package com.sun.emp.security.runtime;

import com.sun.emp.security.RBACSecurityException;
import com.sun.emp.security.admin.ApplicationRulePermission;
import com.sun.emp.security.admin.BasicPermission;
import com.sun.emp.security.admin.CICSApplicationPermission;
import com.sun.emp.security.admin.CICSCommandPermission;
import com.sun.emp.security.admin.CICSFilePermission;
import com.sun.emp.security.admin.CICSJournalPermission;
import com.sun.emp.security.admin.CICSProgramPermission;
import com.sun.emp.security.admin.CICSTempStoragePermission;
import com.sun.emp.security.admin.CICSTerminalPermission;
import com.sun.emp.security.admin.CICSTransientDataPermission;
import com.sun.emp.security.admin.CICSTxAttachPermission;
import com.sun.emp.security.admin.CICSTxStartPermission;
import com.sun.emp.security.admin.CalendarRulePermission;
import com.sun.emp.security.admin.GroupPermission;
import com.sun.emp.security.admin.ObjectRefPermission;
import com.sun.emp.security.admin.PermissionTypePermission;
import com.sun.emp.security.admin.PrincipalPermission;
import com.sun.emp.security.admin.ResourceDomainPermission;
import com.sun.emp.security.admin.ResourcePermission;
import com.sun.emp.security.admin.ResourceTypePermission;
import com.sun.emp.security.admin.RolePermission;
import com.sun.emp.security.utilities.SecurityLog;
import com.sun.security.auth.PolicyFile;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.util.Enumeration;
import java.util.Hashtable;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:113889-02/MSF1.0.0p2/lib/secrt.jar:com/sun/emp/security/runtime/Policy.class */
public class Policy extends javax.security.auth.Policy {
    private static Policy _policy = new Policy();
    private Hashtable globalGrantedPermissions = new Hashtable();
    private Hashtable policyPrincipalPermissions = new Hashtable();
    private PolicyFile PolicyFilePermissions = new PolicyFile();
    private java.security.Permission allPerm = new AllPermission();
    private Hashtable permissionsCreated = new Hashtable();
    private Hashtable grantedPermissionsSets = new Hashtable();

    public static javax.security.auth.Policy getPolicy() {
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.text(8L, "Policy", "getPolicy", new StringBuffer().append("returning ").append(_policy).toString());
        }
        return _policy;
    }

    private Policy() {
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.entry(5L, (Object) this, "Constructor", "Policy w/out Subject; establish default permissions set");
        }
        Permissions permissions = new Permissions();
        permissions.add(new PrincipalPermission("*", Permission.ReadPerm));
        permissions.add(new GroupPermission("*", Permission.ReadPerm));
        permissions.add(new RolePermission("*", Permission.ReadPerm));
        permissions.add(new PermissionTypePermission("*", Permission.ReadPerm));
        permissions.add(new ResourceTypePermission("*", Permission.ReadPerm));
        permissions.add(new ResourceDomainPermission("*", Permission.ReadPerm));
        permissions.add(new ResourcePermission("*", Permission.ReadPerm));
        permissions.add(new ApplicationRulePermission("*", Permission.ReadPerm));
        permissions.add(new CalendarRulePermission("*", Permission.ReadPerm));
        this.globalGrantedPermissions.put("*", permissions);
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.exit(6L, (Object) this, "Constructor", "default");
        }
    }

    private Permissions getGlobalConstrainedPermissions(String str) {
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.entry(5L, (Object) this, "getGlobalConstrainedPermissions", str);
        }
        Permissions permissions = null;
        if (str != null) {
            permissions = (Permissions) this.globalGrantedPermissions.get(str);
        }
        if (permissions == null) {
            permissions = (Permissions) this.globalGrantedPermissions.get("*");
        }
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.exit(6L, this, "getGlobalConstrainedPermissions", permissions);
        }
        return permissions;
    }

    private void setupPermissions(GrantedPermissions[] grantedPermissionsArr, Hashtable hashtable) throws RBACSecurityException {
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.entry(5L, this, "setupPermissions", grantedPermissionsArr);
        }
        for (int i = 0; i < grantedPermissionsArr.length; i++) {
            try {
                CalendarRule calendar = grantedPermissionsArr[i].getCalendar();
                if (calendar == null || calendar.isInEffect()) {
                    ApplicationRule application = grantedPermissionsArr[i].getApplication();
                    String name = application == null ? "*" : application.getName();
