package com.sun.management.services.authorization;

import com.sun.management.services.authentication.UserRolePrincipal;
import java.security.AccessController;
import java.security.Permission;
import java.security.Principal;
import javax.security.auth.Subject;

/* loaded from: input_file:116251-01/SUNWesmcm/reloc/$ESM_BASE/lib/solaris_impl.jar:com/sun/management/services/authorization/SolarisRbacAuthorizationService.class */
public final class SolarisRbacAuthorizationService implements AuthorizationService {
    private static final String PERM_ATTRIBUTE = "permission";
    private static final String PERM_CLASS_NAME = "com.sun.management.services.authorization.SolarisRbacPermission";
    private static final String PRINCIPAL_CLASS_NAME = "com.sun.management.services.authentication.UserRolePrincipal";

    @Override // com.sun.management.services.authorization.AuthorizationService
    public Permission createPermission(String str, String[][] strArr) throws AuthorizationException {
        if (str == null || !str.equals(PERM_CLASS_NAME)) {
            throw new AuthorizationException("authz_err_15", str == null ? "null" : str);
        }
        String str2 = null;
        if (strArr != null && strArr.length > 0 && strArr[0][0].equals(PERM_ATTRIBUTE)) {
            str2 = strArr[0][1];
        }
        if (str2 == null || str2.length() == 0) {
            throw new AuthorizationException("authz_err_16");
        }
        return new SolarisRbacPermission(str2);
    }

    @Override // com.sun.management.services.authorization.AuthorizationService
    public boolean checkPermission(Permission permission) throws AuthorizationException {
        return checkPermission(Subject.getSubject(AccessController.getContext()), permission);
    }

    @Override // com.sun.management.services.authorization.AuthorizationService
    public boolean checkPermission(Principal principal, Permission permission) throws AuthorizationException {
        return isPermissionGranted(validatePrincipal(principal), validatePermission(permission));
    }

    @Override // com.sun.management.services.authorization.AuthorizationService
    public boolean checkPermission(Subject subject, Permission permission) throws AuthorizationException {
        if (subject == null) {
            throw new AuthorizationException("authz_err_11");
        }
        SolarisRbacPermission validatePermission = validatePermission(permission);
        UserRolePrincipal userRolePrincipal = (UserRolePrincipal) AuthorizationServiceFactory.getPrincipal(subject, PRINCIPAL_CLASS_NAME);
        if (userRolePrincipal == null) {
            return false;
        }
        return isPermissionGranted(userRolePrincipal, validatePermission);
    }

    private UserRolePrincipal validatePrincipal(Principal principal) throws AuthorizationException {
        UserRolePrincipal userRolePrincipal = null;
        if (principal != null) {
            try {
                userRolePrincipal = (UserRolePrincipal) principal;
            } catch (Exception e) {
            }
        }
        if (userRolePrincipal == null) {
            throw new AuthorizationException("authz_err_13");
        }
        return userRolePrincipal;
    }

    private SolarisRbacPermission validatePermission(Permission permission) throws AuthorizationException {
        if (permission == null) {
            throw new AuthorizationException("authz_err_12");
        }
        try {
            return (SolarisRbacPermission) permission;
        } catch (Exception e) {
            throw new AuthorizationException("authz_err_14");
        }
    }

    private boolean isPermissionGranted(UserRolePrincipal userRolePrincipal, SolarisRbacPermission solarisRbacPermission) {
        String roleName = userRolePrincipal.getRoleName();
        if (roleName == null) {
            roleName = userRolePrincipal.getUserName();
        }
        return AuthorizationUtility.checkAuthName(roleName, solarisRbacPermission.getName());
    }
}
