package com.ibm.ws.security.authorization.jacc.ejb.impl;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authorization.jacc.MethodInfo;
import com.ibm.ws.security.authorization.jacc.RoleInfo;
import com.ibm.ws.security.authorization.jacc.common.PolicyConfigurationManager;
import com.ibm.ws.security.authorization.jacc.ejb.EJBSecurityPropagator;
import java.security.Permissions;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContextException;
import org.jboss.weld.metadata.Selectors;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.authorization.jacc.ejb_1.0.14.jar:com/ibm/ws/security/authorization/jacc/ejb/impl/EJBSecurityPropagatorImpl.class */
public class EJBSecurityPropagatorImpl implements EJBSecurityPropagator {
    private static String STARSTAR = Selectors.DEEP_TREE_MATCH;
    private static final TraceComponent tc = Tr.register(EJBSecurityPropagatorImpl.class);
    private static Map<String, Set<ModuleRoleInfo>> moduleRoleInfoMap = new ConcurrentHashMap();
    static final long serialVersionUID = 5022123086130818540L;

    @Override // com.ibm.ws.security.authorization.jacc.ejb.EJBSecurityPropagator
    public void propagateEJBRoles(String str, String str2, String str3, Map<String, String> map, Map<RoleInfo, List<MethodInfo>> map2) {
        Set<ModuleRoleInfo> set = moduleRoleInfoMap.get(str);
        if (set == null) {
            set = Collections.newSetFromMap(new ConcurrentHashMap());
            moduleRoleInfoMap.put(str, set);
        }
        set.add(new ModuleRoleInfo(str2, str3, map, map2));
        PolicyConfigurationManager.addEJB(str2, str);
    }

    @Override // com.ibm.ws.security.authorization.jacc.ejb.EJBSecurityPropagator
    public void processEJBRoles(PolicyConfigurationFactory policyConfigurationFactory, String str) {
        Set<ModuleRoleInfo> set = moduleRoleInfoMap.get(str);
        if (set == null) {
            return;
        }
        Set<String> allRoles = getAllRoles(set);
        String str2 = set.iterator().next().appName;
        try {
            PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration(str, !PolicyConfigurationManager.containModule(str2, str));
            try {
                for (ModuleRoleInfo moduleRoleInfo : set) {
                    processRoleRefs(policyConfiguration, moduleRoleInfo.beanName, moduleRoleInfo.roleLinkMap, allRoles);
                    processMethodPermissions(policyConfiguration, moduleRoleInfo.beanName, moduleRoleInfo.methodMap, allRoles);
                }
                PolicyConfigurationManager.linkConfiguration(str2, policyConfiguration);
                moduleRoleInfoMap.remove(str);
            } catch (PolicyContextException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authorization.jacc.ejb.impl.EJBSecurityPropagatorImpl", "86", this, new Object[]{policyConfigurationFactory, str});
                Tr.error(tc, "JACC_EJB_PERMISSION_PROPAGATION_FAILURE", str, e);
            }
        } catch (PolicyContextException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.authorization.jacc.ejb.impl.EJBSecurityPropagatorImpl", "73", this, new Object[]{policyConfigurationFactory, str});
            Tr.error(tc, "JACC_EJB_GET_POLICYCONFIGURATION_FAILURE", str, e2);
        }
    }

    private Set<String> getAllRoles(Set<ModuleRoleInfo> set) {
        HashSet hashSet = new HashSet();
        for (ModuleRoleInfo moduleRoleInfo : set) {
            if (moduleRoleInfo.methodMap != null && moduleRoleInfo.methodMap.size() > 0) {
                Iterator<RoleInfo> it = moduleRoleInfo.methodMap.keySet().iterator();
                while (it.hasNext()) {
                    String roleName = it.next().getRoleName();
                    if (roleName != null) {
                        hashSet.add(roleName);
                    }
                }
            }
        }
        if (hashSet.isEmpty()) {
            hashSet = null;
        }
        return hashSet;
    }

