package weblogic.ejb.container.internal;

import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.login.LoginException;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.PolicyConfiguration;
import weblogic.application.ApplicationContextInternal;
import weblogic.application.SecurityRole;
import weblogic.diagnostics.debug.DebugLogger;
import weblogic.ejb.container.EJBDebugService;
import weblogic.ejb.container.EJBLogger;
import weblogic.ejb.container.compliance.EJBComplianceTextFormatter;
import weblogic.ejb.container.interfaces.DeploymentInfo;
import weblogic.ejb.container.interfaces.MethodInfo;
import weblogic.ejb.container.interfaces.NoSuchRoleException;
import weblogic.ejb.container.interfaces.SecurityRoleMapping;
import weblogic.ejb.spi.WLDeploymentException;
import weblogic.ejb20.interfaces.PrincipalNotFoundException;
import weblogic.security.SubjectUtils;
import weblogic.security.WLSPrincipals;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.jacc.RoleMapper;
import weblogic.security.service.ContextHandler;
import weblogic.security.service.EJBResource;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityApplicationInfo;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.service.SupplementalPolicyObject;
import weblogic.utils.AssertionError;

/* loaded from: input_file:weblogic/ejb/container/internal/SecurityHelper.class */
public final class SecurityHelper {
    static final int SYSTEM_REALM = 0;
    static final int APP_REALM = 1;
    private boolean jaccEnabled;
    private SecurityHelperWLS wlsHelper;
    private SecurityHelperJACC jaccHelper;
    private String sysRealmName;
    private String appRealmName;
    private PrincipalAuthenticator appPrincipalAuth;
    private PrincipalAuthenticator sysPrincipalAuth;
    private Map<String, List<MethodDescriptor>> checkedMethodDescriptors = new HashMap();
    private Map<String, List<MethodDescriptor>> uncheckedMethodDescriptors = new HashMap();
    private Map<String, List<MethodDescriptor>> excludedMethodDescriptors = new HashMap();
    private static final DebugLogger debugLogger = EJBDebugService.securityLogger;
    private static final AuthenticatedSubject subject = obtainSubject();

    public SecurityHelper(String str, PolicyConfiguration policyConfiguration, String str2, String str3, RoleMapper roleMapper) throws WLDeploymentException {
        this.jaccEnabled = false;
        this.appRealmName = str;
        if (str2 != null) {
            this.jaccHelper = new SecurityHelperJACC(policyConfiguration, str2, str3, roleMapper);
            this.jaccEnabled = true;
        } else {
            this.sysRealmName = getSysRealmName();
            this.wlsHelper = new SecurityHelperWLS(str, this.sysRealmName);
            this.jaccEnabled = false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setupApplicationInfo(ApplicationContextInternal applicationContextInternal, DeploymentInfo deploymentInfo, SecurityApplicationInfo securityApplicationInfo) {
        if (this.jaccEnabled) {
            this.jaccHelper.setupApplicationInfo(applicationContextInternal, deploymentInfo);
        } else {
            this.wlsHelper.setupApplicationInfo(applicationContextInternal, deploymentInfo, securityApplicationInfo);
        }
    }

    protected AuthenticatedSubject getSubject() {
        return subject;
    }

    public AuthenticatedSubject getSubjectForPrincipal(String str) throws PrincipalNotFoundException {
        return getSubjectForPrincipal(str, 1);
    }

    AuthenticatedSubject getSubjectForPrincipal(String str, int i) throws PrincipalNotFoundException {
        try {
            AuthenticatedSubject impersonateIdentity = obtainPA(i).impersonateIdentity(str, null);
            if (debugLogger.isDebugEnabled()) {
                debug(" getSubjectForPrincipal: for Principal: '" + str + "', Subject is: '" + impersonateIdentity.toString() + "'");
            }
            return impersonateIdentity;
        } catch (LoginException e) {
            throw new PrincipalNotFoundException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deployRoles(DeploymentInfo deploymentInfo, SecurityRoleMapping securityRoleMapping, ApplicationContextInternal applicationContextInternal, int i) throws Exception {
        deployRoles(deploymentInfo, securityRoleMapping, applicationContextInternal, i, 1);
    }