                    Permissions permissions = (Permissions) hashtable.get(name);
                    if (permissions == null) {
                        if (SecurityLog.trc.isLogging) {
                            SecurityLog.trc.text(10L, this, "setupPermissions", new StringBuffer().append("created Principal permissions for ").append(name).toString());
                        }
                        permissions = new Permissions();
                        hashtable.put(name, permissions);
                    } else if (SecurityLog.trc.isLogging) {
                        SecurityLog.trc.text(10L, this, "setupPermissions", new StringBuffer().append("found Principal permissions for ").append(name).toString());
                    }
                    String[] rights = grantedPermissionsArr[i].getPermissions().getRights();
                    String str = rights[0];
                    for (int i2 = 1; i2 < rights.length; i2++) {
                        str = new StringBuffer().append(str).append(", ").append(rights[i2]).toString();
                    }
                    setupResourceRights(grantedPermissionsArr[i].getResourceDomain(), name, str, null, permissions);
                } else if (SecurityLog.trc.isLogging) {
                    SecurityLog.trc.text(10L, this, "setupPermissions", new StringBuffer().append("setupPermissions] Calendar ").append(calendar.getName()).append(" is not in effect").toString());
                }
            } catch (Exception e) {
                if (SecurityLog.trc.isLogging) {
                    SecurityLog.trc.exception(7L, this, "setupPermissions", e);
                }
                throw new RBACSecurityException(new StringBuffer().append("Unexpected Exception Occurred ").append(e).toString(), "SecSvc_FATAL");
            }
        }
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.exit(6L, (Object) this, "setupPermissions");
        }
    }

    private void setupResourceRights(ResourceDomain resourceDomain, String str, String str2, Permissions permissions, Permissions permissions2) {
        String name = resourceDomain.getName();
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.entry(5L, (Object) this, new StringBuffer().append("setupResourceRights: ").append(name).append(" ").append(str).append(":").append(str2).toString());
        }
        Permissions permissions3 = (Permissions) this.grantedPermissionsSets.get(new StringBuffer().append(name).append(" ").append(str).append(":").append(str2).toString());
        if (permissions3 != null) {
            Enumeration<java.security.Permission> elements = permissions3.elements();
            while (elements.hasMoreElements()) {
                java.security.Permission nextElement = elements.nextElement();
                if (permissions != null) {
                    permissions.add(nextElement);
                }
                permissions2.add(nextElement);
            }
            if (SecurityLog.trc.isLogging) {
                SecurityLog.trc.exit(6L, (Object) this, "setupResourceRights", new StringBuffer().append("found Permissions for ").append(name).append(" ").append(str).append(":").append(str2).toString());
                return;
            }
            return;
        }
        Permissions permissions4 = new Permissions();
        ResourceDomain[] resourceDomainArr = null;
        try {
            resourceDomainArr = resourceDomain.getChildren();
        } catch (Exception e) {
            if (SecurityLog.trc.isLogging) {
                SecurityLog.trc.exception(7L, this, "setupResourceRights", e);
            }
        }
        if (resourceDomainArr != null) {
            for (ResourceDomain resourceDomain2 : resourceDomainArr) {
                setupResourceRights(resourceDomain2, str, str2, permissions4, permissions2);
            }
        }
        Resource[] resourceArr = null;
        try {
            resourceArr = resourceDomain.getResources();
        } catch (Exception e2) {
            if (SecurityLog.trc.isLogging) {
                SecurityLog.trc.exception(7L, this, "setupResourceRights", e2);
            }
        }
        if (resourceArr != null) {
            for (int i = 0; i < resourceArr.length; i++) {
                String name2 = resourceArr[i].getType().getName();
                String name3 = resourceArr[i].getName();
                BasicPermission basicPermission = (BasicPermission) this.permissionsCreated.get(new StringBuffer().append(name2).append(" ").append(name3).append(":").append(str2).toString());
                BasicPermission basicPermission2 = basicPermission;
                if (null == basicPermission) {
                    if (name2.startsWith("KIX_REGION")) {
