package com.ibm.ws.kernel.launch.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.kernel.boot.internal.commands.ServerDumpUtil;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.rsadapter.FFDCLogger;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.util.Enumeration;
import org.apache.openjpa.persistence.query.AbstractVisitable;
import org.eclipse.jdt.internal.compiler.util.SuffixConstants;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.kernel.boot_1.0.13.jar:com/ibm/ws/kernel/launch/internal/MissingDoPrivDetectionSecurityManager.class */
public class MissingDoPrivDetectionSecurityManager extends SecurityManager {
    public static final String lineSep = System.getProperty("line.separator");
    private static final TraceComponent tc = Tr.register(MissingDoPrivDetectionSecurityManager.class);
    static final long serialVersionUID = -3003803092588674706L;

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.AlpineTracingMethodAdapter"})
    public MissingDoPrivDetectionSecurityManager() {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(tc, "<init>", new Object[0]);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(this, tc, "<init>", this);
        }
    }

    @Override // java.lang.SecurityManager
    @FFDCIgnore({SecurityException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.AlpineTracingMethodAdapter"})
    public void checkPermission(Permission permission) {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(this, tc, "checkPermission", permission);
        }
        try {
            super.checkPermission(permission);
        } catch (SecurityException e) {
            handleSecurityException(permission, e);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(this, tc, "checkPermission");
        }
    }

    @Override // java.lang.SecurityManager
    @FFDCIgnore({SecurityException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.AlpineTracingMethodAdapter"})
    public void checkPermission(Permission permission, Object obj) {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(this, tc, "checkPermission", permission, obj);
        }
        try {
            super.checkPermission(permission, obj);
        } catch (SecurityException e) {
            handleSecurityException(permission, e);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(this, tc, "checkPermission");
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.AlpineTracingMethodAdapter"})
    public void handleSecurityException(Permission permission, SecurityException securityException) throws SecurityException {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(this, tc, "handleSecurityException", permission, securityException);
        }
        try {
            Tr.warning(tc, "warning.java.security.permdenied.quickmsg", getCodeBaseLoc(permission, securityException));
            StringWriter stringWriter = new StringWriter();
            securityException.printStackTrace(new PrintWriter(stringWriter));
            String stringWriter2 = stringWriter.toString();
            String[] codeBaseLocForPerm = getCodeBaseLocForPerm(permission);
            if (ServerDumpUtil.isZos()) {
                Tr.warning(tc, "warning.zOS.java.security.permdenied1", lineSep + lineSep, lineSep + lineSep + "      " + permission.getName() + " : " + securityException.getMessage() + lineSep + lineSep + lineSep, codeBaseLocForPerm[0], lineSep + lineSep + codeBaseLocForPerm[1]);
                Tr.warning(tc, "warning.zOS.java.security.permdenied2", "\nBegin SecurityException\n" + stringWriter2 + "\nEnd SecurityException\n");
            } else {
                Tr.warning(tc, "warning.java.security.permdenied", lineSep + lineSep, lineSep + lineSep + "      " + permission.getName() + " : " + securityException.getMessage() + lineSep + lineSep + lineSep, codeBaseLocForPerm[0], lineSep + lineSep, lineSep + lineSep + stringWriter2 + lineSep + lineSep, lineSep + lineSep + codeBaseLocForPerm[1]);
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.kernel.launch.internal.MissingDoPrivDetectionSecurityManager", "98", this, new Object[]{permission, securityException});
            StringWriter stringWriter3 = new StringWriter();
            e.printStackTrace(new PrintWriter(stringWriter3));
            Tr.error(tc, "error.java.security.exception.codebase", e.toString() + AbstractVisitable.OPEN_BRACE + e.getMessage() + AbstractVisitable.CLOSE_BRACE + lineSep + lineSep + stringWriter3.toString());
        }
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(this, tc, "handleSecurityException");
        }
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.AlpineTracingMethodAdapter"})
    public String getCodeBaseLoc(Permission permission, SecurityException securityException) {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(this, tc, "getCodeBaseLoc", permission, securityException);
        }
