package com.ibm.ws.security.policy;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.exception.ConfigurationError;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.common.util.CommonConstants;
import com.ibm.ws.security.config.AuthorizationConfig;
import com.ibm.ws.security.config.AuthorizationProviderConfig;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.security.util.JaccUtil;
import com.ibm.wsspi.security.authorization.InitializeJACCProvider;
import java.net.URL;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.HashMap;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;

/* loaded from: input_file:com.ibm.ws.admin.client_7.0.0.jar:com/ibm/ws/security/policy/JaccPolicyDomainProxy.class */
public class JaccPolicyDomainProxy extends Policy {
    private ProtectionDomain self;
    private HashMap<String, Policy> cache = new HashMap<>();
    private static Policy policy = null;
    private static final TraceComponent tc = Tr.register(JaccPolicyDomainProxy.class, (String) null, "com.ibm.ejs.resources.security");

    public JaccPolicyDomainProxy() {
        this.self = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "JaccPolicyDomainProxy constructor");
        }
        this.self = (ProtectionDomain) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.policy.JaccPolicyDomainProxy.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                return this.getClass().getProtectionDomain();
            }
        });
        policy = Policy.getPolicy();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "JaccPolicyDomainProxy constructor");
        }
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        return policy.getPermissions(codeSource);
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        return policy.getPermissions(protectionDomain);
    }

    @Override // java.security.Policy
    public void refresh() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "refresh()");
        }
        policy.refresh();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "refresh()");
        }
    }

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "implies", new Object[]{protectionDomain, permission});
        }
        boolean z = false;
        if (this.self == protectionDomain && this.self != null) {
            z = true;
        } else if ((permission instanceof WebResourcePermission) || (permission instanceof WebUserDataPermission) || (permission instanceof WebRoleRefPermission) || (permission instanceof EJBRoleRefPermission) || (permission instanceof EJBMethodPermission)) {
            try {
                z = getDomainPolicy().implies(protectionDomain, permission);
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "implies method caught exception: " + e.getMessage());
                }
                FFDCFilter.processException(e, "com.ibm.ws.security.policy.JaccPolicyDomainProxy.implies", "147", this);
            }
        } else {
            z = policy.implies(protectionDomain, permission);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "implies)", Boolean.valueOf(z));
        }
        return z;
    }

