package org.openejb.deployment;

import java.lang.reflect.Method;
import java.security.Permission;
import java.security.Permissions;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import org.apache.geronimo.common.GeronimoSecurityException;
import org.apache.geronimo.deployment.DeploymentException;
import org.apache.geronimo.security.PrimaryRealmPrincipal;
import org.apache.geronimo.security.RealmPrincipal;
import org.apache.geronimo.security.deploy.DefaultPrincipal;
import org.apache.geronimo.security.deploy.Principal;
import org.apache.geronimo.security.deploy.Realm;
import org.apache.geronimo.security.deploy.Role;
import org.apache.geronimo.security.deploy.Security;
import org.apache.geronimo.security.util.ConfigurationUtil;
import org.apache.geronimo.xbeans.j2ee.AssemblyDescriptorType;
import org.apache.geronimo.xbeans.j2ee.ExcludeListType;
import org.apache.geronimo.xbeans.j2ee.JavaTypeType;
import org.apache.geronimo.xbeans.j2ee.MethodPermissionType;
import org.apache.geronimo.xbeans.j2ee.MethodType;
import org.apache.geronimo.xbeans.j2ee.RoleNameType;
import org.apache.geronimo.xbeans.j2ee.SecurityIdentityType;
import org.apache.geronimo.xbeans.j2ee.SecurityRoleRefType;
import org.openejb.security.SecurityConfiguration;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:repository/openejb/jars/openejb-builder-2.0-G1M3.jar:org/openejb/deployment/ContainerSecurityBuilder.class */
public class ContainerSecurityBuilder {
    protected final OpenEJBModuleBuilder moduleBuilder;

    public ContainerSecurityBuilder(OpenEJBModuleBuilder openEJBModuleBuilder) {
        this.moduleBuilder = openEJBModuleBuilder;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void fillContainerBuilderSecurity(SecureBuilder secureBuilder, Permissions permissions, Security security, AssemblyDescriptorType assemblyDescriptorType, String str, SecurityIdentityType securityIdentityType, SecurityRoleRefType[] securityRoleRefTypeArr) throws DeploymentException {
        Permissions uncheckedPolicy;
        if (security == null) {
            return;
        }
        SecurityConfiguration securityConfiguration = new SecurityConfiguration();
        securityConfiguration.setPolicyContextId(secureBuilder.getContainerId());
        secureBuilder.setSecurityEnabled(true);
        secureBuilder.setSecurityConfiguration(securityConfiguration);
        secureBuilder.setDoAsCurrentCaller(security.isDoAsCurrentCaller());
        secureBuilder.setUseContextHandler(security.isUseContextHandler());
        secureBuilder.setDefaultSubject(generateDefaultSubject(security));
        MethodPermissionType[] methodPermissionArray = assemblyDescriptorType.getMethodPermissionArray();
        if (methodPermissionArray != null) {
            for (MethodPermissionType methodPermissionType : methodPermissionArray) {
                MethodType[] methodArray = methodPermissionType.getMethodArray();
                RoleNameType[] roleNameArray = methodPermissionType.getRoleNameArray();
                boolean z = methodPermissionType.getUnchecked() != null;
                Map rolePolicies = securityConfiguration.getRolePolicies();
                for (MethodType methodType : methodArray) {
                    if (str.equals(methodType.getEjbName().getStringValue())) {
                        String j2eeStringValue = OpenEJBModuleBuilder.getJ2eeStringValue(methodType.getMethodName());
                        String j2eeStringValue2 = OpenEJBModuleBuilder.getJ2eeStringValue(methodType.getMethodIntf());
                        String[] stringArray = methodType.getMethodParams() != null ? toStringArray(methodType.getMethodParams().getMethodParamArray()) : null;
                        if ("*".equals(j2eeStringValue)) {
                            j2eeStringValue = null;
                        }
                        EJBMethodPermission eJBMethodPermission = new EJBMethodPermission(str, j2eeStringValue, j2eeStringValue2, stringArray);
                        permissions = cullPermissions(permissions, eJBMethodPermission);
                        if (z) {
                            securityConfiguration.getUncheckedPolicy().add(eJBMethodPermission);
                        } else {
                            for (RoleNameType roleNameType : roleNameArray) {
                                String stringValue = roleNameType.getStringValue();
                                Permissions permissions2 = (Permissions) rolePolicies.get(stringValue);
                                if (permissions2 == null) {
                                    permissions2 = new Permissions();
                                    rolePolicies.put(stringValue, permissions2);
                                }
                                permissions2.add(eJBMethodPermission);
                            }
                        }
                    }
                }
            }
        }
        ExcludeListType excludeList = assemblyDescriptorType.getExcludeList();
        if (excludeList != null) {
            for (MethodType methodType2 : excludeList.getMethodArray()) {
                if (str.equals(methodType2.getEjbName().getStringValue())) {
                    EJBMethodPermission eJBMethodPermission2 = new EJBMethodPermission(str, OpenEJBModuleBuilder.getJ2eeStringValue(methodType2.getMethodName()), OpenEJBModuleBuilder.getJ2eeStringValue(methodType2.getMethodIntf()), methodType2.getMethodParams() != null ? toStringArray(methodType2.getMethodParams().getMethodParamArray()) : null);
                    securityConfiguration.getExcludedPolicy().add(eJBMethodPermission2);
                    permissions = cullPermissions(permissions, eJBMethodPermission2);
                }
            }
        }
        if (securityRoleRefTypeArr != null) {
            for (int i = 0; i < securityRoleRefTypeArr.length; i++) {
                if (securityRoleRefTypeArr[i].getRoleLink() == null) {
                    throw new DeploymentException("Missing role-link");
                }
                String stringValue2 = securityRoleRefTypeArr[i].getRoleName().getStringValue();
                String stringValue3 = securityRoleRefTypeArr[i].getRoleLink().getStringValue();
                Map roleReferences = securityConfiguration.getRoleReferences();
                Set set = (Set) roleReferences.get(stringValue3);
                if (set == null) {
                    set = new HashSet();
                    roleReferences.put(stringValue3, set);
                }
                set.add(new EJBRoleRefPermission(str, stringValue2));
            }
        }
        addRoleMappings(securityConfiguration, secureBuilder, security, securityIdentityType);
        if (security.getDefaultRole() == null || security.getDefaultRole().length() == 0) {
            uncheckedPolicy = securityConfiguration.getUncheckedPolicy();
        } else {
            Map rolePolicies2 = securityConfiguration.getRolePolicies();
            uncheckedPolicy = (Permissions) rolePolicies2.get(security.getDefaultRole());
            if (uncheckedPolicy == null) {
                uncheckedPolicy = new Permissions();
                rolePolicies2.put(security.getDefaultRole(), uncheckedPolicy);
            }
        }
        Enumeration<Permission> elements = permissions.elements();
        while (elements.hasMoreElements()) {
            uncheckedPolicy.add(elements.nextElement());
        }
    }

