package com.sun.enterprise.security.acl;

import com.iplanet.ias.config.ConfigContext;
import com.iplanet.ias.config.serverbeans.Security;
import com.iplanet.ias.config.serverbeans.Server;
import com.iplanet.ias.config.serverbeans.ServerBeansFactory;
import com.iplanet.ias.server.ApplicationServer;
import com.sun.enterprise.security.auth.realm.Realm;
import com.sun.logging.LogDomains;
import java.io.Serializable;
import java.security.Principal;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:116649-17/SUNWwbsvr/reloc/bin/https/jar/webserv-rt.jar:com/sun/enterprise/security/acl/RoleMapper.class */
public class RoleMapper implements Serializable {
    private static boolean debug;
    private static Hashtable roleMaps;
    private static final String DEFAULT_ROLE_NAME = "ANYONE";
    private static final String ROLE_IS_NOT_A_GROUP = "com.sun.enterprise.security.acl.roleIsNotAGroup";
    private static Role defaultRole;
    private static String defaultRoleName;
    private static Logger _logger;
    private Hashtable prinTable = new Hashtable();
    private Hashtable roleTable = new Hashtable();
    private String appName;
    private boolean considerRoleAGroup;
    static Class class$com$sun$enterprise$security$acl$RoleMapper;
    static final boolean $assertionsDisabled;

    public static RoleMapper getRoleMapper(String str) {
        Class cls;
        if (!roleMaps.containsKey(str)) {
            if (class$com$sun$enterprise$security$acl$RoleMapper == null) {
                cls = class$("com.sun.enterprise.security.acl.RoleMapper");
                class$com$sun$enterprise$security$acl$RoleMapper = cls;
            } else {
                cls = class$com$sun$enterprise$security$acl$RoleMapper;
            }
            Class cls2 = cls;
            synchronized (cls) {
                roleMaps.put(str, new RoleMapper(str));
            }
        }
        return (RoleMapper) roleMaps.get(str);
    }

    public void assignRole(Principal principal, Role role) {
        createMapping(this.prinTable, principal, role);
        createMapping(this.roleTable, role, principal);
    }

    public boolean hasRole(Principal principal, String str, String str2) {
        if (_logger.isLoggable(Level.FINEST)) {
            _logger.log(Level.FINEST, new StringBuffer().append("PRINCIPAL : ").append(principal).append(" hasRole?: ").append(str).toString());
            _logger.log(Level.FINEST, new StringBuffer().append("PRINCIPAL TABLE: ").append(this.prinTable).toString());
        }
        if (str != null && str.equals(defaultRoleName)) {
            return true;
        }
        HashSet hashSet = (HashSet) this.prinTable.get(principal);
        if (_logger.isLoggable(Level.FINEST)) {
            _logger.log(Level.FINEST, toString());
            _logger.log(Level.FINEST, new StringBuffer().append("Principal: ").append(principal).append(" directly maps to roles: ").append(hashSet).toString());
        }
        Role role = new Role(str);
        if (hashSet == null || !hashSet.contains(role)) {
            return isPrincipalInMappedGroups(principal.getName(), role, str2);
        }
        return true;
    }

    private RoleMapper(String str) {
        this.considerRoleAGroup = true;
        this.appName = str;
        initDefaultRole();
        if (System.getProperty(ROLE_IS_NOT_A_GROUP) != null) {
            this.considerRoleAGroup = false;
            _logger.fine("Roles names will not be considered to be group names.");
        }
    }

    private static synchronized void initDefaultRole() {
        ConfigContext configContext;
        if (defaultRole == null) {
            defaultRoleName = DEFAULT_ROLE_NAME;
            try {
                configContext = ApplicationServer.getServerContext().getConfigContext();
            } catch (Exception e) {
                _logger.log(Level.WARNING, "java_security.anonymous_role_reading_exception", (Throwable) e);
            }
            if (!$assertionsDisabled && configContext == null) {
                throw new AssertionError();
            }
            Server serverBean = ServerBeansFactory.getServerBean(configContext);
            if (!$assertionsDisabled && serverBean == null) {
                throw new AssertionError();
            }
            Security security = serverBean.getJava().getSecurity();
            if (!$assertionsDisabled && security == null) {
                throw new AssertionError();
            }
            defaultRoleName = security.getAnonymousrole();
            _logger.log(Level.FINE, new StringBuffer().append("Default role is: ").append(defaultRoleName).toString());
            defaultRole = new Role(defaultRoleName);
        }
    }

