package com.ibm.ws.security.policy;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.jaspi.commands.AdminConstants;
import com.ibm.ws.security.provider.AllPolicyConfigs;
import com.ibm.ws.security.provider.JaccProvider;
import com.ibm.ws.security.provider.WSPolicyConfigurationImpl;
import com.ibm.ws.security.util.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;

/* loaded from: input_file:com/ibm/ws/security/policy/JaccPolicyProxy.class */
public class JaccPolicyProxy extends Policy {
    private ProtectionDomain self;
    private JaccProvider jaccProvider = null;
    private static Policy policy = null;
    private static final TraceComponent tc = Tr.register(JaccPolicyProxy.class, (String) null, AdminConstants.MSG_BUNDLE_NAME);

    public JaccPolicyProxy() {
        this.self = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "JaccPolicyProxy");
        }
        this.self = (ProtectionDomain) AccessController.doPrivileged(new PrivilegedAction<ProtectionDomain>() { // from class: com.ibm.ws.security.policy.JaccPolicyProxy.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public ProtectionDomain run() {
                return this.getClass().getProtectionDomain();
            }
        });
        policy = Policy.getPolicy();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "JaccPolicyProxy()");
        }
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPermissions", new Object[]{codeSource});
        }
        PermissionCollection permissions = policy.getPermissions(codeSource);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPermissions(CodeSource)");
        }
        return permissions;
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPermissions");
        }
        PermissionCollection permissions = policy.getPermissions(protectionDomain);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPermissions(domain)");
        }
        return permissions;
    }

    @Override // java.security.Policy
    public void refresh() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "refresh()");
        }
        policy.refresh();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "refresh()");
        }
    }

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        boolean implies;
        if (this.self == protectionDomain && this.self != null) {
            implies = true;
        } else {
            if (permission instanceof WebResourcePermission) {
                WSPolicyConfigurationImpl policyConfiguration = getPolicyConfiguration();
                if (policyConfiguration == null) {
                    return false;
                }
                if (protectionDomain.getPrincipals() == null || protectionDomain.getPrincipals().length < 1) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Checking the unchecked list");
                    }
                    boolean checkUncheckedPerm = this.jaccProvider.checkUncheckedPerm(policyConfiguration, permission);
                    return checkUncheckedPerm ? checkUncheckedPerm : this.jaccProvider.isEveryoneGranted(policyConfiguration, permission, PolicyContext.getContextID());
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Checking the excluded list");
                }
                if (this.jaccProvider.checkExcludedPerm(policyConfiguration, permission)) {
                    return false;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Checking the role list");
                }
                return this.jaccProvider.checkRolePerm(policyConfiguration, permission, PolicyContext.getContextID());
            }
            if (permission instanceof WebUserDataPermission) {
                WSPolicyConfigurationImpl policyConfiguration2 = getPolicyConfiguration();
                if (policyConfiguration2 == null) {
                    return false;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Checking the excluded list");
                }
                if (this.jaccProvider.checkExcludedPerm(policyConfiguration2, permission)) {
                    return false;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Not in the excluded list: Checking for unchecked");
                }
                return this.jaccProvider.checkUncheckedPerm(policyConfiguration2, permission);
            }
            if ((permission instanceof WebRoleRefPermission) || (permission instanceof EJBRoleRefPermission)) {
                WSPolicyConfigurationImpl policyConfiguration3 = getPolicyConfiguration();
                if (policyConfiguration3 == null) {
                    return false;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Checking the role list");
                }
                return this.jaccProvider.checkRolePerm(policyConfiguration3, permission, PolicyContext.getContextID());
            }
            if (permission instanceof EJBMethodPermission) {
                WSPolicyConfigurationImpl policyConfiguration4 = getPolicyConfiguration();
                if (policyConfiguration4 == null) {
                    return false;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Checking the excluded list");
                }
                if (this.jaccProvider.checkExcludedPerm(policyConfiguration4, permission)) {
                    return false;
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Checking the unchecked list");
                }
                boolean checkUncheckedPerm2 = this.jaccProvider.checkUncheckedPerm(policyConfiguration4, permission);
                return checkUncheckedPerm2 ? checkUncheckedPerm2 : this.jaccProvider.checkRolePerm(policyConfiguration4, permission, PolicyContext.getContextID());
            }
            implies = policy.implies(protectionDomain, permission);
        }
        return implies;
    }

    private WSPolicyConfigurationImpl getPolicyConfiguration() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPolicyConfiguration");
        }
        WSPolicyConfigurationImpl policyConfig = AllPolicyConfigs.getInstance().getPolicyConfig(PolicyContext.getContextID());
        if (policyConfig == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "Cannot get the policy configuration object. exit value:false");
            return null;
        }
        boolean z = false;
        try {
            z = policyConfig.inService();
        } catch (PolicyContextException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.policy.JaccPolicyProxy.JaccProvider.getPolicyConfiguration", "208", this);
            Tr.warning(tc, "security.jacc.provider.inservice", new Object[]{e});
        }
        if (!z) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "The policy configuration object is not in the commit state. exit value:false");
            return null;
        }
        if (this.jaccProvider == null) {
            this.jaccProvider = JaccProvider.getInstance();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPolicyConfiguration");
        }
        return policyConfig;
    }

    static {
        EJBMethodPermission.class.getName();
    }
}
