package org.apache.tuscany.sca.policy.security.jsr250;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.annotation.AlreadyInstrumented;
import java.lang.reflect.Method;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.annotation.security.RunAs;
import javax.xml.namespace.NamespaceContext;
import javax.xml.namespace.QName;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathExpressionException;
import org.apache.tuscany.sca.assembly.AssemblyFactory;
import org.apache.tuscany.sca.common.xml.stax.reader.NamespaceContextImpl;
import org.apache.tuscany.sca.common.xml.xpath.XPathHelper;
import org.apache.tuscany.sca.core.ExtensionPointRegistry;
import org.apache.tuscany.sca.core.FactoryExtensionPoint;
import org.apache.tuscany.sca.implementation.java.IntrospectionException;
import org.apache.tuscany.sca.implementation.java.JavaImplementation;
import org.apache.tuscany.sca.implementation.java.introspect.BaseJavaClassVisitor;
import org.apache.tuscany.sca.interfacedef.Operation;
import org.apache.tuscany.sca.interfacedef.java.JavaOperation;
import org.apache.tuscany.sca.policy.PolicyExpression;
import org.apache.tuscany.sca.policy.PolicyFactory;
import org.apache.tuscany.sca.policy.PolicySet;
import org.apache.tuscany.sca.policy.authorization.AuthorizationPolicy;
import org.apache.tuscany.sca.policy.identity.SecurityIdentityPolicy;

@AlreadyInstrumented
/* loaded from: input_file:org/apache/tuscany/sca/policy/security/jsr250/JSR250PolicyProcessor.class */
public class JSR250PolicyProcessor extends BaseJavaClassVisitor {
    private PolicyFactory policyFactory;
    private XPathHelper xpathHelper;
    private String appliesToString;
    private XPathExpression appliesToExpression;
    static final long serialVersionUID = 1639050012875028808L;
    private static final /* synthetic */ TraceComponent $$$dynamic$$$trace$$$component$$$ = Tr.register(JSR250PolicyProcessor.class, (String) null, (String) null);
    private static final QName RUN_AS = new QName("http://tuscany.apache.org/xmlns/sca/1.1", "runAs");
    private static final QName ALLOW = new QName("http://tuscany.apache.org/xmlns/sca/1.1", "allow");
    private static final QName PERMIT_ALL = new QName("http://tuscany.apache.org/xmlns/sca/1.1", "permitAll");
    private static final QName DENY_ALL = new QName("http://tuscany.apache.org/xmlns/sca/1.1", "denyAll");

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v10, types: [javax.xml.xpath.XPath] */
    /* JADX WARN: Type inference failed for: r0v11 */
    /* JADX WARN: Type inference failed for: r0v13, types: [org.apache.tuscany.sca.policy.security.jsr250.JSR250PolicyProcessor] */
    public JSR250PolicyProcessor(ExtensionPointRegistry extensionPointRegistry) throws IntrospectionException {
        super((AssemblyFactory) ((FactoryExtensionPoint) extensionPointRegistry.getExtensionPoint(FactoryExtensionPoint.class)).getFactory(AssemblyFactory.class));
        if (TraceComponent.isAnyTracingEnabled() && $$$dynamic$$$trace$$$component$$$ != null && $$$dynamic$$$trace$$$component$$$.isEntryEnabled()) {
            Tr.entry($$$dynamic$$$trace$$$component$$$, "<init>", new Object[]{extensionPointRegistry});
        }
        this.appliesToString = "//sca:implementation.java";
        this.appliesToExpression = null;
        this.policyFactory = (PolicyFactory) ((FactoryExtensionPoint) extensionPointRegistry.getExtensionPoint(FactoryExtensionPoint.class)).getFactory(PolicyFactory.class);
        this.xpathHelper = XPathHelper.getInstance(extensionPointRegistry);
        NamespaceContextImpl namespaceContextImpl = new NamespaceContextImpl((NamespaceContext) null);
        namespaceContextImpl.register("sca", "http://docs.oasis-open.org/ns/opencsa/sca/200912");
        Throwable newXPath = this.xpathHelper.newXPath();
        try {
            newXPath = this;
            newXPath.appliesToExpression = this.xpathHelper.compile((XPath) newXPath, namespaceContextImpl, this.appliesToString);
            if (TraceComponent.isAnyTracingEnabled() && $$$dynamic$$$trace$$$component$$$ != null && $$$dynamic$$$trace$$$component$$$.isEntryEnabled()) {
                Tr.exit($$$dynamic$$$trace$$$component$$$, "<init>", this);
            }
        } catch (XPathExpressionException e) {
            FFDCFilter.processException(e, "org.apache.tuscany.sca.policy.security.jsr250.JSR250PolicyProcessor", "83", this);
            throw new IntrospectionException(newXPath);
        }
    }

