package org.glassfish.soteria.authorization;

import java.net.URL;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;

/* loaded from: input_file:org/glassfish/soteria/authorization/JACC.class */
public class JACC {
    public static Subject getSubject() {
        return (Subject) getFromContext("javax.security.auth.Subject.container");
    }

    public static boolean isCallerInRole(String str) {
        return hasPermission(getSubject(), new WebRoleRefPermission("", str));
    }

    public static boolean hasAccessToWebResource(String str, String... strArr) {
        return hasPermission(getSubject(), new WebResourcePermission(str, strArr));
    }

    public static Set<String> getAllDeclaredCallerRoles() {
        PermissionCollection permissionCollection = getPermissionCollection(getSubject());
        permissionCollection.implies(new WebRoleRefPermission("", "nothing"));
        return filterRoles(permissionCollection);
    }

    public static boolean hasPermission(Subject subject, Permission permission) {
        return Policy.getPolicy().implies(fromSubject(subject), permission);
    }

    public static PermissionCollection getPermissionCollection(Subject subject) {
        return Policy.getPolicy().getPermissions(fromSubject(subject));
    }

    public static Set<String> filterRoles(PermissionCollection permissionCollection) {
        HashSet hashSet = new HashSet();
        Iterator it = Collections.list(permissionCollection.elements()).iterator();
        while (it.hasNext()) {
            Permission permission = (Permission) it.next();
            if (permission instanceof WebRoleRefPermission) {
                String actions = permission.getActions();
                if (!hashSet.contains(actions) && isCallerInRole(actions)) {
                    hashSet.add(actions);
                }
            }
        }
        return hashSet;
    }

    public static ProtectionDomain fromSubject(Subject subject) {
        return new ProtectionDomain(new CodeSource((URL) null, (Certificate[]) null), null, null, (Principal[]) subject.getPrincipals().toArray(new Principal[subject.getPrincipals().size()]));
    }

    public static <T> T getFromContext(String str) {
        try {
            return (T) PolicyContext.getContext(str);
        } catch (PolicyContextException e) {
            throw new IllegalStateException((Throwable) e);
        }
    }
}
