package org.glassfish.exousia.modules.locked;

import jakarta.security.jacc.EJBRoleRefPermission;
import jakarta.security.jacc.PolicyConfiguration;
import jakarta.security.jacc.PolicyContext;
import jakarta.security.jacc.PolicyContextException;
import jakarta.security.jacc.PolicyContextHandler;
import jakarta.security.jacc.WebResourcePermission;
import jakarta.security.jacc.WebRoleRefPermission;
import jakarta.security.jacc.WebUserDataPermission;
import java.lang.reflect.Constructor;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.SecurityPermission;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.management.MBeanPermission;

/* loaded from: input_file:org/glassfish/exousia/modules/locked/SimplePolicyConfiguration.class */
public class SimplePolicyConfiguration implements PolicyConfiguration {
    public static final int OPEN_STATE = 0;
    public static final int INSERVICE_STATE = 2;
    public static final int DELETED_STATE = 3;
    private static final Permission setPolicyPermission = new SecurityPermission("setPolicy");
    private String contextId;
    private PermissionCollection excludedPermissions;
    private PermissionCollection uncheckedPermissions;
    private List<Role> roleTable;
    private int state = 0;
    private ReentrantReadWriteLock policyContextLock = new ReentrantReadWriteLock(true);
    private Lock readLock = this.policyContextLock.readLock();
    private Lock writeLock = this.policyContextLock.writeLock();

    /* JADX INFO: Access modifiers changed from: protected */
    public SimplePolicyConfiguration(String str) {
        this.contextId = str;
    }

    @Override // jakarta.security.jacc.PolicyConfiguration
    public String getContextID() throws PolicyContextException {
        return this.contextId;
    }

    @Override // jakarta.security.jacc.PolicyConfiguration
    public void addToRole(String str, PermissionCollection permissionCollection) throws PolicyContextException {
        checkSetPolicyPermission();
        this.writeLock.lock();
        try {
            assertStateIsOpen();
            if (str != null && permissionCollection != null) {
                getRole(str).addPermissions(permissionCollection);
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    @Override // jakarta.security.jacc.PolicyConfiguration
    public void addToRole(String str, Permission permission) throws PolicyContextException {
        checkSetPolicyPermission();
        this.writeLock.lock();
        try {
            assertStateIsOpen();
            if (str != null && permission != null) {
                getRole(str).addPermission(permission);
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    @Override // jakarta.security.jacc.PolicyConfiguration
    public void addToUncheckedPolicy(PermissionCollection permissionCollection) throws PolicyContextException {
        checkSetPolicyPermission();
        this.writeLock.lock();
        try {
            assertStateIsOpen();
            if (permissionCollection != null) {
                Enumeration<Permission> elements = permissionCollection.elements();
                while (elements.hasMoreElements()) {
                    getUncheckedPermissions().add(elements.nextElement());
                }
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    @Override // jakarta.security.jacc.PolicyConfiguration
    public void addToUncheckedPolicy(Permission permission) throws PolicyContextException {
        checkSetPolicyPermission();
        this.writeLock.lock();
        try {
            assertStateIsOpen();
            if (permission != null) {
                getUncheckedPermissions().add(permission);
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    @Override // jakarta.security.jacc.PolicyConfiguration
    public void addToExcludedPolicy(PermissionCollection permissionCollection) throws PolicyContextException {
        checkSetPolicyPermission();
        this.writeLock.lock();
        try {
            assertStateIsOpen();
            if (permissionCollection != null) {
                Enumeration<Permission> elements = permissionCollection.elements();
                while (elements.hasMoreElements()) {
                    getExcludedPermissions().add(elements.nextElement());
                }
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    @Override // jakarta.security.jacc.PolicyConfiguration
    public void addToExcludedPolicy(Permission permission) throws PolicyContextException {
        checkSetPolicyPermission();
        this.writeLock.lock();
        try {
            assertStateIsOpen();
            if (permission != null) {
                getExcludedPermissions().add(permission);
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    @Override // jakarta.security.jacc.PolicyConfiguration
    public void removeRole(String str) throws PolicyContextException {
        checkSetPolicyPermission();
        this.writeLock.lock();
        try {
            assertStateIsOpen();
            if (str != null && this.roleTable != null) {
                if (this.roleTable.remove(new Role(str))) {
                    if (this.roleTable.isEmpty()) {
                        this.roleTable = null;
                    }
                } else if (str.equals("*")) {
                    this.roleTable.clear();
                    this.roleTable = null;
                }
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    @Override // jakarta.security.jacc.PolicyConfiguration
    public void removeUncheckedPolicy() throws PolicyContextException {
        checkSetPolicyPermission();
        this.writeLock.lock();
        try {
            assertStateIsOpen();
            this.uncheckedPermissions = null;
        } finally {
            this.writeLock.unlock();
        }
    }

