package com.iplanet.ias.security;

import com.iplanet.ias.config.ConfigContext;
import com.iplanet.ias.config.serverbeans.SecurityService;
import com.iplanet.ias.config.serverbeans.Server;
import com.iplanet.ias.config.serverbeans.ServerBeansFactory;
import com.iplanet.ias.server.ApplicationServer;
import com.iplanet.ias.web.Constants;
import com.sun.ejb.containers.EJBLocalRemoteObject;
import com.sun.enterprise.deployment.Application;
import com.sun.enterprise.deployment.AuthorizationConstraintImpl;
import com.sun.enterprise.deployment.EjbBundleDescriptor;
import com.sun.enterprise.deployment.EjbDescriptor;
import com.sun.enterprise.deployment.EjbIORConfigurationDescriptor;
import com.sun.enterprise.deployment.MethodDescriptor;
import com.sun.enterprise.deployment.MethodPermission;
import com.sun.enterprise.deployment.RunAsIdentityDescriptor;
import com.sun.enterprise.deployment.SecurityConstraintImpl;
import com.sun.enterprise.deployment.WebBundleDescriptor;
import com.sun.enterprise.deployment.WebResourceCollectionImpl;
import com.sun.enterprise.deployment.web.LoginConfiguration;
import com.sun.enterprise.deployment.web.SecurityRole;
import com.sun.enterprise.deployment.web.UserDataConstraint;
import com.sun.enterprise.deployment.web.WebComponentDescriptor;
import com.sun.enterprise.security.SecurityContext;
import com.sun.enterprise.security.acl.Role;
import com.sun.enterprise.security.acl.RoleMapper;
import com.sun.logging.LogDomains;
import java.lang.reflect.Method;
import java.security.Principal;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.ResourceBundle;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.catalina.HttpRequest;
import org.apache.catalina.connector.HttpRequestBase;

/* loaded from: input_file:116286-15/SUNWascmo/reloc/$ASINSTDIR/lib/appserv-rt.jar:com/iplanet/ias/security/Audit.class */
public class Audit {
    private static boolean auditFlag;
    private static Logger logger;
    private static String strPrivateAudit;
    private static String strDenied;
    private static String strOK;
    private static String strMethodName;
    private static String strSession;
    static final boolean $assertionsDisabled;
    static Class class$com$iplanet$ias$security$Audit;

    public static boolean isActive() {
        return auditFlag;
    }

    public static void init() {
        ConfigContext configContext;
        try {
            configContext = ApplicationServer.getServerContext().getConfigContext();
        } catch (Exception e) {
            logger.log(Level.WARNING, "audit.badinit", (Throwable) e);
        }
        if (!$assertionsDisabled && configContext == null) {
            throw new AssertionError();
        }
        Server serverBean = ServerBeansFactory.getServerBean(configContext);
        if (!$assertionsDisabled && serverBean == null) {
            throw new AssertionError();
        }
        SecurityService securityService = serverBean.getSecurityService();
        if (!$assertionsDisabled && securityService == null) {
            throw new AssertionError();
        }
        auditFlag = securityService.isAuditEnabled();
        if (auditFlag) {
            logger.info("audit.enabled");
        }
        ResourceBundle resourceBundle = logger.getResourceBundle();
        strPrivateAudit = resourceBundle.getString("audit.string_private_audit");
        strDenied = new StringBuffer().append(" ").append(resourceBundle.getString("audit.denied")).toString();
        strOK = new StringBuffer().append(" ").append(resourceBundle.getString("audit.ok")).toString();
        strMethodName = new StringBuffer().append(" ").append(resourceBundle.getString("audit.methodname")).toString();
        strSession = new StringBuffer().append(" ").append(resourceBundle.getString("audit.session")).toString();
    }

    public static void ejbMethodInvocation(SecurityContext securityContext, EJBLocalRemoteObject eJBLocalRemoteObject, Method method, boolean z) {
        Principal callerPrincipal;
        if (logger.isLoggable(Level.INFO)) {
            String str = "(null)";
            if (securityContext != null && (callerPrincipal = securityContext.getCallerPrincipal()) != null) {
                str = callerPrincipal.getName();
            }
            String obj = eJBLocalRemoteObject != null ? eJBLocalRemoteObject.toString() : "(N/A)";
            if (method != null) {
                method.toString();
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(strPrivateAudit);
            if (str != null) {
                stringBuffer.append(str);
            } else {
                stringBuffer.append("(null)");
            }
            stringBuffer.append(" ejb=");
            stringBuffer.append(obj);
            stringBuffer.append(strMethodName);
            stringBuffer.append(method);
            if (z) {
                stringBuffer.append(strOK);
            } else {
                stringBuffer.append(strDenied);
            }
            logger.info(stringBuffer.toString());
        }
    }

