package com.sun.enterprise.security.application;

import com.sun.ejb.Invocation;
import com.sun.enterprise.ComponentInvocation;
import com.sun.enterprise.InvocationException;
import com.sun.enterprise.SecurityManager;
import com.sun.enterprise.Switch;
import com.sun.enterprise.deployment.Descriptor;
import com.sun.enterprise.deployment.EjbDescriptor;
import com.sun.enterprise.deployment.EjbIORConfigurationDescriptor;
import com.sun.enterprise.deployment.EjbMessageBeanDescriptor;
import com.sun.enterprise.deployment.MethodDescriptor;
import com.sun.enterprise.deployment.MethodPermission;
import com.sun.enterprise.deployment.RunAsIdentityDescriptor;
import com.sun.enterprise.deployment.web.SecurityRoleReference;
import com.sun.enterprise.security.CachedPermissionImpl;
import com.sun.enterprise.security.PermissionCache;
import com.sun.enterprise.security.PermissionCacheFactory;
import com.sun.enterprise.security.SecurityContext;
import com.sun.enterprise.security.audit.AuditManager;
import com.sun.enterprise.security.audit.AuditManagerFactory;
import com.sun.enterprise.security.auth.LoginContextDriver;
import com.sun.enterprise.security.authorize.PolicyContextHandlerImpl;
import com.sun.enterprise.security.factory.FactoryForSecurityManagerFactoryImpl;
import com.sun.enterprise.util.LocalStringManagerImpl;
import com.sun.logging.LogDomains;
import java.lang.reflect.Method;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permissions;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.SubjectDomainCombiner;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;

/* loaded from: input_file:119166-15/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/enterprise/security/application/EJBSecurityManager.class */
public final class EJBSecurityManager implements SecurityManager {
    private static Logger _logger;
    private static LocalStringManagerImpl localStrings;
    private static AuditManager auditManager;
    private static final PolicyContextHandlerImpl pcHandlerImpl;
    private EjbDescriptor deploymentDescriptor;
    private Switch theSwitch;
    private RunAsIdentityDescriptor runAs;
    private static PolicyConfigurationFactory pcf;
    private String ejbName = null;
    private String contextId = null;
    private String codebase = null;
    private CodeSource codesource = null;
    private String realmName = null;
    private Hashtable cacheRoleToPerm = new Hashtable();
    private Map cacheProtectionDomain = Collections.synchronizedMap(new WeakHashMap());
    private Map protectionDomainCache = Collections.synchronizedMap(new WeakHashMap());
    private Map accessControlContextCache = Collections.synchronizedMap(new WeakHashMap());
    private PermissionCache uncheckedMethodPermissionCache = null;
    private Policy policy;
    private static CodeSource managerCodeSource;
    private boolean isMdb;
    static Class class$com$sun$enterprise$security$application$EJBSecurityManager;
    static Class class$javax$security$jacc$EJBMethodPermission;
    static final boolean $assertionsDisabled;

    public static EJBSecurityManager getInstance(Descriptor descriptor) throws Exception {
        return new EJBSecurityManager(descriptor);
    }

    private EJBSecurityManager(Descriptor descriptor) throws Exception {
        this.deploymentDescriptor = null;
        this.runAs = null;
        this.policy = null;
        if (descriptor == null || !(descriptor instanceof EjbDescriptor)) {
            throw new IllegalArgumentException("Illegal Deployment Descriptor Information.");
        }
        this.deploymentDescriptor = (EjbDescriptor) descriptor;
        this.isMdb = EjbMessageBeanDescriptor.TYPE.equals(this.deploymentDescriptor.getType());
        this.policy = Policy.getPolicy();
        if (!this.deploymentDescriptor.getUsesCallerIdentity()) {
            this.runAs = this.deploymentDescriptor.getRunAsIdentity();
            if (this.runAs != null && _logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, new StringBuffer().append(this.deploymentDescriptor.getEjbClassName()).append(" will run-as: ").append(this.runAs.getPrincipal()).append(" (").append(this.runAs.getRoleName()).append(")").toString());
            }
        }
        this.theSwitch = Switch.getSwitch();
        initialize();
    }

