package org.jboss.security.plugins.authorization;

import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import org.codehaus.jackson.util.MinimalPrettyPrinter;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.SecurityConstants;
import org.jboss.security.authorization.AuthorizationContext;
import org.jboss.security.authorization.AuthorizationException;
import org.jboss.security.authorization.AuthorizationModule;
import org.jboss.security.authorization.Resource;
import org.jboss.security.authorization.ResourceKeys;
import org.jboss.security.authorization.ResourceType;
import org.jboss.security.authorization.config.AuthorizationModuleEntry;
import org.jboss.security.authorization.modules.DelegatingAuthorizationModule;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.AuthorizationInfo;
import org.jboss.security.config.ControlFlag;
import org.jboss.security.config.SecurityConfiguration;
import org.jboss.security.identity.RoleGroup;
import org.jboss.security.plugins.ClassLoaderLocator;
import org.jboss.security.plugins.ClassLoaderLocatorFactory;

/* loaded from: input_file:WEB-INF/lib/picketbox-4.0.19.SP8-redhat-1.jar:org/jboss/security/plugins/authorization/JBossAuthorizationContext.class */
public class JBossAuthorizationContext extends AuthorizationContext {
    private final String EJB = "jboss-ejb-policy";
    private final String WEB = "jboss-web-policy";
    private Subject authenticatedSubject;
    private ApplicationPolicy applicationPolicy;

    public JBossAuthorizationContext(String str) {
        this.EJB = SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY;
        this.WEB = SecurityConstants.DEFAULT_WEB_APPLICATION_POLICY;
        this.authenticatedSubject = null;
        this.applicationPolicy = null;
        this.securityDomainName = str;
    }

    public JBossAuthorizationContext(String str, CallbackHandler callbackHandler) {
        this(str);
        this.callbackHandler = callbackHandler;
    }

    public JBossAuthorizationContext(String str, Subject subject, CallbackHandler callbackHandler) {
        this(str, callbackHandler);
        this.authenticatedSubject = subject;
    }

    public void setApplicationPolicy(ApplicationPolicy applicationPolicy) {
        if (applicationPolicy == null) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("appPolicy");
        }
        AuthorizationInfo authorizationInfo = applicationPolicy.getAuthorizationInfo();
        if (authorizationInfo == null) {
            throw PicketBoxMessages.MESSAGES.failedToObtainInfoFromAppPolicy("AuthorizationInfo");
        }
        if (!authorizationInfo.getName().equals(this.securityDomainName)) {
            throw PicketBoxMessages.MESSAGES.unexpectedSecurityDomainInInfo("AuthorizationInfo", this.securityDomainName);
        }
        this.applicationPolicy = applicationPolicy;
    }

    @Override // org.jboss.security.authorization.AuthorizationContext
    public int authorize(Resource resource) throws AuthorizationException {
        return authorize(resource, this.authenticatedSubject, (RoleGroup) resource.getMap().get(ResourceKeys.SECURITY_CONTEXT_ROLES));
    }

    @Override // org.jboss.security.authorization.AuthorizationContext
    public int authorize(final Resource resource, Subject subject, RoleGroup roleGroup) throws AuthorizationException {
        final ArrayList arrayList = new ArrayList();
        final ArrayList arrayList2 = new ArrayList();
        try {
            try {
                this.authenticatedSubject = subject;
                initializeModules(resource, roleGroup, arrayList, arrayList2);
                AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: org.jboss.security.plugins.authorization.JBossAuthorizationContext.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws AuthorizationException {
                        int invokeAuthorize = JBossAuthorizationContext.this.invokeAuthorize(resource, arrayList, arrayList2);
                        if (invokeAuthorize == 1) {
                            JBossAuthorizationContext.this.invokeCommit(arrayList, arrayList2);
                        }
                        if (invokeAuthorize != -1) {
                            return null;
                        }
                        JBossAuthorizationContext.this.invokeAbort(arrayList, arrayList2);
                        throw new AuthorizationException(PicketBoxMessages.MESSAGES.authorizationFailedMessage());
                    }
                });
                if (arrayList != null) {
                    arrayList.clear();
                }
                if (arrayList2 == null) {
                    return 1;
                }
                arrayList2.clear();
                return 1;
            } catch (PrivilegedActionException e) {
                Exception exception = e.getException();
                invokeAbort(arrayList, arrayList2);
                throw ((AuthorizationException) exception);
            }
        } catch (Throwable th) {
            if (arrayList != null) {
                arrayList.clear();
            }
            if (arrayList2 != null) {
                arrayList2.clear();
            }
            throw th;
        }
    }