    protected Subject generateDefaultSubject(Security security) throws GeronimoSecurityException {
        DefaultPrincipal defaultPrincipal = security.getDefaultPrincipal();
        Subject subject = new Subject();
        RealmPrincipal generateRealmPrincipal = ConfigurationUtil.generateRealmPrincipal(defaultPrincipal.getPrincipal(), defaultPrincipal.getRealmName(), defaultPrincipal.getRealmName());
        if (generateRealmPrincipal == null) {
            throw new GeronimoSecurityException("Unable to create realm principal");
        }
        PrimaryRealmPrincipal generatePrimaryRealmPrincipal = ConfigurationUtil.generatePrimaryRealmPrincipal(defaultPrincipal.getPrincipal(), defaultPrincipal.getRealmName(), defaultPrincipal.getRealmName());
        if (generatePrimaryRealmPrincipal == null) {
            throw new GeronimoSecurityException("Unable to create primary realm principal");
        }
        subject.getPrincipals().add(generateRealmPrincipal);
        subject.getPrincipals().add(generatePrimaryRealmPrincipal);
        return subject;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addToPermissions(Permissions permissions, String str, String str2, String str3, ClassLoader classLoader) throws DeploymentException {
        if (str3 == null) {
            return;
        }
        try {
            for (Method method : Class.forName(str3, false, classLoader).getMethods()) {
                permissions.add(new EJBMethodPermission(str, str2, method));
            }
        } catch (ClassNotFoundException e) {
            throw new DeploymentException(e);
        }
    }

    protected void addRoleMappings(SecurityConfiguration securityConfiguration, SecureBuilder secureBuilder, Security security, SecurityIdentityType securityIdentityType) throws DeploymentException {
        boolean z = (securityIdentityType == null || securityIdentityType.getRunAs() == null) ? false : true;
        String stringValue = z ? securityIdentityType.getRunAs().getRoleName().getStringValue() : "";
        for (Role role : security.getRoleMappings().values()) {
            String roleName = role.getRoleName();
            Subject subject = new Subject();
            HashSet hashSet = new HashSet();
            for (Realm realm : role.getRealms().values()) {
                for (Principal principal : realm.getPrincipals()) {
                    RealmPrincipal generateRealmPrincipal = ConfigurationUtil.generateRealmPrincipal(principal, realm.getRealmName(), realm.getRealmName());
                    if (generateRealmPrincipal == null) {
                        throw new DeploymentException("Unable to create realm principal");
                    }
                    hashSet.add(generateRealmPrincipal);
                    if (principal.isDesignatedRunAs()) {
                        subject.getPrincipals().add(generateRealmPrincipal);
                    }
                }
            }
            Set set = (Set) securityConfiguration.getRoleMapping().get(roleName);
            if (set == null) {
                set = new HashSet();
                securityConfiguration.getRoleMapping().put(roleName, set);
            }
            set.addAll(hashSet);
            if (subject.getPrincipals().size() > 0 && stringValue.equals(roleName)) {
                if (secureBuilder.getRunAs() != null) {
                    secureBuilder.getRunAs().getPrincipals().addAll(subject.getPrincipals());
                } else {
                    secureBuilder.setRunAs(subject);
                }
            }
        }
        if (z && secureBuilder.getRunAs() == null) {
            throw new DeploymentException(new StringBuffer().append("Role designate not found for role: ").append(stringValue).toString());
        }
    }

    private Permissions cullPermissions(Permissions permissions, Permission permission) {
        Permissions permissions2 = new Permissions();
        Enumeration<Permission> elements = permissions.elements();
        while (elements.hasMoreElements()) {
            Permission nextElement = elements.nextElement();
            if (!permission.implies(nextElement)) {
                permissions2.add(nextElement);
            }
        }
        return permissions2;
    }

    private static String[] toStringArray(JavaTypeType[] javaTypeTypeArr) {
        String[] strArr = new String[javaTypeTypeArr.length];
        for (int i = 0; i < javaTypeTypeArr.length; i++) {
            strArr[i] = javaTypeTypeArr[i].getStringValue();
        }
        return strArr;
    }
}