    private static CodeSource getApplicationCodeSource(String str) throws Exception {
        CodeSource codeSource = null;
        try {
            try {
                URI uri = new URI(new StringBuffer().append("file:///").append(str.replace(' ', '_')).toString());
                if (uri != null) {
                    codeSource = new CodeSource(uri.toURL(), (Certificate[]) null);
                }
                return codeSource;
            } catch (URISyntaxException e) {
                _logger.log(Level.SEVERE, "JACC: Error Creating URI ", (Throwable) e);
                throw new RuntimeException(e);
            }
        } catch (MalformedURLException e2) {
            _logger.log(Level.SEVERE, "JACC: ejbsm.codesourceerror", (Throwable) e2);
            throw new RuntimeException(e2);
        }
    }

    private static PolicyConfigurationFactory getPolicyFactory() throws PolicyContextException {
        Class cls;
        if (class$com$sun$enterprise$security$application$EJBSecurityManager == null) {
            cls = class$("com.sun.enterprise.security.application.EJBSecurityManager");
            class$com$sun$enterprise$security$application$EJBSecurityManager = cls;
        } else {
            cls = class$com$sun$enterprise$security$application$EJBSecurityManager;
        }
        Class cls2 = cls;
        synchronized (cls) {
            if (pcf == null) {
                try {
                    pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();
                } catch (ClassNotFoundException e) {
                    _logger.severe("jaccfactory.notfound");
                    throw new PolicyContextException(e);
                } catch (PolicyContextException e2) {
                    _logger.severe("jaccfactory.notfound");
                    throw e2;
                }
            }
            return pcf;
        }
    }

    public boolean getUsesCallerIdentity() {
        return this.runAs == null;
    }

    public static void loadPolicyConfiguration(EjbDescriptor ejbDescriptor) throws Exception {
        String registrationName = ejbDescriptor.getApplication().getRegistrationName();
        if (getPolicyFactory().inService(registrationName)) {
            return;
        }
        convertEJBMethodPermissions(ejbDescriptor, registrationName);
        convertEJBRoleReferences(ejbDescriptor, registrationName);
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine(new StringBuffer().append("JACC: policy translated for policy context:").append(registrationName).toString());
        }
    }

    private void initialize() throws Exception {
        Class cls;
        Iterator it;
        this.contextId = this.deploymentDescriptor.getApplication().getRegistrationName();
        this.codesource = getApplicationCodeSource(this.contextId);
        this.ejbName = this.deploymentDescriptor.getName();
        this.realmName = this.deploymentDescriptor.getApplication().getRealm();
        if (this.realmName == null && (it = this.deploymentDescriptor.getIORConfigurationDescriptors().iterator()) != null) {
            while (it.hasNext()) {
                this.realmName = ((EjbIORConfigurationDescriptor) it.next()).getRealmName();
            }
        }
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine(new StringBuffer().append("JACC: Context id (id under which all EJB's in application will be created) = ").append(this.contextId).toString());
            _logger.fine(new StringBuffer().append("Codebase (module id for ejb ").append(this.ejbName).append(") = ").append(this.codebase).toString());
        }
        addEJBRoleReferenceToCache(this.deploymentDescriptor);
        String str = this.contextId;
        CodeSource codeSource = this.codesource;
        Class[] clsArr = new Class[1];
        if (class$javax$security$jacc$EJBMethodPermission == null) {
            cls = class$("javax.security.jacc.EJBMethodPermission");
            class$javax$security$jacc$EJBMethodPermission = cls;
        } else {
            cls = class$javax$security$jacc$EJBMethodPermission;
        }
        clsArr[0] = cls;
        this.uncheckedMethodPermissionCache = PermissionCacheFactory.createPermissionCache(str, codeSource, clsArr, this.ejbName);
    }

    private static void convertEJBRoleReferences(EjbDescriptor ejbDescriptor, String str) throws PolicyContextException {
        PolicyConfiguration policyConfiguration = getPolicyFactory().getPolicyConfiguration(str, false);
        if (!$assertionsDisabled && policyConfiguration == null) {
            throw new AssertionError();
        }
        if (policyConfiguration != null) {
            String name = ejbDescriptor.getName();
            for (SecurityRoleReference securityRoleReference : ejbDescriptor.getRoleReferences()) {
                EJBRoleRefPermission eJBRoleRefPermission = new EJBRoleRefPermission(name, securityRoleReference.getRolename());
                String name2 = securityRoleReference.getSecurityRoleLink().getName();
                policyConfiguration.addToRole(name2, eJBRoleRefPermission);
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.fine(new StringBuffer().append("JACC: Converting role-ref -> ").append(securityRoleReference.toString()).append(" to permission with name(").append(eJBRoleRefPermission.getName()).append(") and actions (").append(eJBRoleRefPermission.getActions()).append(")").append("mapped to role (").append(name2).append(")").toString());
                }
            }
        }
    }

