package jeus.security.container.shared;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.PolicyContext;
import jeus.container.security.EjbSecurityAnnotationInfo;
import jeus.container.security.MethodSecurityInfo;
import jeus.ejb.metadata.BeanInfo;
import jeus.ejb.metadata.ModuleInfo;
import jeus.security.base.Domain;
import jeus.security.base.PermissionMap;
import jeus.security.base.Policy;
import jeus.security.base.PolicyFactory;
import jeus.security.base.SecurityCommonService;
import jeus.security.base.SecurityException;
import jeus.security.base.ServiceException;
import jeus.security.base.Subject;
import jeus.security.container.ejb.XMLJ2EEEJBDDConverter;
import jeus.security.container.ejb.XMLJEUSEJBDDConverter;
import jeus.security.container.web.XMLJ2EEWebDDConverter;
import jeus.security.resource.RoleImpl;
import jeus.security.spi.AuthorizationRepositoryService;
import jeus.security.spi.SecurityInstaller;
import jeus.security.util.JACCUtil;
import jeus.security.util.XMLConverter;
import jeus.util.ArrayListStack;
import jeus.util.ErrorMsgManager;
import jeus.util.ExecutionContext;
import jeus.util.JeusRuntimeException;
import jeus.util.message.JeusMessage_Security_Exception;
import jeus.xml.binding.j2ee.EjbJarType;
import jeus.xml.binding.j2ee.WebAppType;
import jeus.xml.binding.jeusDD.JeusEjbDdType;

/* loaded from: input_file:jeus/security/container/shared/J2EESecurityUtil.class */
public final class J2EESecurityUtil {
    private static InheritableThreadLocal inst = new InheritableThreadLocal();
    private static InheritableThreadLocal met = new InheritableThreadLocal();
    private static InheritableThreadLocal arg = new InheritableThreadLocal();
    private static PrivilegedExceptionAction runner = new PrivilegedExceptionAction() { // from class: jeus.security.container.shared.J2EESecurityUtil.1
        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws Exception {
            Object obj = J2EESecurityUtil.inst.get();
            Object obj2 = J2EESecurityUtil.met.get();
            Object obj3 = J2EESecurityUtil.arg.get();
            if (obj == null || obj2 == null) {
                throw new Exception(ErrorMsgManager.getErrorStringMessage(JeusMessage_Security_Exception._19));
            }
            Method method = (Method) obj2;
            Object[] objArr = new Object[0];
            if (obj3 != null) {
                objArr = (Object[]) obj3;
            }
            return method.invoke(obj, objArr);
        }
    };
    private static ThreadLocal contextStack = new ThreadLocal() { // from class: jeus.security.container.shared.J2EESecurityUtil.2
        @Override // java.lang.ThreadLocal
        protected synchronized Object initialValue() {
            return new ArrayListStack();
        }
    };
    private static ThreadLocal currentSecurityContext = new ThreadLocal();
    public static boolean isJaspicTest = false;

    public static void pushSecurityContext(SecurityContext securityContext) {
        ((ArrayListStack) contextStack.get()).push(securityContext);
        if (JACCUtil.isJACCUsed()) {
            PolicyContext.setHandlerData(securityContext);
        }
        currentSecurityContext.set(securityContext);
    }

    public static SecurityContext peekSecurityContext() {
        return (SecurityContext) currentSecurityContext.get();
    }

    public static SecurityContext peekRunasSecurityContext() {
        ArrayListStack arrayListStack = (ArrayListStack) contextStack.get();
        if (arrayListStack.isEmpty()) {
            return null;
        }
        return arrayListStack.size() >= 2 ? (SecurityContext) arrayListStack.get(arrayListStack.size() - 2) : (SecurityContext) currentSecurityContext.get();
    }

    public static SecurityContext popSecurityContext() {
        ArrayListStack arrayListStack = (ArrayListStack) contextStack.get();
        if (arrayListStack.isEmpty()) {
            if (JACCUtil.isJACCUsed()) {
                PolicyContext.setHandlerData((Object) null);
            }
            currentSecurityContext.set(null);
            return null;
        }
        SecurityContext securityContext = (SecurityContext) arrayListStack.pop();
        if (JACCUtil.isJACCUsed()) {
            PolicyContext.setHandlerData(peekSecurityContext());
        }
        if (arrayListStack.isEmpty()) {
            if (JACCUtil.isJACCUsed()) {
                PolicyContext.setHandlerData((Object) null);
            }
            currentSecurityContext.set(null);
        } else {
            currentSecurityContext.set(arrayListStack.peek());
        }
        return securityContext;
    }

