package com.ibm.ws.security.authorization.jacc.ejb.impl;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authorization.jacc.common.PolicyContextHandlerImpl;
import com.ibm.ws.security.authorization.jacc.ejb.EJBSecurityValidator;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.HashMap;
import java.util.List;
import javax.ejb.EnterpriseBean;
import javax.ejb.SessionContext;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.xml.rpc.handler.MessageContext;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.authorization.jacc.ejb_1.0.14.jar:com/ibm/ws/security/authorization/jacc/ejb/impl/EJBSecurityValidatorImpl.class */
public class EJBSecurityValidatorImpl implements EJBSecurityValidator {
    private static final TraceComponent tc = Tr.register(EJBSecurityValidatorImpl.class);
    private static String[] jaccHandlerKeyArray = {"javax.security.auth.Subject.container", "javax.ejb.EnterpriseBean", "javax.ejb.arguments", "javax.xml.soap.SOAPMessage"};
    private static ProtectionDomain nullPd = new ProtectionDomain(new CodeSource((URL) null, (Certificate[]) null), null, null, null);
    private static CodeSource nullCs = new CodeSource((URL) null, (Certificate[]) null);
    private static PolicyContextHandlerImpl pch = PolicyContextHandlerImpl.getInstance();
    static final long serialVersionUID = -2601000382896015489L;

    @Override // com.ibm.ws.security.authorization.jacc.ejb.EJBSecurityValidator
    public boolean checkResourceConstraints(String str, List<Object> list, Object obj, Permission permission, Subject subject) {
        boolean z = false;
        HashMap<String, Object> hashMap = new HashMap<>();
        EnterpriseBean enterpriseBean = null;
        if (obj != null) {
            try {
                enterpriseBean = (EnterpriseBean) obj;
            } catch (ClassCastException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authorization.jacc.ejb.impl.EJBSecurityValidatorImpl", "62", this, new Object[]{str, list, obj, permission, subject});
                Tr.error(tc, "JACC_EJB_SPI_PARAMETER_ERROR", obj.getClass().getName(), "checkResourceConstraints", "EnterpriseBean");
                return false;
            }
        }
        EnterpriseBean enterpriseBean2 = enterpriseBean;
        if (list != null && list.size() > 0) {
            list.toArray(new Object[list.size()]);
        }
        try {
            try {
                z = checkMethodConstraints(str, null, enterpriseBean2, permission, subject, hashMap);
                try {
                    resetHandlerInfo();
                } catch (PrivilegedActionException e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.security.authorization.jacc.ejb.impl.EJBSecurityValidatorImpl", "79", this, new Object[]{str, list, obj, permission, subject});
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception when resetting setHandler data. Ignore the error : " + e2.getException(), new Object[0]);
                    }
                }
            } catch (PrivilegedActionException e3) {
                FFDCFilter.processException(e3, "com.ibm.ws.security.authorization.jacc.ejb.impl.EJBSecurityValidatorImpl", "74", this, new Object[]{str, list, obj, permission, subject});
                Tr.error(tc, "JACC_EJB_IMPLIES_FAILURE", str, e3.getException());
                try {
                    resetHandlerInfo();
                } catch (PrivilegedActionException e4) {
                    FFDCFilter.processException(e4, "com.ibm.ws.security.authorization.jacc.ejb.impl.EJBSecurityValidatorImpl", "79", this, new Object[]{str, list, obj, permission, subject});
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception when resetting setHandler data. Ignore the error : " + e4.getException(), new Object[0]);
                    }
                }
            }
            return z;
        } catch (Throwable th) {
            try {
                resetHandlerInfo();
            } catch (PrivilegedActionException e5) {
                FFDCFilter.processException(e5, "com.ibm.ws.security.authorization.jacc.ejb.impl.EJBSecurityValidatorImpl", "79", this, new Object[]{str, list, obj, permission, subject});
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception when resetting setHandler data. Ignore the error : " + e5.getException(), new Object[0]);
                }
            }
            throw th;
        }
    }

