package org.jboss.security.authorization;

import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import org.jboss.logging.Logger;
import org.jboss.security.SecurityConstants;
import org.jboss.security.Util;
import org.jboss.security.authorization.config.AuthorizationModuleEntry;
import org.jboss.security.config.ApplicationPolicy;
import org.jboss.security.config.AuthorizationInfo;

/* loaded from: input_file:org/jboss/security/authorization/AuthorizationContext.class */
public class AuthorizationContext {
    private static Logger log = Logger.getLogger(AuthorizationContext.class);
    private String securityDomainName;
    private CallbackHandler callbackHandler;
    private Subject authenticatedSubject;
    public static final int PERMIT = 1;
    public static final int DENY = -1;
    private boolean trace = log.isTraceEnabled();
    private Map sharedState = new HashMap();
    private ApplicationPolicy applicationPolicy = null;
    private ArrayList modules = new ArrayList();
    private ArrayList controlFlags = new ArrayList();
    private boolean encounteredRequiredError = false;
    private boolean encounteredOptionalError = false;
    private AuthorizationException moduleException = null;
    private int overallDecision = -1;

    public AuthorizationContext(String str, Subject subject, CallbackHandler callbackHandler) {
        this.securityDomainName = null;
        this.callbackHandler = null;
        this.authenticatedSubject = null;
        this.securityDomainName = str;
        this.authenticatedSubject = subject;
        this.callbackHandler = callbackHandler;
    }

    public void setApplicationPolicy(ApplicationPolicy applicationPolicy) {
        if (applicationPolicy == null) {
            throw new IllegalArgumentException("Application Policy is null:domain=" + this.securityDomainName);
        }
        AuthorizationInfo authorizationInfo = applicationPolicy.getAuthorizationInfo();
        if (authorizationInfo == null) {
            throw new IllegalArgumentException("Application Policy has no AuthorizationInfo");
        }
        if (!authorizationInfo.getName().equals(this.securityDomainName)) {
            throw new IllegalArgumentException("Application Policy ->AuthorizationInfo:" + authorizationInfo.getName() + " does not match required domain name=" + this.securityDomainName);
        }
        this.applicationPolicy = applicationPolicy;
    }

    public int authorize(final Resource resource) throws AuthorizationException {
        initializeModules(resource);
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: org.jboss.security.authorization.AuthorizationContext.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws AuthorizationException {
                    int invokeAuthorize = AuthorizationContext.this.invokeAuthorize(resource);
                    if (invokeAuthorize == 1) {
                        AuthorizationContext.this.invokeCommit();
                    }
                    if (invokeAuthorize != -1) {
                        return null;
                    }
                    AuthorizationContext.this.invokeAbort();
                    throw new AuthorizationException("Denied");
                }
            });
            return 1;
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            if (this.trace) {
                log.trace("Error in authorize:", exception);
            }
            invokeAbort();
            throw ((AuthorizationException) exception);
        }
    }

