package org.jboss.as.ejb3.security;

import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.util.Map;
import java.util.Set;
import org.jboss.invocation.Interceptor;
import org.jboss.invocation.InterceptorContext;
import org.wildfly.common.Assert;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.authz.RoleMapper;
import org.wildfly.security.authz.Roles;
import org.wildfly.security.manager.WildFlySecurityManager;

/* loaded from: input_file:m2repo/org/wildfly/wildfly-ejb3/18.0.1.Final/wildfly-ejb3-18.0.1.Final.jar:org/jboss/as/ejb3/security/SecurityRolesAddingInterceptor.class */
public class SecurityRolesAddingInterceptor implements Interceptor {
    private final String category;
    private final Map<String, Set<String>> principalVsRolesMap;

    public SecurityRolesAddingInterceptor(String str, Map<String, Set<String>> map) {
        this.category = str;
        this.principalVsRolesMap = map;
    }

    @Override // org.jboss.invocation.Interceptor
    public Object processInvocation(InterceptorContext interceptorContext) throws Exception {
        SecurityDomain securityDomain = (SecurityDomain) interceptorContext.getPrivateData(SecurityDomain.class);
        Assert.checkNotNullParam("securityDomain", securityDomain);
        SecurityIdentity currentSecurityIdentity = securityDomain.getCurrentSecurityIdentity();
        Set<String> set = this.principalVsRolesMap.get(currentSecurityIdentity.getPrincipal().getName());
        if (set == null || set.isEmpty()) {
            return interceptorContext.proceed();
        }
        RoleMapper or = RoleMapper.constant(Roles.fromSet(set)).or(roles -> {
            return currentSecurityIdentity.getRoles(this.category);
        });
        try {
            return (WildFlySecurityManager.isChecking() ? (SecurityIdentity) AccessController.doPrivileged(() -> {
                return currentSecurityIdentity.withRoleMapper(this.category, or);
            }) : currentSecurityIdentity.withRoleMapper(this.category, or)).runAs(interceptorContext);
        } catch (PrivilegedActionException e) {
            Throwable cause = e.getCause();
            if (cause == null) {
                throw e;
            }
            if (cause instanceof Exception) {
                throw ((Exception) cause);
            }
            throw new RuntimeException(e);
        }
    }
}