    public static void webInvocation(HttpRequest httpRequest, boolean z) {
        if (logger.isLoggable(Level.INFO)) {
            if (httpRequest == null) {
                logger.fine("Audit: No HttpRequest available.");
                return;
            }
            if (!(httpRequest instanceof HttpRequestBase)) {
                logger.fine(new StringBuffer().append("Audit internal error, class: ").append(httpRequest.getClass()).toString());
                return;
            }
            HttpRequestBase httpRequestBase = (HttpRequestBase) httpRequest;
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(strPrivateAudit);
            String remoteUser = httpRequestBase.getRemoteUser();
            if (remoteUser != null) {
                stringBuffer.append(remoteUser);
            } else {
                stringBuffer.append("(null)");
            }
            stringBuffer.append(" ");
            stringBuffer.append(httpRequestBase.getMethod());
            stringBuffer.append(" ");
            stringBuffer.append(httpRequestBase.getRequestURI());
            stringBuffer.append(strSession);
            stringBuffer.append(httpRequestBase.getRequestedSessionId());
            if (z) {
                stringBuffer.append(strOK);
            } else {
                stringBuffer.append(strDenied);
            }
            logger.info(stringBuffer.toString());
        }
    }

    public static void showACL(Application application) {
        if (isActive() && logger.isLoggable(Level.FINEST)) {
            try {
                dumpDiagnostics(application);
            } catch (Throwable th) {
                logger.fine(new StringBuffer().append("Error while showing ACL diagnostics: ").append(th.toString()).toString());
            }
        }
    }

