package org.ow2.easybeans.security.permissions;

import java.net.URL;
import java.security.CodeSource;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.List;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import org.ow2.easybeans.api.EZBPermissionManager;
import org.ow2.easybeans.api.EasyBeansInvocationContext;
import org.ow2.easybeans.api.PermissionManagerException;
import org.ow2.easybeans.api.bean.info.IBeanInfo;
import org.ow2.easybeans.api.bean.info.IEJBJarInfo;
import org.ow2.easybeans.api.bean.info.IMethodSecurityInfo;
import org.ow2.easybeans.api.bean.info.ISecurityInfo;
import org.ow2.easybeans.security.propagation.context.SecurityCurrent;
import org.ow2.util.ee.metadata.common.api.xml.struct.ISecurityRoleRef;
import org.ow2.util.log.Log;
import org.ow2.util.log.LogFactory;

/* loaded from: input_file:dependencies/easybeans-security-1.1.0-M3.jar:org/ow2/easybeans/security/permissions/PermissionManager.class */
public class PermissionManager extends AbsPermissionManager implements EZBPermissionManager {
    private Log logger;
    private CodeSource codeSource;
    private IEJBJarInfo ejbJarInfo;

    public PermissionManager(URL url, IEJBJarInfo iEJBJarInfo) throws PermissionManagerException {
        super(url);
        this.logger = LogFactory.getLog(PermissionManager.class);
        this.codeSource = null;
        this.ejbJarInfo = iEJBJarInfo;
        this.codeSource = new CodeSource(url, (Certificate[]) null);
    }

    @Override // org.ow2.easybeans.api.EZBPermissionManager
    public void translateMetadata() throws PermissionManagerException {
        List<IBeanInfo> beanInfos = this.ejbJarInfo.getBeanInfos();
        if (beanInfos != null) {
            for (IBeanInfo iBeanInfo : beanInfos) {
                ISecurityInfo securityInfo = iBeanInfo.getSecurityInfo();
                translateEjbMethodPermission(securityInfo);
                translateEjbExcludeList(securityInfo);
                translateEjbSecurityRoleRef(iBeanInfo, securityInfo);
            }
        }
    }

    protected void translateEjbMethodPermission(ISecurityInfo iSecurityInfo) throws PermissionManagerException {
        List<IMethodSecurityInfo> methodSecurityInfos = iSecurityInfo.getMethodSecurityInfos();
        if (methodSecurityInfos != null) {
            for (IMethodSecurityInfo iMethodSecurityInfo : methodSecurityInfos) {
                if (iMethodSecurityInfo.isUnchecked()) {
                    try {
                        this.logger.debug("Adding unchecked permission {0}", iMethodSecurityInfo.getPermission());
                        getPolicyConfiguration().addToUncheckedPolicy(iMethodSecurityInfo.getPermission());
                    } catch (PolicyContextException e) {
                        throw new PermissionManagerException("Cannot add unchecked policy for method '" + iMethodSecurityInfo + "'.", e);
                    }
                } else {
                    for (String str : iMethodSecurityInfo.getRoles()) {
                        try {
                            this.logger.debug("Adding permission {0} to role {1}", iMethodSecurityInfo.getPermission(), str);
                            getPolicyConfiguration().addToRole(str, iMethodSecurityInfo.getPermission());
                        } catch (PolicyContextException e2) {
                            throw new PermissionManagerException("Cannot add rolebase policy for method '" + iMethodSecurityInfo + "' and for role '" + str + "'.", e2);
                        }
                    }
                }
            }
        }
    }

    protected void translateEjbExcludeList(ISecurityInfo iSecurityInfo) throws PermissionManagerException {
        List<IMethodSecurityInfo> methodSecurityInfos = iSecurityInfo.getMethodSecurityInfos();
        if (methodSecurityInfos != null) {
            for (IMethodSecurityInfo iMethodSecurityInfo : methodSecurityInfos) {
                if (iMethodSecurityInfo.isExcluded()) {
                    try {
                        this.logger.debug("Adding excluded permission {0}", iMethodSecurityInfo.getPermission());
                        getPolicyConfiguration().addToExcludedPolicy(iMethodSecurityInfo.getPermission());
                    } catch (PolicyContextException e) {
                        throw new PermissionManagerException("Cannot add excluded policy for method '" + iMethodSecurityInfo + "'.", e);
                    }
                }
            }
        }
    }

    public void translateEjbSecurityRoleRef(IBeanInfo iBeanInfo, ISecurityInfo iSecurityInfo) throws PermissionManagerException {
        List<String> declaredRoles = iSecurityInfo.getDeclaredRoles();
        if (declaredRoles != null) {
            for (String str : declaredRoles) {
                try {
                    getPolicyConfiguration().addToRole(str, new EJBRoleRefPermission(iBeanInfo.getName(), str));
                } catch (PolicyContextException e) {
                    throw new PermissionManagerException("Cannot add to role '" + str + "' an  EJBRoleRefPermission.", e);
                }
            }
        }
        List<ISecurityRoleRef> securityRoleRefList = iSecurityInfo.getSecurityRoleRefList();
        if (securityRoleRefList != null) {
            for (ISecurityRoleRef iSecurityRoleRef : securityRoleRefList) {
                try {
                    getPolicyConfiguration().addToRole(iSecurityRoleRef.getRoleLink(), new EJBRoleRefPermission(iBeanInfo.getName(), iSecurityRoleRef.getRoleName()));
                } catch (PolicyContextException e2) {
                    throw new PermissionManagerException("Cannot add to role-link'" + iSecurityRoleRef.getRoleLink() + "' the EJBRoleRefPermission build with role-name '" + iSecurityRoleRef.getRoleName() + "'.", e2);
                }
            }
        }
    }

    @Override // org.ow2.easybeans.api.EZBPermissionManager
    public boolean checkSecurity(EasyBeansInvocationContext easyBeansInvocationContext, boolean z) {
        PolicyContext.setContextID(getContextId());
        boolean implies = getPolicy().implies(new ProtectionDomain(this.codeSource, null, null, SecurityCurrent.getCurrent().getSecurityContext().getCallerRoles(z)), invocationContextToMethodPermission(easyBeansInvocationContext));
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Policy.implies result = {0} ", Boolean.valueOf(implies));
        }
        return implies;
    }

    private static EJBMethodPermission invocationContextToMethodPermission(EasyBeansInvocationContext easyBeansInvocationContext) {
        return new EJBMethodPermission(easyBeansInvocationContext.getFactory().getBeanInfo().getName(), "", easyBeansInvocationContext.getMethod());
    }

    @Override // org.ow2.easybeans.api.EZBPermissionManager
    public boolean isCallerInRole(String str, String str2, boolean z) {
        PolicyContext.setContextID(getContextId());
        this.logger.debug("roleName = {0}", str2);
        return getPolicy().implies(new ProtectionDomain(this.codeSource, null, null, SecurityCurrent.getCurrent().getSecurityContext().getCallerRoles(z)), new EJBRoleRefPermission(str, str2));
    }
}