    private void initializeModules(Resource resource, RoleGroup roleGroup, List<AuthorizationModule> list, List<ControlFlag> list2) throws PrivilegedActionException {
        ClassLoaderLocator classLoaderLocator;
        AuthorizationInfo authorizationInfo = getAuthorizationInfo(this.securityDomainName, resource);
        if (authorizationInfo == null) {
            throw PicketBoxMessages.MESSAGES.failedToObtainAuthorizationInfo(this.securityDomainName);
        }
        ClassLoader classLoader = null;
        String jBossModuleName = authorizationInfo.getJBossModuleName();
        if (jBossModuleName != null && (classLoaderLocator = ClassLoaderLocatorFactory.get()) != null) {
            classLoader = classLoaderLocator.get(jBossModuleName);
        }
        AuthorizationModuleEntry[] authorizationModuleEntry = authorizationInfo.getAuthorizationModuleEntry();
        int length = authorizationModuleEntry != null ? authorizationModuleEntry.length : 0;
        for (int i = 0; i < length; i++) {
            AuthorizationModuleEntry authorizationModuleEntry2 = authorizationModuleEntry[i];
            ControlFlag controlFlag = authorizationModuleEntry2.getControlFlag();
            if (controlFlag == null) {
                controlFlag = ControlFlag.REQUIRED;
            }
            list2.add(controlFlag);
            list.add(instantiateModule(classLoader, authorizationModuleEntry2.getPolicyModuleName(), authorizationModuleEntry2.getOptions(), roleGroup));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    public int invokeAuthorize(Resource resource, List<AuthorizationModule> list, List<ControlFlag> list2) throws AuthorizationException {
        int i;
        boolean z = false;
        boolean z2 = false;
        AuthorizationException authorizationException = null;
        boolean z3 = -1;
        int size = list.size();
        for (int i2 = 0; i2 < size; i2++) {
            AuthorizationModule authorizationModule = list.get(i2);
            ControlFlag controlFlag = list2.get(i2);
            try {
                i = authorizationModule.authorize(resource);
            } catch (Exception e) {
                i = -1;
                if (authorizationException == null) {
                    authorizationException = new AuthorizationException(e.getMessage());
                }
            }
            if (i == 1) {
                z3 = true;
                if (controlFlag == ControlFlag.SUFFICIENT && !z) {
                    return 1;
                }
            } else {
                if (controlFlag == ControlFlag.REQUISITE) {
                    PicketBoxLogger.LOGGER.debugRequisiteModuleFailure(authorizationModule.getClass().getName());
                    if (authorizationException != null) {
                        throw authorizationException;
                    }
                    authorizationException = new AuthorizationException(PicketBoxMessages.MESSAGES.authorizationFailedMessage());
                }
                if (controlFlag == ControlFlag.REQUIRED) {
                    PicketBoxLogger.LOGGER.debugRequiredModuleFailure(authorizationModule.getClass().getName());
                    if (!z) {
                        z = true;
                    }
                }
                if (controlFlag == ControlFlag.OPTIONAL) {
                    z2 = true;
                }
            }
        }
        String additionalErrorMessage = getAdditionalErrorMessage(authorizationException);
        if (z) {
            throw new AuthorizationException(PicketBoxMessages.MESSAGES.authorizationFailedMessage() + additionalErrorMessage);
        }
        if (z3 == -1 && z2) {
            throw new AuthorizationException(PicketBoxMessages.MESSAGES.authorizationFailedMessage() + additionalErrorMessage);
        }
        if (z3 == -1) {
            throw new AuthorizationException(PicketBoxMessages.MESSAGES.authorizationFailedMessage());
        }
        return 1;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void invokeCommit(List<AuthorizationModule> list, List<ControlFlag> list2) throws AuthorizationException {
        int size = list.size();
        for (int i = 0; i < size; i++) {
            if (!list.get(i).commit()) {
                throw new AuthorizationException(PicketBoxMessages.MESSAGES.moduleCommitFailedMessage());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void invokeAbort(List<AuthorizationModule> list, List<ControlFlag> list2) throws AuthorizationException {
        int size = list.size();
        for (int i = 0; i < size; i++) {
            if (!list.get(i).abort()) {
                throw new AuthorizationException(PicketBoxMessages.MESSAGES.moduleAbortFailedMessage());
            }
        }
    }