    private static void dumpDiagnostics(Application application) {
        logger.finest("====[ Role and ACL Summary ]==========");
        if (application.isVirtual()) {
            logger.finest("Standalone module.");
        } else {
            logger.finest(new StringBuffer().append("Summary for application: ").append(application.getRegistrationName()).toString());
        }
        logger.finest(new StringBuffer().append("EJB components: ").append(application.getEjbComponentCount()).toString());
        logger.finest(new StringBuffer().append("Web components: ").append(application.getWebComponentCount()).toString());
        Set<Role> roles = application.getRoles();
        if (roles == null) {
            logger.finest("- No roles present.");
            return;
        }
        RoleMapper roleMapper = application.getRoleMapper();
        if (roleMapper == null) {
            logger.finest("- No role mappings present.");
            return;
        }
        logger.finest("--[ Configured roles and mappings ]--");
        HashMap hashMap = new HashMap();
        for (Role role : roles) {
            logger.finest(new StringBuffer().append(" [").append(role.getName()).append("]").toString());
            hashMap.put(role.getName(), new HashSet());
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("  is mapped to groups: ");
            Enumeration groupsAssignedTo = roleMapper.getGroupsAssignedTo(role);
            while (groupsAssignedTo.hasMoreElements()) {
                stringBuffer.append(groupsAssignedTo.nextElement());
                stringBuffer.append(" ");
            }
            logger.finest(stringBuffer.toString());
            StringBuffer stringBuffer2 = new StringBuffer();
            stringBuffer2.append("  is mapped to principals: ");
            Enumeration usersAssignedTo = roleMapper.getUsersAssignedTo(role);
            while (usersAssignedTo.hasMoreElements()) {
                stringBuffer2.append(usersAssignedTo.nextElement());
                stringBuffer2.append(" ");
            }
            logger.finest(stringBuffer2.toString());
        }
        for (EjbBundleDescriptor ejbBundleDescriptor : application.getEjbBundleDescriptors()) {
            logger.finest(new StringBuffer().append("--[ EJB module: ").append(ejbBundleDescriptor.getName()).append(" ]--").toString());
            for (EjbDescriptor ejbDescriptor : ejbBundleDescriptor.getEjbs()) {
                logger.finest(new StringBuffer().append("EJB: ").append(ejbDescriptor.getEjbClassName()).toString());
                if (!ejbDescriptor.getUsesCallerIdentity()) {
                    RunAsIdentityDescriptor runAsIdentity = ejbDescriptor.getRunAsIdentity();
                    if (runAsIdentity == null) {
                        logger.finest(" (ejb does not use caller identity)");
                    } else {
                        String roleName = runAsIdentity.getRoleName();
                        String principal = runAsIdentity.getPrincipal();
                        logger.finest(new StringBuffer().append(" Will run-as: Role: ").append(roleName).append("  Principal: ").append(principal).toString());
                        if (roleName == null || "".equals(roleName) || principal == null || "".equals(principal)) {
                            logger.finest("*** Configuration error!");
                        }
                    }
                }
                logger.finest(" Method to Role restriction list:");
                for (MethodDescriptor methodDescriptor : ejbDescriptor.getMethodDescriptors()) {
                    logger.finest(new StringBuffer().append("   ").append(methodDescriptor.getFormattedString()).toString());
                    Set<MethodPermission> methodPermissionsFor = ejbDescriptor.getMethodPermissionsFor(methodDescriptor);
                    StringBuffer stringBuffer3 = new StringBuffer();
                    stringBuffer3.append("     can only be invoked by: ");
                    boolean z = false;
                    boolean z2 = false;
                    boolean z3 = false;
                    for (MethodPermission methodPermission : methodPermissionsFor) {
                        if (methodPermission.isExcluded()) {
                            z2 = true;
                            logger.finest("     excluded - can not be invoked");
                        } else if (methodPermission.isUnchecked()) {
                            z = true;
                            logger.finest("     unchecked - can be invoked by all");
                        } else if (methodPermission.isRoleBased()) {
                            z3 = true;
                            Role role2 = methodPermission.getRole();
                            stringBuffer3.append(role2.getName());
                            stringBuffer3.append(" ");
                            ((HashSet) hashMap.get(role2.getName())).add(new StringBuffer().append(ejbBundleDescriptor.getName()).append(Constants.NAME_SEPARATOR).append(ejbDescriptor.getEjbClassName()).append(".").append(methodDescriptor.getFormattedString()).toString());
                        }
                    }
                    if (z3) {
                        logger.finest(stringBuffer3.toString());
                        if (z2 || z) {
                            logger.finest("*** Configuration error!");
                        }
                    } else if (z) {
                        if (z2) {
                            logger.finest("*** Configuration error!");
                        }
                        Iterator it = hashMap.keySet().iterator();
                        while (it.hasNext()) {
                            ((HashSet) hashMap.get(it.next())).add(new StringBuffer().append(ejbBundleDescriptor.getName()).append(Constants.NAME_SEPARATOR).append(ejbDescriptor.getEjbClassName()).append(".").append(methodDescriptor.getFormattedString()).toString());
                        }
                    } else if (!z2) {
                        logger.finest("*** Configuration error!");
                    }
                }
                logger.finest(" IOR configuration:");
                Set<EjbIORConfigurationDescriptor> iORConfigurationDescriptors = ejbDescriptor.getIORConfigurationDescriptors();
                if (iORConfigurationDescriptors != null) {
                    for (EjbIORConfigurationDescriptor ejbIORConfigurationDescriptor : iORConfigurationDescriptors) {
                        StringBuffer stringBuffer4 = new StringBuffer();