    private void processMethodPermissions(PolicyConfiguration policyConfiguration, String str, Map<RoleInfo, List<MethodInfo>> map, Set<String> set) throws PolicyContextException {
        if (map == null || map.size() <= 0) {
            return;
        }
        for (Map.Entry<RoleInfo, List<MethodInfo>> entry : map.entrySet()) {
            RoleInfo key = entry.getKey();
            List<MethodInfo> value = entry.getValue();
            if (key.isPermitAll()) {
                Permissions eJBPermCollection = getEJBPermCollection(str, value);
                if (eJBPermCollection != null) {
                    policyConfiguration.addToUncheckedPolicy(eJBPermCollection);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "addToUncheckedPolicy permission : " + eJBPermCollection, new Object[0]);
                    }
                }
            } else if (key.isDenyAll()) {
                Permissions eJBPermCollection2 = getEJBPermCollection(str, value);
                if (eJBPermCollection2 != null) {
                    policyConfiguration.addToExcludedPolicy(eJBPermCollection2);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "addToExcludedPolicy permission : " + eJBPermCollection2, new Object[0]);
                    }
                }
            } else {
                Permissions eJBPermCollection3 = getEJBPermCollection(str, value);
                if (eJBPermCollection3 != null) {
                    String roleName = key.getRoleName();
                    policyConfiguration.addToRole(roleName, eJBPermCollection3);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "addToRole(MethodPermisson) role : " + roleName + " permission : " + eJBPermCollection3, new Object[0]);
                    }
                }
            }
        }
    }

    private Permissions getEJBPermCollection(String str, List<MethodInfo> list) {
        Permissions permissions = new Permissions();
        if (list == null || list.size() <= 0) {
            permissions = null;
        } else {
            for (MethodInfo methodInfo : list) {
                String methodName = methodInfo.getMethodName();
                String methodInterfaceName = methodInfo.getMethodInterfaceName();
                if (methodName.equals("*")) {
                    methodName = null;
                }
                if (methodInterfaceName != null && methodInterfaceName.equals("Unspecified")) {
                    methodInterfaceName = null;
                }
                List<String> paramList = methodInfo.getParamList();
                String[] strArr = paramList != null ? (String[]) paramList.toArray(new String[paramList.size()]) : null;
                if (tc.isDebugEnabled()) {
                    StringBuffer stringBuffer = new StringBuffer("addingEJBPermCollection: ejbName = ");
                    stringBuffer.append(str).append(", methodName = ").append(methodName).append(", methodInfName = ").append(methodInterfaceName);
                    if (strArr != null) {
                        stringBuffer.append(" # of params : " + strArr.length);
                        for (String str2 : strArr) {
                            stringBuffer.append(" param : " + str2);
                        }
                    }
                    Tr.debug(tc, stringBuffer.toString(), new Object[0]);
                }
                permissions.add(new EJBMethodPermission(str, methodName, methodInterfaceName, strArr));
            }
        }
        return permissions;
    }

    private void processRoleRefs(PolicyConfiguration policyConfiguration, String str, Map<String, String> map, Set<String> set) throws PolicyContextException {
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                String key = entry.getKey();
                String value = entry.getValue();
                EJBRoleRefPermission eJBRoleRefPermission = new EJBRoleRefPermission(str, key);
                policyConfiguration.addToRole(value, eJBRoleRefPermission);
                EJBRoleRefPermission eJBRoleRefPermission2 = new EJBRoleRefPermission(str, value);
                policyConfiguration.addToRole(value, eJBRoleRefPermission2);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "addToRole(RefName) role : " + value + " permission : " + eJBRoleRefPermission, new Object[0]);
                    Tr.debug(tc, "addToRole(RefLink) role : " + value + " permission : " + eJBRoleRefPermission2, new Object[0]);
                }
            }
        }
        if (set == null || !set.contains(STARSTAR)) {
            EJBRoleRefPermission eJBRoleRefPermission3 = new EJBRoleRefPermission(str, STARSTAR);
            policyConfiguration.addToRole(STARSTAR, eJBRoleRefPermission3);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "addToRole(DeclaredRefLink) role : ** permission : " + eJBRoleRefPermission3, new Object[0]);
            }
        }
        if (set != null) {
            for (String str2 : set) {
                if (map == null || !map.containsValue(str2)) {
                    EJBRoleRefPermission eJBRoleRefPermission4 = new EJBRoleRefPermission(str, str2);
                    policyConfiguration.addToRole(str2, eJBRoleRefPermission4);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "addToRole(DeclaredRefLink) role : " + str2 + " permission : " + eJBRoleRefPermission4, new Object[0]);
                    }
                }
            }
        }
    }
}
