package org.codehaus.aware.security;

import java.security.AccessControlContext;
import java.security.Principal;
import java.security.PrivilegedExceptionAction;
import java.util.Iterator;
import javax.security.auth.Subject;
import org.codehaus.aspectwerkz.exception.WrappedRuntimeException;
import org.codehaus.aspectwerkz.joinpoint.JoinPoint;
import org.codehaus.aspectwerkz.joinpoint.MethodRtti;
import org.codehaus.aspectwerkz.joinpoint.Rtti;
import org.codehaus.aware.security.principal.PrincipalStore;

/* loaded from: input_file:aspectwerkz/aware-0.1.jar:org/codehaus/aware/security/RoleBasedAccessProtocol.class */
public class RoleBasedAccessProtocol {
    protected final SecurityManager m_securityManager = SecurityManagerFactory.getInstance(SecurityManagerType.JAAS);

    public Object authenticateUser(JoinPoint joinPoint) throws Throwable {
        System.out.println("RoleBasedAccessProtocol.authenticateUser - 1");
        Subject subject = PrincipalStore.getSubject();
        System.out.println("RoleBasedAccessProtocol.authenticateUser - 2");
        if (subject == null) {
            try {
                System.out.println("RoleBasedAccessProtocol.authenticateUser - 3");
                subject = authenticate();
            } catch (Exception e) {
                Rtti rtti = joinPoint.getRtti();
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append("authentication denied at ");
                stringBuffer.append(rtti.getDeclaringType().getName());
                stringBuffer.append('.');
                stringBuffer.append(rtti.getName());
                stringBuffer.append(" for user [");
                stringBuffer.append(PrincipalStore.getContext());
                stringBuffer.append("] due to: ");
                stringBuffer.append(e.toString());
                throw new SecurityException(stringBuffer.toString());
            }
        }
        System.out.println("RoleBasedAccessProtocol.authenticateUser - 4");
        Object doAsPrivileged = Subject.doAsPrivileged(subject, (PrivilegedExceptionAction<Object>) new PrivilegedExceptionAction(this, joinPoint) { // from class: org.codehaus.aware.security.RoleBasedAccessProtocol.1
            private final JoinPoint val$joinPoint;
            private final RoleBasedAccessProtocol this$0;

            {
                this.this$0 = this;
                this.val$joinPoint = joinPoint;
            }

            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws Exception {
                try {
                    return this.val$joinPoint.proceed();
                } catch (Throwable th) {
                    throw new WrappedRuntimeException(th);
                }
            }
        }, (AccessControlContext) null);
        System.out.println("RoleBasedAccessProtocol.authenticateUser - 5    ");
        return doAsPrivileged;
    }

    public Object authorizeUser(JoinPoint joinPoint) throws Throwable {
        System.out.println("RoleBasedAccessProtocol.authorizeUser");
        if (checkPermission(joinPoint)) {
            return joinPoint.proceed();
        }
        Rtti rtti = joinPoint.getRtti();
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("authorization denied at ");
        stringBuffer.append(rtti.getDeclaringType().getName());
        stringBuffer.append('.');
        stringBuffer.append(rtti.getName());
        stringBuffer.append(" for user [");
        stringBuffer.append(PrincipalStore.getContext());
        stringBuffer.append(']');
        throw new SecurityException(stringBuffer.toString());
    }

    protected Subject authenticate() {
        this.m_securityManager.authenticate(PrincipalStore.getContext());
        return PrincipalStore.getSubject();
    }

    protected boolean checkPermission(JoinPoint joinPoint) {
        Subject subject = PrincipalStore.getSubject();
        if (subject == null) {
            System.out.println("no subject");
            return false;
        }
        MethodRtti methodRtti = (MethodRtti) joinPoint.getRtti();
        Iterator<Principal> it = subject.getPrincipals().iterator();
        while (it.hasNext()) {
            if (this.m_securityManager.checkPermission(it.next(), methodRtti.getDeclaringType(), methodRtti.getMethod())) {
                return true;
            }
        }
        return false;
    }
}
