package com.sun.enterprise.security.application;

import com.iplanet.ias.security.Audit;
import com.sun.ejb.Invocation;
import com.sun.enterprise.ComponentInvocation;
import com.sun.enterprise.InvocationException;
import com.sun.enterprise.SecurityManager;
import com.sun.enterprise.Switch;
import com.sun.enterprise.deployment.Application;
import com.sun.enterprise.deployment.EjbDescriptor;
import com.sun.enterprise.deployment.MethodDescriptor;
import com.sun.enterprise.deployment.MethodPermission;
import com.sun.enterprise.deployment.RunAsIdentityDescriptor;
import com.sun.enterprise.security.LoginException;
import com.sun.enterprise.security.SecurityContext;
import com.sun.enterprise.security.acl.AccessControlEntryImpl;
import com.sun.enterprise.security.acl.AccessControlList;
import com.sun.enterprise.security.acl.AccessControlListImpl;
import com.sun.enterprise.security.acl.EJBResource;
import com.sun.enterprise.security.acl.ResourceAccessManager;
import com.sun.enterprise.security.acl.ResourceGuard;
import com.sun.enterprise.security.acl.RoleMapper;
import com.sun.enterprise.security.auth.LoginContextDriver;
import com.sun.enterprise.util.LocalStringManagerImpl;
import com.sun.jdo.spi.persistence.utility.generator.JavaClassWriterHelper;
import com.sun.logging.LogDomains;
import java.lang.reflect.Method;
import java.security.Principal;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:116286-15/SUNWascmo/reloc/$ASINSTDIR/lib/appserv-rt.jar:com/sun/enterprise/security/application/EJBSecurityManager.class */
public final class EJBSecurityManager implements SecurityManager {
    private static Logger _logger;
    private static final boolean debug = false;
    private ResourceAccessManager ram;
    private EjbDescriptor deploymentDescriptor;
    private ClassLoader loader;
    private Authorizer authorizer;
    private static LocalStringManagerImpl localStrings;
    private Switch theSwitch;
    private RunAsIdentityDescriptor runAs;
    private Set unchecked;
    private Set excluded;
    static Class class$com$sun$enterprise$security$application$EJBSecurityManager;

    public EJBSecurityManager(ClassLoader classLoader, EjbDescriptor ejbDescriptor) {
        this.ram = null;
        this.deploymentDescriptor = null;
        this.loader = null;
        this.authorizer = null;
        this.runAs = null;
        this.loader = classLoader;
        this.deploymentDescriptor = ejbDescriptor;
        if (this.deploymentDescriptor == null) {
            throw new IllegalArgumentException("Illegal Deployment Descriptor Information.");
        }
        if (!this.deploymentDescriptor.getUsesCallerIdentity()) {
            this.runAs = this.deploymentDescriptor.getRunAsIdentity();
            if (this.runAs != null) {
                _logger.log(Level.FINE, new StringBuffer().append(ejbDescriptor.getEjbClassName()).append(" will run-as: ").append(this.runAs.getPrincipal()).append(" (").append(this.runAs.getRoleName()).append(JavaClassWriterHelper.parenright_).toString());
            }
        }
        this.ram = new ResourceAccessManager();
        this.authorizer = new AuthorizerImpl(this.ram);
        this.theSwitch = Switch.getSwitch();
        initialize();
    }

    private String getAppName() {
        Application application = this.deploymentDescriptor.getApplication();
        return application != null ? application.getName() : "default";
    }