    private void addEJBRoleReferenceToCache(EjbDescriptor ejbDescriptor) {
        String name = ejbDescriptor.getName();
        for (SecurityRoleReference securityRoleReference : ejbDescriptor.getRoleReferences()) {
            String rolename = securityRoleReference.getRolename();
            EJBRoleRefPermission eJBRoleRefPermission = new EJBRoleRefPermission(name, rolename);
            String name2 = securityRoleReference.getSecurityRoleLink().getName();
            this.cacheRoleToPerm.put(new StringBuffer().append(name).append("_").append(rolename).toString(), eJBRoleRefPermission);
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine(new StringBuffer().append("JACC: Converting role-ref -> ").append(securityRoleReference.toString()).append(" to permission with name(").append(eJBRoleRefPermission.getName()).append(") and actions (").append(eJBRoleRefPermission.getActions()).append(")").append("mapped to role (").append(name2).append(")").toString());
            }
        }
    }

    private static HashMap addToRolePermissionsTable(HashMap hashMap, MethodPermission methodPermission, EJBMethodPermission eJBMethodPermission) {
        if (methodPermission.isRoleBased()) {
            if (hashMap == null) {
                hashMap = new HashMap();
            }
            String name = methodPermission.getRole().getName();
            Permissions permissions = (Permissions) hashMap.get(name);
            if (permissions == null) {
                permissions = new Permissions();
                hashMap.put(name, permissions);
            }
            permissions.add(eJBMethodPermission);
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine(new StringBuffer().append("JACC DD conversion: EJBMethodPermission ->(").append(eJBMethodPermission.getName()).append(" ").append(eJBMethodPermission.getActions()).append(")protected by role -> ").append(name).toString());
            }
        }
        return hashMap;
    }

    private static Permissions addToUncheckedPermissions(Permissions permissions, MethodPermission methodPermission, EJBMethodPermission eJBMethodPermission) {
        if (methodPermission.isUnchecked()) {
            if (permissions == null) {
                permissions = new Permissions();
            }
            permissions.add(eJBMethodPermission);
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine(new StringBuffer().append("JACC DD conversion: EJBMethodPermission ->(").append(eJBMethodPermission.getName()).append(" ").append(eJBMethodPermission.getActions()).append(") is (unchecked)").toString());
            }
        }
        return permissions;
    }

    private static Permissions addToExcludedPermissions(Permissions permissions, MethodPermission methodPermission, EJBMethodPermission eJBMethodPermission) {
        if (methodPermission.isExcluded()) {
            if (permissions == null) {
                permissions = new Permissions();
            }
            permissions.add(eJBMethodPermission);
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine(new StringBuffer().append("JACC DD conversion: EJBMethodPermission ->(").append(eJBMethodPermission.getName()).append(" ").append(eJBMethodPermission.getActions()).append(") is (excluded)").toString());
            }
        }
        return permissions;
    }