    public Policy getDomainPolicy() throws Exception {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDomainPolicy");
        }
        String domainId = SecurityObjectLocator.getSecurityConfigManager().getDomainId();
        Policy policy2 = this.cache.get(domainId);
        if (policy2 == null) {
            synchronized (this) {
                policy2 = this.cache.get(domainId);
                if (policy2 == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "getDomainPolicy: Policy not yet initialized for this cacheKey: " + domainId);
                    }
                    String str = null;
                    if (domainId.equalsIgnoreCase(SecurityObjectLocator.ADMIN)) {
                        str = System.getProperty(CommonConstants.JACC_POLICY_PROVIDER);
                    }
                    boolean z = false;
                    AuthorizationProviderConfig authorizationProviderConfig = null;
                    SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
                    AuthorizationConfig authorizationConfig = securityConfig.getAuthorizationConfig();
                    if (authorizationConfig != null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "getDomainPolicy loaded a non-null authConfig.");
                        }
                        z = authorizationConfig.getBoolean(AuthorizationConfig.USE_JACC_PROVIDER);
                        authorizationProviderConfig = authorizationConfig.getAuthorizationProvider();
                    }
                    if (str == null && !z) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "getDomainPolicy JACC Policy class null and JACC not enabled, using default authorization");
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Using default authorization");
                        }
                        if (tc.isEntryEnabled()) {
                            Tr.exit(tc, "getDomainPolicy returning null.");
                        }
                        return null;
                    }
                    if (str == null && authorizationProviderConfig != null) {
                        str = authorizationProviderConfig.getString(AuthorizationProviderConfig.J2EE_POLICY_IMPL_CLASS_NAME);
                        if (str != null && domainId.equalsIgnoreCase(SecurityObjectLocator.ADMIN)) {
                            System.setProperty(CommonConstants.JACC_POLICY_PROVIDER, str);
                        }
                    }
                    if (str == null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "getDomainPolicy JACC Policy class null and JACC enabled, not good");
                        }
                        throw new ConfigurationError("The JACC provider's policy class name is null");
                    }
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "getDomainPolicy The JACC provider's policy implementation class name is: " + str);
                    }
                    if (authorizationProviderConfig.getBoolean(AuthorizationProviderConfig.SUPPORTS_DYNAMIC_MODULE_UPDATES)) {
                        JaccUtil.setAppDynamicUpdates();
                    }
                    if (str.equals(CommonConstants.DEFAULT_JACC_POLICY_PROVIDER) || str.equals("com.sun.ts.tests.jacc.provider.TSPolicy")) {
                        securityConfig.setBoolean(SecurityConfig.IS_DEFAULT_JACC_PROVIDER, true);
                        SecurityConfig securityConfig2 = SecurityObjectLocator.getSecurityConfig("AppSecurity");
                        if (securityConfig2 != null) {
                            securityConfig2.setBoolean(SecurityConfig.IS_DEFAULT_JACC_PROVIDER, true);
                        }
                    }
                    String string = authorizationProviderConfig.getString(AuthorizationProviderConfig.INITIALIZE_JACC_PROVIDER_CLASS_NAME);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "getDomainPolicy jaccInit Class Name: ", string);
                    }
                    if (string != null && string.length() != 0) {
                        InitializeJACCProvider initializeJACCProvider = null;
                        try {
                            try {
                                initializeJACCProvider = (InitializeJACCProvider) Class.forName(string, true, Thread.currentThread().getContextClassLoader()).newInstance();
                            } catch (IllegalAccessException e) {
                                Tr.error(tc, "security.jacc.initialize.error", new Object[]{string, e});
                                FFDCFilter.processException(e, "com.ibm.ws.security.policy.JaccPolicyDomainProxy.getDomainPolicy", "261", this);
                            }
                        } catch (ClassNotFoundException e2) {
                            Tr.error(tc, "security.jacc.initialize.error", new Object[]{string, e2});
                            FFDCFilter.processException(e2, "com.ibm.ws.security.policy.JaccPolicyDomainProxy.getDomainPolicy", "255", this);
                        } catch (InstantiationException e3) {
                            Tr.error(tc, "security.jacc.initialize.error", new Object[]{string, e3});
                            FFDCFilter.processException(e3, "com.ibm.ws.security.policy.JaccPolicyDomainProxy.getDomainPolicy", "267", this);
                        }
                        try {
                            initializeJACCProvider.initialize(authorizationProviderConfig.getProperties());
                        } catch (Exception e4) {
                            Tr.error(tc, "security.jacc.initialize.error", new Object[]{string, e4});
                            FFDCFilter.processException(e4, "com.ibm.ws.security.policy.JaccPolicyDomainProxy.getDomainPolicy", "277", this);
                        }
                    }
                    try {
                        policy2 = (Policy) Class.forName(str, true, Thread.currentThread().getContextClassLoader()).newInstance();
                        policy2.refresh();
                        this.cache.put(domainId, policy2);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "getDomainPolicy stored policy object in cache key: " + domainId);
                        }
                    } catch (Throwable th) {
                        Tr.error(tc, "security.jacc.init.error", new Object[]{str, th});
                        FFDCFilter.processException(th, "com.ibm.ws.security.policy.JaccPolicyDomainProxy.getDomainPolicy", "295", this);
                    }
                    Tr.audit(tc, "security.jacc.initialized", new Object[]{str, authorizationProviderConfig.getString(AuthorizationProviderConfig.POLICY_CONFIGURATION_FACTORY_IMPL_CLASS_NAME), authorizationProviderConfig.getString(AuthorizationProviderConfig.ROLE_CONFIGURATION_FACTORY_IMPL_CLASS_NAME), string});
                    securityConfig.setObject(SecurityConfig.NULL_CODE_SOURCE, new CodeSource((URL) null, (Certificate[]) null));
                    securityConfig.setObject(SecurityConfig.NULL_PROTECTION_DOMAIN, new ProtectionDomain(new CodeSource((URL) null, (Certificate[]) null), null, null, null));
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getDomainPolicy returning policy object from cache.");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDomainPolicy", policy2);
        }
        return policy2;
    }
}
