package org.glassfish.ejb.deployment.annotation.handlers;

import com.sun.enterprise.deployment.EjbDescriptor;
import com.sun.enterprise.deployment.MethodDescriptor;
import com.sun.enterprise.deployment.MethodPermission;
import com.sun.enterprise.deployment.Role;
import com.sun.enterprise.deployment.annotation.context.EjbContext;
import com.sun.enterprise.deployment.annotation.handlers.PostProcessor;
import com.sun.enterprise.deployment.util.TypeUtil;
import java.lang.annotation.Annotation;
import java.lang.annotation.ElementType;
import java.lang.reflect.AnnotatedElement;
import java.lang.reflect.Method;
import java.util.Iterator;
import java.util.logging.Level;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import org.glassfish.apf.AnnotatedElementHandler;
import org.glassfish.apf.AnnotationInfo;
import org.glassfish.apf.AnnotationProcessorException;
import org.glassfish.apf.HandlerProcessingResult;
import org.jvnet.hk2.annotations.Service;

@Service
/* loaded from: input_file:org/glassfish/ejb/deployment/annotation/handlers/RolesAllowedHandler.class */
public class RolesAllowedHandler extends AbstractAttributeHandler implements PostProcessor {
    @Override // org.glassfish.apf.AnnotationHandler
    public Class<? extends Annotation> getAnnotationType() {
        return RolesAllowed.class;
    }

    @Override // org.glassfish.ejb.deployment.annotation.handlers.AbstractAttributeHandler
    protected HandlerProcessingResult processAnnotation(AnnotationInfo annotationInfo, EjbContext[] ejbContextArr) throws AnnotationProcessorException {
        AnnotatedElement annotatedElement = annotationInfo.getAnnotatedElement();
        if (annotatedElement.isAnnotationPresent(DenyAll.class) || annotatedElement.isAnnotationPresent(PermitAll.class)) {
            log(Level.SEVERE, annotationInfo, localStrings.getLocalString("enterprise.deployment.annotation.handlers.inconsistentsecannotation", "This annotation is not consistent with other annotations.  One cannot have more than one of @RolesAllowed, @PermitAll, @DenyAll in the same AnnotatedElement."));
            return getDefaultFailedResult();
        }
        RolesAllowed rolesAllowed = (RolesAllowed) annotationInfo.getAnnotation();
        for (EjbContext ejbContext : ejbContextArr) {
            EjbDescriptor descriptor = ejbContext.getDescriptor();
            if (ElementType.TYPE.equals(annotationInfo.getElementType())) {
                ejbContext.addPostProcessInfo(annotationInfo, this);
            } else {
                Method method = (Method) annotationInfo.getAnnotatedElement();
                for (MethodDescriptor methodDescriptor : descriptor.getSecurityBusinessMethodDescriptors()) {
                    if (TypeUtil.sameMethodSignature(methodDescriptor.getMethod(descriptor), method) && !hasMethodPermissionsFromDD(methodDescriptor, descriptor)) {
                        addMethodPermissions(rolesAllowed, descriptor, methodDescriptor);
                    }
                }
            }
        }
        return getDefaultProcessedResult();
    }

    @Override // com.sun.enterprise.deployment.annotation.handlers.AbstractHandler, org.glassfish.apf.AnnotationHandler
    public Class<? extends Annotation>[] getTypeDependencies() {
        return getEjbAnnotationTypes();
    }

    @Override // org.glassfish.ejb.deployment.annotation.handlers.AbstractAttributeHandler
    protected boolean supportTypeInheritance() {
        return true;
    }

    @Override // com.sun.enterprise.deployment.annotation.handlers.PostProcessor
    public void postProcessAnnotation(AnnotationInfo annotationInfo, AnnotatedElementHandler annotatedElementHandler) throws AnnotationProcessorException {
        EjbContext ejbContext = (EjbContext) annotatedElementHandler;
        EjbDescriptor descriptor = ejbContext.getDescriptor();
        RolesAllowed rolesAllowed = (RolesAllowed) annotationInfo.getAnnotation();
        if (!ejbContext.isInherited() && (descriptor.getMethodPermissionsFromDD() == null || descriptor.getMethodPermissionsFromDD().size() == 0)) {
            Iterator<MethodDescriptor> it = getMethodAllDescriptors(descriptor).iterator();
            while (it.hasNext()) {
                addMethodPermissions(rolesAllowed, descriptor, it.next());
            }
            return;
        }
        Class cls = (Class) annotationInfo.getAnnotatedElement();
        for (MethodDescriptor methodDescriptor : descriptor.getSecurityBusinessMethodDescriptors()) {
            methodDescriptor.getMethod(descriptor);
            if (cls.equals(ejbContext.getDeclaringClass(methodDescriptor)) && !hasMethodPermissionsFromDD(methodDescriptor, descriptor)) {
                addMethodPermissions(rolesAllowed, descriptor, methodDescriptor);
            }
        }
    }

    private void addMethodPermissions(RolesAllowed rolesAllowed, EjbDescriptor ejbDescriptor, MethodDescriptor methodDescriptor) {
        for (String str : rolesAllowed.value()) {
            Role role = new Role(str);
            ejbDescriptor.getEjbBundleDescriptor().addRole(role);
            ejbDescriptor.addPermissionedMethod(new MethodPermission(role), methodDescriptor);
        }
    }
}
