package org.openejb.security;

import java.rmi.AccessException;
import java.security.AccessControlContext;
import java.security.AccessControlException;
import javax.ejb.AccessLocalException;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import org.apache.geronimo.core.service.Interceptor;
import org.apache.geronimo.core.service.Invocation;
import org.apache.geronimo.core.service.InvocationResult;
import org.apache.geronimo.security.ContextManager;
import org.openejb.EJBInvocation;

/* loaded from: input_file:org/openejb/security/EJBSecurityInterceptor.class */
public class EJBSecurityInterceptor implements Interceptor {
    private final Interceptor next;
    private final Object contextId;
    private final PermissionManager permissionManager;

    public EJBSecurityInterceptor(Interceptor interceptor, Object obj, PermissionManager permissionManager) {
        this.next = interceptor;
        this.contextId = obj;
        this.permissionManager = permissionManager;
    }

    public InvocationResult invoke(Invocation invocation) throws Throwable {
        EJBInvocation eJBInvocation = (EJBInvocation) invocation;
        Subject currentCaller = ContextManager.getCurrentCaller();
        try {
            try {
                ContextManager.setCurrentCaller(ContextManager.getNextCaller());
                PolicyContext.setContextID(this.contextId.toString());
                AccessControlContext currentContext = ContextManager.getCurrentContext();
                if (currentContext != null) {
                    currentContext.checkPermission(this.permissionManager.getPermission(eJBInvocation.getType(), eJBInvocation.getMethodIndex()));
                }
                InvocationResult invoke = this.next.invoke(invocation);
                ContextManager.setCurrentCaller(currentCaller);
                return invoke;
            } catch (AccessControlException e) {
                if (eJBInvocation.getType().isLocal()) {
                    throw new AccessLocalException(e.getMessage());
                }
                throw new AccessException(e.getMessage());
            }
        } catch (Throwable th) {
            ContextManager.setCurrentCaller(currentCaller);
            throw th;
        }
    }
}