        String str = (String) AccessController.doPrivileged(new PrivilegedAction<String>(securityException, permission) { // from class: com.ibm.ws.kernel.launch.internal.MissingDoPrivDetectionSecurityManager.1
            final /* synthetic */ SecurityException val$e;
            final /* synthetic */ Permission val$perm;
            static final long serialVersionUID = -6324481826326029924L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

            {
                this.val$e = securityException;
                this.val$perm = permission;
                if (TraceComponent.isAnyTracingEnabled() && $$$tc$$$ != null && $$$tc$$$.isEntryEnabled()) {
                    Tr.entry($$$tc$$$, "<init>", MissingDoPrivDetectionSecurityManager.this, securityException, permission);
                }
                if (TraceComponent.isAnyTracingEnabled() && $$$tc$$$ != null && $$$tc$$$.isEntryEnabled()) {
                    Tr.exit(this, $$$tc$$$, "<init>", this);
                }
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.AlpineTracingMethodAdapter"})
            public String run() {
                if (TraceComponent.isAnyTracingEnabled() && $$$tc$$$ != null && $$$tc$$$.isEntryEnabled()) {
                    Tr.entry(this, $$$tc$$$, "run", new Object[0]);
                }
                Class[] classContext = MissingDoPrivDetectionSecurityManager.this.getClassContext();
                new StringBuffer(classContext.length * 100).append(MissingDoPrivDetectionSecurityManager.lineSep);
                boolean z = false;
                int i = -1;
                for (int i2 = 0; i2 < classContext.length; i2++) {
                    Class cls = classContext[i2];
                    ClassLoader classLoader = cls.getClassLoader();
                    MissingDoPrivDetectionSecurityManager.this.isJvmClassLoader(classLoader);
                    boolean isRuntimeClassLoader = MissingDoPrivDetectionSecurityManager.this.isRuntimeClassLoader(cls, classLoader);
                    boolean isAppClassLoader = MissingDoPrivDetectionSecurityManager.this.isAppClassLoader(classLoader);
                    if (classLoader != null) {
                        classLoader.getClass().getName();
                    }
                    if (cls.getName().startsWith("com.ibm._jsp.")) {
                        System.out.println(cls.getClassLoader().getClass().getName());
                    }
                    z |= isRuntimeClassLoader;
                    if (isAppClassLoader) {
                        i = i2;
                    }
                }
                StringBuilder sb = new StringBuilder();
                StackTraceElement[] stackTrace = this.val$e.getStackTrace();
                int length = stackTrace.length;
                if (i > -1 && z) {
                    length = i;
                    sb.append("Detected a possible missing doPriv statement. There was Liberty code between the check and the application code.\r\n");
                } else if (i == -1 && z) {
                    sb.append("No app code on stack, but a permission check failed.\r\n");
                } else if (i <= -1 || z) {
                    sb.append("No app code, or Liberty code on stack, so pretty much shouldn't happen.\r\n");
                } else {
                    sb.append("The application needs to have permissions added");
                }
                sb.append("Permission: \r\n");
                sb.append(this.val$perm.toString());
                sb.append("\r\nStack: \r\n");
                sb.append(this.val$e.toString());
                for (int i3 = 0; i3 < length; i3++) {
                    sb.append(stackTrace[i3].toString());
                    sb.append("\r\n");
                }
                String sb2 = sb.toString();
                if (TraceComponent.isAnyTracingEnabled() && $$$tc$$$ != null && $$$tc$$$.isEntryEnabled()) {
                    Tr.exit(this, $$$tc$$$, "run", sb2);
                }
                return sb2;
            }
        });
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(this, tc, "getCodeBaseLoc", str);
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.AlpineTracingMethodAdapter"})
    public boolean isAppClassLoader(ClassLoader classLoader) {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(this, tc, "isAppClassLoader", classLoader);
        }
        if (classLoader == null) {
            if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
                Tr.exit(this, tc, "isAppClassLoader", false);
            }
            return false;
        }
        String name = classLoader.getClass().getName();
        boolean z = name.startsWith("com.ibm.ws.classloading") || name.equals("com.ibm.ws.jsp.webcontainerext.JSPExtensionClassLoader");
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(this, tc, "isAppClassLoader", Boolean.valueOf(z));