    @Override // jakarta.security.jacc.PolicyConfiguration
    public void removeExcludedPolicy() throws PolicyContextException {
        checkSetPolicyPermission();
        this.writeLock.lock();
        try {
            assertStateIsOpen();
            this.excludedPermissions = null;
        } finally {
            this.writeLock.unlock();
        }
    }

    @Override // jakarta.security.jacc.PolicyConfiguration
    public void linkConfiguration(PolicyConfiguration policyConfiguration) throws PolicyContextException {
        checkSetPolicyPermission();
        this.readLock.lock();
        try {
            assertStateIsOpen();
            SharedState.link(this.contextId, policyConfiguration.getContextID());
        } finally {
            this.readLock.unlock();
        }
    }

    @Override // jakarta.security.jacc.PolicyConfiguration
    public void delete() throws PolicyContextException {
        checkSetPolicyPermission();
        SharedState.removeLinks(this.contextId);
        this.writeLock.lock();
        try {
            removePolicy();
            try {
                setState(3);
            } finally {
            }
        } catch (Throwable th) {
            try {
                setState(3);
                throw th;
            } finally {
            }
        }
    }

    @Override // jakarta.security.jacc.PolicyConfiguration
    public void commit() throws PolicyContextException {
        checkSetPolicyPermission();
        boolean z = false;
        this.writeLock.lock();
        try {
            if (stateIs(3)) {
                throw new UnsupportedOperationException("pc.invalid_op_for_state_delete");
            }
            if (stateIs(0)) {
                if (this.roleTable != null) {
                    z = true;
                }
                setState(2);
            }
            if (z) {
                commitRoleMapping();
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    @Override // jakarta.security.jacc.PolicyConfiguration
    public boolean inService() throws PolicyContextException {
        this.readLock.lock();
        try {
            return stateIs(2);
        } finally {
            this.readLock.unlock();
        }
    }

    @Override // jakarta.security.jacc.PolicyConfiguration
    public Map<String, PermissionCollection> getPerRolePermissions() {
        return null;
    }

    @Override // jakarta.security.jacc.PolicyConfiguration
    public PermissionCollection getUncheckedPermissions() {
        if (this.uncheckedPermissions == null) {
            this.uncheckedPermissions = new Permissions();
        }
        return this.uncheckedPermissions;
    }

    @Override // jakarta.security.jacc.PolicyConfiguration
    public PermissionCollection getExcludedPermissions() {
        if (this.excludedPermissions == null) {
            this.excludedPermissions = new Permissions();
        }
        return this.excludedPermissions;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static SimplePolicyConfiguration getPolicyConfig(String str, boolean z) throws PolicyContextException {
        SimplePolicyConfiguration config = SharedState.getConfig(str, z);
        config.writeLock.lock();
        if (z) {
            try {
                config.removePolicy();
            } finally {
                config.writeLock.unlock();
            }
        }
        config.setState(0);
        return config;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean inService(String str) throws PolicyContextException {
        SimplePolicyConfiguration policyConfig = getPolicyConfig(str);
        if (policyConfig == null) {
            return false;
        }
        return policyConfig.inService();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static SimplePolicyConfiguration getPolicyConfig(String str) {
        return SharedState.lookupConfig(str);
    }