    void deployRoles(DeploymentInfo deploymentInfo, SecurityRoleMapping securityRoleMapping, ApplicationContextInternal applicationContextInternal, int i, int i2) throws Exception {
        if (this.jaccEnabled) {
            this.jaccHelper.deployRoles(deploymentInfo, securityRoleMapping);
        } else {
            this.wlsHelper.deployRoles(deploymentInfo, getDeployableSecurityRoleMapping(securityRoleMapping, applicationContextInternal, i), i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void unDeployRoles(DeploymentInfo deploymentInfo, SecurityRoleMapping securityRoleMapping) {
        unDeployRoles(deploymentInfo, securityRoleMapping, 1);
    }

    void unDeployRoles(DeploymentInfo deploymentInfo, SecurityRoleMapping securityRoleMapping, int i) {
        if (this.jaccEnabled) {
            this.jaccHelper.unDeployRoles();
        } else {
            this.wlsHelper.unDeployRoles(deploymentInfo, securityRoleMapping, i);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void registerRoleRefs(String str, Map map) throws WLDeploymentException {
        if (this.jaccEnabled) {
            this.jaccHelper.registerRoleRefs(str, map);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deployAllPolicies() throws Exception {
        deployAllPolicies(1);
    }

    void deployAllPolicies(int i) throws Exception {
        if (!this.jaccEnabled) {
            this.wlsHelper.beginPolicyRegistration();
        }
        for (String str : getEjbNames()) {
            if (debugLogger.isDebugEnabled()) {
                debug("registering policies for EJB: " + str);
            }
            List<MethodDescriptor> checkedMethodDescriptors = getCheckedMethodDescriptors(str);
            if (checkedMethodDescriptors != null && debugLogger.isDebugEnabled()) {
                debug("registering policies for all " + checkedMethodDescriptors.size() + " checked methods");
            }
            List<MethodDescriptor> uncheckedMethodDescriptors = getUncheckedMethodDescriptors(str);
            if (uncheckedMethodDescriptors != null && debugLogger.isDebugEnabled()) {
                debug("registering policies for all " + uncheckedMethodDescriptors.size() + " unchecked methods");
            }
            List<MethodDescriptor> excludedMethodDescriptors = getExcludedMethodDescriptors(str);
            if (excludedMethodDescriptors != null && debugLogger.isDebugEnabled()) {
                debug("registering policies for all " + excludedMethodDescriptors.size() + " excluded methods");
            }
            deployPolicies(checkedMethodDescriptors, uncheckedMethodDescriptors, excludedMethodDescriptors, i);
        }
        if (this.jaccEnabled) {
            return;
        }
        this.wlsHelper.endPolicyRegistration();
    }

    private void deployPolicies(List<MethodDescriptor> list, List<MethodDescriptor> list2, List<MethodDescriptor> list3, int i) throws Exception {
        if (this.jaccEnabled) {
            this.jaccHelper.deployPolicies(list, list2, list3, this);
        } else {
            this.wlsHelper.deployPolicies(list, list2, list3, this, i);
        }
    }

    void unDeployAllPolicies() {
        if (this.jaccEnabled) {
            return;
        }
        this.wlsHelper.unDeployAllPolicies();
    }

    public boolean processUncheckedExcludedMethod(MethodDescriptor methodDescriptor) throws WLDeploymentException {
        MethodInfo methodInfo = methodDescriptor.getMethodInfo();
        if (methodInfo.getUnchecked()) {
            addUncheckedMethod(methodDescriptor);
            createEJBResource(methodDescriptor);
            if (!this.jaccEnabled) {
                return true;
            }
            this.jaccHelper.processUncheckedExcludedMethod(methodDescriptor);
            return true;
        }
        if (!methodInfo.getIsExcluded()) {
            addCheckedMethod(methodDescriptor);
            return false;
        }
        addExcludedMethod(methodDescriptor);
        createEJBResource(methodDescriptor);
        if (!this.jaccEnabled) {
            return true;
        }
        this.jaccHelper.processUncheckedExcludedMethod(methodDescriptor);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void activate() {
        if (this.jaccEnabled) {
            this.jaccHelper.activate();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deactivate() {
        if (this.jaccEnabled) {
            this.jaccHelper.deactivate();
        } else {
            this.wlsHelper.unDeployAllPolicies();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean fullyDelegateSecurityCheck() {
        return fullyDelegateSecurityCheck(this.appRealmName);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean fullyDelegateSecurityCheck(String str) {
        if (this.jaccEnabled) {
            return true;
        }
        return this.wlsHelper.fullyDelegateSecurityCheck(str);
    }