                        basicPermission2 = new CICSApplicationPermission(name3, str2);
                    } else if (name2.startsWith("KIX_COMMAND")) {
                        basicPermission2 = new CICSCommandPermission(name3, str2);
                    } else if (name2.startsWith("KIX_FILE")) {
                        basicPermission2 = new CICSFilePermission(name3, str2);
                    } else if (name2.startsWith("KIX_JOURNAL")) {
                        basicPermission2 = new CICSJournalPermission(name3, str2);
                    } else if (name2.startsWith("KIX_PROGRAM")) {
                        basicPermission2 = new CICSProgramPermission(name3, str2);
                    } else if (name2.startsWith("KIX_TSQUEUE")) {
                        basicPermission2 = new CICSTempStoragePermission(name3, str2);
                    } else if (name2.startsWith("KIX_TERMINAL")) {
                        basicPermission2 = new CICSTerminalPermission(name3, str2);
                    } else if (name2.startsWith("KIX_TDQUEUE")) {
                        basicPermission2 = new CICSTransientDataPermission(name3, str2);
                    } else if (name2.startsWith("KIX_ATTACH_TRANS")) {
                        basicPermission2 = new CICSTxAttachPermission(name3, str2);
                    } else if (name2.startsWith("KIX_START_TRANS")) {
                        basicPermission2 = new CICSTxStartPermission(name3, str2);
                    } else if (name2.startsWith("ObjectRef")) {
                        basicPermission2 = new ObjectRefPermission(name3, str2);
                    } else if (name2.startsWith("Group")) {
                        basicPermission2 = new GroupPermission(name3, str2);
                    } else if (name2.startsWith("Role")) {
                        basicPermission2 = new RolePermission(name3, str2);
                    } else if (name2.startsWith("Principal")) {
                        basicPermission2 = new PrincipalPermission(name3, str2);
                    } else if (name2.startsWith("ResourceDomain")) {
                        basicPermission2 = new ResourceDomainPermission(name3, str2);
                    } else if (name2.startsWith("ResourceType")) {
                        basicPermission2 = new ResourceTypePermission(name3, str2);
                    } else if (name2.startsWith("Resource")) {
                        basicPermission2 = new ResourcePermission(name3, str2);
                    } else if (name2.startsWith("PermissionType")) {
                        basicPermission2 = new PermissionTypePermission(name3, str2);
                    } else if (name2.startsWith("CalendarRule")) {
                        basicPermission2 = new CalendarRulePermission(name3, str2);
                    } else if (name2.startsWith("ApplicationRule")) {
                        basicPermission2 = new ApplicationRulePermission(name3, str2);
                    } else {
                        if (SecurityLog.trc.isLogging) {
                            SecurityLog.trc.text(8L, this, "setupResourceRights", new StringBuffer().append("no permission added; didn't match on resource type: ").append(name2).toString());
                        }
                    }
                    this.permissionsCreated.put(new StringBuffer().append(name2).append(" ").append(name3).append(":").append(str2).toString(), basicPermission2);
                }
                permissions4.add(basicPermission2);
                if (permissions != null) {
                    permissions.add(basicPermission2);
                }
                permissions2.add(basicPermission2);
            }
        } else if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.text(10L, this, "setupResourceRights", new StringBuffer().append("no permission added; no resources in ").append(name).toString());
        }
        this.grantedPermissionsSets.put(new StringBuffer().append(name).append(" ").append(str).append(":").append(str2).toString(), permissions4);
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.text(10L, this, "setupResourceRights", new StringBuffer().append("grantedPermissionsSets now contains: ").append(this.grantedPermissionsSets).toString());
        }
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.exit(6L, (Object) this, "setupResourceRights", new StringBuffer().append("created Permissions for ").append(name).append(" ").append(str).append(":").append(str2).toString());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void getSubRolePermissions(Role role, Hashtable hashtable) throws RBACSecurityException {
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.entry(5L, (Object) this, "getSubRolePermissions", role.getName());
        }
