package com.ibm.ws.security.core;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.bootstrap.ExtClassLoader;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.naming.util.C;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.SecurityMessages;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.URL;
import java.security.AccessControlException;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.Enumeration;
import java.util.List;

/* loaded from: input_file:com/ibm/ws/security/core/SecurityManager.class */
public class SecurityManager extends java.lang.SecurityManager {
    private boolean grantAll;
    private ExtClassLoader runtimeClassLoader;
    private PermissionCollection filteredPermissions;
    private boolean enableRuntimeFiltering;
    private boolean filteredPermissionsEmpty;
    private boolean initialized;
    private Thread _mainthread;
    private boolean _norethrow;
    private boolean _nolog;
    private boolean _notracktrace;
    private static final String GETCLASSLOADER = "getClassLoader";
    private PrivilegedAction<Boolean> isRuntimeThreadAction;
    private static final String lineSep = System.getProperty("line.separator");
    private static final TraceComponent _tc = Tr.register(SecurityManager.class, (String) null, AdminConstants.MSG_BUNDLE_NAME);
    private static final RuntimePermission MODIFYTHREAD_PERM = new RuntimePermission("modifyThread");
    private static final RuntimePermission MODIFYTHREADGROUP_PERM = new RuntimePermission("modifyThreadGroup");

    public SecurityManager() {
        this.grantAll = false;
        this.enableRuntimeFiltering = false;
        this.filteredPermissionsEmpty = true;
        this.initialized = false;
        this._norethrow = false;
        this._nolog = false;
        this._notracktrace = false;
        this.isRuntimeThreadAction = new PrivilegedAction<Boolean>() { // from class: com.ibm.ws.security.core.SecurityManager.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Boolean run() {
                Boolean bool = Boolean.FALSE;
                ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
                if (contextClassLoader != null) {
                    bool = new Boolean(contextClassLoader.equals(SecurityManager.this.runtimeClassLoader));
                }
                return bool;
            }
        };
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, "SecurityManager()");
        }
        init(null);
        if (_tc.isEntryEnabled()) {
            Tr.exit(_tc, "SecurityManager()");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityManager(String str, ExtClassLoader extClassLoader, List<?> list, boolean z) {
        this.grantAll = false;
        this.enableRuntimeFiltering = false;
        this.filteredPermissionsEmpty = true;
        this.initialized = false;
        this._norethrow = false;
        this._nolog = false;
        this._notracktrace = false;
        this.isRuntimeThreadAction = new PrivilegedAction<Boolean>() { // from class: com.ibm.ws.security.core.SecurityManager.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Boolean run() {
                Boolean bool = Boolean.FALSE;
                ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
                if (contextClassLoader != null) {
                    bool = new Boolean(contextClassLoader.equals(SecurityManager.this.runtimeClassLoader));
                }
                return bool;
            }
        };
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, "SecurityManager(" + str + ", " + extClassLoader + ", " + list + ", " + z + C.R_PARENTHESIS);
        }
        init(str);
        this.enableRuntimeFiltering = z;
        if (this.enableRuntimeFiltering) {
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "enableRuntimeFiltering = TRUE");
            }
            this.runtimeClassLoader = extClassLoader;
            this.filteredPermissions = new Permissions();
            this.filteredPermissionsEmpty = list.isEmpty();
            if (_tc.isDebugEnabled()) {
                Tr.debug(_tc, "filteredPermissionsEmpty = " + this.filteredPermissionsEmpty);
            }
            if (!this.filteredPermissionsEmpty) {
                int size = list.size();
                for (int i = 0; i < size; i++) {
                    this.filteredPermissions.add((Permission) list.get(i));
                }
            }
            this.filteredPermissions.setReadOnly();
        }
        if (_tc.isEntryEnabled()) {
            Tr.exit(_tc, "SecurityManager()");
        }
    }

    private boolean isRuntimeThread(Permission permission) {
        boolean z = false;
        if (this._mainthread == Thread.currentThread()) {
            z = true;
        } else if (!permission.getName().equals(GETCLASSLOADER)) {
            z = ((Boolean) AccessController.doPrivileged(this.isRuntimeThreadAction)).booleanValue();
        }
        return z;
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission) {
        checkRuntimeFiltering(permission);
        if (this.grantAll) {
            return;
        }
        try {
            super.checkPermission(permission);
        } catch (SecurityException e) {
            handleSecurityException(permission, e);
        }
    }

