package net.sourceforge.hivelock;

import java.lang.reflect.InvocationHandler;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.security.Principal;
import java.util.List;
import net.sourceforge.hiveutils.collections.SetOperations;
import org.apache.commons.logging.Log;
import org.apache.hivemind.InterceptorStack;
import org.apache.hivemind.ServiceInterceptorFactory;
import org.apache.hivemind.internal.Module;
import org.apache.hivemind.methodmatch.MethodMatcher;
import org.apache.hivemind.service.MethodSignature;
import org.mortbay.http.SecurityConstraint;

/* loaded from: input_file:net/sourceforge/hivelock/AuthorizationInterceptorFactory.class */
public class AuthorizationInterceptorFactory implements ServiceInterceptorFactory {
    private final SecurityService _security;
    private final PrincipalHelperService _helper;
    private static final String[] EMPTY_ROLES = new String[0];

    /* loaded from: input_file:net/sourceforge/hivelock/AuthorizationInterceptorFactory$Interceptor.class */
    private class Interceptor implements InvocationHandler {
        private final Log _logger;
        private final Object _target;
        private final MethodMatcher _methodMatcher = new MethodMatcher();
        private final AuthorizationInterceptorFactory this$0;

        public Interceptor(AuthorizationInterceptorFactory authorizationInterceptorFactory, Log log, Object obj, List list) {
            this.this$0 = authorizationInterceptorFactory;
            this._logger = log;
            this._target = obj;
            for (Object obj2 : list) {
                if (obj2 instanceof AuthorizationContribution) {
                    AuthorizationContribution authorizationContribution = (AuthorizationContribution) obj2;
                    this._methodMatcher.put(authorizationContribution.getPattern(), authorizationContribution.getRoles());
                }
            }
            this._methodMatcher.put(SecurityConstraint.ANY_ROLE, AuthorizationInterceptorFactory.EMPTY_ROLES);
        }

        @Override // java.lang.reflect.InvocationHandler
        public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
            checkAuthorization(method);
            try {
                return method.invoke(this._target, objArr);
            } catch (InvocationTargetException e) {
                throw e.getTargetException();
            }
        }

        private void checkAuthorization(Method method) {
            String[] strArr = (String[]) this._methodMatcher.get(new MethodSignature(method));
            if (strArr == null) {
                return;
            }
            if (strArr.length == 0) {
                this._logger.warn(new StringBuffer().append("Method ").append(getMethodName(method)).append(" is forbidden for anybody").toString());
                throw new SecurityException(new StringBuffer().append("Method ").append(getMethodName(method)).append(" is forbidden for anybody").toString());
            }
            Principal currentUser = this.this$0._security.getCurrentUser();
            if (currentUser == null) {
                this._logger.warn(new StringBuffer().append("Unregistered user cannot access method ").append(getMethodName(method)).toString());
                throw new SecurityException(new StringBuffer().append("Unregistered user cannot access method ").append(getMethodName(method)).toString());
            }
            if (SetOperations.intersects(strArr, this.this$0._helper.getRoles(currentUser))) {
                return;
            }
            this._logger.warn(new StringBuffer().append(currentUser.getName()).append(" is not assigned role to access method ").append(getMethodName(method)).toString());
            throw new SecurityException(new StringBuffer().append(currentUser.getName()).append(" is not assigned role to access method ").append(getMethodName(method)).toString());
        }

        private String getMethodName(Method method) {
            return new StringBuffer().append(method.getDeclaringClass().getName()).append(".").append(method.getName()).toString();
        }
    }

    public AuthorizationInterceptorFactory(SecurityService securityService, PrincipalHelperService principalHelperService) {
        this._security = securityService;
        this._helper = principalHelperService;
    }

    @Override // org.apache.hivemind.ServiceInterceptorFactory
    public void createInterceptor(InterceptorStack interceptorStack, Module module, List list) {
        interceptorStack.push(Proxy.newProxyInstance(module.getClassResolver().getClassLoader(), new Class[]{interceptorStack.getServiceInterface()}, new Interceptor(this, interceptorStack.getServiceLog(), interceptorStack.peek(), list)));
    }
}
