package org.glassfish.security.services.provider.authorization;

import java.security.Principal;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.glassfish.hk2.api.PerLookup;
import org.glassfish.logging.annotation.LogMessageInfo;
import org.glassfish.security.services.api.authorization.AzAttributeResolver;
import org.glassfish.security.services.api.authorization.AzEnvironment;
import org.glassfish.security.services.api.authorization.AzResource;
import org.glassfish.security.services.api.authorization.AzSubject;
import org.glassfish.security.services.api.authorization.RoleMappingService;
import org.glassfish.security.services.common.Secure;
import org.glassfish.security.services.config.SecurityProvider;
import org.glassfish.security.services.impl.ServiceLogging;
import org.glassfish.security.services.spi.authorization.RoleMappingProvider;
import org.jvnet.hk2.annotations.Service;

@Secure(accessPermissionName = "security/service/rolemapper/provider/simple")
@Service(name = "simpleRoleMapping")
@PerLookup
/* loaded from: input_file:org/glassfish/security/services/provider/authorization/SimpleRoleMappingProviderImpl.class */
public class SimpleRoleMappingProviderImpl implements RoleMappingProvider {
    private static final Level DEBUG_LEVEL = Level.FINER;
    private static final Logger _logger = Logger.getLogger(ServiceLogging.SEC_PROV_LOGGER, ServiceLogging.SHARED_LOGMESSAGE_RESOURCE);
    private static final String ADMIN = "Admin";
    private RoleMappingProviderConfig cfg;
    private boolean deployable;
    private String version;
    private Map<String, ?> options;

    @LogMessageInfo(message = "Role Mapping Provider supplied an invalid resource: {0}", level = "WARNING")
    private static final String ROLEPROV_BAD_RESOURCE = "SEC-PROV-00150";

    private boolean isDebug() {
        return _logger.isLoggable(DEBUG_LEVEL);
    }

    private boolean isAdminResource(AzResource azResource) {
        return "admin".equals(azResource.getUri().getScheme());
    }

    private boolean containsAdminGroup(AzSubject azSubject) {
        Iterator<Principal> it = azSubject.getSubject().getPrincipals().iterator();
        while (it.hasNext()) {
            if ("asadmin".equals(it.next().getName())) {
                return true;
            }
        }
        return false;
    }

    @Override // org.glassfish.security.services.spi.SecurityProvider
    public void initialize(SecurityProvider securityProvider) {
        this.cfg = (RoleMappingProviderConfig) securityProvider.getSecurityProviderConfig().get(0);
        this.deployable = Boolean.parseBoolean(this.cfg.getSupportRoleDeploy());
        this.version = this.cfg.getVersion();
        this.options = this.cfg.getProviderOptions();
        if (isDebug()) {
            _logger.log(DEBUG_LEVEL, "provider deploy:  " + this.deployable);
            _logger.log(DEBUG_LEVEL, "provider version: " + this.version);
            _logger.log(DEBUG_LEVEL, "provider options: " + this.options);
        }
    }

    @Override // org.glassfish.security.services.spi.authorization.RoleMappingProvider
    public boolean isUserInRole(String str, AzSubject azSubject, AzResource azResource, String str2, AzEnvironment azEnvironment, List<AzAttributeResolver> list) {
        boolean z = false;
        if (isDebug()) {
            _logger.log(DEBUG_LEVEL, "isUserInRole() - " + str2);
        }
        if (!isAdminResource(azResource)) {
            String aSCIIString = azResource.getUri() == null ? "null" : azResource.getUri().toASCIIString();
            _logger.log(Level.WARNING, ROLEPROV_BAD_RESOURCE, aSCIIString);
            _logger.log(Level.WARNING, "IllegalArgumentException", (Throwable) new IllegalArgumentException(aSCIIString));
        }
        if (ADMIN.equals(str2)) {
            z = containsAdminGroup(azSubject);
        }
        if (isDebug()) {
            _logger.log(DEBUG_LEVEL, "isUserInRole() - returning " + z);
        }
        return z;
    }

    @Override // org.glassfish.security.services.spi.authorization.RoleMappingProvider
    public RoleMappingService.RoleDeploymentContext findOrCreateDeploymentContext(String str) {
        return null;
    }
}