        Role[] children = role.getChildren();
        if (children != null) {
            GrantedPermissions[] grantedPermissionsArr = new GrantedPermissions[children.length];
            for (int i = 0; i < children.length; i++) {
                grantedPermissionsArr[i] = children[i].getGrantedPermissions();
                if (grantedPermissionsArr[i] != 0) {
                    if (SecurityLog.trc.isLogging) {
                        SecurityLog.trc.text(10L, this, "getSubRolePermissions", grantedPermissionsArr[i].toString());
                    }
                    setupPermissions(grantedPermissionsArr[i], hashtable);
                }
                getSubRolePermissions(children[i], hashtable);
            }
        }
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.exit(6L, (Object) this, "getSubRolePermissions", role.getName());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void getSubGroupPermissions(Group group, Hashtable hashtable) throws RBACSecurityException {
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.entry(5L, (Object) this, "getSubGroupPermissions", group.getName());
        }
        Group[] children = group.getChildren();
        if (children != null) {
            GrantedPermissions[] grantedPermissionsArr = new GrantedPermissions[children.length];
            for (int i = 0; i < children.length; i++) {
                grantedPermissionsArr[i] = children[i].getGrantedPermissions();
                if (grantedPermissionsArr[i] != 0) {
                    if (SecurityLog.trc.isLogging) {
                        SecurityLog.trc.text(10L, this, "getSubGroupPermissions", grantedPermissionsArr[i].toString());
                    }
                    setupPermissions(grantedPermissionsArr[i], hashtable);
                }
                getSubGroupPermissions(children[i], hashtable);
            }
        }
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.exit(6L, (Object) this, "getSubGroupPermissions", group.getName());
        }
    }

    public void refresh() {
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.entry(5L, (Object) this, new StringBuffer().append("refresh: ").append(this.policyPrincipalPermissions).append(this.grantedPermissionsSets).toString());
        }
        this.policyPrincipalPermissions.clear();
        this.grantedPermissionsSets.clear();
        SecurityObjectManager.getHandle().refresh();
        this.PolicyFilePermissions.refresh();
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.exit(6L, (Object) this, "refresh");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public PermissionCollection getPermissions(Subject subject, CodeSource codeSource) {
        Permissions permissions = null;
        new Hashtable();
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.entry(5L, this, "getPermissions", subject.toString(), codeSource);
        }
        r14 = null;
        try {
            for (Principal principal : subject.getPrincipals(Class.forName("com.sun.emp.security.runtime.Principal"))) {
                if (SecurityLog.trc.isLogging) {
                    SecurityLog.trc.text(10L, this, "getPermissions", new StringBuffer().append("Subject contains authenticated user Principal: ").append(principal.getName()).toString());
                }
            }
            permissions = (Permissions) this.PolicyFilePermissions.getPermissions(subject, codeSource);
        } catch (Exception e) {
            if (SecurityLog.trc.isLogging) {
                SecurityLog.trc.exception(7L, this, "getPermissions", e);
            }
        }
        if (permissions.implies(this.allPerm)) {
            Permissions permissions2 = new Permissions();
            permissions2.add(this.allPerm);
            if (SecurityLog.trc.isLogging) {
                SecurityLog.trc.exit(6L, this, "getPermissions", permissions2);
            }
            return permissions2;
        }
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.text(10L, this, "getPermissions", new StringBuffer().append(this.allPerm).append(" not implied in PolicyFile: ").append(permissions).toString());
        }
        String url = codeSource != null ? codeSource.getLocation().toString() : null;
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.text(10L, this, "getPermissions", new StringBuffer().append("CodeSource = ").append(url).toString());
        }
        Permissions globalConstrainedPermissions = getGlobalConstrainedPermissions(url);
        if (globalConstrainedPermissions != null) {
            if (SecurityLog.trc.isLogging) {
                SecurityLog.trc.text(10L, this, "getPermissions", "Adding Constrained Global Permissions");
            }
            Enumeration<java.security.Permission> elements = globalConstrainedPermissions.elements();