                        stringBuffer4.append("realm=");
                        stringBuffer4.append(ejbIORConfigurationDescriptor.getRealmName());
                        stringBuffer4.append(", integrity=");
                        stringBuffer4.append(ejbIORConfigurationDescriptor.getIntegrity());
                        stringBuffer4.append(", trust-in-target=");
                        stringBuffer4.append(ejbIORConfigurationDescriptor.getEstablishTrustInTarget());
                        stringBuffer4.append(", trust-in-client=");
                        stringBuffer4.append(ejbIORConfigurationDescriptor.getEstablishTrustInClient());
                        stringBuffer4.append(", propagation=");
                        stringBuffer4.append(ejbIORConfigurationDescriptor.getCallerPropagation());
                        stringBuffer4.append(", auth-method=");
                        stringBuffer4.append(ejbIORConfigurationDescriptor.getAuthenticationMethod());
                        logger.finest(stringBuffer4.toString());
                    }
                }
            }
        }
        logger.finest("--[ EJB methods accessible by role ]--");
        for (String str : hashMap.keySet()) {
            logger.finest(new StringBuffer().append(" [").append(str).append("]").toString());
            Iterator it2 = ((HashSet) hashMap.get(str)).iterator();
            while (it2.hasNext()) {
                logger.finest(new StringBuffer().append("   ").append((String) it2.next()).toString());
            }
        }
        for (WebBundleDescriptor webBundleDescriptor : application.getWebBundleDescriptors()) {
            logger.finest(new StringBuffer().append("--[ Web module: ").append(webBundleDescriptor.getContextRoot()).append(" ]--").toString());
            LoginConfiguration loginConfiguration = webBundleDescriptor.getLoginConfiguration();
            if (loginConfiguration != null) {
                logger.finest(new StringBuffer().append("  Login config: realm=").append(loginConfiguration.getRealmName()).append(", method=").append(loginConfiguration.getAuthenticationMethod()).append(", form=").append(loginConfiguration.getFormLoginPage()).append(", error=").append(loginConfiguration.getFormErrorPage()).toString());
            }
            logger.finest("  Contains components:");
            for (WebComponentDescriptor webComponentDescriptor : webBundleDescriptor.getWebComponentDescriptorsSet()) {
                StringBuffer stringBuffer5 = new StringBuffer();
                stringBuffer5.append(new StringBuffer().append("   - ").append(webComponentDescriptor.getCanonicalName()).toString());
                stringBuffer5.append(" [ ");
                Enumeration urlPatterns = webComponentDescriptor.getUrlPatterns();
                while (urlPatterns.hasMoreElements()) {
                    stringBuffer5.append(urlPatterns.nextElement().toString());
                    stringBuffer5.append(" ");
                }
                stringBuffer5.append("]");
                logger.finest(stringBuffer5.toString());
                RunAsIdentityDescriptor runAsIdentity2 = webComponentDescriptor.getRunAsIdentity();
                if (runAsIdentity2 != null) {
                    String roleName2 = runAsIdentity2.getRoleName();
                    String principal2 = runAsIdentity2.getPrincipal();
                    logger.finest(new StringBuffer().append("      Will run-as: Role: ").append(roleName2).append("  Principal: ").append(principal2).toString());
                    if (roleName2 == null || "".equals(roleName2) || principal2 == null || "".equals(principal2)) {
                        logger.finest("*** Configuration error!");
                    }
                }
            }
            logger.finest("  Security constraints:");
            Enumeration securityConstraints = webBundleDescriptor.getSecurityConstraints();
            while (securityConstraints.hasMoreElements()) {
                SecurityConstraintImpl securityConstraintImpl = (SecurityConstraintImpl) securityConstraints.nextElement();
                for (WebResourceCollectionImpl webResourceCollectionImpl : securityConstraintImpl.getWebResourceCollectionSet()) {
                    Enumeration httpMethods = webResourceCollectionImpl.getHttpMethods();
                    StringBuffer stringBuffer6 = new StringBuffer();
                    while (httpMethods.hasMoreElements()) {
                        stringBuffer6.append(httpMethods.nextElement());
                        stringBuffer6.append(" ");
                    }
                    logger.finest(new StringBuffer().append("     Using method: ").append(stringBuffer6.toString()).toString());
                    Enumeration urlPatterns2 = webResourceCollectionImpl.getUrlPatterns();
                    while (urlPatterns2.hasMoreElements()) {
                        logger.finest(new StringBuffer().append("       ").append(urlPatterns2.nextElement().toString()).toString());
                    }
                }
                Enumeration securityRoles = ((AuthorizationConstraintImpl) securityConstraintImpl.getAuthorizationConstraint()).getSecurityRoles();
                StringBuffer stringBuffer7 = new StringBuffer();
                stringBuffer7.append("     Accessible by roles: ");
                while (securityRoles.hasMoreElements()) {
                    stringBuffer7.append(((SecurityRole) securityRoles.nextElement()).getName());
                    stringBuffer7.append(" ");
                }
                logger.finest(stringBuffer7.toString());
                UserDataConstraint userDataConstraint = securityConstraintImpl.getUserDataConstraint();
                if (userDataConstraint != null) {
                    logger.finest(new StringBuffer().append("     Transport guarantee: ").append(userDataConstraint.getTransportGuarantee()).toString());
                }
            }
        }
        logger.finest("======================================");
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$iplanet$ias$security$Audit == null) {
            cls = class$("com.iplanet.ias.security.Audit");
            class$com$iplanet$ias$security$Audit = cls;
        } else {
            cls = class$com$iplanet$ias$security$Audit;
        }
        $assertionsDisabled = !cls.desiredAssertionStatus();
        auditFlag = false;
        logger = LogDomains.getLogger(LogDomains.SECURITY_LOGGER);
        strPrivateAudit = null;
        strDenied = null;
        strOK = null;
        strMethodName = null;
        strSession = null;
    }
}
