package weblogic.ejb.container.internal;

import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import weblogic.application.ApplicationContext;
import weblogic.diagnostics.debug.DebugLogger;
import weblogic.ejb.container.EJBDebugService;
import weblogic.ejb.container.EJBLogger;
import weblogic.ejb.container.interfaces.DeploymentInfo;
import weblogic.ejb.container.interfaces.MethodInfo;
import weblogic.ejb.container.interfaces.NoSuchRoleException;
import weblogic.ejb.container.interfaces.SecurityRoleMapping;
import weblogic.ejb.container.interfaces.SecurityRoleReference;
import weblogic.ejb.spi.WLDeploymentException;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.jacc.CommonPolicyContextHandler;
import weblogic.security.jacc.DelegatingPolicyContextHandler;
import weblogic.security.jacc.RoleMapper;
import weblogic.security.service.ContextHandler;
import weblogic.utils.AssertionError;
import weblogic.utils.StringUtils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:weblogic/ejb/container/internal/SecurityHelperJACC.class */
public final class SecurityHelperJACC {
    private static final String DONT_REGISTER_UNCOVERED_METHODS = "weblogic.ejb.container.internal.SecurityHelperJACC.dont_register_uncovered_methods";
    private static final boolean dont_register_uncovered_methods;
    private static final DebugLogger debugLogger;
    private String jaccPolicyContextId;
    private String jaccCodeSourceLocation;
    private CodeSource jaccCodeSource;
    private PolicyConfiguration jaccPolicyConfig;
    private RoleMapper jaccRoleMapper;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityHelperJACC(PolicyConfiguration policyConfiguration, String str, String str2, RoleMapper roleMapper) throws WLDeploymentException {
        this.jaccPolicyConfig = policyConfiguration;
        this.jaccPolicyContextId = str;
        this.jaccCodeSourceLocation = str2;
        this.jaccRoleMapper = roleMapper;
        try {
            this.jaccCodeSource = new CodeSource(new URL(new URI("file:///" + str2.replace('\\', '/')).toString()), (Certificate[]) null);
        } catch (MalformedURLException e) {
            throw new WLDeploymentException(e.getMessage(), e);
        } catch (URISyntaxException e2) {
            throw new WLDeploymentException(e2.getMessage(), e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deployRoles(DeploymentInfo deploymentInfo, SecurityRoleMapping securityRoleMapping) {
        String applicationName = deploymentInfo.getApplicationName();
        String eJBComponentName = deploymentInfo.getEJBComponentName();
        Collection<String> securityRoleNames = securityRoleMapping.getSecurityRoleNames();
        if (debugLogger.isDebugEnabled()) {
            debug("deployRoles(...), appName: '" + applicationName + "', ejbComponentName: '" + eJBComponentName + "'  there are: '" + securityRoleNames.size() + "' roles in this jar.");
        }
        if (securityRoleNames.isEmpty()) {
            return;
        }
        HashMap hashMap = new HashMap();
        for (String str : securityRoleNames) {
            try {
                if (securityRoleMapping.isExternallyDefinedRole(str)) {
                    if (debugLogger.isDebugEnabled()) {
                        debug("skipping deployment of role: " + str + " because it's externally defined");
                    }
                } else if (securityRoleMapping.isRoleMappedToPrincipals(str)) {
                    String[] strArr = (String[]) securityRoleMapping.getSecurityRolePrincipalNames(str).toArray(new String[0]);
                    if (debugLogger.isDebugEnabled()) {
                        debug("deploying role: " + str + " with principals: " + StringUtils.join(strArr, ", "));
                    }
                    hashMap.put(str, strArr);
                } else if (debugLogger.isDebugEnabled()) {
                    debug("skipping deployment of role: " + str + " because it's not mapped to any principals");
                }
            } catch (NoSuchRoleException e) {
                throw new AssertionError("Unexpected exception: ", e);
            }
        }
        if (hashMap.isEmpty()) {
            if (debugLogger.isDebugEnabled()) {
                debug("No Role mapping to add to the RoleMapper for appName: '" + applicationName + "', ejbComponentName: '" + eJBComponentName + "'");
            }
        } else {
            this.jaccRoleMapper.addAppRolesToPrincipalMap(hashMap);
            if (debugLogger.isDebugEnabled()) {
                debug("Role mapping to add to the RoleMapper for appName: '" + applicationName + "', ejbComponentName: '" + eJBComponentName + "'");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setupApplicationInfo(ApplicationContext applicationContext, DeploymentInfo deploymentInfo) {
        applicationContext.addJACCPolicyConfiguration(this.jaccPolicyConfig);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void unDeployRoles() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deployPolicies(List<MethodDescriptor> list, List<MethodDescriptor> list2, List<MethodDescriptor> list3, SecurityHelper securityHelper) throws Exception {
        if (list != null) {
            Iterator<MethodDescriptor> it = list.iterator();
            while (it.hasNext()) {
                deployPolicy(it.next(), securityHelper);
            }
        }
        if (list2 != null) {
            Iterator<MethodDescriptor> it2 = list2.iterator();
            while (it2.hasNext()) {
                deployPolicy(it2.next(), securityHelper);
            }
        }
        if (list3 != null) {
            Iterator<MethodDescriptor> it3 = list3.iterator();
            while (it3.hasNext()) {
                deployPolicy(it3.next(), securityHelper);
            }
        }
    }