            while (elements.hasMoreElements()) {
                permissions.add(elements.nextElement());
            }
        } else if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.text(10L, this, "getPermissions", new StringBuffer().append("No CodeSource-constrained global Permissions for ").append(url).toString());
        }
        Hashtable hashtable = (Hashtable) this.policyPrincipalPermissions.get(principal.getName());
        if (hashtable == null) {
            hashtable = new Hashtable();
            try {
                GrantedPermissions[] grantedPermissions = principal.getGrantedPermissions();
                if (grantedPermissions != null) {
                    if (SecurityLog.trc.isLogging) {
                        SecurityLog.trc.text(10L, this, "getPermissions", new StringBuffer().append("Principal: ").append(grantedPermissions.length).toString());
                    }
                    setupPermissions(grantedPermissions, hashtable);
                }
                Group[] groups = principal.getGroups();
                if (groups != null) {
                    GrantedPermissions[] grantedPermissionsArr = new GrantedPermissions[groups.length];
                    for (int i = 0; i < groups.length; i++) {
                        grantedPermissionsArr[i] = groups[i].getGrantedPermissions();
                        if (grantedPermissionsArr[i] != 0) {
                            if (SecurityLog.trc.isLogging) {
                                SecurityLog.trc.text(10L, this, "getPermissions", new StringBuffer().append("Group(").append(i).append("): ").append(grantedPermissionsArr[i].length).toString());
                            }
                            setupPermissions(grantedPermissionsArr[i], hashtable);
                        }
                        getSubGroupPermissions(groups[i], hashtable);
                    }
                }
                Role activeRole = principal.getActiveRole();
                if (activeRole != null) {
                    GrantedPermissions[] grantedPermissions2 = activeRole.getGrantedPermissions();
                    if (grantedPermissions2 != null) {
                        if (SecurityLog.trc.isLogging) {
                            SecurityLog.trc.text(10L, this, "getPermissions", new StringBuffer().append("Active role: ").append(grantedPermissions2.length).toString());
                        }
                        setupPermissions(grantedPermissions2, hashtable);
                    }
                    getSubRolePermissions(activeRole, hashtable);
                }
                this.policyPrincipalPermissions.put(principal.getName(), hashtable);
            } catch (Exception e2) {
                if (SecurityLog.trc.isLogging) {
                    SecurityLog.trc.exception(7L, this, "getPermissions", e2);
                }
                throw new LoginException(new StringBuffer().append("Failed attempting to add Principal to Subject").append(e2).toString());
            }
        }
        Permissions permissions3 = hashtable != null ? (Permissions) hashtable.get(url) : null;
        if (permissions3 != null) {
            if (SecurityLog.trc.isLogging) {
                SecurityLog.trc.text(10L, this, "getPermissions", new StringBuffer().append("Constrained Principal Permissions = ").append(permissions3).toString());
            }
            Enumeration<java.security.Permission> elements2 = permissions3.elements();
            while (elements2.hasMoreElements()) {
                permissions.add(elements2.nextElement());
            }
        } else if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.text(10L, this, "getPermissions", new StringBuffer().append("No CodeSource-constrained Principal Permissions for ").append(url).toString());
        }
        Permissions permissions4 = hashtable != null ? (Permissions) hashtable.get("*") : null;
        if (permissions4 != null) {
            if (SecurityLog.trc.isLogging) {
                SecurityLog.trc.text(10L, this, "getPermissions", new StringBuffer().append("Non-constrained Principal Permissions = ").append(permissions4).toString());
            }
            Enumeration<java.security.Permission> elements3 = permissions4.elements();
            while (elements3.hasMoreElements()) {
                permissions.add(elements3.nextElement());
            }
        } else if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.text(10L, this, "getPermissions", "No non-constrained Principal Permissions");
        }
        if (SecurityLog.trc.isLogging) {
            SecurityLog.trc.exit(6L, this, "getPermissions", permissions);
        }
        return permissions;
    }
}