    public <T> void visitClass(Class<T> cls, JavaImplementation javaImplementation) throws IntrospectionException {
        if (TraceComponent.isAnyTracingEnabled() && $$$dynamic$$$trace$$$component$$$ != null && $$$dynamic$$$trace$$$component$$$.isEntryEnabled()) {
            Tr.entry($$$dynamic$$$trace$$$component$$$, "visitClass", new Object[]{cls, javaImplementation});
        }
        RunAs annotation = cls.getAnnotation(RunAs.class);
        if (annotation != null) {
            String value = annotation.value();
            if (value == null) {
            }
            SecurityIdentityPolicy securityIdentityPolicy = new SecurityIdentityPolicy();
            securityIdentityPolicy.setRunAsRole(value);
            javaImplementation.getPolicySets().add(createPolicySet(RUN_AS, SecurityIdentityPolicy.NAME, securityIdentityPolicy));
        }
        RolesAllowed annotation2 = cls.getAnnotation(RolesAllowed.class);
        if (annotation2 != null) {
            if (annotation2.value().length == 0) {
            }
            AuthorizationPolicy authorizationPolicy = new AuthorizationPolicy();
            authorizationPolicy.setAccessControl(AuthorizationPolicy.AcessControl.allow);
            for (String str : annotation2.value()) {
                authorizationPolicy.getRoleNames().add(str);
            }
            javaImplementation.getPolicySets().add(createPolicySet(ALLOW, AuthorizationPolicy.NAME, authorizationPolicy));
        }
        if (cls.getAnnotation(PermitAll.class) != null) {
            AuthorizationPolicy authorizationPolicy2 = new AuthorizationPolicy();
            authorizationPolicy2.setAccessControl(AuthorizationPolicy.AcessControl.permitAll);
            javaImplementation.getPolicySets().add(createPolicySet(PERMIT_ALL, AuthorizationPolicy.NAME, authorizationPolicy2));
        }
        if (TraceComponent.isAnyTracingEnabled() && $$$dynamic$$$trace$$$component$$$ != null && $$$dynamic$$$trace$$$component$$$.isEntryEnabled()) {
            Tr.exit($$$dynamic$$$trace$$$component$$$, "visitClass");
        }
    }