    boolean deployPolicy(MethodDescriptor methodDescriptor, SecurityHelper securityHelper) throws Exception {
        MethodInfo methodInfo = methodDescriptor.getMethodInfo();
        Set<String> securityRoleNames = methodInfo.getSecurityRoleNames();
        EJBMethodPermission createEJBMethodPermission = SecurityHelper.createEJBMethodPermission(methodDescriptor);
        methodDescriptor.setSecurityHelper(securityHelper);
        methodDescriptor.setEJBMethodPermission(createEJBMethodPermission);
        if (!methodInfo.needsSecurityCheck()) {
            return false;
        }
        if (securityRoleNames.isEmpty()) {
            if (debugLogger.isDebugEnabled()) {
                debug(" no policy for " + createEJBMethodPermission);
            }
            if (!dont_register_uncovered_methods && !methodInfo.getIsExcluded()) {
                if (debugLogger.isDebugEnabled()) {
                    debug("  deploying uncovered method as 'unchecked': '" + createEJBMethodPermission + "'");
                }
                this.jaccPolicyConfig.addToUncheckedPolicy(createEJBMethodPermission);
            }
        } else {
            for (String str : securityRoleNames) {
                if (debugLogger.isDebugEnabled()) {
                    debug("  next roleName is: '" + str + "'");
                }
                if (debugLogger.isDebugEnabled()) {
                    debug("registerRolesWithMethod, jaccPolicyConfig.addToRole " + str + ", " + createEJBMethodPermission);
                }
                this.jaccPolicyConfig.addToRole(str, createEJBMethodPermission);
            }
        }
        if (methodInfo.getUnchecked()) {
            this.jaccPolicyConfig.addToUncheckedPolicy(createEJBMethodPermission);
        }
        if (!methodInfo.getIsExcluded()) {
            return true;
        }
        this.jaccPolicyConfig.addToExcludedPolicy(createEJBMethodPermission);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void processUncheckedExcludedMethod(MethodDescriptor methodDescriptor) throws WLDeploymentException {
        MethodInfo methodInfo = methodDescriptor.getMethodInfo();
        if (methodInfo.getUnchecked()) {
            try {
                this.jaccPolicyConfig.addToUncheckedPolicy(SecurityHelper.createEJBMethodPermission(methodDescriptor));
                return;
            } catch (PolicyContextException e) {
                throw new WLDeploymentException(e.getMessage(), e);
            }
        }
        if (methodInfo.getIsExcluded()) {
            try {
                this.jaccPolicyConfig.addToExcludedPolicy(SecurityHelper.createEJBMethodPermission(methodDescriptor));
            } catch (PolicyContextException e2) {
                throw new WLDeploymentException(e2.getMessage(), e2);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void registerRoleRefs(String str, Map map) throws WLDeploymentException {
        Set<String> keySet = map.keySet();
        if (keySet.size() <= 0) {
            return;
        }
        try {
            for (String str2 : keySet) {
                this.jaccPolicyConfig.addToRole(((SecurityRoleReference) map.get(str2)).getReferencedRole(), SecurityHelper.createEJBRoleRefPermission(str, str2));
            }
        } catch (PolicyContextException e) {
            throw new WLDeploymentException(e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void activate() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deactivate() {
        try {
            this.jaccPolicyConfig.delete();
        } catch (PolicyContextException e) {
        }
    }

    public void setContext(ContextHandler contextHandler) {
        PolicyContext.setHandlerData(contextHandler);
    }

