package weblogic.servlet.security.internal;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import weblogic.application.ApplicationContextInternal;
import weblogic.application.utils.ApplicationVersionUtils;
import weblogic.j2ee.descriptor.AuthConstraintBean;
import weblogic.j2ee.descriptor.SecurityConstraintBean;
import weblogic.j2ee.descriptor.SecurityRoleRefBean;
import weblogic.j2ee.descriptor.ServletBean;
import weblogic.j2ee.descriptor.UserDataConstraintBean;
import weblogic.j2ee.descriptor.WebResourceCollectionBean;
import weblogic.management.DeploymentException;
import weblogic.management.servlet.ConnectionSigner;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.jacc.CommonPolicyContextHandler;
import weblogic.security.jacc.DelegatingPolicyContextHandler;
import weblogic.security.jacc.RoleMapper;
import weblogic.security.jacc.RoleMapperFactory;
import weblogic.servlet.HTTPLogger;
import weblogic.servlet.internal.ServletRequestImpl;
import weblogic.servlet.internal.ServletStubImpl;
import weblogic.servlet.internal.WebAppServletContext;
import weblogic.servlet.internal.dd.UserDataConstraint;
import weblogic.servlet.internal.session.SessionConstants;
import weblogic.utils.collections.SoftHashMap;
import weblogic.xml.crypto.utils.DOMUtils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:weblogic/servlet/security/internal/WebAppSecurityJacc.class */
public final class WebAppSecurityJacc extends WebAppSecurity {
    private static final boolean DEBUG = false;
    private static final char DELIMITER = '_';
    private static final boolean CACHE = true;
    private final RoleMapper roleMapper;
    private final PolicyConfiguration policyConfig;
    private final CodeSource codeSource;
    private final ProtectionDomain protectionDomain;
    private final String contextId;
    private HashMap patterns;
    private SoftHashMap pdCache;
    private SoftHashMap udPermCache;
    private SoftHashMap rrPermCache;
    private SoftHashMap resPermCache;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/servlet/security/internal/WebAppSecurityJacc$PatternHelper.class */
    public static class PatternHelper {
        private final String pattern;
        private final boolean prefixPattern;
        private final boolean exactPattern;
        private final boolean extensionPattern;
        private final boolean defaultPattern;
        private final String prefix;
        private HashSet methodExceptionForWRP = new HashSet();
        private HashSet methodExceptionForUDC = new HashSet();
        private String qualifiedPattern;
        private final String extension;

        PatternHelper(String str) {
            this.pattern = str;
            this.qualifiedPattern = this.pattern;
            if (str == null) {
                throw new IllegalArgumentException("pattern is null");
            }
            if (str.length() == 1 && str.charAt(0) == '/') {
                this.defaultPattern = true;
                this.exactPattern = false;
                this.extensionPattern = false;
                this.prefixPattern = false;
                this.prefix = "";
                this.extension = null;
                return;
            }
            if (str.startsWith("*.")) {
                this.exactPattern = false;
                this.extensionPattern = true;
                this.prefixPattern = false;
                this.defaultPattern = false;
                this.prefix = null;
                this.extension = this.pattern.substring(1);
                return;
            }
            if (str.length() == 2 && str.equals("/*")) {
                this.exactPattern = false;
                this.extensionPattern = false;
                this.prefixPattern = true;
                this.defaultPattern = true;
                this.prefix = "";
                this.extension = null;
                return;
            }
            if (str.endsWith("/*")) {
                this.exactPattern = false;
                this.extensionPattern = false;
                this.prefixPattern = true;
                this.defaultPattern = false;
                this.prefix = this.pattern.substring(0, this.pattern.length() - 1);
                this.extension = null;
                return;
            }
            this.exactPattern = true;
            this.extensionPattern = false;
            this.prefixPattern = false;
            this.defaultPattern = false;
            this.prefix = str;
            this.extension = null;
        }

