package com.ibm.ws.security.ejb;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ras.RASFormatter;
import com.ibm.ws.security.core.AccessContext;
import com.ibm.ws.security.core.PermissionRoleMap;
import com.ibm.ws.security.core.WSAccessManager;
import com.ibm.wsspi.security.policy.EJBSecurityPolicy;
import org.eclipse.emf.common.util.EList;
import org.eclipse.jst.j2ee.common.SecurityRole;
import org.eclipse.jst.j2ee.ejb.ExcludeList;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/ejb/BeanAccessManager.class */
public class BeanAccessManager extends WSAccessManager {
    private static TraceComponent tc = Tr.register(BeanAccessManager.class, (String) null, "com.ibm.ejs.resources.security");

    @Override // com.ibm.ws.security.core.WSAccessManager
    public SecurityRole[] getRequiredRoles(AccessContext accessContext, String str, String str2) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRequiredRoles" + accessContext.getEnterpriseAppName() + RASFormatter.DEFAULT_SEPARATOR + str + RASFormatter.DEFAULT_SEPARATOR + str2);
        }
        PermissionRoleMap permissionRoleMap = ((BeanAccessContext) accessContext).getPermissionRoleMap();
        BeanAccessPermission beanAccessPermission = new BeanAccessPermission(str, str2);
        SecurityRole[] securityRoleArr = null;
        if (permissionRoleMap != null) {
            securityRoleArr = permissionRoleMap.getRequiredRoles(accessContext, beanAccessPermission);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Returned PermissionRoleMap is null");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRequiredRoles", securityRoleArr);
        }
        return securityRoleArr;
    }

    @Override // com.ibm.ws.security.core.WSAccessManager
    public boolean allowIfNoRequiredRoles() {
        return true;
    }

    @Override // com.ibm.ws.security.core.WSAccessManager
    public boolean isExcluded(AccessContext accessContext, String str, String str2) {
        boolean isDenyAll;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isExcluded(AccessContext,String,String)", new Object[]{accessContext, str, str2});
        }
        if (!(accessContext instanceof BeanAccessContext)) {
            throw new IllegalArgumentException("AccessContext received is not a BeanAccessContext: " + accessContext);
        }
        EJBSecurityPolicy eJBSecurityPolicy = ((BeanAccessContext) accessContext).getEJBSecurityPolicy();
        if (eJBSecurityPolicy == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "EJBSecurityPolicy is null, check in deployment descriptor.");
            }
            isDenyAll = isExcludedFromDD(accessContext, str, str2);
        } else {
            isDenyAll = eJBSecurityPolicy.isDenyAll();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isExcluded(AccessContext,String,String)", Boolean.valueOf(isDenyAll));
        }
        return isDenyAll;
    }

    public boolean isExcludedFromDD(AccessContext accessContext, String str, String str2) {
        BeanAccessContext beanAccessContext = (BeanAccessContext) accessContext;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isExcluded " + str + ":" + str2);
        }
        ExcludeList excludeList = null;
        if (beanAccessContext.getEjbJar() != null && beanAccessContext.getEjbJar().getAssemblyDescriptor() != null) {
            excludeList = beanAccessContext.getEjbJar().getAssemblyDescriptor().getExcludeList();
        }
        if (excludeList == null) {
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "isExcluded No Exclude List, isExcluded is false ");
            return false;
        }
        EList methodElements = excludeList.getMethodElements();
        String substring = str.substring(str.lastIndexOf(58) + 1);
        if (methodElements == null || methodElements.size() == 0 || !BeanPermissionRoleMap.findMatchingMethod(substring, str2, methodElements)) {
            if (!tc.isEntryEnabled()) {
                return false;
            }
            Tr.exit(tc, "isExcluded is false");
            return false;
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "isExcluded is true");
        return true;
    }
}