    public void setContext(ContextHandler contextHandler) {
        if (this.jaccEnabled) {
            this.jaccHelper.setContext(contextHandler);
        }
    }

    public void resetContext() {
        if (this.jaccEnabled) {
            this.jaccHelper.resetContext();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isAccessAllowed(EJBResource eJBResource, EJBMethodPermission eJBMethodPermission, ContextHandler contextHandler) {
        return isAccessAllowed(eJBResource, eJBMethodPermission, contextHandler, 1);
    }

    boolean isAccessAllowed(EJBResource eJBResource, EJBMethodPermission eJBMethodPermission, ContextHandler contextHandler, int i) {
        return this.jaccEnabled ? this.jaccHelper.isAccessAllowed(eJBMethodPermission, contextHandler) : this.wlsHelper.isAccessAllowed(eJBResource, contextHandler, i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isCallerInRole(String str, EJBResource eJBResource, String str2, String str3) {
        return isCallerInRole(eJBResource, str, str2, str3, 1);
    }

    boolean isCallerInRole(EJBResource eJBResource, String str, String str2, String str3, int i) {
        AuthenticatedSubject callerSubject = getCallerSubject();
        if (callerSubject != null) {
            return this.jaccEnabled ? this.jaccHelper.isCallerInRole(str, callerSubject, str2) : this.wlsHelper.isCallerInRole(eJBResource, callerSubject, str3, i);
        }
        if (!debugLogger.isDebugEnabled()) {
            return false;
        }
        debug(" isCallerInRole: Caller subject is null. isCallerInRole returns false");
        return false;
    }

    private void addCheckedMethod(MethodDescriptor methodDescriptor) {
        List<MethodDescriptor> list = this.checkedMethodDescriptors.get(methodDescriptor.getEjbName());
        if (list == null) {
            list = new ArrayList();
            this.checkedMethodDescriptors.put(methodDescriptor.getEjbName(), list);
        }
        list.add(methodDescriptor);
    }

    private void addUncheckedMethod(MethodDescriptor methodDescriptor) {
        List<MethodDescriptor> list = this.uncheckedMethodDescriptors.get(methodDescriptor.getEjbName());
        if (list == null) {
            list = new ArrayList();
            this.uncheckedMethodDescriptors.put(methodDescriptor.getEjbName(), list);
        }
        list.add(methodDescriptor);
    }

    private void addExcludedMethod(MethodDescriptor methodDescriptor) {
        List<MethodDescriptor> list = this.excludedMethodDescriptors.get(methodDescriptor.getEjbName());
        if (list == null) {
            list = new ArrayList();
            this.excludedMethodDescriptors.put(methodDescriptor.getEjbName(), list);
        }
        list.add(methodDescriptor);
    }

    private Set<String> getEjbNames() {
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.checkedMethodDescriptors.keySet());
        hashSet.addAll(this.uncheckedMethodDescriptors.keySet());
        hashSet.addAll(this.excludedMethodDescriptors.keySet());
        return hashSet;
    }

    private List<MethodDescriptor> getCheckedMethodDescriptors(String str) {
        return this.checkedMethodDescriptors.get(str);
    }

    private List<MethodDescriptor> getUncheckedMethodDescriptors(String str) {
        return this.uncheckedMethodDescriptors.get(str);
    }

    private List<MethodDescriptor> getExcludedMethodDescriptors(String str) {
        return this.excludedMethodDescriptors.get(str);
    }

    private PrincipalAuthenticator obtainPA(int i) {
        switch (i) {
            case 0:
                if (this.sysPrincipalAuth != null) {
                    return this.sysPrincipalAuth;
                }
                this.sysPrincipalAuth = (PrincipalAuthenticator) SecurityServiceManager.getSecurityService(subject, this.sysRealmName, SecurityService.ServiceType.AUTHENTICATION);
                return this.sysPrincipalAuth;
            case 1:
                if (this.appPrincipalAuth != null) {
                    return this.appPrincipalAuth;
                }
                this.appPrincipalAuth = (PrincipalAuthenticator) SecurityServiceManager.getSecurityService(subject, this.appRealmName, SecurityService.ServiceType.AUTHENTICATION);
                return this.appPrincipalAuth;
            default:
                throw new AssertionError("  weblogic.ejb.internal.SecurityHelper.obtainPA, unknown realm type: " + i);
        }
    }