        String getPattern() {
            return this.pattern;
        }

        boolean isPrefixPattern() {
            return this.prefixPattern;
        }

        boolean isExactPattern() {
            return this.exactPattern;
        }

        boolean isExtensionPattern() {
            return this.extensionPattern;
        }

        boolean isDefaultPattern() {
            return this.defaultPattern;
        }

        String getPrefix() {
            return this.prefix;
        }

        HashSet getMethodExceptionForWRP() {
            return this.methodExceptionForWRP;
        }

        HashSet getMethodExceptionForUDC() {
            return this.methodExceptionForUDC;
        }

        String getQualifiedPattern() {
            return this.qualifiedPattern;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void computeQualifiedPatterns(HashMap hashMap) {
            if (isExactPattern()) {
                return;
            }
            for (PatternHelper patternHelper : hashMap.values()) {
                if (!patternHelper.getPattern().equals(this.pattern)) {
                    boolean z = false;
                    if (isDefaultPattern()) {
                        z = (patternHelper.getPattern().equals("/") || patternHelper.getPattern().equals("/*")) ? false : true;
                    } else if (isPrefixPattern()) {
                        if (patternHelper.isPrefixPattern()) {
                            z = patternHelper.getPrefix().startsWith(this.prefix);
                        } else if (patternHelper.isExactPattern()) {
                            z = patternHelper.getPattern().startsWith(this.prefix) || this.prefix.equals(new StringBuilder().append(patternHelper.getPattern()).append("/").toString());
                        }
                    } else if (patternHelper.isPrefixPattern()) {
                        z = true;
                    } else if (patternHelper.isExactPattern()) {
                        z = patternHelper.getPattern().endsWith(this.extension);
                    }
                    if (z) {
                        this.qualifiedPattern += DOMUtils.QNAME_SEPARATOR + patternHelper.getPattern();
                    }
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addExceptionMethodsForWRP(String[] strArr) {
            if (strArr == null || strArr.length == 0) {
                this.methodExceptionForWRP = null;
                return;
            }
            if (this.methodExceptionForWRP == null) {
                this.methodExceptionForWRP = new HashSet();
            }
            for (String str : strArr) {
                this.methodExceptionForWRP.add(str);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void addExceptionMethodsForUDC(String[] strArr) {
            if (strArr == null || strArr.length == 0) {
                this.methodExceptionForUDC = null;
                return;
            }
            if (this.methodExceptionForUDC == null) {
                this.methodExceptionForUDC = new HashSet();
            }
            for (String str : strArr) {
                this.methodExceptionForUDC.add(str);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/servlet/security/internal/WebAppSecurityJacc$PermKey.class */
    public class PermKey {
        private String key1;
        private String key2;

        private PermKey(String str, String str2) {
            this.key1 = str;
            this.key2 = str2;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof PermKey)) {
                return false;
            }
            PermKey permKey = (PermKey) obj;
            if (this.key2 != null) {
                if (!this.key2.equals(permKey.key2)) {
                    return false;
                }
            } else if (permKey.key2 != null) {
                return false;
            }
            return this.key1 != null ? this.key1.equals(permKey.key1) : permKey.key1 == null;
        }

        public int hashCode() {
            return (29 * (this.key1 != null ? this.key1.hashCode() : 0)) + (this.key2 != null ? this.key2.hashCode() : 0);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public WebAppSecurityJacc(WebAppServletContext webAppServletContext) throws DeploymentException {
        super(webAppServletContext);
        this.patterns = new HashMap();
        this.pdCache = new SoftHashMap();
        this.udPermCache = new SoftHashMap();
        this.rrPermCache = new SoftHashMap();
        this.resPermCache = new SoftHashMap();
        try {
            PolicyConfigurationFactory policyConfigurationFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
            this.contextId = new StringBuffer(101).append(webAppServletContext.getServer().getName()).append('_').append(ApplicationVersionUtils.replaceDelimiter(webAppServletContext.getApplicationId(), '_')).append('_').append(webAppServletContext.getContextPath().replace('/', '_')).toString();
            try {
                this.policyConfig = policyConfigurationFactory.getPolicyConfiguration(this.contextId, true);
                try {
                    RoleMapperFactory roleMapperFactory = RoleMapperFactory.getRoleMapperFactory();
                    ApplicationContextInternal applicationContext = this.context.getApplicationContext();
                    this.roleMapper = roleMapperFactory.getRoleMapper(applicationContext.getApplicationId(), this.contextId, false);
                    this.codeSource = initializeCodeSource();
                    this.protectionDomain = new ProtectionDomain(this.codeSource, null);
                    applicationContext.addJACCPolicyConfiguration(this.policyConfig);
                } catch (ClassNotFoundException e) {
                    throw new DeploymentException(e);
                } catch (PolicyContextException e2) {
                    throw new DeploymentException(e2);
                }
            } catch (PolicyContextException e3) {
                throw new DeploymentException(e3);
            }
        } catch (ClassNotFoundException e4) {
            throw new DeploymentException(e4);
        } catch (PolicyContextException e5) {
            throw new DeploymentException(e5);
        }
    }

