package com.apusic.ejb.container;

import com.apusic.deploy.runtime.EJBModel;
import com.apusic.security.Role;
import com.apusic.util.SimpleCache;
import com.apusic.web.session.ManagerBase;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;

/* loaded from: input_file:com/apusic/ejb/container/SecurityChecker.class */
public final class SecurityChecker {
    private Container container;
    private String contextId;
    private String ejbName;
    private PolicyConfiguration pc;
    private static CodeSource codesource = new CodeSource((URL) null, (Certificate[]) null);
    private SimpleCache<Principal, ProtectionDomain> protectionDomainCache = SimpleCache.make(ManagerBase.SESSION_LIST_INIT_SIZE);
    private Policy policy = Policy.getPolicy();

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityChecker(Container container, String str) {
        this.container = container;
        this.contextId = str;
        this.ejbName = container.getEJBModel().getName();
    }

    private PolicyConfiguration getPolicyConfiguration() throws PolicyContextException {
        if (this.pc == null) {
            try {
                this.pc = PolicyConfigurationFactory.getPolicyConfigurationFactory().getPolicyConfiguration(this.contextId, true);
                this.pc.linkConfiguration(this.container.getApplication().getPolicyConfiguration());
            } catch (ClassNotFoundException e) {
                throw new RuntimeException("Unable to initialize policy configuration");
            }
        }
        return this.pc;
    }

    public void convertMethodPermissions(MethodDesc[] methodDescArr) throws PolicyContextException {
        PolicyConfiguration policyConfiguration = getPolicyConfiguration();
        for (MethodDesc methodDesc : methodDescArr) {
            Permission eJBMethodPermission = methodDesc.getEJBMethodPermission(this.ejbName);
            if (methodDesc.isUncallable()) {
                policyConfiguration.addToExcludedPolicy(eJBMethodPermission);
            } else if (methodDesc.isUnchecked()) {
                policyConfiguration.addToUncheckedPolicy(eJBMethodPermission);
            } else {
                for (String str : methodDesc.getAllowedRoles()) {
                    policyConfiguration.addToRole(str, eJBMethodPermission);
                }
            }
        }
    }

    public void convertRoleRefPermissions() throws PolicyContextException {
        PolicyConfiguration policyConfiguration = getPolicyConfiguration();
        EJBModel eJBModel = this.container.getEJBModel();
        for (String str : eJBModel.getRoleReferences().keySet()) {
            policyConfiguration.addToRole(eJBModel.getRoleLink(str), new EJBRoleRefPermission(this.ejbName, str));
        }
        for (Role role : eJBModel.getModule().getSecurityRoles()) {
            String name = role.getName();
            policyConfiguration.addToRole(name, new EJBRoleRefPermission(this.ejbName, name));
        }
    }

    public void commit() throws PolicyContextException {
        if (this.pc != null) {
            this.pc.commit();
        }
    }

    public void destroy() {
        if (this.pc != null) {
            try {
                this.pc.delete();
            } catch (Exception e) {
            }
        }
    }

    public boolean checkMethodPermission(EJBInvocation eJBInvocation) {
        return checkPermission(eJBInvocation.method.getEJBMethodPermission(this.ejbName), eJBInvocation.getCallerPrincipal());
    }

    public boolean checkRoleRefPermission(String str, Principal principal) {
        return checkPermission(new EJBRoleRefPermission(this.ejbName, str), principal);
    }

    private boolean checkPermission(Permission permission, Principal principal) {
        boolean z;
        String str = null;
        try {
            ProtectionDomain cachedProtectionDomain = getCachedProtectionDomain(principal);
            str = setPolicyContext(this.contextId);
            z = this.policy.implies(cachedProtectionDomain, permission);
            setPolicyContext(str);
        } catch (Throwable th) {
            z = false;
            setPolicyContext(str);
        }
        return z;
    }

    private ProtectionDomain getCachedProtectionDomain(Principal principal) {
        ProtectionDomain protectionDomain = this.protectionDomainCache.get(principal);
        if (protectionDomain == null) {
            protectionDomain = new ProtectionDomain(codesource, null, null, new Principal[]{principal});
            this.protectionDomainCache.put(principal, protectionDomain);
        }
        return protectionDomain;
    }

    private static String setPolicyContext(final String str) {
        String contextID = PolicyContext.getContextID();
        if (System.getSecurityManager() == null) {
            PolicyContext.setContextID(str);
        } else {
            AccessController.doPrivileged(new PrivilegedAction() { // from class: com.apusic.ejb.container.SecurityChecker.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    PolicyContext.setContextID(str);
                    return null;
                }
            });
        }
        return contextID;
    }
}