    public static AuthenticatedSubject getAnonymousUser() {
        return SubjectUtils.getAnonymousSubject();
    }

    static Principal getAnonymousUserPrincipal() {
        return WLSPrincipals.getAnonymousUserPrincipal();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Principal getPrincipalFromSubject(AuthenticatedSubject authenticatedSubject) {
        Principal userPrincipal;
        if (authenticatedSubject != null && (userPrincipal = SubjectUtils.getUserPrincipal(authenticatedSubject)) != null) {
            return userPrincipal;
        }
        return getAnonymousUserPrincipal();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Principal getCurrentPrincipal() {
        return getPrincipalFromSubject(getCurrentSubject());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AuthenticatedSubject getCurrentSubject() {
        return SecurityServiceManager.getCurrentSubject(subject);
    }

    public static void pushRunAsSubject(AuthenticatedSubject authenticatedSubject) {
        if (debugLogger.isDebugEnabled()) {
            debug("pushRunAsSubject to push: '" + authenticatedSubject.toString() + "', currentSubject is: '" + getCurrentSubject() + "' ");
        }
        SecurityServiceManager.pushSubject(subject, authenticatedSubject);
    }

    public static void popRunAsSubject() {
        if (debugLogger.isDebugEnabled()) {
            debug("\n popRunAsSubject,  subject before pop is: '" + getCurrentSubject() + "'");
        }
        SecurityServiceManager.popSubject(subject);
        if (debugLogger.isDebugEnabled()) {
            debug("\n popRunAsSubject,  subject after  pop is: '" + getCurrentSubject() + "'");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean pushSpecificRunAsMaybe(AuthenticatedSubject authenticatedSubject, AuthenticatedSubject authenticatedSubject2) {
        if (authenticatedSubject != null) {
            pushRunAsSubject(authenticatedSubject);
            return true;
        }
        if (authenticatedSubject2 != null) {
            pushRunAsSubject(authenticatedSubject2);
            return true;
        }
        if (!SecurityServiceManager.isKernelIdentity(getCurrentSubject())) {
            return false;
        }
        pushRunAsSubject(getAnonymousUser());
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Principal getCallerPrincipal() throws PrincipalNotFoundException {
        Principal principalFromSubject = getPrincipalFromSubject(getCallerSubject());
        if (principalFromSubject == null) {
            throw new PrincipalNotFoundException(EJBLogger.logmissingCallerPrincipalLoggable("getCallerPrincipal").getMessage());
        }
        return principalFromSubject;
    }

    static AuthenticatedSubject getCallerSubject() {
        return CallerSubjectStack.getCurrentSubject();
    }

    public static void pushCallerPrincipal() {
        AuthenticatedSubject currentSubject = getCurrentSubject();
        if (debugLogger.isDebugEnabled()) {
            debug("\n pushCallerPrincipal to push Subject: '" + currentSubject + "'  from which we get principal '" + getPrincipalFromSubject(currentSubject) + "'");
        }
        CallerSubjectStack.pushSubject(currentSubject);
    }

    public static void popCallerPrincipal() throws PrincipalNotFoundException {
        if (debugLogger.isDebugEnabled()) {
            debug("\n popCallerPrincipal, CallerSubject before pop is: '" + getCallerSubject() + "'");
        }
        if (CallerSubjectStack.popSubject() == null) {
            throw new PrincipalNotFoundException(EJBLogger.logmissingCallerPrincipalLoggable("popCallerPrincipal").getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getDefaultRealmName() {
        return SecurityServiceManager.defaultRealmName;
    }