    public static Object runCode(Object obj, Method method, Object[] objArr) throws Throwable {
        if (!JACCUtil.isJACCUsed()) {
            return method.invoke(obj, objArr);
        }
        try {
            inst.set(obj);
            met.set(method);
            arg.set(objArr);
            Subject currentSubject = SecurityCommonService.getCurrentSubject();
            return javax.security.auth.Subject.doAs(currentSubject == null ? null : currentSubject.toJAASSubject(), runner);
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            if (exception instanceof InvocationTargetException) {
                throw exception.getCause();
            }
            throw exception;
        }
    }

    public static SecurityContext getSecurityContext() {
        return new SecurityContext();
    }

    public static Policy makePolicy(String str, WebAppType webAppType, Object obj, XMLJ2EEWebDDConverter xMLJ2EEWebDDConverter, XMLConverter xMLConverter, String str2) throws Exception {
        PermissionMap createPermissionMap = xMLJ2EEWebDDConverter.createPermissionMap(webAppType);
        PermissionMap permissionMap = null;
        if (obj != null) {
            permissionMap = (PermissionMap) xMLConverter.unmarshal(obj);
        }
        Policy policyImplInDomain = PolicyFactory.getPolicyImplInDomain(str2);
        policyImplInDomain.getResourcePolicy(str, true).add(createPermissionMap);
        policyImplInDomain.getRolePolicy().add(permissionMap);
        return policyImplInDomain;
    }

    private static PermissionMap completePolicyContextForEJBAnnotation(List list) {
        PermissionMap permissionMap = new PermissionMap();
        for (int i = 0; i < list.size(); i++) {
            BeanInfo beanInfo = (BeanInfo) list.get(i);
            EjbSecurityAnnotationInfo securityAnnotationInfo = beanInfo.getSecurityAnnotationInfo();
            if (securityAnnotationInfo != null) {
                String[] declaredRoles = securityAnnotationInfo.getDeclaredRoles();
                List<MethodSecurityInfo> methodList = securityAnnotationInfo.getMethodList();
                for (int i2 = 0; i2 < methodList.size(); i2++) {
                    MethodSecurityInfo methodSecurityInfo = methodList.get(i2);
                    if (methodSecurityInfo.isSecuritySpecified()) {
                        boolean isDenyAll = methodSecurityInfo.isDenyAll();
                        boolean isPermitAll = methodSecurityInfo.isPermitAll();
                        String[] rolesAllowed = methodSecurityInfo.getRolesAllowed();
                        RoleImpl[] roleImplArr = null;
                        if (rolesAllowed != null) {
                            roleImplArr = new RoleImpl[rolesAllowed.length];
                            for (int i3 = 0; i3 < rolesAllowed.length; i3++) {
                                roleImplArr[i3] = new RoleImpl(rolesAllowed[i3]);
                            }
                        }
                        Method method = methodSecurityInfo.getMethod();
                        if (method.getParameterTypes().length == 0 && JACCUtil.isRunningJACCCTS()) {
                            permissionMap.addPermission(new EJBMethodPermission(beanInfo.getBeanName(), method.getName() + ",Local"), roleImplArr, isDenyAll, isPermitAll);
                            permissionMap.addPermission(new EJBMethodPermission(beanInfo.getBeanName(), method.getName() + ",LocalHome"), roleImplArr, isDenyAll, isPermitAll);
                            permissionMap.addPermission(new EJBMethodPermission(beanInfo.getBeanName(), method.getName() + ",Remote"), roleImplArr, isDenyAll, isPermitAll);
                            permissionMap.addPermission(new EJBMethodPermission(beanInfo.getBeanName(), method.getName() + ",Home"), roleImplArr, isDenyAll, isPermitAll);
                            permissionMap.addPermission(new EJBMethodPermission(beanInfo.getBeanName(), method.getName() + ",ServiceEndpoint"), roleImplArr, isDenyAll, isPermitAll);
                        } else {
                            permissionMap.addPermission(new EJBMethodPermission(beanInfo.getBeanName(), "Local", method), roleImplArr, isDenyAll, isPermitAll);
                            permissionMap.addPermission(new EJBMethodPermission(beanInfo.getBeanName(), "LocalHome", method), roleImplArr, isDenyAll, isPermitAll);
                            permissionMap.addPermission(new EJBMethodPermission(beanInfo.getBeanName(), "Remote", method), roleImplArr, isDenyAll, isPermitAll);
                            permissionMap.addPermission(new EJBMethodPermission(beanInfo.getBeanName(), "Home", method), roleImplArr, isDenyAll, isPermitAll);
                            permissionMap.addPermission(new EJBMethodPermission(beanInfo.getBeanName(), "ServiceEndpoint", method), roleImplArr, isDenyAll, isPermitAll);
                        }
                    } else {
                        permissionMap.addUnspecifiedMethodInfo(beanInfo.getBeanName(), methodSecurityInfo.getMethod());
                    }
                }
                for (String str : declaredRoles) {
                    permissionMap.addPermission(new EJBRoleRefPermission(beanInfo.getBeanName(), str), new Object[]{new RoleImpl(str)}, false, false);
                }
            }
        }
        return permissionMap;
    }