    private void initialize() {
        String appName = getAppName();
        if (_logger.isLoggable(Level.FINEST)) {
            _logger.log(Level.FINEST, new StringBuffer().append("Application = ").append(appName).toString());
            _logger.log(Level.FINEST, new StringBuffer().append("RoleMapper = ").append(this.deploymentDescriptor.getApplication().getRoleMapper()).toString());
        }
        EjbDescriptor ejbDescriptor = this.deploymentDescriptor;
        RoleMapper.setRoleMapper(appName, ejbDescriptor.getApplication().getRoleMapper());
        Enumeration elements = ejbDescriptor.getMethods(this.loader).elements();
        while (elements.hasMoreElements()) {
            Method method = (Method) elements.nextElement();
            EJBResource eJBResource = new EJBResource(appName, method);
            AccessControlList accessControlList = getAccessControlList(ejbDescriptor, method);
            if (accessControlList != null) {
                this.ram.protect(eJBResource, new ResourceGuard(accessControlList));
            }
        }
        copyUncheckedAndExcludedSets();
    }

    private void copyUncheckedAndExcludedSets() {
        this.excluded = Collections.synchronizedSet(new HashSet());
        this.unchecked = Collections.synchronizedSet(new HashSet());
        EjbDescriptor ejbDescriptor = this.deploymentDescriptor;
        Set uncheckedMethodDescriptors = ejbDescriptor.getUncheckedMethodDescriptors();
        if (uncheckedMethodDescriptors != null) {
            synchronized (uncheckedMethodDescriptors) {
                Iterator it = uncheckedMethodDescriptors.iterator();
                while (it.hasNext()) {
                    this.unchecked.add(((MethodDescriptor) it.next()).getMethod(ejbDescriptor));
                }
            }
        }
        Set excludedMethodDescriptors = ejbDescriptor.getExcludedMethodDescriptors();
        if (excludedMethodDescriptors != null) {
            synchronized (excludedMethodDescriptors) {
                Iterator it2 = excludedMethodDescriptors.iterator();
                while (it2.hasNext()) {
                    this.excluded.add(((MethodDescriptor) it2.next()).getMethod(ejbDescriptor));
                }
            }
        }
    }

    private AccessControlList getAccessControlList(EjbDescriptor ejbDescriptor, Method method) {
        AccessControlListImpl accessControlListImpl;
        Iterator it = ejbDescriptor.getMethodPermissionsFor(method).iterator();
        if (it.hasNext()) {
            accessControlListImpl = new AccessControlListImpl();
        } else {
            accessControlListImpl = new AccessControlListImpl();
            accessControlListImpl.addEntry(new AccessControlEntryImpl(RoleMapper.getDefaultRole()));
        }
        while (it.hasNext()) {
            MethodPermission methodPermission = (MethodPermission) it.next();
            if (methodPermission.isRoleBased()) {
                accessControlListImpl.addEntry(new AccessControlEntryImpl(methodPermission.getRole()));
            }
        }
        return accessControlListImpl;
    }

    private SecurityContext getSecurityContext() {
        return SecurityContext.getCurrent();
    }

    @Override // com.sun.enterprise.SecurityManager
    public boolean authorize(Invocation invocation) {
        boolean z;
        try {
            if (invocation.securityPermissions == 2) {
                z = false;
            } else if (invocation.securityPermissions == 1) {
                z = true;
            } else if (isExcluded(invocation.method)) {
                z = false;
            } else if (isUnchecked(invocation.method)) {
                z = true;
            } else if (areMethodPermissionsSet()) {
                boolean z2 = false;
                SecurityContext current = SecurityContext.getCurrent();
                if (current == null) {
                    SecurityContext.init();
                    z2 = true;
                }
                z = this.authorizer.authorize(getAppName(), invocation);
                if (z2) {
                    setSecurityContext(current);
                }
            } else {
                z = true;
            }
        } catch (LoginException e) {
            z = false;
        }
        if (Audit.isActive()) {
            Audit.ejbMethodInvocation(SecurityContext.getCurrent(), invocation.ejbObject, invocation.method, z);
        }
        return z;
    }

    @Override // com.sun.enterprise.SecurityManager
    public boolean isUnchecked(Method method) {
        if (this.unchecked == null) {
            return false;
        }
        return this.unchecked.contains(method);
    }

