package org.jboss.security.identitytrust;

import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import org.jboss.logging.Logger;
import org.jboss.security.SecurityContext;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.ControlFlag;
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.identitytrust.IdentityTrustManager;
import org.jboss.security.identitytrust.config.IdentityTrustModuleEntry;
import org.jboss.security.plugins.authorization.SecurityActions;

/* loaded from: input_file:org/jboss/security/identitytrust/JBossIdentityTrustContext.class */
public class JBossIdentityTrustContext extends IdentityTrustContext {
    protected Logger log = Logger.getLogger(JBossIdentityTrustContext.class);
    private boolean encounteredRequiredDeny = false;
    private boolean encounteredRequiredNotApplicable = false;
    private boolean encounteredOptionalError = false;
    private IdentityTrustException moduleException = null;
    private IdentityTrustManager.TrustDecision overallDecision = IdentityTrustManager.TrustDecision.NotApplicable;
    private boolean encounteredRequiredPermit;

    public JBossIdentityTrustContext(SecurityContext securityContext) {
        this.securityContext = securityContext;
    }

    public IdentityTrustManager.TrustDecision isTrusted() throws IdentityTrustException {
        IdentityTrustManager.TrustDecision trustDecision = this.NOTAPPLICABLE;
        try {
            initializeModules();
            try {
                return (IdentityTrustManager.TrustDecision) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: org.jboss.security.identitytrust.JBossIdentityTrustContext.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws IdentityTrustException {
                        IdentityTrustManager.TrustDecision invokeTrusted = JBossIdentityTrustContext.this.invokeTrusted();
                        if (invokeTrusted == JBossIdentityTrustContext.this.PERMIT) {
                            JBossIdentityTrustContext.this.invokeCommit();
                        }
                        if (invokeTrusted == JBossIdentityTrustContext.this.DENY || invokeTrusted == JBossIdentityTrustContext.this.NOTAPPLICABLE) {
                            JBossIdentityTrustContext.this.invokeAbort();
                        }
                        return invokeTrusted;
                    }
                });
            } catch (PrivilegedActionException e) {
                IdentityTrustException exception = e.getException();
                this.log.trace("Error in isAuthorize:", exception);
                invokeAbort();
                throw exception;
            }
        } catch (Exception e2) {
            throw new IdentityTrustException(e2);
        }
    }

    private void initializeModules() throws Exception {
        String securityDomain = this.securityContext.getSecurityDomain();
        ApplicationPolicy applicationPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain);
        if (applicationPolicy == null) {
            throw new IllegalStateException("ApplicationPolicy not found for " + securityDomain);
        }
        for (IdentityTrustModuleEntry identityTrustModuleEntry : applicationPolicy.getIdentityTrustInfo().getIdentityTrustModuleEntry()) {
            ControlFlag controlFlag = identityTrustModuleEntry.getControlFlag();
            if (controlFlag == null) {
                controlFlag = ControlFlag.REQUIRED;
            }
            this.controlFlags.add(controlFlag);
            this.modules.add(instantiateModule(identityTrustModuleEntry.getName(), identityTrustModuleEntry.getOptions()));
        }
    }

    private IdentityTrustModule instantiateModule(String str, Map map) throws Exception {
        IdentityTrustModule identityTrustModule = null;
        try {
            identityTrustModule = (IdentityTrustModule) SecurityActions.getContextClassLoader().loadClass(str).newInstance();
        } catch (Exception e) {
            this.log.debug("Error instantiating IdentityTrustModule:", e);
        }
        if (identityTrustModule == null) {
            throw new IllegalStateException("IdentityTrustModule has not been instantiated");
        }
        identityTrustModule.initialize(this.securityContext, this.callbackHandler, this.sharedState, map);
        return identityTrustModule;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public IdentityTrustManager.TrustDecision invokeTrusted() throws IdentityTrustException {
        IdentityTrustManager.TrustDecision trustDecision;
        int size = this.modules.size();
        for (int i = 0; i < size; i++) {
            IdentityTrustModule identityTrustModule = (IdentityTrustModule) this.modules.get(i);
            ControlFlag controlFlag = (ControlFlag) this.controlFlags.get(i);
            IdentityTrustManager.TrustDecision trustDecision2 = this.NOTAPPLICABLE;
            try {
                trustDecision = identityTrustModule.isTrusted();
            } catch (Exception e) {
                trustDecision = this.NOTAPPLICABLE;
                if (this.moduleException == null) {
                    this.moduleException = new IdentityTrustException(e);
                }
            }
            if (trustDecision == this.PERMIT) {
                this.overallDecision = this.PERMIT;
                if (controlFlag == ControlFlag.REQUIRED) {
                    this.encounteredRequiredPermit = true;
                }
                if (controlFlag == ControlFlag.SUFFICIENT && !this.encounteredRequiredDeny) {
                    return this.PERMIT;
                }
            } else if (trustDecision == this.NOTAPPLICABLE && controlFlag == ControlFlag.REQUIRED) {
                this.encounteredRequiredNotApplicable = true;
            } else {
                if (controlFlag == ControlFlag.REQUISITE) {
                    this.log.trace("REQUISITE failed for " + identityTrustModule);
                    if (this.moduleException != null) {
                        throw this.moduleException;
                    }
                    this.moduleException = new IdentityTrustException("Authorization failed");
                }
                if (controlFlag == ControlFlag.REQUIRED) {
                    this.log.trace("REQUIRED failed for " + identityTrustModule);
                    this.encounteredRequiredDeny = true;
                }
                if (controlFlag == ControlFlag.OPTIONAL) {
                    this.encounteredOptionalError = true;
                }
            }
        }
        if (this.encounteredRequiredDeny) {
            return this.DENY;
        }
        if ((this.overallDecision != this.DENY || !this.encounteredOptionalError) && this.overallDecision != this.DENY) {
            return (!this.encounteredRequiredNotApplicable || this.encounteredRequiredPermit) ? this.PERMIT : this.NOTAPPLICABLE;
        }
        return this.DENY;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void invokeCommit() throws IdentityTrustException {
        int size = this.modules.size();
        for (int i = 0; i < size; i++) {
            if (!((IdentityTrustModule) this.modules.get(i)).commit()) {
                throw new IdentityTrustException("commit on modules failed");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void invokeAbort() throws IdentityTrustException {
        int size = this.modules.size();
        for (int i = 0; i < size; i++) {
            if (!((IdentityTrustModule) this.modules.get(i)).abort()) {
                throw new IdentityTrustException("abort on modules failed");
            }
        }
    }
}