    protected static void checkSetPolicyPermission() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(setPolicyPermission);
        }
    }

    private void setState(int i) {
        this.state = i;
    }

    private boolean stateIs(int i) {
        return this.state == i;
    }

    private void assertStateIsOpen() throws UnsupportedOperationException {
        if (!stateIs(0)) {
            throw new UnsupportedOperationException("Operation invoked on closed or deleted PolicyConfiguration.");
        }
    }

    private void assertStateIsInService() throws UnsupportedOperationException {
        if (!stateIs(2)) {
            throw new UnsupportedOperationException("Operation invoked on open or deleted PolicyConfiguration.");
        }
    }

    private Role getRole(String str) {
        int i = -1;
        Role role = new Role(str);
        if (this.roleTable == null) {
            this.roleTable = new ArrayList();
        } else {
            i = this.roleTable.indexOf(role);
        }
        if (i < 0) {
            this.roleTable.add(role);
        } else {
            role = this.roleTable.get(i);
        }
        return role;
    }

    private void removePolicy() {
        this.excludedPermissions = null;
        this.uncheckedPermissions = null;
        this.roleTable = null;
    }

    private void commitRoleMapping() throws PolicyContextException {
        try {
            AuthorizationRoleMapper authorizationRoleMapper = (AuthorizationRoleMapper) PolicyContext.getContext(AuthorizationRoleMapper.HANDLER_KEY);
            if (authorizationRoleMapper == null) {
                throw new PolicyContextException("RoleMapper.lookup.null");
            }
            this.writeLock.lock();
            try {
                if (this.roleTable != null) {
                    for (Role role : this.roleTable) {
                        role.setPrincipals(authorizationRoleMapper.getPrincipalsInRole(this.contextId, role.getName()));
                    }
                    int indexOf = this.roleTable.indexOf(new Role("**"));
                    if (indexOf != -1) {
                        this.roleTable.get(indexOf).determineAnyAuthenticatedUserRole();
                    }
                }
            } finally {
                this.writeLock.unlock();
            }
        } catch (Throwable th) {
            SharedState.getLogger().log(Level.SEVERE, "RoleMapper.lookup.failed", th);
            if (!(th instanceof PolicyContextException)) {
                throw new PolicyContextException(th);
            }
            throw ((PolicyContextException) th);
        }
    }

    public static PermissionCollection getPermissions(PermissionCollection permissionCollection, CodeSource codeSource) throws PolicyContextException {
        SimplePolicyConfiguration activeConfig = SharedState.getActiveConfig();
        return activeConfig == null ? permissionCollection : activeConfig.getPermissions(permissionCollection, (PermissionCollection) null, new Principal[0]);
    }

    public static PermissionCollection getPermissions(PermissionCollection permissionCollection, ProtectionDomain protectionDomain) throws PolicyContextException {
        SimplePolicyConfiguration activeConfig = SharedState.getActiveConfig();
        return activeConfig == null ? permissionCollection : activeConfig.getPermissions(permissionCollection, protectionDomain.getPermissions(), protectionDomain.getPrincipals());
    }

    public static int implies(ProtectionDomain protectionDomain, Permission permission) throws PolicyContextException {
        SimplePolicyConfiguration activeConfig = SharedState.getActiveConfig();
        if (activeConfig == null) {
            return 0;
        }
        return activeConfig.doImplies(protectionDomain, permission);
    }

