package org.ow2.jonas.lib.security.jacc;

import java.net.SocketPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.Principal;
import java.security.ProtectionDomain;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import org.objectweb.util.monolog.api.BasicLevel;
import org.objectweb.util.monolog.api.Logger;
import org.ow2.jonas.lib.util.I18n;
import org.ow2.jonas.lib.util.Log;

/* loaded from: input_file:org/ow2/jonas/lib/security/jacc/JPolicy.class */
public final class JPolicy extends Policy {
    private static Logger logger = Log.getLogger("org.ow2.jonas.security");
    private static JPolicy unique = null;
    private static Policy initialPolicy = null;
    private static I18n i18n = I18n.getInstance(JPolicy.class);
    private static PolicyConfigurationFactory policyConfigurationFactory = null;

    public JPolicy() {
        initialPolicy = Policy.getPolicy();
    }

    private void initPolicyConfigurationFactory() throws JPolicyException {
        try {
            policyConfigurationFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
        } catch (ClassNotFoundException e) {
            throw new JPolicyException("PolicyConfigurationFactory class implementation was not found : '" + e.getMessage() + "'.");
        } catch (PolicyContextException e2) {
            throw new JPolicyException("PolicyContextException in PolicyConfigurationFactory : '" + e2.getMessage() + "'.");
        }
    }

    public static JPolicy getInstance() {
        if (unique == null) {
            unique = new JPolicy();
        }
        return unique;
    }

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        JPolicyConfiguration configuration;
        if ((permission instanceof RuntimePermission) || (permission instanceof SocketPermission)) {
            return initialPolicy.implies(protectionDomain, permission);
        }
        String contextID = PolicyContext.getContextID();
        if (contextID == null) {
            return initialPolicy.implies(protectionDomain, permission);
        }
        if (!(permission instanceof EJBMethodPermission) && !(permission instanceof EJBRoleRefPermission) && !(permission instanceof WebUserDataPermission) && !(permission instanceof WebRoleRefPermission) && !(permission instanceof WebResourcePermission)) {
            return initialPolicy.implies(protectionDomain, permission);
        }
        if (logger.isLoggable(BasicLevel.DEBUG)) {
            logger.log(BasicLevel.DEBUG, "!= null, Permission being checked = " + permission);
        }
        try {
            if (policyConfigurationFactory == null) {
                initPolicyConfigurationFactory();
            }
            if (!policyConfigurationFactory.inService(contextID)) {
                if (!logger.isLoggable(BasicLevel.DEBUG)) {
                    return false;
                }
                logger.log(BasicLevel.DEBUG, "Not in service, return false");
                return false;
            }
            try {
                PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration(contextID, false);
                if (policyConfiguration instanceof JPolicyConfiguration) {
                    configuration = (JPolicyConfiguration) policyConfiguration;
                } else {
                    configuration = JPolicyConfigurationKeeper.getConfiguration(contextID);
                    if (configuration == null) {
                        throw new RuntimeException("This policy provider can only manage JPolicyConfiguration objects");
                    }
                }
                PermissionCollection excludedPermissions = configuration.getExcludedPermissions();
                PermissionCollection uncheckedPermissions = configuration.getUncheckedPermissions();
                if (logger.isLoggable(BasicLevel.DEBUG)) {
                    logger.log(BasicLevel.DEBUG, "Check permission");
                    logger.log(BasicLevel.DEBUG, "Excluded permissions = " + excludedPermissions);
                    logger.log(BasicLevel.DEBUG, "unchecked permissions = " + uncheckedPermissions);
                }
                if (excludedPermissions.implies(permission)) {
                    if (!logger.isLoggable(BasicLevel.DEBUG)) {
                        return false;
                    }
                    logger.log(BasicLevel.DEBUG, "Permission '" + permission + "' is excluded, return false");
                    return false;
                }
                if (uncheckedPermissions.implies(permission)) {
                    if (!logger.isLoggable(BasicLevel.DEBUG)) {
                        return true;
                    }
                    logger.log(BasicLevel.DEBUG, "Permission '" + permission + "' is unchecked, return true");
                    return true;
                }
                if (protectionDomain.getPrincipals().length > 0) {
                    if (logger.isLoggable(BasicLevel.DEBUG)) {
                        logger.log(BasicLevel.DEBUG, "There are principals, checking principals...");
                    }
                    return isImpliedPermissionForPrincipals(configuration, permission, protectionDomain.getPrincipals());
                }
                if (logger.isLoggable(BasicLevel.DEBUG)) {
                    logger.log(BasicLevel.DEBUG, "Principals length = 0, there is no principal on this domain");
                }
                if (!logger.isLoggable(BasicLevel.DEBUG)) {
                    return false;
                }
                logger.log(BasicLevel.DEBUG, "Permission '" + permission + "' not found, return false");
                return false;
            } catch (PolicyContextException e) {
                if (!logger.isLoggable(BasicLevel.ERROR)) {
                    return false;
                }
                logger.log(BasicLevel.ERROR, i18n.getMessage("JPolicy.implies.canNotRetrieve", contextID, e.getMessage()));
                return false;
            }
        } catch (JPolicyException e2) {
            if (!logger.isLoggable(BasicLevel.ERROR)) {
                return false;
            }
            logger.log(BasicLevel.ERROR, i18n.getMessage("JPolicy.implies.canNotCheck", e2.getMessage()));
            return false;
        } catch (PolicyContextException e3) {
            if (!logger.isLoggable(BasicLevel.ERROR)) {
                return false;
            }
            logger.log(BasicLevel.ERROR, i18n.getMessage("JPolicy.implies.canNotCheck", e3.getMessage()));
            return false;
        }
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        return initialPolicy.getPermissions(protectionDomain);
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        return initialPolicy.getPermissions(codeSource);
    }

    @Override // java.security.Policy
    public void refresh() {
        initialPolicy.refresh();
    }

    private boolean isImpliedPermissionForPrincipals(JPolicyConfiguration jPolicyConfiguration, Permission permission, Principal[] principalArr) {
        boolean z = false;
        for (int i = 0; i < principalArr.length && !z; i++) {
            if (logger.isLoggable(BasicLevel.DEBUG)) {
                logger.log(BasicLevel.DEBUG, "Checking permission '" + permission + "' with permissions of Principal '" + principalArr[i].getName() + "'.");
            }
            if (jPolicyConfiguration.getPermissionsForPrincipal(principalArr[i]).implies(permission)) {
                if (logger.isLoggable(BasicLevel.DEBUG)) {
                    logger.log(BasicLevel.DEBUG, "Permission implied with principal '" + principalArr[i].getName() + "'.");
                }
                z = true;
            }
        }
        if (logger.isLoggable(BasicLevel.DEBUG) && !z) {
            logger.log(BasicLevel.DEBUG, "Permission '" + permission + "' was not found in each permissions of the given roles, return false");
        }
        return z;
    }
}