    @Override // weblogic.servlet.security.internal.WebAppSecurity
    protected boolean isJaccEnabled() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // weblogic.servlet.security.internal.WebAppSecurity
    public boolean isFullSecurityDelegationRequired() {
        return true;
    }

    @Override // weblogic.servlet.security.internal.WebAppSecurity
    protected void deployRoles() throws DeploymentException {
        if (this.roles.isEmpty()) {
            return;
        }
        Iterator it = this.roles.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (!isExternallyDefined((String[]) this.roleMapping.get(str))) {
                try {
                    this.policyConfig.addToRole(str, new WebRoleRefPermission("", str));
                } catch (PolicyContextException e) {
                    throw new DeploymentException(e);
                }
            }
        }
        if (this.roleMapping == null || this.roleMapping.isEmpty()) {
            return;
        }
        this.roleMapper.addAppRolesToPrincipalMap(this.roleMapping);
    }

    @Override // weblogic.servlet.security.internal.WebAppSecurity
    protected void deployPolicies(SecurityConstraintBean[] securityConstraintBeanArr) throws DeploymentException {
        collectPatterns(securityConstraintBeanArr);
        computeQualifiedPatterns();
        deployRegisteredPolicies(securityConstraintBeanArr);
        deployUncheckedPoliciesForException();
    }

    private void deployUncheckedPoliciesForException() throws DeploymentException {
        for (PatternHelper patternHelper : this.patterns.values()) {
            if (patternHelper.getMethodExceptionForWRP() != null) {
                String[] strArr = new String[patternHelper.getMethodExceptionForWRP().size()];
                patternHelper.getMethodExceptionForWRP().toArray(strArr);
                String methodsToAction = methodsToAction(strArr);
                if (methodsToAction != null) {
                    methodsToAction = SessionConstants.DELIMITER + methodsToAction;
                }
                try {
                    this.policyConfig.addToUncheckedPolicy(new WebResourcePermission(patternHelper.getQualifiedPattern(), methodsToAction));
                } catch (PolicyContextException e) {
                    throw new DeploymentException(e);
                }
            }
            if (patternHelper.getMethodExceptionForUDC() != null) {
                String[] strArr2 = new String[patternHelper.getMethodExceptionForUDC().size()];
                patternHelper.getMethodExceptionForUDC().toArray(strArr2);
                String methodsToAction2 = methodsToAction(strArr2);
                if (methodsToAction2 != null) {
                    methodsToAction2 = SessionConstants.DELIMITER + methodsToAction2;
                }
                try {
                    this.policyConfig.addToUncheckedPolicy(new WebUserDataPermission(patternHelper.getQualifiedPattern(), methodsToAction2));
                } catch (PolicyContextException e2) {
                    throw new DeploymentException(e2);
                }
            }
        }
    }

    private void deployRegisteredPolicies(SecurityConstraintBean[] securityConstraintBeanArr) throws DeploymentException {
        if (securityConstraintBeanArr == null) {
            return;
        }
        for (int i = 0; i < securityConstraintBeanArr.length; i++) {
            WebResourceCollectionBean[] webResourceCollections = securityConstraintBeanArr[i].getWebResourceCollections();
            if (webResourceCollections != null) {
                registerWebResourceCollections(securityConstraintBeanArr[i], webResourceCollections);
            }
        }
    }

