package org.apache.openejb.assembler.classic;

import java.lang.reflect.Method;
import java.security.Permission;
import java.security.PermissionCollection;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContextException;
import org.apache.openejb.BeanContext;
import org.apache.openejb.InterfaceType;
import org.apache.openejb.OpenEJBException;
import org.apache.openejb.loader.SystemInstance;
import org.apache.openejb.util.JavaSecurityManagers;
import org.apache.openejb.util.LogCategory;
import org.apache.openejb.util.Logger;

/* loaded from: input_file:org/apache/openejb/assembler/classic/JaccPermissionsBuilder.class */
public class JaccPermissionsBuilder {
    private static final Logger log;

    public void install(PolicyContext policyContext) throws OpenEJBException {
        if (SystemInstance.get().hasProperty("openejb.geronimo")) {
            return;
        }
        String contextID = policyContext.getContextID();
        try {
            PolicyConfiguration policyConfiguration = PolicyConfigurationFactory.getPolicyConfigurationFactory().getPolicyConfiguration(contextID, false);
            policyConfiguration.addToExcludedPolicy(policyContext.getExcludedPermissions());
            policyConfiguration.addToUncheckedPolicy(policyContext.getUncheckedPermissions());
            for (Map.Entry<String, PermissionCollection> entry : policyContext.getRolePermissions().entrySet()) {
                policyConfiguration.addToRole(entry.getKey(), entry.getValue());
            }
            policyConfiguration.commit();
        } catch (PolicyContextException e) {
            throw new OpenEJBException("JACC PolicyConfiguration failed: ContextId=" + contextID, e);
        } catch (ClassNotFoundException e2) {
            throw new OpenEJBException("PolicyConfigurationFactory class not found", e2);
        }
    }

    public PolicyContext build(EjbJarInfo ejbJarInfo, HashMap<String, BeanContext> hashMap) throws OpenEJBException {
        ArrayList arrayList = new ArrayList();
        List<MethodPermissionInfo> list = ejbJarInfo.methodPermissions;
        for (MethodInfo methodInfo : ejbJarInfo.excludeList) {
            MethodPermissionInfo methodPermissionInfo = new MethodPermissionInfo();
            methodPermissionInfo.excluded = true;
            methodPermissionInfo.methods.add(methodInfo);
            list.add(methodPermissionInfo);
        }
        List<MethodPermissionInfo> normalizeMethodPermissionInfos = MethodInfoUtil.normalizeMethodPermissionInfos(list);
        for (BeanContext beanContext : hashMap.values()) {
            Map<Method, MethodAttributeInfo> resolveAttributes = MethodInfoUtil.resolveAttributes(normalizeMethodPermissionInfos, beanContext);
            if (log.isDebugEnabled()) {
                for (Map.Entry<Method, MethodAttributeInfo> entry : resolveAttributes.entrySet()) {
                    log.debug("Security Attribute: " + entry.getKey() + " -- " + MethodInfoUtil.toString((MethodPermissionInfo) entry.getValue()));
                }
            }
            for (Map.Entry<Method, MethodAttributeInfo> entry2 : resolveAttributes.entrySet()) {
                Method key = entry2.getKey();
                MethodPermissionInfo methodPermissionInfo2 = (MethodPermissionInfo) entry2.getValue();
                MethodPermissionInfo methodPermissionInfo3 = new MethodPermissionInfo();
                methodPermissionInfo3.excluded = methodPermissionInfo2.excluded;
                methodPermissionInfo3.unchecked = methodPermissionInfo2.unchecked;
                methodPermissionInfo3.roleNames.addAll(methodPermissionInfo2.roleNames);
                MethodInfo methodInfo2 = methodPermissionInfo2.methods.get(0);
                MethodInfo methodInfo3 = new MethodInfo();
                methodInfo3.ejbName = beanContext.getEjbName();
                methodInfo3.ejbDeploymentId = String.valueOf(beanContext.getDeploymentID());
                methodInfo3.methodIntf = methodInfo2.methodIntf;
                methodInfo3.className = key.getDeclaringClass().getName();
                methodInfo3.methodName = key.getName();
                methodInfo3.methodParams = new ArrayList();
                for (Class<?> cls : key.getParameterTypes()) {
                    methodInfo3.methodParams.add(cls.getName());
                }
                methodPermissionInfo3.methods.add(methodInfo3);
                arrayList.add(methodPermissionInfo3);
            }
        }
        ejbJarInfo.methodPermissions.clear();
        ejbJarInfo.methodPermissions.addAll(arrayList);
        ejbJarInfo.excludeList.clear();
        PolicyContext policyContext = new PolicyContext(ejbJarInfo.moduleUri.toString());
        for (EnterpriseBeanInfo enterpriseBeanInfo : ejbJarInfo.enterpriseBeans) {
            BeanContext beanContext2 = hashMap.get(enterpriseBeanInfo.ejbDeploymentId);
            PermissionCollection permissionCollection = DelegatePermissionCollection.getPermissionCollection();
            String str = enterpriseBeanInfo.ejbName;
            for (InterfaceType interfaceType : InterfaceType.values()) {
                if (interfaceType != InterfaceType.UNKNOWN) {
                    Iterator<Class> it = beanContext2.getInterfaces(interfaceType).iterator();
                    while (it.hasNext()) {
                        addPossibleEjbMethodPermissions(permissionCollection, str, interfaceType.getSpecName(), it.next());
                    }
                }
            }
            addPossibleEjbMethodPermissions(permissionCollection, str, null, beanContext2.getBeanClass());
            addDeclaredEjbPermissions(ejbJarInfo, enterpriseBeanInfo, null, permissionCollection, policyContext);
        }
        return policyContext;
    }

