package org.glassfish.exousia.modules.def;

import jakarta.security.jacc.PolicyContext;
import jakarta.security.jacc.PolicyContextException;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import org.glassfish.exousia.AuthorizationService;
import org.glassfish.exousia.permissions.RolesToPermissionsTransformer;
import org.glassfish.exousia.spi.PrincipalMapper;

/* loaded from: input_file:org/glassfish/exousia/modules/def/DefaultPolicy.class */
public class DefaultPolicy extends Policy {
    private static final Logger logger = Logger.getLogger(DefaultPolicy.class.getName());
    private Policy defaultPolicy = getDefaultPolicy();

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        DefaultPolicyConfiguration currentPolicyConfiguration = DefaultPolicyConfigurationFactory.getCurrentPolicyConfiguration();
        PrincipalMapper roleMapper = currentPolicyConfiguration.getRoleMapper();
        if (isExcluded(currentPolicyConfiguration.getExcludedPermissions(), permission)) {
            return false;
        }
        if (isUnchecked(currentPolicyConfiguration.getUncheckedPermissions(), permission)) {
            return true;
        }
        List asList = Arrays.asList(protectionDomain.getPrincipals());
        if (!roleMapper.isAnyAuthenticatedUserRoleMapped() && !asList.isEmpty() && hasAccessViaRole(currentPolicyConfiguration.getPerRolePermissions(), RolesToPermissionsTransformer.ANY_AUTHENTICATED_CALLER_ROLE, permission)) {
            return true;
        }
        try {
            if (hasAccessViaRoles(currentPolicyConfiguration.getPerRolePermissions(), roleMapper.getMappedRoles(asList, (Subject) PolicyContext.getContext(AuthorizationService.SUBJECT)), permission)) {
                return true;
            }
            if (this.defaultPolicy != null) {
                return this.defaultPolicy.implies(protectionDomain, permission);
            }
            return false;
        } catch (PolicyContextException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        Permissions permissions = new Permissions();
        DefaultPolicyConfiguration currentPolicyConfiguration = DefaultPolicyConfigurationFactory.getCurrentPolicyConfiguration();
        PrincipalMapper roleMapper = currentPolicyConfiguration.getRoleMapper();
        Permissions excludedPermissions = currentPolicyConfiguration.getExcludedPermissions();
        if (this.defaultPolicy != null) {
            collectPermissions(this.defaultPolicy.getPermissions(protectionDomain), permissions, excludedPermissions);
        }
        if (protectionDomain.getPermissions() != null) {
            collectPermissions(protectionDomain.getPermissions(), permissions, excludedPermissions);
        }
        collectPermissions(currentPolicyConfiguration.getUncheckedPermissions(), permissions, excludedPermissions);
        try {
            Subject subject = (Subject) PolicyContext.getContext(AuthorizationService.SUBJECT);
            Map<String, Permissions> perRolePermissions = currentPolicyConfiguration.getPerRolePermissions();
            for (String str : roleMapper.getMappedRoles(protectionDomain.getPrincipals(), subject)) {
                if (perRolePermissions.containsKey(str)) {
                    collectPermissions(perRolePermissions.get(str), permissions, excludedPermissions);
                }
            }
            return permissions;
        } catch (PolicyContextException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        Permissions permissions = new Permissions();
        DefaultPolicyConfiguration currentPolicyConfiguration = DefaultPolicyConfigurationFactory.getCurrentPolicyConfiguration();
        Permissions excludedPermissions = currentPolicyConfiguration.getExcludedPermissions();
        if (this.defaultPolicy != null) {
            collectPermissions(this.defaultPolicy.getPermissions(codeSource), permissions, excludedPermissions);
        }
        collectPermissions(currentPolicyConfiguration.getUncheckedPermissions(), permissions, excludedPermissions);
        return permissions;
    }

    private Policy getDefaultPolicy() {
        Policy policy = Policy.getPolicy();
        if (!(policy instanceof DefaultPolicy)) {
            return policy;
        }
        logger.warning("Cannot obtain default / previous policy.");
        return null;
    }

    private boolean isExcluded(Permissions permissions, Permission permission) {
        if (permissions.implies(permission)) {
            return true;
        }
        Iterator it = Collections.list(permissions.elements()).iterator();
        while (it.hasNext()) {
            if (permission.implies((Permission) it.next())) {
                return true;
            }
        }
        return false;
    }

    private boolean isUnchecked(Permissions permissions, Permission permission) {
        return permissions.implies(permission);
    }

    private boolean hasAccessViaRoles(Map<String, Permissions> map, List<String> list, Permission permission) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (hasAccessViaRole(map, it.next(), permission)) {
                return true;
            }
        }
        return false;
    }

    private boolean hasAccessViaRole(Map<String, Permissions> map, String str, Permission permission) {
        return map.containsKey(str) && map.get(str).implies(permission);
    }

    private void collectPermissions(PermissionCollection permissionCollection, PermissionCollection permissionCollection2, Permissions permissions) {
        boolean hasMoreElements = permissions.elements().hasMoreElements();
        Iterator it = Collections.list(permissionCollection.elements()).iterator();
        while (it.hasNext()) {
            Permission permission = (Permission) it.next();
            if (!hasMoreElements || !isExcluded(permissions, permission)) {
                permissionCollection2.add(permission);
            }
        }
    }
}
