package com.sun.enterprise.security;

import com.sun.enterprise.config.serverbeans.JaccProvider;
import com.sun.enterprise.config.serverbeans.SecurityService;
import com.sun.enterprise.util.i18n.StringManager;
import jakarta.inject.Inject;
import jakarta.inject.Named;
import jakarta.inject.Singleton;
import java.lang.reflect.Method;
import java.security.Permission;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import javassist.ClassPool;
import javassist.CtClass;
import javassist.util.proxy.MethodHandler;
import javassist.util.proxy.ProxyFactory;
import javassist.util.proxy.ProxyObject;
import org.glassfish.hk2.api.IterableProvider;
import org.jvnet.hk2.annotations.Service;
import org.jvnet.hk2.config.types.Property;

@Singleton
@Service
/* loaded from: input_file:com/sun/enterprise/security/PolicyLoader.class */
public class PolicyLoader {

    @Inject
    @Named("default-instance-name")
    private SecurityService securityService;

    @Inject
    private IterableProvider<JaccProvider> authorizationModules;
    private static Logger LOGGER = SecurityLoggerInfo.getLogger();
    private static StringManager SM = StringManager.getManager(PolicyLoader.class);
    private static final String POLICY_PROVIDER = "jakarta.security.jacc.policy.provider";
    private static final String POLICY_CONF_FACTORY = "jakarta.security.jacc.PolicyConfigurationFactory.provider";
    private static final String POLICY_PROP_PREFIX = "com.sun.enterprise.jaccprovider.property.";
    private static final String POLICY_PROXY = "com.sun.enterprise.jaccprovider.proxy";
    private boolean isPolicyInstalled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sun/enterprise/security/PolicyLoader$JakartaAuthenticationGuardHandler.class */
    public static class JakartaAuthenticationGuardHandler implements MethodHandler {
        public static final Method impliesMethod = getMethod(Policy.class, "implies", ProtectionDomain.class, Permission.class);
        private final Policy javaSePolicy;

        public JakartaAuthenticationGuardHandler(Policy policy) {
            this.javaSePolicy = policy;
        }

        public Object invoke(Object obj, Method method, Method method2, Object[] objArr) throws Throwable {
            if (isImplementationOf(method, impliesMethod)) {
                Permission permission = (Permission) objArr[1];
                if (!permission.getClass().getName().startsWith("jakarta.")) {
                    return Boolean.valueOf(this.javaSePolicy.implies((ProtectionDomain) objArr[0], permission));
                }
            }
            return method2.invoke(obj, objArr);
        }

        public static boolean isImplementationOf(Method method, Method method2) {
            return method2.getDeclaringClass().isAssignableFrom(method.getDeclaringClass()) && method2.getName().equals(method.getName()) && Arrays.equals(method2.getParameterTypes(), method.getParameterTypes());
        }

        public static Method getMethod(Class<?> cls, String str, Class<?>... clsArr) {
            try {
                return cls.getMethod(str, clsArr);
            } catch (NoSuchMethodException | SecurityException e) {
                throw new IllegalStateException(e);
            }
        }
    }

    public void loadPolicy() {
        if (this.isPolicyInstalled) {
            LOGGER.log(Level.FINE, "Policy already installed. Will not re-install.");
            return;
        }
        JaccProvider configuredJakartaAuthorizationModule = getConfiguredJakartaAuthorizationModule();
        setPolicyConfigurationFactory(configuredJakartaAuthorizationModule);
        String property = System.getProperty(POLICY_PROVIDER);
        if (property != null) {
            LOGGER.log(Level.INFO, SecurityLoggerInfo.policyProviderConfigOverrideMsg, (Object[]) new String[]{POLICY_PROVIDER, property});
        } else if (configuredJakartaAuthorizationModule != null) {
            property = configuredJakartaAuthorizationModule.getPolicyProvider();
        }
        if (System.getProperty("simple.jacc.provider.JACCRoleMapper.class") == null) {
            System.setProperty("simple.jacc.provider.JACCRoleMapper.class", "com.sun.enterprise.security.web.integration.GlassfishRoleMapper");
        }
        if (property == null) {
            LOGGER.warning(SecurityLoggerInfo.policyNotLoadingWarning);
            return;
        }
        try {
            LOGGER.log(Level.INFO, SecurityLoggerInfo.policyLoading, property);
            Policy loadPolicy = (!Boolean.parseBoolean(System.getProperty(POLICY_PROXY, "true")) || System.getSecurityManager() == null) ? loadPolicy(property) : loadPolicyAsProxy(property);
            Policy.setPolicy(loadPolicy);
            if (System.getSecurityManager() == null) {
                loadPolicy.refresh();
            }
            LOGGER.fine("Policy set to: " + property);
            this.isPolicyInstalled = true;
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, SecurityLoggerInfo.policyInstallError, e.getLocalizedMessage());
            throw new RuntimeException(e);
        }
    }