    private void registerWebResourceCollections(SecurityConstraintBean securityConstraintBean, WebResourceCollectionBean[] webResourceCollectionBeanArr) throws DeploymentException {
        for (WebResourceCollectionBean webResourceCollectionBean : webResourceCollectionBeanArr) {
            registerSecurityPattern(webResourceCollectionBean, securityConstraintBean);
        }
    }

    private void registerSecurityPattern(WebResourceCollectionBean webResourceCollectionBean, SecurityConstraintBean securityConstraintBean) throws DeploymentException {
        String[] httpMethods = webResourceCollectionBean.getHttpMethods();
        for (String str : webResourceCollectionBean.getUrlPatterns()) {
            PatternHelper patternHelper = (PatternHelper) this.patterns.get(fixupURLPattern(str));
            registerAuthConstraint(patternHelper, httpMethods, securityConstraintBean);
            UserDataConstraintBean userDataConstraint = securityConstraintBean.getUserDataConstraint();
            if (userDataConstraint != null) {
                registerUserDataConstraints(userDataConstraint, patternHelper, httpMethods);
            }
        }
    }

    private void registerAuthConstraint(PatternHelper patternHelper, String[] strArr, SecurityConstraintBean securityConstraintBean) throws DeploymentException {
        AuthConstraintBean authConstraint = securityConstraintBean.getAuthConstraint();
        if (authConstraint == null) {
            return;
        }
        String[] roleNames = authConstraint.getRoleNames();
        patternHelper.addExceptionMethodsForWRP(strArr);
        if (roleNames != null && roleNames.length >= 1) {
            deployRoleBasedPolicies(roleNames, patternHelper, strArr);
        } else {
            deployExcludedPolicy(patternHelper, strArr);
            patternHelper.addExceptionMethodsForUDC(strArr);
        }
    }

    private void registerUserDataConstraints(UserDataConstraintBean userDataConstraintBean, PatternHelper patternHelper, String[] strArr) throws DeploymentException {
        String transportGuarantee = userDataConstraintBean.getTransportGuarantee();
        if (transportGuarantee.equals(UserDataConstraint.CONFIDENTIAL) || transportGuarantee.equals(UserDataConstraint.INTEGRAL)) {
            patternHelper.addExceptionMethodsForUDC(strArr);
            try {
                this.policyConfig.addToUncheckedPolicy(new WebUserDataPermission(patternHelper.getQualifiedPattern(), methodsToAction(strArr) + ':' + transportGuarantee));
            } catch (PolicyContextException e) {
                throw new DeploymentException(e);
            }
        }
    }

    private void deployRoleBasedPolicies(String[] strArr, PatternHelper patternHelper, String[] strArr2) throws DeploymentException {
        int i = 0;
        while (true) {
            if (i >= strArr.length) {
                break;
            }
            if (strArr[i].equals("*")) {
                strArr = new String[this.roles.size()];
                this.roles.toArray(strArr);
                break;
            }
            i++;
        }
        for (String str : strArr) {
            try {
                this.policyConfig.addToRole(str, new WebResourcePermission(patternHelper.getQualifiedPattern(), methodsToAction(strArr2)));
            } catch (PolicyContextException e) {
                throw new DeploymentException(e);
            }
        }
    }

    private void deployExcludedPolicy(PatternHelper patternHelper, String[] strArr) throws DeploymentException {
        WebResourcePermission webResourcePermission = new WebResourcePermission(patternHelper.getQualifiedPattern(), methodsToAction(strArr));
        WebUserDataPermission webUserDataPermission = new WebUserDataPermission(patternHelper.getQualifiedPattern(), methodsToAction(strArr));
        try {
            this.policyConfig.addToExcludedPolicy(webResourcePermission);
            this.policyConfig.addToExcludedPolicy(webUserDataPermission);
        } catch (PolicyContextException e) {
            throw new DeploymentException(e);
        }
    }