    private static void convertEJBMethodPermissions(EjbDescriptor ejbDescriptor, String str) throws PolicyContextException {
        PolicyConfiguration policyConfiguration = getPolicyFactory().getPolicyConfiguration(str, false);
        if (!$assertionsDisabled && policyConfiguration == null) {
            throw new AssertionError();
        }
        if (policyConfiguration != null) {
            String name = ejbDescriptor.getName();
            Permissions permissions = null;
            Permissions permissions2 = null;
            HashMap hashMap = null;
            HashMap methodPermissionsFromDD = ejbDescriptor.getMethodPermissionsFromDD();
            if (methodPermissionsFromDD != null) {
                for (MethodPermission methodPermission : methodPermissionsFromDD.keySet()) {
                    Iterator it = ((ArrayList) methodPermissionsFromDD.get(methodPermission)).iterator();
                    while (it.hasNext()) {
                        MethodDescriptor methodDescriptor = (MethodDescriptor) it.next();
                        String name2 = methodDescriptor.getName();
                        EJBMethodPermission eJBMethodPermission = new EJBMethodPermission(name, name2.equals("*") ? null : name2, methodDescriptor.getEjbClassSymbol(), methodDescriptor.getStyle() == 3 ? methodDescriptor.getParameterClassNames() : null);
                        hashMap = addToRolePermissionsTable(hashMap, methodPermission, eJBMethodPermission);
                        permissions = addToUncheckedPermissions(permissions, methodPermission, eJBMethodPermission);
                        permissions2 = addToExcludedPermissions(permissions2, methodPermission, eJBMethodPermission);
                    }
                }
            }
            for (MethodDescriptor methodDescriptor2 : ejbDescriptor.getMethodDescriptors()) {
                Method method = methodDescriptor2.getMethod(ejbDescriptor);
                String ejbClassSymbol = methodDescriptor2.getEjbClassSymbol();
                if (method != null) {
                    if (ejbClassSymbol == null || ejbClassSymbol.equals("")) {
                        _logger.severe(new StringBuffer().append("MethodDescriptor interface not defined -  ejbName: ").append(name).append(" methodName: ").append(methodDescriptor2.getName()).append(" methodParams: ").append(methodDescriptor2.getParameterClassNames()).toString());
                    } else {
                        EJBMethodPermission eJBMethodPermission2 = new EJBMethodPermission(name, ejbClassSymbol, method);
                        for (MethodPermission methodPermission2 : ejbDescriptor.getMethodPermissionsFor(methodDescriptor2)) {
                            hashMap = addToRolePermissionsTable(hashMap, methodPermission2, eJBMethodPermission2);
                            permissions = addToUncheckedPermissions(permissions, methodPermission2, eJBMethodPermission2);
                            permissions2 = addToExcludedPermissions(permissions2, methodPermission2, eJBMethodPermission2);
                        }
                    }
                }
            }
            if (permissions != null) {
                policyConfiguration.addToUncheckedPolicy(permissions);
            }
            if (permissions2 != null) {
                policyConfiguration.addToExcludedPolicy(permissions2);
            }
            if (hashMap != null) {
                for (String str2 : hashMap.keySet()) {
                    policyConfiguration.addToRole(str2, (Permissions) hashMap.get(str2));
                }
            }
        }
    }

