package com.addc.commons.jmx.auth;

import com.addc.commons.Constants;
import com.addc.commons.i18n.I18nTextFactory;
import com.addc.commons.i18n.Translator;
import com.addc.commons.jmx.auth.JMXAccessController;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashSet;
import java.util.Iterator;
import javax.security.auth.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/addc/commons/jmx/auth/JMXFileAccessController.class */
public class JMXFileAccessController extends JMXAccessController {
    private static final Logger LOGGER = LoggerFactory.getLogger(JMXFileAccessController.class);
    private final Translator translator = I18nTextFactory.getTranslator("com.addc.commons.Messages");
    private final String adminRole;
    private final String monitorRole;

    public JMXFileAccessController(String str, String str2) {
        this.adminRole = str;
        this.monitorRole = str2;
    }

    @Override // com.addc.commons.jmx.auth.JMXAccessController
    protected void checkAccess(JMXAccessController.AccessType accessType) {
        final AccessControlContext context = AccessController.getContext();
        Subject subject = (Subject) AccessController.doPrivileged(new PrivilegedAction<Subject>() { // from class: com.addc.commons.jmx.auth.JMXFileAccessController.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Subject run() {
                return Subject.getSubject(context);
            }
        });
        if (subject == null) {
            LOGGER.debug("No current subject");
            return;
        }
        LOGGER.debug("Check subject {}", subject.getPrincipals());
        HashSet hashSet = new HashSet();
        Iterator<Object> it = subject.getPublicCredentials().iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().toString());
        }
        if ((accessType == JMXAccessController.AccessType.READ && (hashSet.contains(this.adminRole) || hashSet.contains(this.monitorRole))) || hashSet.contains(this.adminRole)) {
            return;
        }
        LOGGER.warn("{} is denied access for the current {} operation", subject.getPrincipals(), accessType);
        throw new SecurityException(this.translator.translate(Constants.ERROR_ACCESS_DENIED));
    }
}