    private AuthorizationModule instantiateModule(ClassLoader classLoader, String str, Map<String, Object> map, RoleGroup roleGroup) throws PrivilegedActionException {
        Class<?> loadClass;
        AuthorizationModule authorizationModule = null;
        if (classLoader == null) {
            try {
                try {
                    classLoader = getClass().getClassLoader();
                } catch (Exception e) {
                    loadClass = SecurityActions.getContextClassLoader().loadClass(str);
                }
            } catch (Exception e2) {
                PicketBoxLogger.LOGGER.debugFailureToInstantiateClass(str, e2);
            }
        }
        loadClass = classLoader.loadClass(str);
        authorizationModule = (AuthorizationModule) loadClass.newInstance();
        if (authorizationModule == null) {
            throw new IllegalStateException(PicketBoxMessages.MESSAGES.failedToInstantiateClassMessage(AuthorizationModule.class));
        }
        authorizationModule.initialize(this.authenticatedSubject, this.callbackHandler, this.sharedState, map, roleGroup);
        return authorizationModule;
    }

    private AuthorizationInfo getAuthorizationInfo(String str, Resource resource) {
        ResourceType layer = resource.getLayer();
        if (this.applicationPolicy != null) {
            return this.applicationPolicy.getAuthorizationInfo();
        }
        ApplicationPolicy applicationPolicy = SecurityConfiguration.getApplicationPolicy(str);
        if (applicationPolicy == null) {
            if (layer == ResourceType.EJB) {
                applicationPolicy = SecurityConfiguration.getApplicationPolicy(SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY);
            } else if (layer == ResourceType.WEB) {
                applicationPolicy = SecurityConfiguration.getApplicationPolicy(SecurityConstants.DEFAULT_WEB_APPLICATION_POLICY);
            }
        }
        if (applicationPolicy == null) {
            throw PicketBoxMessages.MESSAGES.failedToObtainApplicationPolicy(str);
        }
        return applicationPolicy.getAuthorizationInfo() == null ? getAuthorizationInfo(layer) : applicationPolicy.getAuthorizationInfo();
    }

    private AuthorizationInfo getAuthorizationInfo(ResourceType resourceType) {
        AuthorizationInfo authorizationInfo;
        if (resourceType == ResourceType.EJB) {
            authorizationInfo = SecurityConfiguration.getApplicationPolicy(SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY).getAuthorizationInfo();
        } else if (resourceType == ResourceType.WEB) {
            authorizationInfo = SecurityConfiguration.getApplicationPolicy(SecurityConstants.DEFAULT_WEB_APPLICATION_POLICY).getAuthorizationInfo();
        } else {
            authorizationInfo = new AuthorizationInfo("other");
            authorizationInfo.add((AuthorizationInfo) new AuthorizationModuleEntry(DelegatingAuthorizationModule.class.getName()));
        }
        return authorizationInfo;
    }

    private String getAdditionalErrorMessage(Exception exc) {
        StringBuilder sb = new StringBuilder(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
        if (exc != null) {
            sb.append(exc.getLocalizedMessage());
        }
        return sb.toString();
    }
}