    private ProtectionDomain getCachedProtectionDomain(Set set, boolean z) {
        ProtectionDomain protectionDomain;
        CodeSource codeSource;
        if (z) {
            protectionDomain = (ProtectionDomain) this.cacheProtectionDomain.get(set);
            codeSource = this.codesource;
        } else {
            protectionDomain = (ProtectionDomain) this.protectionDomainCache.get(set);
            codeSource = managerCodeSource;
        }
        if (protectionDomain == null) {
            protectionDomain = new ProtectionDomain(codeSource, null, null, set == null ? null : (Principal[]) set.toArray(new Principal[0]));
            if (z) {
                this.cacheProtectionDomain.put(new HashSet(set), protectionDomain);
            } else {
                this.protectionDomainCache.put(new HashSet(set), protectionDomain);
            }
            _logger.fine("JACC: new ProtectionDomain added to cache");
        }
        if (_logger.isLoggable(Level.FINE)) {
            if (set == null) {
                _logger.fine("JACC: returning cached ProtectionDomain PrincipalSet: null");
            } else {
                StringBuffer stringBuffer = null;
                Principal[] principalArr = (Principal[]) set.toArray(new Principal[0]);
                for (int i = 0; i < principalArr.length; i++) {
                    if (i == 0) {
                        stringBuffer = new StringBuffer(principalArr[i].toString());
                    } else {
                        stringBuffer.append(new StringBuffer().append(" ").append(principalArr[i].toString()).toString());
                    }
                }
                _logger.fine(new StringBuffer().append("JACC: returning cached ProtectionDomain - CodeSource: (").append(codeSource).append(") PrincipalSet: ").append((Object) stringBuffer).toString());
            }
        }
        return protectionDomain;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v60, types: [com.sun.enterprise.security.CachedPermission] */
    /* JADX WARN: Type inference failed for: r0v62, types: [java.security.Permission] */
    @Override // com.sun.enterprise.SecurityManager
    public boolean authorize(Invocation invocation) {
        EJBMethodPermission eJBMethodPermission;
        CachedPermissionImpl cachedPermissionImpl;
        if (invocation.invocationInfo == null || invocation.invocationInfo.cachedPermission == null) {
            eJBMethodPermission = new EJBMethodPermission(this.ejbName, invocation.getMethodInterface(), invocation.method);
            cachedPermissionImpl = new CachedPermissionImpl(this.uncheckedMethodPermissionCache, eJBMethodPermission);
            if (invocation.invocationInfo != null) {
                invocation.invocationInfo.cachedPermission = cachedPermissionImpl;
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.fine(new StringBuffer().append("JACC: permission initialized in InvocationInfo: EJBMethodPermission (Name) = ").append(eJBMethodPermission.getName()).append(" (Action) = ").append(eJBMethodPermission.getActions()).toString());
                }
            }
        } else {
            cachedPermissionImpl = invocation.invocationInfo.cachedPermission;
            eJBMethodPermission = cachedPermissionImpl.getPermission();
        }
        String str = null;
        SecurityContext securityContext = null;
        boolean checkPermission = cachedPermissionImpl.checkPermission();
        if (!checkPermission) {
            pcHandlerImpl.getHandlerData().setInvocation(invocation);
            securityContext = SecurityContext.getCurrent();
            ProtectionDomain cachedProtectionDomain = getCachedProtectionDomain(securityContext.getPrincipalSet(), true);
            try {
                String policyContext = setPolicyContext(this.contextId);
                try {
                    try {
                        checkPermission = this.policy.implies(cachedProtectionDomain, eJBMethodPermission);
                        resetPolicyContext(policyContext, this.contextId);
                    } catch (Throwable th) {
                        resetPolicyContext(policyContext, this.contextId);
                        throw th;
                    }
                } catch (SecurityException e) {
                    _logger.log(Level.SEVERE, "JACC: Unexpected security exception on access decision", (Throwable) e);
                    checkPermission = false;
                    resetPolicyContext(policyContext, this.contextId);
                } catch (Throwable th2) {
                    _logger.log(Level.SEVERE, "JACC: Unexpected exception on access decision", th2);
                    checkPermission = false;
                    resetPolicyContext(policyContext, this.contextId);
                }
            } catch (Throwable th3) {
                _logger.log(Level.SEVERE, "JACC: Unexpected exception manipulating policy context", th3);
                checkPermission = false;
            }
        }
        if (auditManager.isAuditOn()) {
            if (securityContext == null) {
                securityContext = SecurityContext.getCurrent();
            }
            str = securityContext.getCallerPrincipal().getName();
            auditManager.ejbInvocation(str, this.ejbName, invocation.method.toString(), checkPermission);
        }
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine(new StringBuffer().append("JACC: Access Control Decision Result: ").append(checkPermission).append(" EJBMethodPermission (Name) = ").append(eJBMethodPermission.getName()).append(" (Action) = ").append(eJBMethodPermission.getActions()).append(" (Caller) = ").append(str).toString());
        }
        return checkPermission;
    }

    private boolean areMethodPermissionsSet() {
        return !this.deploymentDescriptor.getPermissionedMethodsByPermission().isEmpty();
    }

    @Override // com.sun.enterprise.SecurityManager
    public void preInvoke(ComponentInvocation componentInvocation) {
        if (this.isMdb) {
            SecurityContext.setUnauthenticatedContext();
        }
        if (this.runAs != null) {
            componentInvocation.setOldSecurityContext(SecurityContext.getCurrent());
            loginForRunAs();
        }
    }

    @Override // com.sun.enterprise.SecurityManager
    public void postInvoke(ComponentInvocation componentInvocation) {
        if (this.runAs != null) {
            AccessController.doPrivileged(new PrivilegedAction(this, componentInvocation) { // from class: com.sun.enterprise.security.application.EJBSecurityManager.1
                private final ComponentInvocation val$finv;
                private final EJBSecurityManager this$0;

                {
                    this.this$0 = this;
                    this.val$finv = componentInvocation;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    SecurityContext.setCurrent(this.val$finv.getOldSecurityContext());
                    return null;
                }
            });
        }
    }

    private void loginForRunAs() {
        AccessController.doPrivileged(new PrivilegedAction(this) { // from class: com.sun.enterprise.security.application.EJBSecurityManager.2
            private final EJBSecurityManager this$0;