    private boolean checkMethodConstraints(final String str, final Object[] objArr, final EnterpriseBean enterpriseBean, final Permission permission, final Subject subject, final HashMap<String, Object> hashMap) throws PrivilegedActionException {
        Boolean bool = Boolean.FALSE;
        return ((Boolean) AccessController.doPrivileged(new PrivilegedExceptionAction<Boolean>() { // from class: com.ibm.ws.security.authorization.jacc.ejb.impl.EJBSecurityValidatorImpl.1
            static final long serialVersionUID = -6851497128149175713L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Boolean run() throws PolicyContextException {
                PolicyContext.setContextID(str);
                if (EJBSecurityValidatorImpl.tc.isDebugEnabled()) {
                    Tr.debug(EJBSecurityValidatorImpl.tc, "Registering JACC context handlers", new Object[0]);
                }
                for (String str2 : EJBSecurityValidatorImpl.jaccHandlerKeyArray) {
                    PolicyContext.registerHandler(str2, EJBSecurityValidatorImpl.pch, true);
                }
                hashMap.put(EJBSecurityValidatorImpl.jaccHandlerKeyArray[0], subject);
                hashMap.put(EJBSecurityValidatorImpl.jaccHandlerKeyArray[1], enterpriseBean);
                hashMap.put(EJBSecurityValidatorImpl.jaccHandlerKeyArray[2], objArr);
                MessageContext messageContext = null;
                try {
                    messageContext = EJBSecurityValidatorImpl.this.getMessageContext(new InitialContext());
                } catch (NamingException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.authorization.jacc.ejb.impl.EJBSecurityValidatorImpl$1", "112", this, new Object[0]);
                    if (EJBSecurityValidatorImpl.tc.isDebugEnabled()) {
                        Tr.debug(EJBSecurityValidatorImpl.tc, "NamingException is caught. Ignoring..", e);
                    }
                }
                if (messageContext != null) {
                    if (EJBSecurityValidatorImpl.tc.isDebugEnabled()) {
                        Tr.debug(EJBSecurityValidatorImpl.tc, "javax.xml.soap.SOAPMessage is set: ", messageContext);
                    }
                    hashMap.put(EJBSecurityValidatorImpl.jaccHandlerKeyArray[3], messageContext);
                }
                ProtectionDomain protectionDomain = (subject == null || subject.getPrincipals().size() <= 0) ? EJBSecurityValidatorImpl.nullPd : new ProtectionDomain(EJBSecurityValidatorImpl.nullCs, null, null, (Principal[]) subject.getPrincipals().toArray(new Principal[subject.getPrincipals().size()]));
                if (EJBSecurityValidatorImpl.tc.isDebugEnabled()) {
                    Tr.debug(EJBSecurityValidatorImpl.tc, "Setting JACC handler data", new Object[0]);
                }
                PolicyContext.setHandlerData(hashMap);
                if (EJBSecurityValidatorImpl.tc.isDebugEnabled()) {
                    Tr.debug(EJBSecurityValidatorImpl.tc, "Calling JACC implies. PD : " + protectionDomain, new Object[0]);
                }
                return Boolean.valueOf(Policy.getPolicy().implies(protectionDomain, permission));
            }
        })).booleanValue();
    }

    private void resetHandlerInfo() throws PrivilegedActionException {
        AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.security.authorization.jacc.ejb.impl.EJBSecurityValidatorImpl.2
            static final long serialVersionUID = 3604063140756306638L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass2.class);

            @Override // java.security.PrivilegedExceptionAction
            public Object run() {
                PolicyContext.setHandlerData(null);
                return null;
            }
        });
    }

    @FFDCIgnore({NamingException.class, IllegalStateException.class})
    public MessageContext getMessageContext(Context context) {
        MessageContext messageContext = null;
        try {
            SessionContext sessionContext = (SessionContext) context.lookup("java:comp/EJBContext");
            if (sessionContext != null) {
                messageContext = sessionContext.getMessageContext();
            }
        } catch (IllegalStateException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "IllegalStateException is caught. Safe to ignore.", e);
            }
        } catch (NamingException e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "NamingException is caught. Safe to ignore.", e2);
            }
        }
        return messageContext;
    }
}
