package com.ibm.ws.security.authorization.util;

import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import jakarta.annotation.security.DenyAll;
import jakarta.annotation.security.PermitAll;
import jakarta.annotation.security.RolesAllowed;
import java.lang.reflect.Method;
import java.security.Principal;
import java.util.function.Predicate;
import java.util.function.Supplier;
import java.util.logging.Level;
import java.util.logging.Logger;

@InjectedFFDC
@TraceObjectField(fieldName = "LOG", fieldDesc = "Ljava/util/logging/Logger;")
/* loaded from: input_file:com/ibm/ws/security/authorization/util/RoleMethodAuthUtil.class */
public class RoleMethodAuthUtil {
    private static final Logger LOG = Logger.getLogger(RoleMethodAuthUtil.class.getName());
    static final long serialVersionUID = 241324967474413731L;

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    public RoleMethodAuthUtil() {
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.entering("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "<init>", new Object[0]);
        }
        if (LOG == null || !LOG.isLoggable(Level.FINER)) {
            return;
        }
        LOG.exiting("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "<init>", this);
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    public static void checkAuthentication(Principal principal) throws UnauthenticatedException {
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.entering("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "checkAuthentication", new Object[]{principal});
        }
        if (principal == null) {
            throw new UnauthenticatedException("principal is null");
        }
        if ("UNAUTHENTICATED".equals(principal.getName())) {
            throw new UnauthenticatedException("principal is UNAUTHENTICATED");
        }
        if (LOG == null || !LOG.isLoggable(Level.FINER)) {
            return;
        }
        LOG.exiting("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "checkAuthentication");
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    public static boolean parseMethodSecurity(Method method, Supplier<Principal> supplier, Predicate<String> predicate) throws UnauthenticatedException {
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.entering("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "parseMethodSecurity", new Object[]{method, supplier, predicate});
        }
        if (getDenyAll(method)) {
            if (LOG.isLoggable(Level.FINEST)) {
                LOG.finest("Found DenyAll for method: {} " + method.getName() + ", Injection Processing for web service is ignored");
            }
            if (LOG != null && LOG.isLoggable(Level.FINER)) {
                LOG.exiting("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "parseMethodSecurity", false);
            }
            return false;
        }
        RolesAllowed rolesAllowed = getRolesAllowed(method);
        if (rolesAllowed == null) {
            if (!getPermitAll(method)) {
                boolean parseClassSecurity = parseClassSecurity(method.getDeclaringClass(), supplier, predicate);
                if (LOG != null && LOG.isLoggable(Level.FINER)) {
                    LOG.exiting("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "parseMethodSecurity", Boolean.valueOf(parseClassSecurity));
                }
                return parseClassSecurity;
            }
            if (LOG.isLoggable(Level.FINEST)) {
                LOG.finest("Found PermitAll for method: {}" + method.getName());
            }
            if (LOG != null && LOG.isLoggable(Level.FINER)) {
                LOG.exiting("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "parseMethodSecurity", true);
            }
            return true;
        }
        String[] value = rolesAllowed.value();
        if (LOG.isLoggable(Level.FINEST)) {
            LOG.log(Level.FINEST, "found RolesAllowed in method: {} " + method.getName(), new Object[]{value});
        }
        for (String str : value) {
            if (predicate.test(str)) {
                if (LOG != null && LOG.isLoggable(Level.FINER)) {
                    LOG.exiting("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "parseMethodSecurity", true);
                }
                return true;
            }
        }
        checkAuthentication(supplier.get());
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.exiting("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "parseMethodSecurity", false);
        }
        return false;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    private static boolean parseClassSecurity(Class<?> cls, Supplier<Principal> supplier, Predicate<String> predicate) throws UnauthenticatedException {
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.entering("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "parseClassSecurity", new Object[]{cls, supplier, predicate});
        }
        if (cls.getAnnotation(DenyAll.class) != null) {
            if (LOG.isLoggable(Level.FINEST)) {
                LOG.finest("Found class level @DenyAll - authorization denied for " + cls.getName());
            }
            if (LOG != null && LOG.isLoggable(Level.FINER)) {
                LOG.exiting("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "parseClassSecurity", false);
            }
            return false;
        }
        RolesAllowed annotation = cls.getAnnotation(RolesAllowed.class);
        if (annotation == null) {
            if (LOG != null && LOG.isLoggable(Level.FINER)) {
                LOG.exiting("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "parseClassSecurity", true);
            }
            return true;
        }
        String[] value = annotation.value();
        if (LOG.isLoggable(Level.FINEST)) {
            LOG.log(Level.FINEST, "found RolesAllowed in class: {} " + cls.getName(), new Object[]{value});
        }
        for (String str : value) {
            if (predicate.test(str)) {
                if (LOG != null && LOG.isLoggable(Level.FINER)) {
                    LOG.exiting("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "parseClassSecurity", true);
                }
                return true;
            }
        }
        checkAuthentication(supplier.get());
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.exiting("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "parseClassSecurity", false);
        }
        return false;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    private static RolesAllowed getRolesAllowed(Method method) {
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.entering("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "getRolesAllowed", new Object[]{method});
        }
        RolesAllowed annotation = method.getAnnotation(RolesAllowed.class);
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.exiting("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "getRolesAllowed", annotation);
        }
        return annotation;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    private static boolean getPermitAll(Method method) {
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.entering("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "getPermitAll", new Object[]{method});
        }
        boolean isAnnotationPresent = method.isAnnotationPresent(PermitAll.class);
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.exiting("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "getPermitAll", Boolean.valueOf(isAnnotationPresent));
        }
        return isAnnotationPresent;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.JSR47TracingMethodAdapter"})
    private static boolean getDenyAll(Method method) {
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.entering("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "getDenyAll", new Object[]{method});
        }
        boolean isAnnotationPresent = method.isAnnotationPresent(DenyAll.class);
        if (LOG != null && LOG.isLoggable(Level.FINER)) {
            LOG.exiting("com.ibm.ws.security.authorization.util.RoleMethodAuthUtil", "getDenyAll", Boolean.valueOf(isAnnotationPresent));
        }
        return isAnnotationPresent;
    }
}