            {
                this.this$0 = this;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                LoginContextDriver.loginPrincipal(this.this$0.runAs.getPrincipal(), this.this$0.realmName);
                return null;
            }
        });
    }

    @Override // com.sun.enterprise.SecurityManager
    public boolean isCallerInRole(String str) {
        boolean z;
        if (_logger.isLoggable(Level.FINE)) {
            _logger.entering("EJBSecurityManager", "isCallerInRole", str);
        }
        EJBRoleRefPermission eJBRoleRefPermission = (EJBRoleRefPermission) this.cacheRoleToPerm.get(new StringBuffer().append(this.ejbName).append("_").append(str).toString());
        if (eJBRoleRefPermission == null) {
            eJBRoleRefPermission = new EJBRoleRefPermission(this.ejbName, str);
        }
        SecurityContext oldSecurityContext = this.runAs != null ? this.theSwitch.getInvocationManager().getCurrentInvocation().getOldSecurityContext() : SecurityContext.getCurrent();
        Set set = null;
        if (oldSecurityContext != null) {
            set = oldSecurityContext.getPrincipalSet();
        }
        ProtectionDomain cachedProtectionDomain = getCachedProtectionDomain(set, true);
        try {
            z = this.policy.implies(cachedProtectionDomain, eJBRoleRefPermission);
        } catch (SecurityException e) {
            _logger.log(Level.SEVERE, "JACC: Unexpected security exception isCallerInRole", (Throwable) e);
            z = false;
        } catch (Throwable th) {
            _logger.log(Level.SEVERE, "JACC: Unexpected exception isCallerInRole", th);
            z = false;
        }
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine(new StringBuffer().append("JACC: isCallerInRole Result: ").append(z).append(" EJBRoleRefPermission (Name) = ").append(eJBRoleRefPermission.getName()).append(" (Action) = ").append(eJBRoleRefPermission.getActions()).append(" (Codesource) = ").append(cachedProtectionDomain.getCodeSource()).toString());
        }
        return z;
    }

    @Override // com.sun.enterprise.SecurityManager
    public Principal getCallerPrincipal() {
        SecurityContext current;
        if (this.runAs != null) {
            ComponentInvocation currentInvocation = this.theSwitch.getInvocationManager().getCurrentInvocation();
            if (currentInvocation == null) {
                throw new InvocationException();
            }
            current = currentInvocation.getOldSecurityContext();
        } else {
            current = SecurityContext.getCurrent();
        }
        return current != null ? current.getCallerPrincipal() : SecurityContext.getDefaultCallerPrincipal();
    }

    @Override // com.sun.enterprise.SecurityManager
    public void destroy() {
        try {
            PolicyConfigurationFactory policyFactory = getPolicyFactory();
            boolean inService = policyFactory.inService(this.contextId);
            policyFactory.getPolicyConfiguration(this.contextId, false);
            if (inService) {
                this.policy.refresh();
                PermissionCacheFactory.removePermissionCache(this.uncheckedMethodPermissionCache);
                this.uncheckedMethodPermissionCache = null;
            }
        } catch (PolicyContextException e) {
            _logger.log(Level.WARNING, localStrings.getLocalString("ejbsm.could_not_delete", "Could not delete policy file during undeployment"), (Throwable) e);
        }
        FactoryForSecurityManagerFactoryImpl.getInstance().getSecurityManagerFactory("ejb").removeSecurityManager(this.contextId);
    }

    @Override // com.sun.enterprise.SecurityManager
    public Subject getCurrentSubject() {
        return SecurityContext.getCurrent().getSubject();
    }

    @Override // com.sun.enterprise.SecurityManager
    public Object doAsPrivileged(PrivilegedExceptionAction privilegedExceptionAction) throws Throwable {
        SecurityContext current = SecurityContext.getCurrent();
        Set principalSet = current.getPrincipalSet();
        AccessControlContext accessControlContext = (AccessControlContext) this.accessControlContextCache.get(principalSet);
        if (accessControlContext == null) {
            ProtectionDomain[] protectionDomainArr = {getCachedProtectionDomain(principalSet, false)};
            try {
                accessControlContext = principalSet != null ? (AccessControlContext) AccessController.doPrivileged(new PrivilegedExceptionAction(this, protectionDomainArr, current.getSubject()) { // from class: com.sun.enterprise.security.application.EJBSecurityManager.3
                    private final ProtectionDomain[] val$pdArray;
                    private final Subject val$s;
                    private final EJBSecurityManager this$0;