    private boolean permissionIsExcluded(Permission permission) {
        boolean z = false;
        if (hasExcludedPermissions()) {
            if (getExcludedPermissions().implies(permission)) {
                z = true;
            } else {
                Enumeration<Permission> elements = this.excludedPermissions.elements();
                while (true) {
                    if (!elements.hasMoreElements()) {
                        break;
                    }
                    if (permission.implies(elements.nextElement())) {
                        z = true;
                        break;
                    }
                }
            }
        }
        return z;
    }

    private int doImplies(ProtectionDomain protectionDomain, Permission permission) throws PolicyContextException {
        this.readLock.lock();
        int i = 0;
        try {
            try {
                assertStateIsInService();
                if (permissionIsExcluded(permission)) {
                    i = -1;
                } else if (getUncheckedPermissions().implies(permission)) {
                    i = 1;
                } else if (this.roleTable != null) {
                    Principal[] principals = protectionDomain.getPrincipals();
                    if (principals.length == 0) {
                        i = 0;
                    } else {
                        Iterator<Role> it = this.roleTable.iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            Role next = it.next();
                            if (next.arePrincipalsInRole(principals) && next.implies(permission)) {
                                i = 1;
                                break;
                            }
                            if (i != 1) {
                                i = 0;
                            }
                        }
                        if (i != 1) {
                            i = 0;
                        }
                    }
                }
                return i;
            } catch (UnsupportedOperationException e) {
                throw new PolicyContextException(e);
            }
        } finally {
            this.readLock.unlock();
        }
    }

    private boolean hasExcludedPermissions() {
        return this.excludedPermissions != null && this.excludedPermissions.elements().hasMoreElements();
    }

    private PermissionCollection getPermissions(PermissionCollection permissionCollection, PermissionCollection permissionCollection2, Principal[] principalArr) throws PolicyContextException, UnsupportedOperationException {
        this.readLock.lock();
        try {
            try {
                assertStateIsInService();
                Permissions permissions = null;
                boolean hasExcludedPermissions = hasExcludedPermissions();
                if (permissionCollection != null) {
                    Enumeration<Permission> elements = permissionCollection.elements();
                    while (elements.hasMoreElements()) {
                        Permission nextElement = elements.nextElement();
                        if (!hasExcludedPermissions || !permissionIsExcluded(nextElement)) {
                            if (permissions == null) {
                                permissions = new Permissions();
                            }
                            permissions.add(nextElement);
                        }
                    }
                }
                if (permissionCollection2 != null) {
                    Enumeration<Permission> elements2 = permissionCollection2.elements();
                    while (elements2.hasMoreElements()) {
                        Permission nextElement2 = elements2.nextElement();
                        if (!hasExcludedPermissions || !permissionIsExcluded(nextElement2)) {
                            if (permissions == null) {
                                permissions = new Permissions();
                            }
                            permissions.add(nextElement2);
                        }
                    }
                }
                Enumeration<Permission> elements3 = getUncheckedPermissions().elements();
                while (elements3.hasMoreElements()) {
                    Permission nextElement3 = elements3.nextElement();
                    if (!hasExcludedPermissions || !permissionIsExcluded(nextElement3)) {
                        if (permissions == null) {
                            permissions = new Permissions();
                        }
                        permissions.add(nextElement3);
                    }
                }
                if (principalArr.length == 0 || this.roleTable == null) {
                    return permissions;
                }
                for (Role role : this.roleTable) {
                    if (role.arePrincipalsInRole(principalArr)) {
                        Enumeration<Permission> elements4 = role.getPermissions().elements();
                        while (elements4.hasMoreElements()) {
                            Permission nextElement4 = elements4.nextElement();
                            if (!hasExcludedPermissions || !permissionIsExcluded(nextElement4)) {
                                if (permissions == null) {
                                    permissions = new Permissions();
                                }
                                permissions.add(nextElement4);
                            }
                        }
                    }
                }
                Permissions permissions2 = permissions;
                this.readLock.unlock();
                return permissions2;
            } catch (UnsupportedOperationException e) {
                throw new PolicyContextException(e);
            }
        } finally {
            this.readLock.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void refresh() throws PolicyContextException {
    }