    private String methodsToAction(String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer(101);
        for (int i = 0; i < strArr.length; i++) {
            if (i != 0) {
                stringBuffer.append(',');
            }
            stringBuffer.append(strArr[i]);
        }
        return stringBuffer.toString();
    }

    private void collectPatterns(SecurityConstraintBean[] securityConstraintBeanArr) {
        this.patterns.put("/", new PatternHelper("/"));
        if (securityConstraintBeanArr == null) {
            return;
        }
        for (SecurityConstraintBean securityConstraintBean : securityConstraintBeanArr) {
            WebResourceCollectionBean[] webResourceCollections = securityConstraintBean.getWebResourceCollections();
            if (webResourceCollections != null && webResourceCollections.length >= 1) {
                for (WebResourceCollectionBean webResourceCollectionBean : webResourceCollections) {
                    String[] urlPatterns = webResourceCollectionBean.getUrlPatterns();
                    if (urlPatterns != null) {
                        for (String str : urlPatterns) {
                            String fixupURLPattern = fixupURLPattern(str);
                            this.patterns.put(fixupURLPattern, new PatternHelper(fixupURLPattern));
                        }
                    }
                }
            }
        }
    }

    private void computeQualifiedPatterns() {
        if (this.patterns.isEmpty()) {
            return;
        }
        Iterator it = this.patterns.values().iterator();
        while (it.hasNext()) {
            ((PatternHelper) it.next()).computeQualifiedPatterns(this.patterns);
        }
    }

    @Override // weblogic.servlet.security.internal.WebAppSecurity
    protected void deployRoleLink(ServletStubImpl servletStubImpl, String str, String str2) throws DeploymentException {
        try {
            this.policyConfig.addToRole(str2, new WebRoleRefPermission(servletStubImpl.getServletName(), str));
        } catch (PolicyContextException e) {
            throw new DeploymentException(e);
        }
    }

    @Override // weblogic.servlet.security.internal.WebAppSecurity
    public void registerRoleRefs(ServletStubImpl servletStubImpl) throws DeploymentException {
        if (this.roles.isEmpty()) {
            return;
        }
        HashSet roleRefsFromServletBean = getRoleRefsFromServletBean(servletStubImpl.getServletName());
        Iterator it = this.roles.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (!roleRefsFromServletBean.contains(str)) {
                try {
                    this.policyConfig.addToRole(str, new WebRoleRefPermission(servletStubImpl.getServletName(), str));
                } catch (PolicyContextException e) {
                    throw new DeploymentException(e);
                }
            }
        }
    }

    private HashSet getRoleRefsFromServletBean(String str) {
        SecurityRoleRefBean[] securityRoleRefs;
        HashSet hashSet = new HashSet();
        ServletBean lookupServlet = getContext().getWebAppModule().getWebAppBean().lookupServlet(str);
        if (lookupServlet != null && (securityRoleRefs = lookupServlet.getSecurityRoleRefs()) != null && securityRoleRefs.length > 0) {
            for (SecurityRoleRefBean securityRoleRefBean : securityRoleRefs) {
                hashSet.add(securityRoleRefBean.getRoleName());
            }
        }
        return hashSet;
    }

    @Override // weblogic.servlet.security.internal.WebAppSecurity
    public void start() {
    }

    private CodeSource initializeCodeSource() throws DeploymentException {
        try {
            return new CodeSource(new URL(new URI("file:///" + this.context.getDocroot().replace('\\', '/')).toString()), (Certificate[]) null);
        } catch (MalformedURLException e) {
            throw new DeploymentException(e);
        } catch (URISyntaxException e2) {
            throw new DeploymentException(e2);
        }
    }

    @Override // weblogic.servlet.security.internal.WebAppSecurity
    public void initContextHandler(ServletRequestImpl servletRequestImpl) {
        PolicyContext.setHandlerData(new WebAppContextHandlerData(servletRequestImpl));
    }