    @Override // java.lang.SecurityManager
    public void checkPermission(Permission permission, Object obj) {
        if (_tc.isEntryEnabled()) {
            Tr.entry(_tc, "checkPermission(perm,context) permission=" + permission + "context=" + obj);
        }
        checkRuntimeFiltering(permission);
        if (!this.grantAll) {
            try {
                super.checkPermission(permission, obj);
            } catch (SecurityException e) {
                handleSecurityException(permission, e);
            }
        }
        if (_tc.isEntryEnabled()) {
            Tr.exit(_tc, "checkPermission(perm,context)");
        }
    }

    public void checkRuntimeFiltering(Permission permission) throws AccessControlException {
        if (!this.enableRuntimeFiltering || this.filteredPermissionsEmpty || isRuntimeThread(permission) || !this.filteredPermissions.implies(permission)) {
            return;
        }
        if (_tc.isDebugEnabled()) {
            Tr.debug(_tc, "access denied due to runtime permission filtering on " + permission);
        }
        if (!this._norethrow) {
            throw new AccessControlException("access denied due to runtime permission filtering on " + permission, permission);
        }
    }

    public void handleSecurityException(Permission permission, SecurityException securityException) throws SecurityException {
        String stringWriter;
        String[] strArr = null;
        if (this._notracktrace) {
            stringWriter = "Stack trace disabled";
            strArr = new String[]{"", ""};
        } else {
            StringWriter stringWriter2 = new StringWriter();
            securityException.printStackTrace(new PrintWriter(stringWriter2));
            stringWriter = stringWriter2.toString();
            try {
                strArr = getCodeBaseLoc(permission);
            } catch (Exception e) {
                FFDCFilter.processException(securityException, "com.ibm.ws.security.core.SecurityManager", "92", this);
                StringWriter stringWriter3 = new StringWriter();
                e.printStackTrace(new PrintWriter(stringWriter3));
                Tr.error(_tc, "security.jsecman.exception.codebase", new Object[]{e.toString() + C.L_PARENTHESIS + e.getMessage() + C.R_PARENTHESIS + lineSep + lineSep + stringWriter3.toString()});
            }
        }
        throwExceptionOnNoLog(securityException, strArr);
        String msg = SecurityMessages.getMsg("security.jsecman.permdeniedmsg", new Object[]{lineSep + lineSep, lineSep + lineSep + "      " + permission.getName() + " : " + securityException.getMessage() + lineSep + lineSep + lineSep, strArr[0], lineSep + lineSep, lineSep + lineSep + stringWriter + lineSep + lineSep, lineSep + lineSep + strArr[1]});
        String str = "\nJava SecurityException:\n perm.getName<>: " + permission.getName() + "\n e.getMessage<>: " + securityException.getMessage() + "\nBegin SecurityException\n" + stringWriter + "\nCode base location information:\n" + strArr + "\n class ==> : " + strArr[0] + "\nSuggested Action: Verify the attempted operation is permitted by examining all Java 2 security policy files and application code. Additional permissions may be required, a doPrivileged API may be needed in some code on the call stack, or the Security Manager properly prevented access to a resource the caller does not have permission to access.\nEnd SecurityException\n";
        if (_tc.isDebugEnabled()) {
            Tr.debug(_tc, str);
        }
        FFDCFilter.processException(securityException, "com.ibm.ws.security.core.SecurityManager", "180", this, new Object[]{msg});
        if (!this._nolog) {
            if (ContextManagerFactory.getInstance().getPlatformHelper().isZOS()) {
                Tr.warning(_tc, "security.zOS.SecurityManager.PermissionFailure1.warning", new Object[]{lineSep + lineSep, lineSep + lineSep + "      " + permission.getName() + " : " + securityException.getMessage() + lineSep + lineSep + lineSep, strArr[0], lineSep + lineSep + strArr[1]});
                Tr.warning(_tc, "security.zOS.SecurityManager.PermissionFailure2.warning", new Object[]{"\nBegin SecurityException\n" + stringWriter + "\nEnd SecurityException\n"});
            } else {
                Tr.warning(_tc, "security.jsecman.permdeniedmsg", new Object[]{lineSep + lineSep, lineSep + lineSep + "      " + permission.getName() + " : " + securityException.getMessage() + lineSep + lineSep + lineSep, strArr[0], lineSep + lineSep, lineSep + lineSep + stringWriter + lineSep + lineSep, lineSep + lineSep + strArr[1]});
            }
        }
        if (!this._norethrow) {
            throw securityException;
        }
    }

    void throwExceptionOnNoLog(SecurityException securityException, String[] strArr) {
        if (strArr == null || strArr[0] == null || !strArr[0].equals("_nolog")) {
            return;
        }
        if (_tc.isDebugEnabled()) {
            Tr.debug(_tc, "Not printing SecurityException due to ClassLoader handling.", new Object[]{securityException});
        }
        if (!this._norethrow) {
            throw securityException;
        }
    }

