package org.ow2.jonas.web.base.lib;

import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import javax.servlet.http.HttpServletRequest;
import org.objectweb.util.monolog.api.BasicLevel;
import org.objectweb.util.monolog.api.Logger;
import org.ow2.jonas.deployment.common.SecurityRoleRefDesc;
import org.ow2.jonas.deployment.web.SecurityConstraintListDesc;
import org.ow2.jonas.deployment.web.SecurityRoleDesc;
import org.ow2.jonas.deployment.web.ServletDesc;
import org.ow2.jonas.deployment.web.WebContainerDeploymentDesc;
import org.ow2.jonas.lib.security.AbsPermissionManager;
import org.ow2.jonas.lib.security.PermissionManagerException;
import org.ow2.jonas.lib.security.auth.JPrincipal;
import org.ow2.jonas.lib.security.jacc.handlers.JPolicyContextHandlerCurrent;
import org.ow2.jonas.lib.security.jacc.handlers.JPolicyContextHandlerData;
import org.ow2.jonas.lib.security.mapping.JPolicyUserRoleMapping;
import org.ow2.jonas.lib.util.Log;

/* loaded from: input_file:org/ow2/jonas/web/base/lib/PermissionManager.class */
public class PermissionManager extends AbsPermissionManager {
    private static Logger logger = null;
    private WebContainerDeploymentDesc webContainerDeploymentDesc;

    public PermissionManager(WebContainerDeploymentDesc webContainerDeploymentDesc, String str, boolean z) throws PermissionManagerException {
        super(str, z);
        this.webContainerDeploymentDesc = null;
        this.webContainerDeploymentDesc = webContainerDeploymentDesc;
        logger = Log.getLogger("org.ow2.jonas.web");
    }

    public void translateServletDeploymentDescriptor() throws PermissionManagerException {
        translateSecurityConstraintElements();
        translateServletSecurityRoleRef();
    }

    protected void translateSecurityConstraintElements() throws PermissionManagerException {
        if (this.webContainerDeploymentDesc == null || getPolicyConfiguration() == null) {
            throw new PermissionManagerException("PolicyConfiguration or webContainerbDeploymentDesc is null");
        }
        SecurityConstraintListDesc securityConstraintListDesc = this.webContainerDeploymentDesc.getSecurityConstraintListDesc();
        PermissionCollection excludedPermissions = securityConstraintListDesc.getExcludedPermissions();
        PermissionCollection uncheckedPermissions = securityConstraintListDesc.getUncheckedPermissions();
        Map permissionsByRole = securityConstraintListDesc.getPermissionsByRole();
        try {
            getPolicyConfiguration().addToExcludedPolicy(excludedPermissions);
            getPolicyConfiguration().addToUncheckedPolicy(uncheckedPermissions);
            for (String str : permissionsByRole.keySet()) {
                getPolicyConfiguration().addToRole(str, (PermissionCollection) permissionsByRole.get(str));
            }
        } catch (PolicyContextException e) {
            throw new PermissionManagerException("Can not add add permissions to policy", e);
        }
    }

    protected void translateServletSecurityRoleRef() throws PermissionManagerException {
        if (this.webContainerDeploymentDesc == null || getPolicyConfiguration() == null) {
            throw new PermissionManagerException("PolicyConfiguration or webContainerbDeploymentDesc is null");
        }
        Collection<ServletDesc> servletDescList = this.webContainerDeploymentDesc.getServletDescList();
        ArrayList arrayList = new ArrayList();
        for (ServletDesc servletDesc : servletDescList) {
            List<SecurityRoleRefDesc> securityRoleRefList = servletDesc.getSecurityRoleRefList();
            servletDesc.getServletName();
            for (SecurityRoleRefDesc securityRoleRefDesc : securityRoleRefList) {
                Permission webRoleRefPermission = securityRoleRefDesc.getWebRoleRefPermission();
                arrayList.add(securityRoleRefDesc.getRoleName());
                try {
                    getPolicyConfiguration().addToRole(securityRoleRefDesc.getRoleLink(), webRoleRefPermission);
                } catch (PolicyContextException e) {
                    throw new PermissionManagerException("Can not add add permission '" + webRoleRefPermission + "' to policy", e);
                }
            }
        }
        List securityRoleList = this.webContainerDeploymentDesc.getSecurityRoleList();
        Iterator it = servletDescList.iterator();
        while (it.hasNext()) {
            String servletName = ((ServletDesc) it.next()).getServletName();
            Iterator it2 = securityRoleList.iterator();
            while (it2.hasNext()) {
                String roleName = ((SecurityRoleDesc) it2.next()).getRoleName();
                if (!arrayList.contains(roleName)) {
                    WebRoleRefPermission webRoleRefPermission2 = new WebRoleRefPermission(servletName, roleName);
                    try {
                        getPolicyConfiguration().addToRole(roleName, webRoleRefPermission2);
                    } catch (PolicyContextException e2) {
                        throw new PermissionManagerException("Can not add add permission '" + webRoleRefPermission2 + "' to policy", e2);
                    }
                }
            }
        }
        Iterator it3 = this.webContainerDeploymentDesc.getSecurityRoleList().iterator();
        while (it3.hasNext()) {
            String roleName2 = ((SecurityRoleDesc) it3.next()).getRoleName();
            WebRoleRefPermission webRoleRefPermission3 = new WebRoleRefPermission("", roleName2);
            try {
                getPolicyConfiguration().addToRole(roleName2, webRoleRefPermission3);
            } catch (PolicyContextException e3) {
                throw new PermissionManagerException("Can not add add permission '" + webRoleRefPermission3 + "' to policy", e3);
            }
        }
    }