    @Override // weblogic.servlet.security.internal.WebAppSecurity
    public void resetContextHandler() {
        PolicyContext.setHandlerData(null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // weblogic.servlet.security.internal.WebAppSecurity
    public boolean checkTransport(ResourceConstraint resourceConstraint, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String relativeURI = getRelativeURI(httpServletRequest);
        if (relativeURI.length() == 1 && relativeURI.charAt(0) == '/') {
            relativeURI = "";
        }
        String method = httpServletRequest.getMethod();
        if (httpServletRequest.isSecure()) {
            method = method + ":CONFIDENTIAL";
        }
        try {
            boolean checkTransport = checkTransport(relativeURI, method);
            if (checkTransport) {
                return true;
            }
            if (httpServletRequest.isSecure()) {
                httpServletResponse.sendError(403);
            } else {
                checkTransport = checkTransport(relativeURI, method + ":CONFIDENTIAL");
                if (checkTransport) {
                    String securedURL = getSecuredURL(httpServletRequest, httpServletResponse, httpServletRequest.getRequestURI());
                    if (securedURL != null) {
                        httpServletResponse.sendRedirect(securedURL);
                    } else {
                        httpServletResponse.sendError(403);
                    }
                } else {
                    httpServletResponse.sendError(403);
                }
            }
            return checkTransport;
        } catch (SecurityException e) {
            HTTPLogger.logSecurityException("user data constraints check", httpServletRequest.getRequestURI(), this.context.getLogContext(), e);
            return false;
        }
    }

    @Override // weblogic.servlet.security.internal.WebAppSecurity
    public boolean isSSLRequired(String str, String str2) {
        if (str.length() == 1 && str.charAt(0) == '/') {
            str = "";
        }
        try {
            if (checkTransport(str, str2)) {
                return false;
            }
            return checkTransport(str, str2 + ":CONFIDENTIAL");
        } catch (SecurityException e) {
            HTTPLogger.logSecurityException("user data constraints check", str, this.context.getLogContext(), e);
            return true;
        }
    }

    private boolean checkTransport(String str, String str2) {
        return implies(getWebUserDataPermission(str, str2), this.protectionDomain);
    }

    @Override // weblogic.servlet.security.internal.WebAppSecurity
    public boolean isSubjectInRole(AuthenticatedSubject authenticatedSubject, String str, WebAppContextHandler webAppContextHandler, ServletStubImpl servletStubImpl) {
        try {
            return implies(getWebRoleRefPermission(servletStubImpl.isDynamicallyGenerated() ? "" : servletStubImpl.getServletName(), str), getProtectionDomainForSubject(authenticatedSubject));
        } catch (SecurityException e) {
            HTTPLogger.logSecurityException("isUserInRole check", authenticatedSubject.getName(), this.context.getLogContext(), e);
            return false;
        }
    }

    @Override // weblogic.servlet.security.internal.WebAppSecurity
    public boolean hasPermission(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticatedSubject authenticatedSubject, ResourceConstraint resourceConstraint) {
        boolean z;
        if (this.context.isAdminMode() && this.context.isInternalApp() && ConnectionSigner.isConnectionSigned(httpServletRequest)) {
            return true;
        }
        if (this.context.isAdminMode()) {
            return checkAdminMode(authenticatedSubject);
        }
        try {
            z = implies(getWebResourcePermission(httpServletRequest), getProtectionDomainForSubject(authenticatedSubject));
        } catch (SecurityException e) {
            HTTPLogger.logSecurityException("permission check", httpServletRequest.getRequestURI(), this.context.getLogContext(), e);
            z = false;
        }
        return z;
    }

    private WebUserDataPermission getWebUserDataPermission(String str, String str2) {
        PermKey permKey = new PermKey(str, str2);
        WebUserDataPermission webUserDataPermission = (WebUserDataPermission) this.udPermCache.get(permKey);
        if (webUserDataPermission != null) {
            return webUserDataPermission;
        }
        WebUserDataPermission webUserDataPermission2 = new WebUserDataPermission(str, str2);
        this.udPermCache.put(permKey, webUserDataPermission2);
        return webUserDataPermission2;
    }