    public void resetContext() {
        PolicyContext.setHandlerData(null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isAccessAllowed(EJBMethodPermission eJBMethodPermission, ContextHandler contextHandler) {
        Principal[] principalArr;
        boolean z;
        AuthenticatedSubject currentSubject = SecurityHelper.getCurrentSubject();
        if (currentSubject != null) {
            principalArr = new Principal[currentSubject.getPrincipals().size()];
            currentSubject.getPrincipals().toArray(principalArr);
        } else {
            principalArr = new Principal[0];
        }
        try {
            z = implies(eJBMethodPermission, new ProtectionDomain(this.jaccCodeSource, null, null, principalArr));
        } catch (SecurityException e) {
            e.printStackTrace();
            z = false;
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isCallerInRole(String str, AuthenticatedSubject authenticatedSubject, String str2) {
        try {
            return implies(new EJBRoleRefPermission(str, str2), getProtectionDomainForSubject(authenticatedSubject));
        } catch (SecurityException e) {
            e.printStackTrace();
            return false;
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:11:0x0063
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private boolean implies(java.security.Permission r5, java.security.ProtectionDomain r6) {
        /*
            r4 = this;
            java.lang.String r0 = javax.security.jacc.PolicyContext.getContextID()
            r7 = r0
            r0 = r4
            r1 = r4
            java.lang.String r1 = r1.jaccPolicyContextId     // Catch: java.lang.Throwable -> L44 java.lang.Throwable -> L51
            r0.setPolicyContext(r1)     // Catch: java.lang.Throwable -> L44 java.lang.Throwable -> L51
            weblogic.diagnostics.debug.DebugLogger r0 = weblogic.ejb.container.internal.SecurityHelperJACC.debugLogger     // Catch: java.lang.Throwable -> L44 java.lang.Throwable -> L51
            boolean r0 = r0.isDebugEnabled()     // Catch: java.lang.Throwable -> L44 java.lang.Throwable -> L51
            if (r0 == 0) goto L34
            java.lang.StringBuilder r0 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> L44 java.lang.Throwable -> L51
            r1 = r0
            r1.<init>()     // Catch: java.lang.Throwable -> L44 java.lang.Throwable -> L51
            java.lang.String r1 = "about to call Policy.getPolicy().implies on ProtectionDomain: "
            java.lang.StringBuilder r0 = r0.append(r1)     // Catch: java.lang.Throwable -> L44 java.lang.Throwable -> L51
            r1 = r6
            java.lang.StringBuilder r0 = r0.append(r1)     // Catch: java.lang.Throwable -> L44 java.lang.Throwable -> L51
            java.lang.String r1 = ", permission: "
            java.lang.StringBuilder r0 = r0.append(r1)     // Catch: java.lang.Throwable -> L44 java.lang.Throwable -> L51
            r1 = r5
            java.lang.StringBuilder r0 = r0.append(r1)     // Catch: java.lang.Throwable -> L44 java.lang.Throwable -> L51
            java.lang.String r0 = r0.toString()     // Catch: java.lang.Throwable -> L44 java.lang.Throwable -> L51
            debug(r0)     // Catch: java.lang.Throwable -> L44 java.lang.Throwable -> L51
        L34:
            java.security.Policy r0 = java.security.Policy.getPolicy()     // Catch: java.lang.Throwable -> L44 java.lang.Throwable -> L51
            r1 = r6
            r2 = r5
            boolean r0 = r0.implies(r1, r2)     // Catch: java.lang.Throwable -> L44 java.lang.Throwable -> L51
            r8 = r0
            r0 = jsr -> L59
        L41:
            r1 = r8
            return r1
        L44:
            r8 = move-exception
            r0 = r8
            r0.printStackTrace()     // Catch: java.lang.Throwable -> L51
            r0 = jsr -> L59
        L4e:
            goto L67
        L51:
            r9 = move-exception
            r0 = jsr -> L59
        L56:
            r1 = r9
            throw r1
        L59:
            r10 = r0
            r0 = r4
            r1 = r7
            r0.setPolicyContext(r1)     // Catch: java.lang.Throwable -> L63
            goto L65
        L63:
            r11 = move-exception
        L65:
            ret r10
        L67:
            r1 = 0
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: weblogic.ejb.container.internal.SecurityHelperJACC.implies(java.security.Permission, java.security.ProtectionDomain):boolean");
    }

    private void setPolicyContext(final String str) throws Throwable {
        String contextID = PolicyContext.getContextID();
        if (contextID == str || !(contextID == null || str == null || !contextID.equals(str))) {
            if (debugLogger.isDebugEnabled()) {
                debug("#### setPolicyContext(): Policy Context ID was the same: " + contextID);
            }
        } else {
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: weblogic.ejb.container.internal.SecurityHelperJACC.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        PolicyContext.setContextID(str);
                        return null;
                    }
                });
            } catch (PrivilegedActionException e) {
                throw e.getCause();
            }
        }
    }

    private ProtectionDomain getProtectionDomainForSubject(AuthenticatedSubject authenticatedSubject) {
        Principal[] principalArr;
        if (authenticatedSubject != null) {
            principalArr = new Principal[authenticatedSubject.getPrincipals().size()];
            authenticatedSubject.getPrincipals().toArray(principalArr);
        } else {
            principalArr = new Principal[0];
        }
        return new ProtectionDomain(this.jaccCodeSource, null, null, principalArr);
    }

    private static void debug(String str) {
        debugLogger.debug("[SecurityHelperJACC] " + str);
    }

    static {
        dont_register_uncovered_methods = System.getProperty(DONT_REGISTER_UNCOVERED_METHODS) != null;
        debugLogger = EJBDebugService.securityLogger;
        CommonPolicyContextHandler commonPolicyContextHandler = new CommonPolicyContextHandler();
        String[] keys = EJBContextHandler.getKeys();
        DelegatingPolicyContextHandler delegatingPolicyContextHandler = new DelegatingPolicyContextHandler(keys);
        try {
            PolicyContext.registerHandler(CommonPolicyContextHandler.SUBJECT_KEY, commonPolicyContextHandler, true);
            for (String str : keys) {
                PolicyContext.registerHandler(str, delegatingPolicyContextHandler, true);
            }
        } catch (PolicyContextException e) {
            EJBLogger.logFailedToRegisterPolicyContextHandlers(e);
        }
    }
}