    public void visitMethod(Method method, JavaImplementation javaImplementation) throws IntrospectionException {
        if (TraceComponent.isAnyTracingEnabled() && $$$dynamic$$$trace$$$component$$$ != null && $$$dynamic$$$trace$$$component$$$.isEntryEnabled()) {
            Tr.entry($$$dynamic$$$trace$$$component$$$, "visitMethod", new Object[]{method, javaImplementation});
        }
        RolesAllowed annotation = method.getAnnotation(RolesAllowed.class);
        if (annotation != null) {
            if (annotation.value().length == 0) {
            }
            AuthorizationPolicy authorizationPolicy = new AuthorizationPolicy();
            authorizationPolicy.setAccessControl(AuthorizationPolicy.AcessControl.allow);
            for (String str : annotation.value()) {
                authorizationPolicy.getRoleNames().add(str);
            }
            Operation operationModel = getOperationModel(method, javaImplementation);
            if (operationModel != null) {
                operationModel.getPolicySets().add(createPolicySet(ALLOW, AuthorizationPolicy.NAME, authorizationPolicy));
            }
        }
        if (method.getAnnotation(PermitAll.class) != null) {
            AuthorizationPolicy authorizationPolicy2 = new AuthorizationPolicy();
            authorizationPolicy2.setAccessControl(AuthorizationPolicy.AcessControl.permitAll);
            Operation operationModel2 = getOperationModel(method, javaImplementation);
            if (operationModel2 != null) {
                operationModel2.getPolicySets().add(createPolicySet(PERMIT_ALL, AuthorizationPolicy.NAME, authorizationPolicy2));
            }
        }
        if (method.getAnnotation(DenyAll.class) != null) {
            AuthorizationPolicy authorizationPolicy3 = new AuthorizationPolicy();
            authorizationPolicy3.setAccessControl(AuthorizationPolicy.AcessControl.denyAll);
            Operation operationModel3 = getOperationModel(method, javaImplementation);
            if (operationModel3 != null) {
                operationModel3.getPolicySets().add(createPolicySet(DENY_ALL, AuthorizationPolicy.NAME, authorizationPolicy3));
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && $$$dynamic$$$trace$$$component$$$ != null && $$$dynamic$$$trace$$$component$$$.isEntryEnabled()) {
            Tr.exit($$$dynamic$$$trace$$$component$$$, "visitMethod");
        }
    }

    private Operation getOperationModel(Method method, JavaImplementation javaImplementation) {
        if (TraceComponent.isAnyTracingEnabled() && $$$dynamic$$$trace$$$component$$$ != null && $$$dynamic$$$trace$$$component$$$.isEntryEnabled()) {
            Tr.entry($$$dynamic$$$trace$$$component$$$, "getOperationModel", new Object[]{method, javaImplementation});
        }
        for (JavaOperation javaOperation : javaImplementation.getOperations()) {
            if (javaOperation.getJavaMethod().equals(method)) {
                if (TraceComponent.isAnyTracingEnabled() && $$$dynamic$$$trace$$$component$$$ != null && $$$dynamic$$$trace$$$component$$$.isEntryEnabled()) {
                    Tr.exit($$$dynamic$$$trace$$$component$$$, "getOperationModel", javaOperation);
                }
                return javaOperation;
            }
        }
        if (TraceComponent.isAnyTracingEnabled() && $$$dynamic$$$trace$$$component$$$ != null && $$$dynamic$$$trace$$$component$$$.isEntryEnabled()) {
            Tr.exit($$$dynamic$$$trace$$$component$$$, "getOperationModel", (Object) null);
        }
        return null;
    }

    private PolicySet createPolicySet(QName qName, QName qName2, Object obj) {
        if (TraceComponent.isAnyTracingEnabled() && $$$dynamic$$$trace$$$component$$$ != null && $$$dynamic$$$trace$$$component$$$.isEntryEnabled()) {
            Tr.entry($$$dynamic$$$trace$$$component$$$, "createPolicySet", new Object[]{qName, qName2, obj});
        }
        PolicyExpression createPolicyExpression = this.policyFactory.createPolicyExpression();
        createPolicyExpression.setName(qName2);
        createPolicyExpression.setPolicy(obj);
        PolicySet createPolicySet = this.policyFactory.createPolicySet();
        createPolicySet.setName(qName);
        createPolicySet.setAppliesTo(this.appliesToString);
        createPolicySet.setAppliesToXPathExpression(this.appliesToExpression);
        createPolicySet.getPolicies().add(createPolicyExpression);
        createPolicySet.setUnresolved(false);
        if (TraceComponent.isAnyTracingEnabled() && $$$dynamic$$$trace$$$component$$$ != null && $$$dynamic$$$trace$$$component$$$.isEntryEnabled()) {
            Tr.exit($$$dynamic$$$trace$$$component$$$, "createPolicySet", createPolicySet);
        }
        return createPolicySet;
    }

    static {
        if (TraceComponent.isAnyTracingEnabled() && $$$dynamic$$$trace$$$component$$$ != null && $$$dynamic$$$trace$$$component$$$.isEntryEnabled()) {
            Tr.exit($$$dynamic$$$trace$$$component$$$, "<clinit>");
        }
    }
}