                    {
                        this.this$0 = this;
                        this.val$pdArray = protectionDomainArr;
                        this.val$s = r6;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return new AccessControlContext(new AccessControlContext(this.val$pdArray), new SubjectDomainCombiner(this.val$s));
                    }
                }) : new AccessControlContext(protectionDomainArr);
                this.accessControlContextCache.put(new HashSet(principalSet), accessControlContext);
                _logger.fine("JACC: new AccessControlContext added to cache");
            } catch (Exception e) {
                _logger.log(Level.SEVERE, "java_security.security_context_exception", (Throwable) e);
                throw e;
            }
        }
        String policyContext = setPolicyContext(this.contextId);
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine(new StringBuffer().append("JACC: doAsPrivileged contextId(").append(this.contextId).append(")").toString());
        }
        try {
            Object doPrivileged = AccessController.doPrivileged((PrivilegedExceptionAction<Object>) privilegedExceptionAction, accessControlContext);
            resetPolicyContext(policyContext, this.contextId);
            return doPrivileged;
        } catch (Throwable th) {
            resetPolicyContext(policyContext, this.contextId);
            throw th;
        }
    }

    private static void resetPolicyContext(String str, String str2) throws Throwable {
        if (str2 == str || str == null) {
            return;
        }
        if (str2 == null || !str2.equals(str)) {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.fine(new StringBuffer().append("JACC: Changing Policy Context ID: oldV = ").append(str2).append(" newV = ").append(str).toString());
            }
            try {
                AccessController.doPrivileged(new PrivilegedExceptionAction(str) { // from class: com.sun.enterprise.security.application.EJBSecurityManager.4
                    private final String val$newV;

                    {
                        this.val$newV = str;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        PolicyContext.setContextID(this.val$newV);
                        return null;
                    }
                });
            } catch (PrivilegedActionException e) {
                Throwable cause = e.getCause();
                if (cause instanceof AccessControlException) {
                    _logger.log(Level.SEVERE, "setPolicy SecurityPermission required to call PolicyContext.setContextID", cause);
                } else {
                    _logger.log(Level.SEVERE, "Unexpected Exception while setting PolicyContext", cause);
                }
                throw cause;
            }
        }
    }

    private static String setPolicyContext(String str) throws Throwable {
        String contextID = PolicyContext.getContextID();
        resetPolicyContext(str, contextID);
        return contextID;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        Class cls3;
        if (class$com$sun$enterprise$security$application$EJBSecurityManager == null) {
            cls = class$("com.sun.enterprise.security.application.EJBSecurityManager");
            class$com$sun$enterprise$security$application$EJBSecurityManager = cls;
        } else {
            cls = class$com$sun$enterprise$security$application$EJBSecurityManager;
        }
        $assertionsDisabled = !cls.desiredAssertionStatus();
        _logger = null;
        _logger = LogDomains.getLogger(LogDomains.SECURITY_LOGGER);
        if (class$com$sun$enterprise$security$application$EJBSecurityManager == null) {
            cls2 = class$("com.sun.enterprise.security.application.EJBSecurityManager");
            class$com$sun$enterprise$security$application$EJBSecurityManager = cls2;
        } else {
            cls2 = class$com$sun$enterprise$security$application$EJBSecurityManager;
        }
        localStrings = new LocalStringManagerImpl(cls2);
        auditManager = AuditManagerFactory.getAuditManagerInstance();
        pcHandlerImpl = (PolicyContextHandlerImpl) PolicyContextHandlerImpl.getInstance();
        pcf = null;
        if (class$com$sun$enterprise$security$application$EJBSecurityManager == null) {
            cls3 = class$("com.sun.enterprise.security.application.EJBSecurityManager");
            class$com$sun$enterprise$security$application$EJBSecurityManager = cls3;
        } else {
            cls3 = class$com$sun$enterprise$security$application$EJBSecurityManager;
        }
        managerCodeSource = cls3.getProtectionDomain().getCodeSource();
    }
}
