package org.ow2.jonas.lib.ejb21;

import java.net.URI;
import java.net.URL;
import java.security.CodeSource;
import java.security.PermissionCollection;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.Iterator;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import org.objectweb.util.monolog.api.BasicLevel;
import org.ow2.jonas.deployment.common.SecurityRoleRefDesc;
import org.ow2.jonas.deployment.ejb.BeanDesc;
import org.ow2.jonas.deployment.ejb.DeploymentDesc;
import org.ow2.jonas.deployment.ejb.ExcludeListDesc;
import org.ow2.jonas.deployment.ejb.MethodPermissionDesc;
import org.ow2.jonas.lib.security.AbsPermissionManager;
import org.ow2.jonas.lib.security.PermissionManagerException;
import org.ow2.jonas.lib.security.auth.JPrincipal;
import org.ow2.jonas.lib.security.context.SecurityContext;
import org.ow2.jonas.lib.security.context.SecurityCurrent;
import org.ow2.jonas.lib.security.jacc.handlers.JPolicyContextHandlerCurrent;
import org.ow2.jonas.lib.security.jacc.handlers.JPolicyContextHandlerData;

/* loaded from: input_file:org/ow2/jonas/lib/ejb21/PermissionManager.class */
public class PermissionManager extends AbsPermissionManager {
    private DeploymentDesc ejbDeploymentDesc;

    public PermissionManager(DeploymentDesc deploymentDesc, String str) throws PermissionManagerException {
        super(str);
        this.ejbDeploymentDesc = null;
        this.ejbDeploymentDesc = deploymentDesc;
    }

    public void translateEjbDeploymentDescriptor() throws PermissionManagerException {
        translateEjbMethodPermission();
        translateEjbExcludeList();
        translateEjbSecurityRoleRef();
    }

    protected void translateEjbMethodPermission() throws PermissionManagerException {
        if (this.ejbDeploymentDesc == null || getPolicyConfiguration() == null) {
            throw new PermissionManagerException("PolicyConfiguration or ejbDeploymentDesc is null");
        }
        for (MethodPermissionDesc methodPermissionDesc : this.ejbDeploymentDesc.getMethodPermissionsDescList()) {
            PermissionCollection eJBMethodPermissions = methodPermissionDesc.getEJBMethodPermissions();
            try {
                if (methodPermissionDesc.isUnchecked()) {
                    getPolicyConfiguration().addToUncheckedPolicy(eJBMethodPermissions);
                } else {
                    Iterator it = methodPermissionDesc.getRoleNameList().iterator();
                    while (it.hasNext()) {
                        getPolicyConfiguration().addToRole((String) it.next(), eJBMethodPermissions);
                    }
                }
            } catch (PolicyContextException e) {
                throw new PermissionManagerException("Can not add add excluded policy", e);
            }
        }
    }

    protected void translateEjbExcludeList() throws PermissionManagerException {
        if (this.ejbDeploymentDesc == null || getPolicyConfiguration() == null) {
            throw new PermissionManagerException("PolicyConfiguration or ejbDeploymentDesc is null");
        }
        ExcludeListDesc excludeListDesc = this.ejbDeploymentDesc.getExcludeListDesc();
        if (excludeListDesc != null) {
            try {
                getPolicyConfiguration().addToExcludedPolicy(excludeListDesc.getEJBMethodPermissions());
            } catch (PolicyContextException e) {
                throw new PermissionManagerException("Can not add add excluded policy", e);
            }
        }
    }

    public void translateEjbSecurityRoleRef() throws PermissionManagerException {
        if (this.ejbDeploymentDesc == null || getPolicyConfiguration() == null) {
            throw new PermissionManagerException("PolicyConfiguration or ejbDeploymentDesc is null");
        }
        Iterator beanDescIterator = this.ejbDeploymentDesc.getBeanDescIterator();
        while (beanDescIterator.hasNext()) {
            for (SecurityRoleRefDesc securityRoleRefDesc : ((BeanDesc) beanDescIterator.next()).getSecurityRoleRefDescList()) {
                try {
                    getPolicyConfiguration().addToRole(securityRoleRefDesc.getRoleLink(), securityRoleRefDesc.getEJBRoleRefPermission());
                } catch (PolicyContextException e) {
                    throw new PermissionManagerException("Can not add add excluded policy", e);
                }
            }
        }
    }