    static String getSysRealmName() {
        String defaultRealmName = SecurityServiceManager.getDefaultRealmName();
        if (defaultRealmName == null) {
            throw new RuntimeException(" Could not get System Realm Name. ");
        }
        return defaultRealmName;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void registerSupplementalPolicyObject(String[] strArr, String str) {
        SupplementalPolicyObject.setPoliciesFromGrantStatement(subject, strArr, str, "EJB");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void removeSupplementalPolicyObject(String[] strArr) {
        SupplementalPolicyObject.removePolicies(subject, strArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EJBResource createEJBResource(DeploymentInfo deploymentInfo) {
        return new EJBResource(deploymentInfo.getApplicationName(), deploymentInfo.getEJBComponentName(), null, null, null, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EJBResource createEJBResource(String str, String str2, String str3) {
        if (debugLogger.isDebugEnabled()) {
            debug("\n\n ++++++++++  creating EJBResource: appName: '" + str + "' moduleName: '" + str2 + "' ejbName: '" + str3 + "' methodName: 'null' interfaceType: 'null' methodParams:     'null");
        }
        return new EJBResource(str, str2, str3, null, null, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EJBResource createEJBResource(MethodDescriptor methodDescriptor) {
        String applicationName = methodDescriptor.getApplicationName();
        String ejbComponentName = methodDescriptor.getEjbComponentName();
        String ejbName = methodDescriptor.getEjbName();
        MethodInfo methodInfo = methodDescriptor.getMethodInfo();
        String[] canonicalMethodParamNames = getCanonicalMethodParamNames(methodDescriptor.getMethod());
        if (debugLogger.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            if (canonicalMethodParamNames.length > 0) {
                for (String str : canonicalMethodParamNames) {
                    sb.append(str).append(", ");
                }
            } else {
                sb.append(" NONE ");
            }
            debug("\n\n ++++++++++  creating EJBResource: appName: '" + applicationName + "' moduleName: '" + ejbComponentName + "' ejbName: '" + ejbName + "' methodName: '" + methodInfo.getMethodName() + "' interfaceType: '" + methodInfo.getMethodInterfaceType() + "' methodParams:     '" + sb.toString() + "'");
        }
        return new EJBResource(applicationName, ejbComponentName, ejbName, methodInfo.getMethodName(), methodInfo.getMethodInterfaceType(), canonicalMethodParamNames);
    }

    private static String[] getCanonicalMethodParamNames(Method method) {
        Class<?>[] parameterTypes = method.getParameterTypes();
        String[] strArr = new String[parameterTypes.length];
        for (int i = 0; i < parameterTypes.length; i++) {
            strArr[i] = parameterTypes[i].getCanonicalName();
        }
        return strArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EJBMethodPermission createEJBMethodPermission(MethodDescriptor methodDescriptor) {
        String ejbName = methodDescriptor.getEjbName();
        MethodInfo methodInfo = methodDescriptor.getMethodInfo();
        String[] canonicalMethodParamNames = getCanonicalMethodParamNames(methodDescriptor.getMethod());
        if (debugLogger.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            if (canonicalMethodParamNames.length > 0) {
                for (String str : canonicalMethodParamNames) {
                    sb.append(str).append(", ");
                }
            } else {
                sb.append("");
            }
            debug("\n\n ++++++++++  creating EJBMethodPermission: ejbName: '" + ejbName + "' methodName: '" + methodInfo.getMethodName() + "' interfaceType: '" + methodInfo.getMethodInterfaceType() + "' methodParams: '" + sb.toString() + "'");
        }
        short methodDescriptorMethodType = methodInfo.getMethodDescriptorMethodType();
        if (methodDescriptorMethodType == 1) {
            return new EJBMethodPermission(ejbName, "");
        }
        StringBuilder sb2 = new StringBuilder(methodInfo.getMethodName());
        sb2.append(",");
        sb2.append(methodInfo.getMethodInterfaceType());
        if (methodDescriptorMethodType == 2) {
            return new EJBMethodPermission(ejbName, sb2.toString());
        }
        for (int i = 0; i < canonicalMethodParamNames.length; i++) {
            if (i == 0) {
                sb2.append(",");
            }
            sb2.append(canonicalMethodParamNames[i]);
        }
        return new EJBMethodPermission(ejbName, sb2.toString());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EJBRoleRefPermission createEJBRoleRefPermission(String str, String str2) {
        return new EJBRoleRefPermission(str, str2);
    }

    private static AuthenticatedSubject obtainSubject() {
        return (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    }