    @Override // java.lang.SecurityManager
    public void checkAccess(Thread thread) {
        if (thread == null) {
            throw new NullPointerException("thread can't be null!");
        }
        checkPermission(MODIFYTHREAD_PERM);
    }

    @Override // java.lang.SecurityManager
    public void checkAccess(ThreadGroup threadGroup) {
        if (threadGroup == null) {
            throw new NullPointerException("thread group can't be null!");
        }
        checkPermission(MODIFYTHREADGROUP_PERM);
    }

    @Override // java.lang.SecurityManager
    public boolean checkTopLevelWindow(Object obj) {
        return false;
    }

    private void init(String str) {
        if (this.initialized) {
            return;
        }
        this._mainthread = Thread.currentThread();
        this.grantAll = Policy.getPolicy().getPermissions(new CodeSource((URL) null, (Certificate[]) null)).implies(new AllPermission());
        this._norethrow = Boolean.getBoolean("com.ibm.websphere.java2secman.norethrow");
        this._nolog = Boolean.getBoolean("com.ibm.websphere.java2secman.nolog");
        if (_tc.isDebugEnabled()) {
            if (this.grantAll) {
                Tr.debug(_tc, "grantAll is TRUE");
            } else {
                Tr.debug(_tc, "grantAll is FALSE");
            }
            if (this._norethrow) {
                Tr.debug(_tc, "Running with NoRethrow debug");
            } else {
                Tr.debug(_tc, "Running without NoRethrow debug");
            }
        }
        this._notracktrace = Boolean.getBoolean("com.ibm.websphere.java2secman.nostacktrace");
        if (this._norethrow) {
            Tr.warning(_tc, "security.jsecman.debugnorethrow");
        }
    }

    private String[] getCodeBaseLoc(final Permission permission) {
        return (String[]) AccessController.doPrivileged(new PrivilegedAction<String[]>() { // from class: com.ibm.ws.security.core.SecurityManager.2
            /* JADX WARN: Can't rename method to resolve collision */
            /* JADX WARN: Code restructure failed: missing block: B:25:0x0107, code lost:
            
                continue;
             */
            @Override // java.security.PrivilegedAction
            /*
                Code decompiled incorrectly, please refer to instructions dump.
                To view partially-correct add '--show-bad-code' argument
            */
            public java.lang.String[] run() {
                /*
                    Method dump skipped, instructions count: 450
                    To view this dump add '--comments-level debug' option
                */
                throw new UnsupportedOperationException("Method not decompiled: com.ibm.ws.security.core.SecurityManager.AnonymousClass2.run():java.lang.String[]");
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getCodeSource(ProtectionDomain protectionDomain) {
        String url;
        CodeSource codeSource = protectionDomain.getCodeSource();
        if (codeSource == null) {
            url = "null code source";
        } else {
            URL location = codeSource.getLocation();
            url = location == null ? "null code URL" : location.toString();
        }
        return url;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String permissionToString(CodeSource codeSource, ClassLoader classLoader, PermissionCollection permissionCollection) {
        StringBuffer stringBuffer = new StringBuffer("ClassLoader: ");
        if (classLoader == null) {
            stringBuffer.append("Primordial Classloader");
        } else {
            stringBuffer.append(classLoader.getClass().getName());
        }
        stringBuffer.append(lineSep);
        stringBuffer.append("  Permissions granted to CodeSource ").append(codeSource).append(lineSep);
        if (permissionCollection != null) {
            Enumeration<Permission> elements = permissionCollection.elements();
            stringBuffer.append("  {").append(lineSep);
            while (elements.hasMoreElements()) {
                stringBuffer.append("    ").append(elements.nextElement().toString()).append(";").append(lineSep);
            }
            stringBuffer.append("  }");
        } else {
            stringBuffer.append("  {").append(lineSep).append("  }");
        }
        return stringBuffer.toString();
    }

    boolean isOffendingClass(Class<?>[] clsArr, int i, ProtectionDomain protectionDomain, Permission permission) {
        return !clsArr[i].getName().startsWith("java") && clsArr[i].getName().indexOf("com.ibm.ws.security.core.SecurityManager") == -1 && clsArr[i].getName().indexOf("ClassLoader") == -1 && (i == clsArr.length - 1 || clsArr[i + 1].getName().indexOf("ClassLoader") == -1) && !protectionDomain.implies(permission);
    }
}