    public boolean checkSecurity(String str, EJBInvocation eJBInvocation, boolean z) {
        String peekRunAsRole;
        String[] peekRunAsPrincipalRoles;
        String[] callerPrincipalRoles;
        try {
            PolicyContext.setContextID(getContextId());
            String str2 = eJBInvocation.methodPermissionSignature;
            if (TraceEjb.isDebugSecurity()) {
                TraceEjb.security.log(BasicLevel.DEBUG, "EjbName = " + str + ", methodSignature = " + str2);
            }
            JPolicyContextHandlerData jPolicyContextHandlerData = JPolicyContextHandlerCurrent.getCurrent().getJPolicyContextHandlerData();
            if (jPolicyContextHandlerData == null) {
                TraceEjb.security.log(BasicLevel.ERROR, "The Handler data retrieved is null !");
                return false;
            }
            jPolicyContextHandlerData.setEjbArguments(eJBInvocation.arguments);
            jPolicyContextHandlerData.setProcessingBean(eJBInvocation.bean);
            PolicyContext.setHandlerData(jPolicyContextHandlerData);
            CodeSource codeSource = new CodeSource(new URL(new URI("file://" + getContextId()).toString()), (Certificate[]) null);
            SecurityContext securityContext = SecurityCurrent.getCurrent().getSecurityContext();
            if (TraceEjb.isDebugSecurity()) {
                TraceEjb.security.log(BasicLevel.DEBUG, "Security Context = " + securityContext);
                if (securityContext != null) {
                    TraceEjb.security.log(BasicLevel.DEBUG, "sctx.getCallerPrincipalRoles() = " + securityContext.getCallerPrincipalRoles(z));
                }
            }
            Principal[] principalArr = null;
            if (securityContext != null) {
                synchronized (securityContext) {
                    peekRunAsRole = securityContext.peekRunAsRole();
                    peekRunAsPrincipalRoles = securityContext.peekRunAsPrincipalRoles();
                    callerPrincipalRoles = securityContext.getCallerPrincipalRoles(z);
                }
                if (peekRunAsRole != null) {
                    principalArr = new Principal[peekRunAsPrincipalRoles.length];
                    for (int i = 0; i < peekRunAsPrincipalRoles.length; i++) {
                        principalArr[i] = new JPrincipal(peekRunAsPrincipalRoles[i]);
                    }
                } else {
                    principalArr = new Principal[callerPrincipalRoles.length];
                    for (int i2 = 0; i2 < callerPrincipalRoles.length; i2++) {
                        principalArr[i2] = new JPrincipal(callerPrincipalRoles[i2]);
                    }
                }
            } else if (TraceEjb.isDebugSecurity()) {
                TraceEjb.security.log(BasicLevel.DEBUG, "Security context is null");
            }
            boolean implies = getPolicy().implies(new ProtectionDomain(codeSource, null, null, principalArr), new EJBMethodPermission(str, str2));
            if (TraceEjb.isDebugSecurity()) {
                TraceEjb.security.log(BasicLevel.DEBUG, "Policy.implies result = " + implies);
            }
            return implies;
        } catch (Exception e) {
            TraceEjb.security.log(BasicLevel.ERROR, "Cannot check security", e);
            return false;
        }
    }

    public boolean isCallerInRole(String str, String str2, boolean z) {
        try {
            PolicyContext.setContextID(getContextId());
            if (TraceEjb.isDebugSecurity()) {
                TraceEjb.security.log(BasicLevel.DEBUG, "roleName = " + str2);
            }
            CodeSource codeSource = new CodeSource(new URL(new URI("file://" + getContextId()).toString()), (Certificate[]) null);
            SecurityContext securityContext = SecurityCurrent.getCurrent().getSecurityContext();
            if (TraceEjb.isDebugSecurity()) {
                TraceEjb.security.log(BasicLevel.DEBUG, "Security Context = " + securityContext);
                TraceEjb.security.log(BasicLevel.DEBUG, "sctx.getCallerPrincipalRoles() = " + securityContext.getCallerPrincipalRoles(z));
            }
            Principal[] principalArr = null;
            if (securityContext != null) {
                principalArr = new Principal[securityContext.getCallerPrincipalRoles(z).length];
                for (int i = 0; i < securityContext.getCallerPrincipalRoles(z).length; i++) {
                    principalArr[i] = new JPrincipal(securityContext.getCallerPrincipalRoles(z)[i]);
                }
            } else if (TraceEjb.isDebugSecurity()) {
                TraceEjb.security.log(BasicLevel.DEBUG, "Security context is null");
            }
            boolean implies = getPolicy().implies(new ProtectionDomain(codeSource, null, null, principalArr), new EJBRoleRefPermission(str, str2));
            if (TraceEjb.isDebugSecurity()) {
                TraceEjb.security.log(BasicLevel.DEBUG, "Policy.implies result = " + implies);
            }
            return implies;
        } catch (Exception e) {
            TraceEjb.security.log(BasicLevel.ERROR, "Cannot check isCallerInRole", e);
            return false;
        }
    }

    protected void resetDeploymentDesc() {
        this.ejbDeploymentDesc = null;
    }
}