    private void addDeclaredEjbPermissions(EjbJarInfo ejbJarInfo, EnterpriseBeanInfo enterpriseBeanInfo, String str, PermissionCollection permissionCollection, PolicyContext policyContext) throws OpenEJBException {
        PermissionCollection permissionCollection2;
        String[] strArr;
        PermissionCollection uncheckedPermissions = policyContext.getUncheckedPermissions();
        PermissionCollection excludedPermissions = policyContext.getExcludedPermissions();
        Map<String, PermissionCollection> rolePermissions = policyContext.getRolePermissions();
        String str2 = enterpriseBeanInfo.ejbName;
        for (MethodPermissionInfo methodPermissionInfo : ejbJarInfo.methodPermissions) {
            List<String> list = methodPermissionInfo.roleNames;
            boolean z = methodPermissionInfo.unchecked;
            boolean z2 = methodPermissionInfo.excluded;
            for (MethodInfo methodInfo : methodPermissionInfo.methods) {
                if (str2.equals(methodInfo.ejbName)) {
                    String str3 = methodInfo.methodName;
                    if ("*".equals(str3)) {
                        str3 = null;
                    }
                    String str4 = methodInfo.methodIntf;
                    if (methodInfo.methodParams != null) {
                        List<String> list2 = methodInfo.methodParams;
                        strArr = (String[]) list2.toArray(new String[list2.size()]);
                    } else {
                        strArr = null;
                    }
                    EJBMethodPermission eJBMethodPermission = new EJBMethodPermission(str2, str3, str4, strArr);
                    permissionCollection = cullPermissions(permissionCollection, eJBMethodPermission);
                    if (z) {
                        uncheckedPermissions.add(eJBMethodPermission);
                    } else if (z2) {
                        excludedPermissions.add(eJBMethodPermission);
                    } else {
                        for (String str5 : list) {
                            PermissionCollection permissionCollection3 = rolePermissions.get(str5);
                            if (permissionCollection3 == null) {
                                permissionCollection3 = DelegatePermissionCollection.getPermissionCollection();
                                rolePermissions.put(str5, permissionCollection3);
                            }
                            permissionCollection3.add(eJBMethodPermission);
                        }
                    }
                }
            }
        }
        for (SecurityRoleReferenceInfo securityRoleReferenceInfo : enterpriseBeanInfo.securityRoleReferences) {
            if (securityRoleReferenceInfo.roleLink == null) {
                throw new OpenEJBException("Missing role-link");
            }
            String str6 = securityRoleReferenceInfo.roleLink;
            PermissionCollection permissionCollection4 = rolePermissions.get(str6);
            if (permissionCollection4 == null) {
                permissionCollection4 = DelegatePermissionCollection.getPermissionCollection();
                rolePermissions.put(str6, permissionCollection4);
            }
            permissionCollection4.add(new EJBRoleRefPermission(str2, securityRoleReferenceInfo.roleName));
        }
        if (str == null) {
            permissionCollection2 = uncheckedPermissions;
        } else {
            permissionCollection2 = rolePermissions.get(str);
            if (permissionCollection2 == null) {
                permissionCollection2 = DelegatePermissionCollection.getPermissionCollection();
                rolePermissions.put(str, permissionCollection2);
            }
        }
        Enumeration<Permission> elements = permissionCollection.elements();
        while (elements.hasMoreElements()) {
            permissionCollection2.add(elements.nextElement());
        }
    }

    public void addPossibleEjbMethodPermissions(PermissionCollection permissionCollection, String str, String str2, Class cls) throws OpenEJBException {
        if (cls == null) {
            return;
        }
        for (Method method : cls.getMethods()) {
            permissionCollection.add(new EJBMethodPermission(str, ("LocalBean".equals(str2) || "LocalBeanHome".equals(str2)) ? null : str2, method));
        }
    }

    private PermissionCollection cullPermissions(PermissionCollection permissionCollection, Permission permission) {
        PermissionCollection permissionCollection2 = DelegatePermissionCollection.getPermissionCollection();
        Enumeration<Permission> elements = permissionCollection.elements();
        while (elements.hasMoreElements()) {
            Permission nextElement = elements.nextElement();
            if (!permission.implies(nextElement)) {
                permissionCollection2.add(nextElement);
            }
        }
        return permissionCollection2;
    }

    static {
        JavaSecurityManagers.setSystemProperty("org.apache.security.jacc.EJBMethodPermission.methodInterfaces", "BusinessLocalHome,BusinessRemoteHome,BusinessRemote,BusinessLocal");
        log = Logger.getInstance(LogCategory.OPENEJB_STARTUP.createChild("attributes"), JaccPermissionsBuilder.class);
    }
}