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.AlpineTracingMethodAdapter"})
    public boolean isRuntimeClassLoader(Class<?> cls, ClassLoader classLoader) {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(this, tc, "isRuntimeClassLoader", cls, classLoader);
        }
        if (classLoader == null) {
            if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
                Tr.exit(this, tc, "isRuntimeClassLoader", false);
            }
            return false;
        }
        if (cls.getName().startsWith("com.ibm.ws.kernel.launch.internal.MissingDoPrivDetectionSecurityManager")) {
            if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
                Tr.exit(this, tc, "isRuntimeClassLoader", false);
            }
            return false;
        }
        boolean equals = classLoader.getClass().getName().equals(getClass().getClassLoader().getClass().getName());
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(this, tc, "isRuntimeClassLoader", Boolean.valueOf(equals));
        }
        return equals;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.AlpineTracingMethodAdapter"})
    public boolean isJvmClassLoader(ClassLoader classLoader) {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(this, tc, "isJvmClassLoader", classLoader);
        }
        boolean z = classLoader == null || classLoader == ClassLoader.getSystemClassLoader();
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(this, tc, "isJvmClassLoader", Boolean.valueOf(z));
        }
        return z;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.AlpineTracingMethodAdapter"})
    public String[] getCodeBaseLocForPerm(Permission permission) {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(this, tc, "getCodeBaseLocForPerm", permission);
        }
        String[] strArr = (String[]) AccessController.doPrivileged(new PrivilegedAction<String[]>(permission) { // from class: com.ibm.ws.kernel.launch.internal.MissingDoPrivDetectionSecurityManager.2
            final /* synthetic */ Permission val$inPerm;
            static final long serialVersionUID = -8121097894023200039L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass2.class);

            {
                this.val$inPerm = permission;
                if (TraceComponent.isAnyTracingEnabled() && $$$tc$$$ != null && $$$tc$$$.isEntryEnabled()) {
                    Tr.entry($$$tc$$$, "<init>", MissingDoPrivDetectionSecurityManager.this, permission);
                }
                if (TraceComponent.isAnyTracingEnabled() && $$$tc$$$ != null && $$$tc$$$.isEntryEnabled()) {
                    Tr.exit(this, $$$tc$$$, "<init>", this);
                }
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.AlpineTracingMethodAdapter"})
            public String[] run() {
                if (TraceComponent.isAnyTracingEnabled() && $$$tc$$$ != null && $$$tc$$$.isEntryEnabled()) {
                    Tr.entry(this, $$$tc$$$, "run", new Object[0]);
                }
                Class<?>[] classContext = MissingDoPrivDetectionSecurityManager.this.getClassContext();
                StringBuffer stringBuffer = new StringBuffer(classContext.length * 100);
                stringBuffer.append(MissingDoPrivDetectionSecurityManager.lineSep);
                String[] strArr2 = new String[2];
                ProtectionDomain protectionDomain = null;
                for (int i = 0; i < classContext.length; i++) {
                    Class<?> cls = classContext[i];
                    ProtectionDomain protectionDomain2 = cls.getProtectionDomain();
                    if (classContext[i].getName().indexOf("com.ibm.ws.kernel.launch.internal.MissingDoPrivDetectionSecurityManager") != -1) {
                        int i2 = i + 1;
                        while (true) {
                            if (i2 < classContext.length) {
                                protectionDomain = classContext[i2].getProtectionDomain();
                                if (MissingDoPrivDetectionSecurityManager.this.isOffendingClass(classContext, i2, protectionDomain, this.val$inPerm)) {
                                    strArr2[0] = MissingDoPrivDetectionSecurityManager.lineSep + MissingDoPrivDetectionSecurityManager.lineSep + "     " + classContext[i2].getName() + "  in  {" + MissingDoPrivDetectionSecurityManager.this.getCodeSource(protectionDomain) + "}" + MissingDoPrivDetectionSecurityManager.lineSep + MissingDoPrivDetectionSecurityManager.lineSep;
                                    StringBuffer stringBuffer2 = new StringBuffer(classContext.length * 100);
                                    stringBuffer2.append(MissingDoPrivDetectionSecurityManager.lineSep);
                                    stringBuffer2.append(classContext[i2].getName()).append(" : ").append(MissingDoPrivDetectionSecurityManager.this.getCodeSource(protectionDomain) + MissingDoPrivDetectionSecurityManager.lineSep);
