package org.jboss.security.identitytrust;

import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import org.jboss.logging.Logger;
import org.jboss.security.SecurityContext;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.ControlFlag;
import org.jboss.security.config.IdentityTrustInfo;
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.identitytrust.IdentityTrustManager;
import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;

/* loaded from: input_file:org/jboss/security/identitytrust/JBossIdentityTrustContext.class */
public class JBossIdentityTrustContext extends IdentityTrustContext {
    protected Logger log = Logger.getLogger(JBossIdentityTrustContext.class);

    public JBossIdentityTrustContext(String str, SecurityContext securityContext) {
        this.securityDomain = str;
        this.securityContext = securityContext;
    }

    @Override // org.jboss.security.identitytrust.IdentityTrustContext
    public IdentityTrustManager.TrustDecision isTrusted() throws IdentityTrustException {
        IdentityTrustManager.TrustDecision trustDecision = this.NOTAPPLICABLE;
        try {
            initializeModules();
            try {
                return (IdentityTrustManager.TrustDecision) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: org.jboss.security.identitytrust.JBossIdentityTrustContext.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws IdentityTrustException {
                        IdentityTrustManager.TrustDecision invokeTrusted = JBossIdentityTrustContext.this.invokeTrusted();
                        if (invokeTrusted == JBossIdentityTrustContext.this.PERMIT) {
                            JBossIdentityTrustContext.this.invokeCommit();
                        }
                        if (invokeTrusted == JBossIdentityTrustContext.this.DENY || invokeTrusted == JBossIdentityTrustContext.this.NOTAPPLICABLE) {
                            JBossIdentityTrustContext.this.invokeAbort();
                        }
                        return invokeTrusted;
                    }
                });
            } catch (PrivilegedActionException e) {
                Exception exception = e.getException();
                this.log.trace("Error in isAuthorize:", exception);
                invokeAbort();
                throw ((IdentityTrustException) exception);
            }
        } catch (Exception e2) {
            throw new IdentityTrustException(e2);
        }
    }

    private void initializeModules() throws Exception {
        this.modules.clear();
        ApplicationPolicy applicationPolicy = SecurityConfiguration.getApplicationPolicy(this.securityDomain);
        if (applicationPolicy == null) {
            throw new IllegalStateException("ApplicationPolicy not found for " + this.securityDomain);
        }
        IdentityTrustInfo identityTrustInfo = applicationPolicy.getIdentityTrustInfo();
        if (identityTrustInfo == null) {
            return;
        }
        for (IdentityTrustModuleEntry identityTrustModuleEntry : identityTrustInfo.getIdentityTrustModuleEntry()) {
            ControlFlag controlFlag = identityTrustModuleEntry.getControlFlag();
            if (controlFlag == null) {
                controlFlag = ControlFlag.REQUIRED;
            }
            this.controlFlags.add(controlFlag);
            this.modules.add(instantiateModule(identityTrustModuleEntry.getName(), identityTrustModuleEntry.getOptions()));
        }
    }

    private IdentityTrustModule instantiateModule(String str, Map map) throws Exception {
        IdentityTrustModule identityTrustModule = null;
        try {
            identityTrustModule = (IdentityTrustModule) SecurityActions.getContextClassLoader().loadClass(str).newInstance();
        } catch (Exception e) {
            this.log.debug("Error instantiating IdentityTrustModule:", e);
        }
        if (identityTrustModule == null) {
            throw new IllegalStateException("IdentityTrustModule has not been instantiated");
        }
        identityTrustModule.initialize(this.securityContext, this.callbackHandler, this.sharedState, map);
        return identityTrustModule;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public IdentityTrustManager.TrustDecision invokeTrusted() throws IdentityTrustException {
        IdentityTrustManager.TrustDecision trustDecision;
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        IdentityTrustException identityTrustException = null;
        IdentityTrustManager.TrustDecision trustDecision2 = IdentityTrustManager.TrustDecision.NotApplicable;
        boolean z4 = false;
        IdentityTrustManager.TrustDecision trustDecision3 = this.NOTAPPLICABLE;
        int size = this.modules.size();
        if (size == 0) {
            return trustDecision3;
        }
        for (int i = 0; i < size; i++) {
            IdentityTrustModule identityTrustModule = this.modules.get(i);
            ControlFlag controlFlag = this.controlFlags.get(i);
            try {
                trustDecision = identityTrustModule.isTrusted();
            } catch (Exception e) {
                trustDecision = this.NOTAPPLICABLE;
                if (identityTrustException == null) {
                    identityTrustException = new IdentityTrustException(e);
                }
            }
            if (trustDecision == this.PERMIT) {
                trustDecision2 = this.PERMIT;
                if (controlFlag == ControlFlag.REQUIRED) {
                    z4 = true;
                }
                if (controlFlag == ControlFlag.SUFFICIENT && !z) {
                    return this.PERMIT;
                }
            } else if (trustDecision == this.NOTAPPLICABLE && controlFlag == ControlFlag.REQUIRED) {
                z2 = true;
            } else {
                if (controlFlag == ControlFlag.REQUISITE) {
                    this.log.trace("REQUISITE failed for " + identityTrustModule);
                    if (identityTrustException != null) {
                        throw identityTrustException;
                    }
                    identityTrustException = new IdentityTrustException("Authorization failed");
                }
                if (controlFlag == ControlFlag.REQUIRED) {
                    this.log.trace("REQUIRED failed for " + identityTrustModule);
                    z = true;
                }
                if (controlFlag == ControlFlag.OPTIONAL) {
                    z3 = true;
                }
            }
        }
        if (z) {
            return this.DENY;
        }
        if ((trustDecision2 != this.DENY || !z3) && trustDecision2 != this.DENY) {
            return (!z2 || z4) ? this.PERMIT : this.NOTAPPLICABLE;
        }
        return this.DENY;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void invokeCommit() throws IdentityTrustException {
        int size = this.modules.size();
        for (int i = 0; i < size; i++) {
            if (!this.modules.get(i).commit()) {
                throw new IdentityTrustException("commit on modules failed");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void invokeAbort() throws IdentityTrustException {
        int size = this.modules.size();
        for (int i = 0; i < size; i++) {
            if (!this.modules.get(i).abort()) {
                throw new IdentityTrustException("abort on modules failed");
            }
        }
    }
}
