package com.sun.enterprise.security.acl;

import com.sun.enterprise.Switch;
import com.sun.enterprise.config.ConfigContext;
import com.sun.enterprise.config.serverbeans.SecurityService;
import com.sun.enterprise.config.serverbeans.Server;
import com.sun.enterprise.config.serverbeans.ServerBeansFactory;
import com.sun.enterprise.deployment.Group;
import com.sun.enterprise.deployment.PrincipalImpl;
import com.sun.enterprise.deployment.Role;
import com.sun.enterprise.deployment.interfaces.SecurityRoleMapper;
import com.sun.enterprise.security.AppservAccessController;
import com.sun.enterprise.server.ApplicationServer;
import com.sun.enterprise.server.ServerContext;
import com.sun.logging.LogDomains;
import java.io.Serializable;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import net.sf.jasperreports.engine.util.JRColorUtil;

/* loaded from: input_file:appserv-rt-unknown.jar:com/sun/enterprise/security/acl/RoleMapper.class */
public class RoleMapper implements Serializable, SecurityRoleMapper {
    private static Map ROLEMAPPER;
    private static final String DEFAULT_ROLE_NAME = "ANYONE";
    private static Role defaultRole;
    private static String defaultRoleName;
    private String appName;
    private final Map roleToSubject;
    private String defaultP2RMappingClassName;
    private DefaultRoleToSubjectMapping defaultRTSM;
    private final Map roleToPrincipal;
    private final Map roleToGroup;
    private static Logger _logger;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:appserv-rt-unknown.jar:com/sun/enterprise/security/acl/RoleMapper$DefaultRoleToSubjectMapping.class */
    class DefaultRoleToSubjectMapping extends HashMap {
        private HashMap roleMap = new HashMap();
        static final /* synthetic */ boolean $assertionsDisabled;

        DefaultRoleToSubjectMapping() {
        }

        Principal getSameNamedPrincipal(String str) {
            try {
                return (Principal) Class.forName(RoleMapper.this.defaultP2RMappingClassName).getConstructor(String.class).newInstance(new String(str));
            } catch (Exception e) {
                RoleMapper._logger.log(Level.SEVERE, "rm.getSameNamedPrincipal", new Object[]{str, e});
                throw new RuntimeException("Unable to get principal by default p2r mapping");
            }
        }

        @Override // java.util.HashMap, java.util.AbstractMap, java.util.Map
        public Object get(Object obj) {
            Subject subject;
            if (!$assertionsDisabled && !(obj instanceof String)) {
                throw new AssertionError();
            }
            synchronized (this.roleMap) {
                Subject subject2 = (Subject) this.roleMap.get(obj);
                if (subject2 == null && (obj instanceof String)) {
                    final Subject subject3 = new Subject();
                    final String str = (String) obj;
                    AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.acl.RoleMapper.DefaultRoleToSubjectMapping.1
                        @Override // java.security.PrivilegedAction
                        public Object run() {
                            subject3.getPrincipals().add(DefaultRoleToSubjectMapping.this.getSameNamedPrincipal(str));
                            return null;
                        }
                    });
                    this.roleMap.put(obj, subject3);
                    subject2 = subject3;
                }
                subject = subject2;
            }
            return subject;
        }

        static {
            $assertionsDisabled = !RoleMapper.class.desiredAssertionStatus();
        }
    }

    private RoleMapper(String str) {
        this.roleToSubject = new HashMap();
        this.defaultP2RMappingClassName = null;
        this.defaultRTSM = new DefaultRoleToSubjectMapping();
        this.roleToPrincipal = new HashMap();
        this.roleToGroup = new HashMap();
        this.appName = str;
        if (Switch.getSwitch().getContainerType() == 2) {
            initDefaultRole();
        }
        this.defaultP2RMappingClassName = getDefaultP2RMappingClassName();
    }

    private static synchronized void initDefaultRole() {
        ConfigContext configContext;
        if (defaultRole == null) {
            defaultRoleName = DEFAULT_ROLE_NAME;
            try {
                configContext = ApplicationServer.getServerContext().getConfigContext();
            } catch (Exception e) {
                _logger.log(Level.WARNING, "java_security.anonymous_role_reading_exception", (Throwable) e);
            }
            if (!$assertionsDisabled && configContext == null) {
                throw new AssertionError();
            }
            Server serverBean = ServerBeansFactory.getServerBean(configContext);
            if (!$assertionsDisabled && serverBean == null) {
                throw new AssertionError();
            }
            SecurityService securityServiceBean = ServerBeansFactory.getSecurityServiceBean(configContext);
            if (!$assertionsDisabled && securityServiceBean == null) {
                throw new AssertionError();
            }
            defaultRoleName = securityServiceBean.getAnonymousRole();
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "Default role is: " + defaultRoleName);
            }
            defaultRole = new Role(defaultRoleName);
        }
    }

    public static RoleMapper getRoleMapper(String str) {
        RoleMapper roleMapper = (RoleMapper) ROLEMAPPER.get(str);
        if (roleMapper == null) {
            roleMapper = new RoleMapper(str);
            synchronized (RoleMapper.class) {
                ROLEMAPPER.put(str, roleMapper);
            }
        }
        return roleMapper;
    }

    public static void setRoleMapper(String str, SecurityRoleMapper securityRoleMapper) {
        synchronized (RoleMapper.class) {
            ROLEMAPPER.put(str, securityRoleMapper);
        }
    }

    public static void removeRoleMapper(String str) {
        if (ROLEMAPPER.containsKey(str)) {
            synchronized (RoleMapper.class) {
                ROLEMAPPER.remove(str);
            }
        }
    }