    public boolean checkWebUserDataPermission(HttpServletRequest httpServletRequest, String str, String[] strArr) {
        try {
            boolean implies = getPolicy().implies(initPolicyContext(httpServletRequest, str, strArr), new WebUserDataPermission(httpServletRequest));
            if (logger.isLoggable(BasicLevel.DEBUG)) {
                logger.log(BasicLevel.DEBUG, "Policy.implies result = " + implies);
            }
            return implies;
        } catch (Exception e) {
            logger.log(BasicLevel.ERROR, "Can't check web user data permission :" + e.getMessage());
            return false;
        }
    }

    public boolean checkWebResourcePermission(HttpServletRequest httpServletRequest, String str, String[] strArr) {
        try {
            boolean implies = getPolicy().implies(initPolicyContext(httpServletRequest, str, strArr), new WebResourcePermission(httpServletRequest));
            if (logger.isLoggable(BasicLevel.DEBUG)) {
                logger.log(BasicLevel.DEBUG, "Policy.implies result = " + implies);
            }
            return implies;
        } catch (Exception e) {
            logger.log(BasicLevel.ERROR, "Can't check web resource permission :" + e.getMessage());
            return false;
        }
    }

    public boolean checkWebRoleRefPermission(HttpServletRequest httpServletRequest, String str, String str2, String[] strArr, String str3) {
        try {
            boolean implies = getPolicy().implies(initPolicyContext(httpServletRequest, str2, strArr), new WebRoleRefPermission(str, str3));
            if (logger.isLoggable(BasicLevel.DEBUG)) {
                logger.log(BasicLevel.DEBUG, "Policy.implies result = " + implies);
            }
            return implies;
        } catch (Exception e) {
            logger.log(BasicLevel.ERROR, "Can't check web role ref permission :" + e.getMessage());
            return false;
        }
    }

    private synchronized ProtectionDomain initPolicyContext(HttpServletRequest httpServletRequest, String str, String[] strArr) throws URISyntaxException, MalformedURLException {
        URL url;
        PolicyContext.setContextID(getContextId());
        JPolicyContextHandlerData jPolicyContextHandlerData = JPolicyContextHandlerCurrent.getCurrent().getJPolicyContextHandlerData();
        if (jPolicyContextHandlerData == null) {
            logger.log(BasicLevel.ERROR, "The Handler data retrieved is null !");
            return null;
        }
        jPolicyContextHandlerData.setHttpServletRequest(httpServletRequest);
        PolicyContext.setHandlerData(jPolicyContextHandlerData);
        String str2 = "file://" + getContextId();
        try {
            url = new URI(new URL(str2).toString()).toURL();
        } catch (URISyntaxException e) {
            url = new URI(new URL(str2.replaceAll("\\ ", "%20")).toString()).toURL();
        }
        CodeSource codeSource = new CodeSource(url, (Certificate[]) null);
        String[] mappingForPrincipal = JPolicyUserRoleMapping.getMappingForPrincipal(getContextId(), str);
        String[] strArr2 = strArr;
        if (mappingForPrincipal != null) {
            strArr2 = mappingForPrincipal;
        }
        Principal[] principalArr = null;
        if (strArr2 != null) {
            principalArr = new Principal[strArr2.length];
            for (int i = 0; i < strArr2.length; i++) {
                principalArr[i] = new JPrincipal(strArr2[i]);
            }
        }
        return new ProtectionDomain(codeSource, null, null, principalArr);
    }

    protected void resetDeploymentDesc() {
        this.webContainerDeploymentDesc = null;
    }
}
