package org.jboss.portal.security.impl.jacc;

import java.security.Principal;
import java.security.ProtectionDomain;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import org.jboss.logging.Logger;
import org.jboss.portal.security.PortalPermission;
import org.jboss.portal.security.PortalSecurityException;
import org.jboss.portal.security.SecurityConstants;
import org.jboss.portal.security.spi.auth.PortalAuthorizationManager;
import org.jboss.portal.security.spi.provider.AuthorizationDomain;

/* loaded from: input_file:org/jboss/portal/security/impl/jacc/JACCPortalAuthorizationManager.class */
public class JACCPortalAuthorizationManager implements PortalAuthorizationManager {
    private final JACCPortalAuthorizationManagerFactory factory;
    private PolicyConfigurationFactory pcf;
    private SecurityContext securityContext = null;
    private static Logger log = Logger.getLogger(JACCPortalAuthorizationManager.class);
    private static final boolean trace = log.isTraceEnabled();
    private static final ThreadLocal checkedSubjectLocal = new ThreadLocal();

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSecurityContext(SecurityContext securityContext) {
        this.securityContext = securityContext;
    }

    public JACCPortalAuthorizationManager(JACCPortalAuthorizationManagerFactory jACCPortalAuthorizationManagerFactory) {
        this.factory = jACCPortalAuthorizationManagerFactory;
        try {
            this.pcf = PolicyConfigurationFactory.getPolicyConfigurationFactory();
        } catch (Exception e) {
            log.error("Unable to obtain the PolicyConfigurationFactory", e);
        }
    }

    public void checkRoleConfig(String str, String str2) throws PortalSecurityException {
        Map map = this.factory.configuredRoles;
        synchronized (map) {
            if (!map.containsKey(str2)) {
                for (AuthorizationDomain authorizationDomain : this.factory.getAuthorizationDomainRegistry().getDomains()) {
                    PortalPermission createPermissionContainer = authorizationDomain.getPermissionFactory().createPermissionContainer(new JACCPortalPermissionCollection(str2, authorizationDomain));
                    if (SecurityConstants.UNCHECKED_ROLE_NAME.equals(str2)) {
                        this.securityContext.addToUncheckedPolicy(createPermissionContainer);
                    } else {
                        this.securityContext.addToRole(str2, createPermissionContainer);
                    }
                }
                map.put(str2, str2);
            }
        }
    }

    private boolean internalCheckPermission(PortalPermission portalPermission) throws IllegalArgumentException, PortalSecurityException {
        Principal[] principalArr;
        if (portalPermission == null) {
            throw new IllegalArgumentException("No null permission can be checked");
        }
        String contextID = PolicyContext.getContextID();
        if (contextID == null) {
            throw new PortalSecurityException("No policy context id");
        }
        Subject subject = (Subject) checkedSubjectLocal.get();
        checkRoleConfig(contextID, SecurityConstants.UNCHECKED_ROLE_NAME);
        if (subject != null) {
            Set<JACCPortalPrincipal> principals = subject.getPrincipals(JACCPortalPrincipal.class);
            r13 = null;
            for (JACCPortalPrincipal jACCPortalPrincipal : principals) {
                if (jACCPortalPrincipal != null) {
                    break;
                }
            }
            if (jACCPortalPrincipal == null) {
                jACCPortalPrincipal = new JACCPortalPrincipal(subject);
                principals.add(jACCPortalPrincipal);
                for (Principal principal : jACCPortalPrincipal.getRoles()) {
                    checkRoleConfig(contextID, principal.getName());
                    if (trace) {
                        log.trace("Internal check. Contains role: " + principal.getName());
                    }
                }
            }
            principalArr = jACCPortalPrincipal.getPrincipals();
        } else {
            principalArr = new Principal[0];
        }
        return this.securityContext.implies(new ProtectionDomain(null, null, null, principalArr), portalPermission);
    }

    @Override // org.jboss.portal.security.spi.auth.PortalAuthorizationManager
    public boolean checkPermission(Subject subject, PortalPermission portalPermission) throws IllegalArgumentException, PortalSecurityException {
        try {
            checkedSubjectLocal.set(subject);
            if (trace && subject != null) {
                Iterator<Principal> it = subject.getPrincipals().iterator();
                while (it.hasNext()) {
                    log.trace("Principal name: " + it.next().getName());
                }
            }
            if (trace) {
                log.trace("hasPermission:name=" + portalPermission.getName() + "uri=" + portalPermission.getURI() + "::actions=" + portalPermission.getActions() + "::type=" + portalPermission.getType());
            }
            boolean internalCheckPermission = internalCheckPermission(portalPermission);
            if (trace) {
                log.trace("hasPermission:result=" + internalCheckPermission);
            }
            checkedSubjectLocal.set(null);
            return internalCheckPermission;
        } catch (Throwable th) {
            checkedSubjectLocal.set(null);
            throw th;
        }
    }

    @Override // org.jboss.portal.security.spi.auth.PortalAuthorizationManager
    public boolean checkPermission(PortalPermission portalPermission) throws IllegalArgumentException, PortalSecurityException {
        try {
            return checkPermission((Subject) PolicyContext.getContext("javax.security.auth.Subject.container"), portalPermission);
        } catch (PolicyContextException e) {
            throw new PortalSecurityException((Throwable) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Subject getCheckedSubject() {
        return (Subject) checkedSubjectLocal.get();
    }
}