    private WebRoleRefPermission getWebRoleRefPermission(String str, String str2) {
        PermKey permKey = new PermKey(str, str2);
        WebRoleRefPermission webRoleRefPermission = (WebRoleRefPermission) this.rrPermCache.get(permKey);
        if (webRoleRefPermission != null) {
            return webRoleRefPermission;
        }
        WebRoleRefPermission webRoleRefPermission2 = new WebRoleRefPermission(str, str2);
        this.rrPermCache.put(permKey, webRoleRefPermission2);
        return webRoleRefPermission2;
    }

    private WebResourcePermission getWebResourcePermission(HttpServletRequest httpServletRequest) {
        String servletPath = httpServletRequest.getServletPath();
        if (servletPath.length() == 1 && servletPath.charAt(0) == '/') {
            servletPath = "";
        }
        String method = httpServletRequest.getMethod();
        PermKey permKey = new PermKey(servletPath, method);
        WebResourcePermission webResourcePermission = (WebResourcePermission) this.resPermCache.get(permKey);
        if (webResourcePermission != null) {
            return webResourcePermission;
        }
        WebResourcePermission webResourcePermission2 = new WebResourcePermission(servletPath, method);
        this.resPermCache.put(permKey, webResourcePermission2);
        return webResourcePermission2;
    }

    private ProtectionDomain getProtectionDomainForSubject(AuthenticatedSubject authenticatedSubject) {
        Principal[] principalArr;
        if (authenticatedSubject != null) {
            principalArr = new Principal[authenticatedSubject.getPrincipals().size()];
            authenticatedSubject.getPrincipals().toArray(principalArr);
        } else {
            principalArr = new Principal[0];
        }
        ProtectionDomain protectionDomain = (ProtectionDomain) this.pdCache.get(authenticatedSubject);
        if (protectionDomain != null) {
            return protectionDomain;
        }
        ProtectionDomain protectionDomain2 = new ProtectionDomain(this.codeSource, null, null, principalArr);
        this.pdCache.put(authenticatedSubject, protectionDomain2);
        return protectionDomain2;
    }

    private boolean implies(Permission permission, ProtectionDomain protectionDomain) {
        String contextID = PolicyContext.getContextID();
        setPolicyContext(this.contextId);
        try {
            return Policy.getPolicy().implies(protectionDomain, permission);
        } finally {
            setPolicyContext(contextID);
        }
    }

    private void setPolicyContext(final String str) {
        String contextID = PolicyContext.getContextID();
        if (contextID != str) {
            if (contextID == null || str == null || !contextID.equals(str)) {
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: weblogic.servlet.security.internal.WebAppSecurityJacc.1
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            PolicyContext.setContextID(str);
                            return null;
                        }
                    });
                } catch (PrivilegedActionException e) {
                    PrivilegedActionException privilegedActionException = e;
                    if (e.getCause() != null) {
                        privilegedActionException = e.getCause();
                    }
                    throw new SecurityException(privilegedActionException.getMessage());
                }
            }
        }
    }

    @Override // weblogic.servlet.security.internal.WebAppSecurity
    public ResourceConstraint getConstraint(HttpServletRequest httpServletRequest) {
        return null;
    }

    @Override // weblogic.servlet.security.internal.WebAppSecurity
    public void unregister() {
        super.unregister();
        try {
            this.policyConfig.delete();
        } catch (PolicyContextException e) {
            HTTPLogger.logFailedToUndeploySecurityPolicy(this.policyConfig.toString(), e);
        }
    }

    static {
        CommonPolicyContextHandler commonPolicyContextHandler = new CommonPolicyContextHandler();
        String[] keys = WebAppContextHandlerData.getKeys();
        DelegatingPolicyContextHandler delegatingPolicyContextHandler = new DelegatingPolicyContextHandler(keys);
        try {
            PolicyContext.registerHandler(CommonPolicyContextHandler.SUBJECT_KEY, commonPolicyContextHandler, true);
            for (String str : keys) {
                PolicyContext.registerHandler(str, delegatingPolicyContextHandler, true);
            }
        } catch (PolicyContextException e) {
            HTTPLogger.logFailedToRegisterPolicyContextHandlers(e);
        }
    }
}