    public static void addPolicy(Policy policy, String str, String str2) throws ServiceException, SecurityException {
        if (str != null) {
            SecurityCommonService.loginCodeSubject(str);
        } else {
            SecurityCommonService.loginCodeSubject(SecurityInstaller.getEnvironment().defaultDomainName);
        }
        try {
            HashMap hashMap = new HashMap();
            hashMap.put(ExecutionContext.APPLICATION_INDEX, str2);
            ExecutionContext.push(hashMap);
            try {
                AuthorizationRepositoryService.addPolicy(policy, true);
                ExecutionContext.pop();
            } catch (Throwable th) {
                ExecutionContext.pop();
                throw th;
            }
        } finally {
            SecurityCommonService.logout();
        }
    }

    public static void removePolicy(String str, String str2, String str3) throws ServiceException, SecurityException {
        if (str2 != null) {
            SecurityCommonService.loginCodeSubject(str2);
        } else {
            SecurityCommonService.loginCodeSubject(SecurityInstaller.getEnvironment().defaultDomainName);
        }
        try {
            HashMap hashMap = new HashMap();
            hashMap.put(ExecutionContext.APPLICATION_INDEX, str3);
            ExecutionContext.push(hashMap);
            try {
                AuthorizationRepositoryService.removePolicy(str, true);
                ExecutionContext.pop();
            } catch (Throwable th) {
                ExecutionContext.pop();
                throw th;
            }
        } finally {
            SecurityCommonService.logout();
        }
    }

    public static Policy makePolicy(ModuleInfo moduleInfo, String str) throws Exception {
        Policy policyImplInDomain = PolicyFactory.getPolicyImplInDomain(str);
        PermissionMap completePolicyContextForEJBAnnotation = completePolicyContextForEJBAnnotation(moduleInfo.getBeanList());
        EjbJarType standardDD = moduleInfo.getStandardDD();
        if (standardDD != null) {
            XMLJ2EEEJBDDConverter xMLJ2EEEJBDDConverter = new XMLJ2EEEJBDDConverter();
            if (completePolicyContextForEJBAnnotation != null) {
                completePolicyContextForEJBAnnotation.add((PermissionMap) xMLJ2EEEJBDDConverter.unmarshal(standardDD));
            } else {
                completePolicyContextForEJBAnnotation = (PermissionMap) xMLJ2EEEJBDDConverter.unmarshal(standardDD);
            }
        }
        policyImplInDomain.getResourcePolicy(moduleInfo.getAppName(), true).add(completePolicyContextForEJBAnnotation);
        JeusEjbDdType runtimeDD = moduleInfo.getRuntimeDD();
        if (runtimeDD != null) {
            policyImplInDomain.getRolePolicy().add((PermissionMap) new XMLJEUSEJBDDConverter().unmarshal(runtimeDD));
        }
        return policyImplInDomain;
    }

    public static String getIdentityFromRunAsRole(String str, String str2, String str3) {
        Domain domain;
        SecurityCommonService.loginCodeSubjectWithRuntimeException(str2);
        try {
            if (str2 != null) {
                try {
                    domain = Domain.getDomain(str2);
                } catch (Exception e) {
                    throw new JeusRuntimeException(e);
                }
            } else {
                domain = null;
            }
            Collection roleOwners = AuthorizationRepositoryService.getPolicy(domain, str3).getRoleOwners(str);
            if (roleOwners == null || roleOwners.isEmpty()) {
                SecurityCommonService.logoutWithRuntimeException();
                return null;
            }
            Object obj = roleOwners.toArray()[0];
            if (!(obj instanceof Principal)) {
                throw new JeusRuntimeException(ErrorMsgManager.getErrorStringMessage(JeusMessage_Security_Exception._20, obj.toString()));
            }
            String name = ((Principal) obj).getName();
            SecurityCommonService.logoutWithRuntimeException();
            return name;
        } catch (Throwable th) {
            SecurityCommonService.logoutWithRuntimeException();
            throw th;
        }
    }
}
