package org.openejb.security;

import java.rmi.AccessException;
import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.Permission;
import javax.ejb.AccessLocalException;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import org.apache.geronimo.core.service.Interceptor;
import org.apache.geronimo.core.service.Invocation;
import org.apache.geronimo.core.service.InvocationResult;
import org.apache.geronimo.security.ContextManager;
import org.openejb.EJBContextImpl;
import org.openejb.EJBInvocation;

/* loaded from: input_file:org/openejb/security/EJBSecurityInterceptor.class */
public final class EJBSecurityInterceptor implements Interceptor {
    private final Interceptor next;
    private final String policyContextID;
    private final PermissionManager permissionManager;

    public EJBSecurityInterceptor(Interceptor interceptor, String str, PermissionManager permissionManager) {
        this.next = interceptor;
        this.policyContextID = str;
        this.permissionManager = permissionManager;
    }

    public InvocationResult invoke(Invocation invocation) throws Throwable {
        Permission permission;
        EJBInvocation eJBInvocation = (EJBInvocation) invocation;
        EJBContextImpl eJBContextImpl = eJBInvocation.getEJBInstanceContext().getEJBContextImpl();
        Subject callerSubject = eJBContextImpl.getCallerSubject();
        Subject currentCaller = ContextManager.getCurrentCaller();
        String contextID = PolicyContext.getContextID();
        try {
            try {
                PolicyContext.setContextID(this.policyContextID);
                AccessControlContext currentContext = ContextManager.getCurrentContext();
                if (currentContext != null && (permission = this.permissionManager.getPermission(eJBInvocation.getType(), eJBInvocation.getMethodIndex())) != null) {
                    currentContext.checkPermission(permission);
                }
                eJBContextImpl.setCallerSubject(currentCaller);
                InvocationResult invoke = this.next.invoke(invocation);
                PolicyContext.setContextID(contextID);
                eJBContextImpl.setCallerSubject(callerSubject);
                return invoke;
            } catch (AccessControlException e) {
                if (eJBInvocation.getType().isLocal()) {
                    throw new AccessLocalException(e.getMessage());
                }
                throw new AccessException(e.getMessage());
            }
        } catch (Throwable th) {
            PolicyContext.setContextID(contextID);
            eJBContextImpl.setCallerSubject(callerSubject);
            throw th;
        }
    }
}