    static void doPrivilegedLog(final Level level, final String str, final Object[] objArr) {
        final Logger logger = SharedState.getLogger();
        if (logger.isLoggable(level)) {
            if (System.getSecurityManager() == null) {
                logger.log(level, str, objArr);
            } else {
                AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: org.glassfish.exousia.modules.locked.SimplePolicyConfiguration.2
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        logger.log(level, str, objArr);
                        return null;
                    }
                });
            }
        }
    }

    static void doPrivilegedLog(final Level level, final String str, final Throwable th) {
        final Logger logger = SharedState.getLogger();
        if (logger.isLoggable(level)) {
            if (System.getSecurityManager() == null) {
                logger.log(level, str, th);
            } else {
                AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: org.glassfish.exousia.modules.locked.SimplePolicyConfiguration.3
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        logger.log(level, str, th);
                        return null;
                    }
                });
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void logGetPermissionsFailure(Object obj, Throwable th) {
        doPrivilegedLog(Level.INFO, "getPermissions.failure", new Object[]{PolicyContext.getContextID(), obj});
        doPrivilegedLog(Level.INFO, "getPermissions.failure", th);
    }

    private static boolean permissionShouldBeLogged(Permission permission) {
        return ((permission instanceof WebResourcePermission) || (permission instanceof WebUserDataPermission) || (permission instanceof MBeanPermission) || (permission instanceof WebRoleRefPermission) || (permission instanceof EJBRoleRefPermission)) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void logAccessFailure(ProtectionDomain protectionDomain, Permission permission) {
        if (permissionShouldBeLogged(permission) || SharedState.getLogger().isLoggable(Level.FINE)) {
            doPrivilegedLog(Level.FINE, "Domain.that.failed", new Object[]{PolicyContext.getContextID(), permission, protectionDomain});
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void logException(Level level, String str, Throwable th) {
        doPrivilegedLog(level, str, new Object[]{PolicyContext.getContextID()});
        doPrivilegedLog(level, str, th);
    }

    static {
        try {
            String property = System.getProperty(AuthorizationRoleMapper.CLASS_NAME);
            if (property != null || !PolicyContext.getHandlerKeys().contains(AuthorizationRoleMapper.HANDLER_KEY)) {
                if (property == null) {
                    property = SimplePolicyConfiguration.class.getPackage().getName() + ".GlassfishRoleMapper";
                }
                final Constructor<?> constructor = Thread.currentThread().getContextClassLoader().loadClass(property).getConstructor(Logger.class);
                PolicyContext.registerHandler(AuthorizationRoleMapper.HANDLER_KEY, new PolicyContextHandler() { // from class: org.glassfish.exousia.modules.locked.SimplePolicyConfiguration.1
                    @Override // jakarta.security.jacc.PolicyContextHandler
                    public Object getContext(String str, Object obj) throws PolicyContextException {
                        if (!str.equals(AuthorizationRoleMapper.HANDLER_KEY)) {
                            return null;
                        }
                        try {
                            return constructor.newInstance(SharedState.getLogger());
                        } catch (Throwable th) {
                            throw new PolicyContextException(th);
                        }
                    }

                    @Override // jakarta.security.jacc.PolicyContextHandler
                    public String[] getKeys() throws PolicyContextException {
                        return new String[]{AuthorizationRoleMapper.HANDLER_KEY};
                    }

                    @Override // jakarta.security.jacc.PolicyContextHandler
                    public boolean supports(String str) throws PolicyContextException {
                        return str.equals(AuthorizationRoleMapper.HANDLER_KEY);
                    }
                }, false);
            }
        } catch (Throwable th) {
            SharedState.getLogger().log(Level.SEVERE, "RoleMapper.registration.failed", th);
            throw new RuntimeException(th);
        }
    }
}