    /* JADX WARN: Type inference failed for: r0v6, types: [T, javassist.util.proxy.ProxyObject] */
    public static <T> T createPolicyProxy(Class<T> cls) throws Exception {
        ProxyFactory proxyFactory = new ProxyFactory();
        proxyFactory.setSuperclass(cls);
        ?? r0 = (T) ((ProxyObject) proxyFactory.createClass().getDeclaredConstructor(new Class[0]).newInstance(new Object[0]));
        r0.setHandler(new JakartaAuthenticationGuardHandler(Policy.getPolicy()));
        return r0;
    }

    private Policy loadPolicy(String str) throws ReflectiveOperationException, SecurityException {
        Object newInstance = Thread.currentThread().getContextClassLoader().loadClass(str).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
        if (newInstance instanceof Policy) {
            return (Policy) newInstance;
        }
        throw new RuntimeException(SM.getString("enterprise.security.plcyload.not14"));
    }

    private Policy loadPolicyAsProxy(String str) throws Exception {
        CtClass ctClass = ClassPool.getDefault().get(str);
        ctClass.defrost();
        ctClass.setModifiers(1);
        Object createPolicyProxy = createPolicyProxy(ctClass.toClass(Thread.currentThread().getContextClassLoader().loadClass(System.getProperty(POLICY_CONF_FACTORY))));
        if (!(createPolicyProxy instanceof Policy)) {
            throw new RuntimeException(SM.getString("enterprise.security.plcyload.not14"));
        }
        createPolicyProxy.toString();
        return (Policy) createPolicyProxy;
    }

    private JaccProvider getConfiguredJakartaAuthorizationModule() {
        JaccProvider jaccProvider;
        try {
            String jacc = this.securityService.getJacc();
            jaccProvider = getAuthorizationModuleByName(jacc);
            if (jaccProvider == null) {
                LOGGER.log(Level.WARNING, SecurityLoggerInfo.policyNoSuchName, jacc);
            }
        } catch (Exception e) {
            LOGGER.warning(SecurityLoggerInfo.policyReadingError);
            jaccProvider = null;
        }
        return jaccProvider;
    }

    private JaccProvider getAuthorizationModuleByName(String str) {
        if (this.authorizationModules == null || str == null) {
            return null;
        }
        for (JaccProvider jaccProvider : this.authorizationModules) {
            if (jaccProvider.getName().equals(str)) {
                return jaccProvider;
            }
        }
        return null;
    }

    private void setPolicyConfigurationFactory(JaccProvider jaccProvider) {
        if (jaccProvider == null) {
            return;
        }
        String property = System.getProperty(POLICY_CONF_FACTORY);
        if (property != null) {
            LOGGER.log(Level.WARNING, SecurityLoggerInfo.policyFactoryOverride, (Object[]) new String[]{POLICY_CONF_FACTORY, property});
        } else {
            String policyConfigurationFactoryProvider = jaccProvider.getPolicyConfigurationFactoryProvider();
            if (policyConfigurationFactoryProvider == null) {
                LOGGER.log(Level.WARNING, SecurityLoggerInfo.policyConfigFactoryNotDefined);
            } else {
                System.setProperty(POLICY_CONF_FACTORY, policyConfigurationFactoryProvider);
            }
        }
        for (Property property2 : jaccProvider.getProperty()) {
            String str = "com.sun.enterprise.jaccprovider.property." + property2.getName();
            String value = property2.getValue();
            LOGGER.finest("PolicyLoader set [" + str + "] to [" + value + "]");
            System.setProperty(str, value);
        }
    }
}
