jar:org/hibernate/secure/internal/JACCPermissions$SetContextID.class */
    public static class SetContextID implements PrivilegedAction {
        String contextID;

        SetContextID(String str) {
            this.contextID = str;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            String contextID = PolicyContext.getContextID();
            PolicyContext.setContextID(this.contextID);
            return contextID;
        }
    }

    public static void checkPermission(Class cls, String str, EJBMethodPermission eJBMethodPermission) throws SecurityException {
        CodeSource codeSource = cls.getProtectionDomain().getCodeSource();
        try {
            setContextID(str);
            Policy policy = Policy.getPolicy();
            Subject contextSubject = getContextSubject();
            Principal[] principalArr = null;
            if (contextSubject != null) {
                Set<Principal> principals = contextSubject.getPrincipals();
                principalArr = new Principal[principals.size()];
                principals.toArray(principalArr);
            }
            if (policy.implies(new ProtectionDomain(codeSource, null, null, principalArr), eJBMethodPermission)) {
            } else {
                throw new SecurityException("Denied: " + eJBMethodPermission + ", caller=" + contextSubject);
            }
        } catch (PolicyContextException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    static Subject getContextSubject() throws PolicyContextException {
        return System.getSecurityManager() == null ? PolicyContextActions.NON_PRIVILEGED.getContextSubject() : PolicyContextActions.PRIVILEGED.getContextSubject();
    }

    static String setContextID(String str) {
        return (String) AccessController.doPrivileged(new SetContextID(str));
    }
}