    private synchronized void createMapping(Hashtable hashtable, Principal principal, Principal principal2) {
        if (!hashtable.containsKey(principal)) {
            hashtable.put(principal, new HashSet());
        }
        ((HashSet) hashtable.get(principal)).add(principal2);
    }

    private boolean isPrincipalInMappedGroups(String str, Role role, String str2) {
        Realm realm = Realm.getInstance(str2);
        if (realm == null) {
            return false;
        }
        try {
            if (this.considerRoleAGroup && realm.isUserInGroup(str, role.getName())) {
                if (!_logger.isLoggable(Level.FINEST)) {
                    return true;
                }
                _logger.finest(new StringBuffer().append("Principal [").append(str).append("] belongs to a group ").append("named after role [").append(role.getName()).append("]").toString());
                return true;
            }
            HashSet hashSet = (HashSet) this.roleTable.get(role);
            if (hashSet == null) {
                return false;
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                Object next = it.next();
                if (next instanceof Group) {
                    String name = ((Group) next).getName();
                    if (realm.isUserInGroup(str, name)) {
                        if (!_logger.isLoggable(Level.FINEST)) {
                            return true;
                        }
                        _logger.finest(new StringBuffer().append("Principal [").append(str).append("] is ").append("in group [").append(name).append("] which ").append("maps to role [").append(role.getName()).append("] ").append("in realm [").append(str2).append("]").toString());
                        return true;
                    }
                }
            }
            return false;
        } catch (Exception e) {
            _logger.fine(new StringBuffer().append("Error while checking groups: ").append(e).toString());
            return false;
        }
    }

    private Enumeration getRoles() {
        return this.roleTable.keys();
    }

    private Enumeration getGroupsAssignedTo(Role role) {
        Vector vector = new Vector();
        HashSet hashSet = (HashSet) this.roleTable.get(role);
        if (hashSet != null) {
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                Object next = it.next();
                if (next instanceof Group) {
                    vector.add(next);
                }
            }
        }
        return vector.elements();
    }

    private Enumeration getUsersAssignedTo(Role role) {
        Vector vector = new Vector();
        HashSet hashSet = (HashSet) this.roleTable.get(role);
        if (hashSet != null) {
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                Object next = it.next();
                if (!(next instanceof Group)) {
                    vector.add(next);
                }
            }
        }
        return vector.elements();
    }

    public String toString() {
        String str = "RoleMapper";
        Enumeration roles = getRoles();
        while (roles.hasMoreElements()) {
            Role role = (Role) roles.nextElement();
            String stringBuffer = new StringBuffer().append(str).append(" : ").append(role).append("(").toString();
            Enumeration groupsAssignedTo = getGroupsAssignedTo(role);
            while (groupsAssignedTo.hasMoreElements()) {
                stringBuffer = new StringBuffer().append(stringBuffer).append(groupsAssignedTo.nextElement()).toString();
                if (groupsAssignedTo.hasMoreElements()) {
                    stringBuffer = new StringBuffer().append(stringBuffer).append(",").toString();
                }
            }
            String stringBuffer2 = new StringBuffer().append(stringBuffer).append(")(").toString();
            Enumeration usersAssignedTo = getUsersAssignedTo(role);
            while (usersAssignedTo.hasMoreElements()) {
                stringBuffer2 = new StringBuffer().append(stringBuffer2).append(usersAssignedTo.nextElement()).toString();
                if (usersAssignedTo.hasMoreElements()) {
                    stringBuffer2 = new StringBuffer().append(stringBuffer2).append(",").toString();
                }
            }
            str = new StringBuffer().append(stringBuffer2).append(")").toString();
        }
        return str;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$sun$enterprise$security$acl$RoleMapper == null) {
            cls = class$("com.sun.enterprise.security.acl.RoleMapper");
            class$com$sun$enterprise$security$acl$RoleMapper = cls;
        } else {
            cls = class$com$sun$enterprise$security$acl$RoleMapper;
        }
        $assertionsDisabled = !cls.desiredAssertionStatus();
        debug = false;
        roleMaps = new Hashtable();
        defaultRole = null;
        defaultRoleName = null;
        _logger = LogDomains.getLogger(LogDomains.SECURITY_LOGGER);
    }
}
