package org.ow2.easybeans.security.jacc.provider;

import java.io.FilePermission;
import java.lang.reflect.ReflectPermission;
import java.net.SocketPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.util.PropertyPermission;
import javax.management.MBeanPermission;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import org.ow2.util.log.Log;
import org.ow2.util.log.LogFactory;

/* loaded from: input_file:easybeans-jacc-provider-1.0.1.jar:org/ow2/easybeans/security/jacc/provider/JPolicy.class */
public final class JPolicy extends Policy {
    private static Log logger = LogFactory.getLog(JPolicy.class);
    private static JPolicy unique = null;
    private static Policy initialPolicy = null;
    private static PolicyConfigurationFactory policyConfigurationFactory = null;

    private JPolicy() {
        initialPolicy = Policy.getPolicy();
    }

    private void initPolicyConfigurationFactory() throws JPolicyException {
        try {
            policyConfigurationFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
            if (policyConfigurationFactory == null) {
                throw new JPolicyException("policyConfigurationFactory object hasn't be initialized");
            }
        } catch (PolicyContextException e) {
            throw new JPolicyException("PolicyContextException in PolicyConfigurationFactory", e);
        } catch (ClassNotFoundException e2) {
            throw new JPolicyException("PolicyConfigurationFactory class implementation was not found", e2);
        }
    }

    public static JPolicy getInstance() {
        if (unique == null) {
            unique = new JPolicy();
        }
        return unique;
    }

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        JPolicyConfiguration configuration;
        if (initialPolicy == null) {
            return false;
        }
        if ((permission instanceof RuntimePermission) || (permission instanceof SocketPermission) || (permission instanceof PropertyPermission) || (permission instanceof FilePermission) || (permission instanceof MBeanPermission) || (permission instanceof ReflectPermission)) {
            return initialPolicy.implies(protectionDomain, permission);
        }
        String contextID = PolicyContext.getContextID();
        if (contextID == null) {
            return initialPolicy.implies(protectionDomain, permission);
        }
        if (!(permission instanceof EJBMethodPermission) && !(permission instanceof EJBRoleRefPermission) && !(permission instanceof WebUserDataPermission) && !(permission instanceof WebRoleRefPermission) && !(permission instanceof WebResourcePermission)) {
            return initialPolicy.implies(protectionDomain, permission);
        }
        logger.debug("Permission being checked = ''{0}''", permission);
        try {
            if (policyConfigurationFactory == null) {
                initPolicyConfigurationFactory();
            }
            if (!policyConfigurationFactory.inService(contextID)) {
                logger.debug("Policy configuration factory not in service, return false", new Object[0]);
                return false;
            }
            try {
                PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration(contextID, false);
                if (policyConfiguration instanceof JPolicyConfiguration) {
                    configuration = (JPolicyConfiguration) policyConfiguration;
                } else {
                    configuration = JPolicyConfigurationKeeper.getConfiguration(contextID);
                    if (configuration == null) {
                        throw new RuntimeException("This policy provider can only manage JPolicyConfiguration objects");
                    }
                }
                PermissionCollection excludedPermissions = configuration.getExcludedPermissions();
                PermissionCollection uncheckedPermissions = configuration.getUncheckedPermissions();
                if (logger.isDebugEnabled()) {
                    logger.debug("Check permission", new Object[0]);
                    logger.debug("Excluded permissions = " + excludedPermissions, new Object[0]);
                    logger.debug("unchecked permissions = " + uncheckedPermissions, new Object[0]);
                }
                if (excludedPermissions.implies(permission)) {
                    logger.debug("Permission ''{0}'' is excluded, return false", permission);
                    return false;
                }
                if (uncheckedPermissions.implies(permission)) {
                    logger.debug("Permission ''{0}'' is unchecked, return true", permission);
                    return true;
                }
                if (protectionDomain.getPrincipals().length > 0) {
                    logger.debug("There are principals, checking principals...", new Object[0]);
                    return isImpliedPermissionForPrincipals(configuration, permission, protectionDomain.getPrincipals());
                }
                logger.debug("Principals length = 0, there is no principal on this domain", new Object[0]);
                logger.debug("Permission ''{0}'' not found, return false", permission);
                return false;
            } catch (PolicyContextException e) {
                logger.error("JPolicy.implies.canNotRetrieve", contextID, e);
                return false;
            }
        } catch (PolicyContextException e2) {
            logger.error("JPolicy.implies.canNotCheck", e2);
            return false;
        } catch (JPolicyException e3) {
            logger.error("JPolicy.implies.canNotCheck", e3);
            return false;
        }
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        return initialPolicy.getPermissions(protectionDomain);
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        return initialPolicy.getPermissions(codeSource);
    }

    @Override // java.security.Policy
    public void refresh() {
        initialPolicy.refresh();
    }

    private boolean isImpliedPermissionForPrincipals(JPolicyConfiguration jPolicyConfiguration, Permission permission, Principal[] principalArr) {
        boolean z = false;
        for (int i = 0; i < principalArr.length && !z; i++) {
            if (logger.isDebugEnabled()) {
                logger.debug("Checking permission ''{0}'' with permissions of Principal ''{1}''.", permission, principalArr[i].getName());
            }
            if (jPolicyConfiguration.getPermissionsForPrincipal(principalArr[i]).implies(permission)) {
                if (logger.isDebugEnabled()) {
                    logger.debug("Permission implied with principal ''{0}''.", principalArr[i].getName());
                }
                z = true;
            }
        }
        if (!z) {
            logger.debug("Permission ''{0}'' was not found in each permissions of the given roles, return false", permission);
        }
        return z;
    }
}