    public Map getDeployableSecurityRoleMapping(SecurityRoleMapping securityRoleMapping, ApplicationContextInternal applicationContextInternal, int i) throws WLDeploymentException {
        try {
            switch (i) {
                case 0:
                    if (debugLogger.isDebugEnabled()) {
                        debug("deployable role map calculated for Compatibility mode");
                    }
                    return getCompatibilitySecurityRoleMapping(securityRoleMapping);
                case 1:
                    if (debugLogger.isDebugEnabled()) {
                        debug("deployable role map calculated for Application mode");
                    }
                    return getApplicationSecurityRoleMapping(securityRoleMapping, applicationContextInternal, i);
                case 2:
                    if (debugLogger.isDebugEnabled()) {
                        debug("deployable role map calculated for Externally Defined mode");
                    }
                    return getApplicationSecurityRoleMapping(securityRoleMapping, applicationContextInternal, i);
                default:
                    throw new AssertionError("Unexpected role mapping behavior: " + i);
            }
        } catch (NoSuchRoleException e) {
            throw new AssertionError("Unexpected exception: ", e);
        }
    }

    private Map getCompatibilitySecurityRoleMapping(SecurityRoleMapping securityRoleMapping) throws NoSuchRoleException, WLDeploymentException {
        HashMap hashMap = new HashMap();
        for (String str : securityRoleMapping.getSecurityRoleNames()) {
            if (!securityRoleMapping.isExternallyDefinedRole(str)) {
                if (!securityRoleMapping.isRoleMappedToPrincipals(str)) {
                    throw new WLDeploymentException(new EJBComplianceTextFormatter().ROLE_NOT_MAPPED_TO_PRINCIPALS(str));
                }
                hashMap.put(str, (String[]) securityRoleMapping.getSecurityRolePrincipalNames(str).toArray(new String[0]));
            } else if (debugLogger.isDebugEnabled()) {
                debug("role '" + str + "' is externally defined; skipping deployment");
            }
        }
        return hashMap;
    }

    private Map getApplicationSecurityRoleMapping(SecurityRoleMapping securityRoleMapping, ApplicationContextInternal applicationContextInternal, int i) throws NoSuchRoleException {
        HashMap hashMap = new HashMap();
        for (String str : securityRoleMapping.getSecurityRoleNames()) {
            if (!securityRoleMapping.isExternallyDefinedRole(str)) {
                SecurityRole securityRole = applicationContextInternal.getSecurityRole(str);
                if (securityRoleMapping.isRoleMappedToPrincipals(str)) {
                    if (securityRole != null && securityRole.isExternallyDefined()) {
                        hashMap.put(str, (String[]) securityRoleMapping.getSecurityRolePrincipalNames(str).toArray(new String[0]));
                    }
                    if (securityRole == null || securityRole.getPrincipalNames() == null || securityRole.getPrincipalNames().length == 0) {
                        hashMap.put(str, (String[]) securityRoleMapping.getSecurityRolePrincipalNames(str).toArray(new String[0]));
                    } else {
                        HashSet hashSet = new HashSet();
                        hashSet.addAll(securityRoleMapping.getSecurityRolePrincipalNames(str));
                        hashSet.addAll(Arrays.asList(securityRole.getPrincipalNames()));
                        hashMap.put(str, (String[]) hashSet.toArray(new String[0]));
                    }
                } else if (securityRole == null || !securityRole.isExternallyDefined()) {
                    if (securityRole != null && securityRole.getPrincipalNames() != null && securityRole.getPrincipalNames().length != 0) {
                        hashMap.put(str, securityRole.getPrincipalNames());
                    } else if (i == 1) {
                        hashMap.put(str, new String[0]);
                    } else if (debugLogger.isDebugEnabled()) {
                        debug("role '" + str + "' has no principals defined at app level or module level; skipping deployment");
                    }
                } else if (debugLogger.isDebugEnabled()) {
                    debug("role '" + str + "' is externally defined at app level and no module principals defined; skipping deployment");
                }
            } else if (debugLogger.isDebugEnabled()) {
                debug("role '" + str + "' is externally defined at module level; skipping deployment");
            }
        }
        return hashMap;
    }

    private static void debug(String str) {
        debugLogger.debug("[SecurityHelper] " + str);
    }
}