    @Override // com.sun.enterprise.SecurityManager
    public boolean isExcluded(Method method) {
        if (this.excluded == null) {
            return false;
        }
        return this.excluded.contains(method);
    }

    private boolean areMethodPermissionsSet() {
        return !this.deploymentDescriptor.getPermissionedMethodsByPermission().isEmpty();
    }

    private void setSecurityContext(SecurityContext securityContext) {
        SecurityContext.setCurrent(securityContext);
    }

    @Override // com.sun.enterprise.SecurityManager
    public void preInvoke(ComponentInvocation componentInvocation) {
        if (this.runAs != null) {
            componentInvocation.setOldSecurityContext(SecurityContext.init());
            loginForRunAs();
        }
    }

    @Override // com.sun.enterprise.SecurityManager
    public void postInvoke(ComponentInvocation componentInvocation) {
        if (this.runAs != null) {
            setSecurityContext(componentInvocation.getOldSecurityContext());
        }
    }

    private void loginForRunAs() {
        LoginContextDriver.loginPrincipal(this.runAs.getPrincipal());
    }

    @Override // com.sun.enterprise.SecurityManager
    public boolean isCallerInRole(String str) {
        boolean isCallerInRole;
        if (this.runAs != null) {
            try {
                ComponentInvocation currentInvocation = this.theSwitch.getInvocationManager().getCurrentInvocation();
                if (currentInvocation == null) {
                    throw new InvocationException();
                }
                SecurityContext oldSecurityContext = currentInvocation.getOldSecurityContext();
                SecurityContext securityContext = getSecurityContext();
                setSecurityContext(oldSecurityContext);
                isCallerInRole = this.authorizer.isCallerInRole(getAppName(), str);
                setSecurityContext(securityContext);
            } catch (Throwable th) {
                setSecurityContext(null);
                throw th;
            }
        } else {
            boolean z = false;
            SecurityContext current = SecurityContext.getCurrent();
            if (current == null) {
                SecurityContext.init();
                z = true;
            }
            isCallerInRole = this.authorizer.isCallerInRole(getAppName(), str);
            if (z) {
                setSecurityContext(current);
            }
        }
        return isCallerInRole;
    }

    @Override // com.sun.enterprise.SecurityManager
    public Principal getCallerPrincipal() {
        SecurityContext securityContext;
        boolean z = false;
        if (this.runAs != null) {
            ComponentInvocation currentInvocation = this.theSwitch.getInvocationManager().getCurrentInvocation();
            if (currentInvocation == null) {
                throw new InvocationException();
            }
            securityContext = currentInvocation.getOldSecurityContext();
        } else {
            securityContext = getSecurityContext();
            if (securityContext == null) {
                securityContext = SecurityContext.init();
                z = true;
            }
        }
        if (securityContext == null) {
            throw new IllegalStateException("Bad or improper security context.");
        }
        Principal callerPrincipal = securityContext.getCallerPrincipal();
        if (z) {
            setSecurityContext(null);
        }
        return callerPrincipal;
    }

    @Override // com.sun.enterprise.SecurityManager
    public void destroy() {
        String appName = getAppName();
        RoleMapper.removeRoleMapper(appName);
        Enumeration elements = this.deploymentDescriptor.getMethods(this.loader).elements();
        while (elements.hasMoreElements()) {
            this.ram.unprotect(new EJBResource(appName, (Method) elements.nextElement()));
        }
        this.deploymentDescriptor = null;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        _logger = null;
        _logger = LogDomains.getLogger(LogDomains.SECURITY_LOGGER);
        if (class$com$sun$enterprise$security$application$EJBSecurityManager == null) {
            cls = class$("com.sun.enterprise.security.application.EJBSecurityManager");
            class$com$sun$enterprise$security$application$EJBSecurityManager = cls;
        } else {
            cls = class$com$sun$enterprise$security$application$EJBSecurityManager;
        }
        localStrings = new LocalStringManagerImpl(cls);
    }
}