                                    stringBuffer2.append(FFDCLogger.TAB).append(MissingDoPrivDetectionSecurityManager.this.permissionToString(protectionDomain.getCodeSource(), classContext[i2].getClassLoader(), protectionDomain.getPermissions())).append(MissingDoPrivDetectionSecurityManager.lineSep);
                                    break;
                                }
                                i2++;
                            }
                        }
                    }
                    CodeSource codeSource = protectionDomain2.getCodeSource();
                    stringBuffer.append(classContext[i].getName()).append(" : ").append(MissingDoPrivDetectionSecurityManager.this.getCodeSource(protectionDomain2) + MissingDoPrivDetectionSecurityManager.lineSep);
                    stringBuffer.append(FFDCLogger.TAB).append(MissingDoPrivDetectionSecurityManager.this.permissionToString(codeSource, cls.getClassLoader(), protectionDomain2.getPermissions())).append(MissingDoPrivDetectionSecurityManager.lineSep);
                }
                Tr.info(MissingDoPrivDetectionSecurityManager.tc, "java.security.permdenied.class.info", strArr2[0]);
                Tr.info(MissingDoPrivDetectionSecurityManager.tc, "java.security.permdenied.codebaseloc.info", stringBuffer.toString());
                strArr2[1] = MissingDoPrivDetectionSecurityManager.this.getCodeSource(protectionDomain).concat(MissingDoPrivDetectionSecurityManager.lineSep);
                if (TraceComponent.isAnyTracingEnabled() && $$$tc$$$ != null && $$$tc$$$.isEntryEnabled()) {
                    Tr.exit(this, $$$tc$$$, "run", strArr2);
                }
                return strArr2;
            }
        });
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(this, tc, "getCodeBaseLocForPerm", strArr);
        }
        return strArr;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.AlpineTracingMethodAdapter"})
    public String getCodeSource(ProtectionDomain protectionDomain) {
        String url;
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(this, tc, "getCodeSource", protectionDomain);
        }
        CodeSource codeSource = protectionDomain.getCodeSource();
        if (codeSource == null) {
            url = "null code source";
        } else {
            URL location = codeSource.getLocation();
            url = location == null ? "null code URL" : location.toString();
        }
        String str = url;
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(this, tc, "getCodeSource", str);
        }
        return str;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.AlpineTracingMethodAdapter"})
    public String permissionToString(CodeSource codeSource, ClassLoader classLoader, PermissionCollection permissionCollection) {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(this, tc, "permissionToString", codeSource, classLoader, permissionCollection);
        }
        StringBuffer stringBuffer = new StringBuffer("ClassLoader: ");
        if (classLoader == null) {
            stringBuffer.append("Primordial Classloader");
        } else {
            stringBuffer.append(classLoader.getClass().getName());
        }
        stringBuffer.append(lineSep);
        stringBuffer.append("  Permissions granted to CodeSource ").append(codeSource).append(lineSep);
        if (permissionCollection != null) {
            Enumeration<Permission> elements = permissionCollection.elements();
            stringBuffer.append("  {").append(lineSep);
            while (elements.hasMoreElements()) {
                stringBuffer.append("    ").append(elements.nextElement().toString()).append(";").append(lineSep);
            }
            stringBuffer.append("  }");
        } else {
            stringBuffer.append("  {").append(lineSep).append("  }");
        }
        String stringBuffer2 = stringBuffer.toString();
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(this, tc, "permissionToString", stringBuffer2);
        }
        return stringBuffer2;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.AlpineTracingMethodAdapter"})
    boolean isOffendingClass(Class<?>[] clsArr, int i, ProtectionDomain protectionDomain, Permission permission) {
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.entry(this, tc, "isOffendingClass", clsArr, Integer.valueOf(i), protectionDomain, permission);
        }
        boolean z = !clsArr[i].getName().startsWith(SuffixConstants.EXTENSION_java) && clsArr[i].getName().indexOf("com.ibm.ws.kernel.launch.internal.MissingDoPrivDetectionSecurityManager") == -1 && clsArr[i].getName().indexOf("ClassLoader") == -1 && (i == clsArr.length - 1 || clsArr[i + 1].getName().indexOf("ClassLoader") == -1) && !protectionDomain.implies(permission);
        if (TraceComponent.isAnyTracingEnabled() && tc != null && tc.isEntryEnabled()) {
            Tr.exit(this, tc, "isOffendingClass", Boolean.valueOf(z));
        }
        return z;
    }
}