    private void initializeModules(Resource resource) {
        AuthorizationInfo authorizationInfo = getAuthorizationInfo(this.securityDomainName, resource);
        if (authorizationInfo == null) {
            authorizationInfo = getAuthorizationInfo(SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY, resource);
        }
        if (authorizationInfo == null) {
            throw new IllegalStateException("Authorization Info is null");
        }
        AuthorizationModuleEntry[] authorizationModuleEntry = authorizationInfo.getAuthorizationModuleEntry();
        int length = authorizationModuleEntry != null ? authorizationModuleEntry.length : 0;
        for (int i = 0; i < length; i++) {
            AuthorizationModuleEntry authorizationModuleEntry2 = authorizationModuleEntry[i];
            AuthorizationModuleEntry.ControlFlag controlFlag = authorizationModuleEntry2.getControlFlag();
            if (controlFlag == null) {
                if (this.trace) {
                    log.trace("Null Control flag for entry:" + authorizationModuleEntry2 + ". Defaults to REQUIRED!");
                }
                controlFlag = AuthorizationModuleEntry.ControlFlag.REQUIRED;
            } else if (this.trace) {
                log.trace("Control flag for entry:" + authorizationModuleEntry2 + "is:[" + controlFlag + "]");
            }
            this.controlFlags.add(controlFlag);
            this.modules.add(instantiateModule(authorizationModuleEntry2.getPolicyModuleName(), authorizationModuleEntry2.getOptions()));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public int invokeAuthorize(Resource resource) throws AuthorizationException {
        int i;
        int size = this.modules.size();
        for (int i2 = 0; i2 < size; i2++) {
            AuthorizationModule authorizationModule = (AuthorizationModule) this.modules.get(i2);
            AuthorizationModuleEntry.ControlFlag controlFlag = (AuthorizationModuleEntry.ControlFlag) this.controlFlags.get(i2);
            try {
                i = authorizationModule.authorize(resource);
            } catch (Exception e) {
                i = -1;
                if (this.moduleException == null) {
                    this.moduleException = new AuthorizationException(e.getMessage());
                }
            }
            if (i == 1) {
                this.overallDecision = 1;
                if (controlFlag == AuthorizationModuleEntry.ControlFlag.SUFFICIENT && !this.encounteredRequiredError) {
                    return 1;
                }
            } else {
                if (controlFlag == AuthorizationModuleEntry.ControlFlag.REQUISITE) {
                    if (this.trace) {
                        log.trace("REQUISITE failed for " + authorizationModule);
                    }
                    if (this.moduleException != null) {
                        throw this.moduleException;
                    }
                    this.moduleException = new AuthorizationException("Authorization failed");
                }
                if (controlFlag == AuthorizationModuleEntry.ControlFlag.REQUIRED) {
                    if (this.trace) {
                        log.trace("REQUIRED failed for " + authorizationModule);
                    }
                    if (!this.encounteredRequiredError) {
                        this.encounteredRequiredError = true;
                    }
                }
                if (controlFlag == AuthorizationModuleEntry.ControlFlag.OPTIONAL) {
                    this.encounteredOptionalError = true;
                }
            }
        }
        if (this.encounteredRequiredError) {
            throw new AuthorizationException("Authorization Failed");
        }
        if (this.overallDecision == -1 && this.encounteredOptionalError) {
            throw new AuthorizationException("Authorization Failed");
        }
        if (this.overallDecision == -1) {
            throw new AuthorizationException("Authorization Failed:No modules active.");
        }
        return 1;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void invokeCommit() throws AuthorizationException {
        int size = this.modules.size();
        for (int i = 0; i < size; i++) {
            if (!((AuthorizationModule) this.modules.get(i)).commit()) {
                throw new AuthorizationException("commit on modules failed");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void invokeAbort() throws AuthorizationException {
        int size = this.modules.size();
        for (int i = 0; i < size; i++) {
            if (!((AuthorizationModule) this.modules.get(i)).abort()) {
                throw new AuthorizationException("abort on modules failed");
            }
        }
    }

    private AuthorizationModule instantiateModule(String str, Map map) {
        AuthorizationModule authorizationModule = null;
        try {
            authorizationModule = (AuthorizationModule) SecurityActions.getContextClassLoader().loadClass(str).newInstance();
        } catch (Exception e) {
            log.debug("Error instantiating AuthorizationModule:", e);
        }
        if (authorizationModule == null) {
            throw new IllegalStateException("AuthorizationModule has not been instantiated");
        }
        authorizationModule.initialize(this.authenticatedSubject, this.callbackHandler, this.sharedState, map);
        return authorizationModule;
    }

    private AuthorizationInfo getAuthorizationInfo(String str, Resource resource) {
        String layer = resource.getLayer();
        if (this.applicationPolicy != null) {
            return this.applicationPolicy.getAuthorizationInfo();
        }
        ApplicationPolicy applicationPolicy = Util.getApplicationPolicy(str);
        if (applicationPolicy == null) {
            if (this.trace) {
                log.trace("Application Policy not obtained for domain=" + str + ". Trying to obtain the App policy for the default domain of the layer:");
            }
            if (Resource.EJB.equals(layer)) {
                applicationPolicy = Util.getApplicationPolicy(SecurityConstants.DEFAULT_EJB_APPLICATION_POLICY);
            } else if (Resource.WEB.equals(layer)) {
                applicationPolicy = Util.getApplicationPolicy(SecurityConstants.DEFAULT_WEB_APPLICATION_POLICY);
            }
        }
        if (applicationPolicy == null) {
            throw new IllegalStateException("Application Policy is null for domain:" + str);
        }
        return applicationPolicy.getAuthorizationInfo();
    }
}