    @Override // com.sun.enterprise.deployment.interfaces.SecurityRoleMapper
    public String getName() {
        return this.appName;
    }

    @Override // com.sun.enterprise.deployment.interfaces.SecurityRoleMapper
    public void setName(String str) {
        this.appName = str;
    }

    private void addRoleToPrincipal(final Principal principal, String str) {
        if (!$assertionsDisabled && this.roleToSubject == null) {
            throw new AssertionError();
        }
        Subject subject = (Subject) this.roleToSubject.get(str);
        final Subject subject2 = subject == null ? new Subject() : subject;
        AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.acl.RoleMapper.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject2.getPrincipals().add(principal);
                return null;
            }
        });
        this.roleToSubject.put(str, subject2);
    }

    @Override // com.sun.enterprise.deployment.interfaces.SecurityRoleMapper
    public void unassignPrincipalFromRole(Role role, final Principal principal) {
        if (!$assertionsDisabled && this.roleToSubject == null) {
            throw new AssertionError();
        }
        String name = role.getName();
        final Subject subject = (Subject) this.roleToSubject.get(name);
        if (subject != null) {
            AppservAccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.acl.RoleMapper.2
                @Override // java.security.PrivilegedAction
                public Object run() {
                    subject.getPrincipals().remove(principal);
                    return null;
                }
            });
            this.roleToSubject.put(name, subject);
        }
        Map map = principal instanceof Group ? this.roleToGroup : this.roleToPrincipal;
        Vector vector = (Vector) map.get(name);
        if (vector != null) {
            vector.remove(principal);
            map.put(name, vector);
        }
    }

    boolean isDefaultRTSMActivated() {
        return this.defaultP2RMappingClassName != null;
    }

    @Override // com.sun.enterprise.deployment.interfaces.SecurityRoleMapper
    public Map getRoleToSubjectMapping() {
        if ($assertionsDisabled || this.roleToSubject != null) {
            return (this.roleToSubject.isEmpty() && isDefaultRTSMActivated()) ? this.defaultRTSM : this.roleToSubject;
        }
        throw new AssertionError();
    }

    @Override // com.sun.enterprise.deployment.interfaces.SecurityRoleMapper
    public void assignRole(Principal principal, Role role) {
        String name = role.getName();
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "SECURITY:RoleMapper Assigning Role " + name + " to  " + principal.getName());
        }
        addRoleToPrincipal(principal, name);
        Map map = principal instanceof Group ? this.roleToGroup : this.roleToPrincipal;
        Vector vector = (Vector) map.get(name);
        if (vector == null) {
            vector = new Vector();
        }
        vector.add(principal);
        map.put(name, vector);
    }

    @Override // com.sun.enterprise.deployment.interfaces.SecurityRoleMapper
    public Iterator getRoles() {
        if ($assertionsDisabled || this.roleToSubject != null) {
            return this.roleToSubject.keySet().iterator();
        }
        throw new AssertionError();
    }

    @Override // com.sun.enterprise.deployment.interfaces.SecurityRoleMapper
    public Enumeration getGroupsAssignedTo(Role role) {
        if (!$assertionsDisabled && this.roleToGroup == null) {
            throw new AssertionError();
        }
        Vector vector = (Vector) this.roleToGroup.get(role.getName());
        return (vector == null ? new Vector() : vector).elements();
    }

    @Override // com.sun.enterprise.deployment.interfaces.SecurityRoleMapper
    public Enumeration getUsersAssignedTo(Role role) {
        if (!$assertionsDisabled && this.roleToPrincipal == null) {
            throw new AssertionError();
        }
        Vector vector = (Vector) this.roleToPrincipal.get(role.getName());
        return (vector == null ? new Vector() : vector).elements();
    }

    @Override // com.sun.enterprise.deployment.interfaces.SecurityRoleMapper
    public void unassignRole(Role role) {
        if (role != null) {
            String name = role.getName();
            this.roleToSubject.remove(name);
            this.roleToPrincipal.remove(name);
            this.roleToGroup.remove(name);
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer("RoleMapper:");
        Iterator roles = getRoles();
        while (roles.hasNext()) {
            String str = (String) roles.next();
            stringBuffer.append("\n\tRole (" + str + ") has Principals(");
            Iterator<Principal> it2 = ((Subject) this.roleToSubject.get(str)).getPrincipals().iterator();
            while (it2.hasNext()) {
                stringBuffer.append(it2.next().getName() + " ");
            }
            stringBuffer.append(JRColorUtil.RGBA_SUFFIX);
        }
        if (_logger.isLoggable(Level.FINER)) {
            _logger.log(Level.FINER, stringBuffer.toString());
        }
        return stringBuffer.toString();
    }

    public RoleMapper(RoleMapper roleMapper) {
        this.roleToSubject = new HashMap();
        this.defaultP2RMappingClassName = null;
        this.defaultRTSM = new DefaultRoleToSubjectMapping();
        this.roleToPrincipal = new HashMap();
        this.roleToGroup = new HashMap();
        this.appName = roleMapper.getName();
        Iterator roles = roleMapper.getRoles();
        while (roles.hasNext()) {
            String str = (String) roles.next();
            Enumeration groupsAssignedTo = roleMapper.getGroupsAssignedTo(new Role(str));
            Vector vector = new Vector();
            while (groupsAssignedTo.hasMoreElements()) {
                Group group = (Group) groupsAssignedTo.nextElement();
                vector.add(new Group(group.getName()));
                addRoleToPrincipal(group, str);
            }
            this.roleToGroup.put(str, vector);
            Enumeration usersAssignedTo = roleMapper.getUsersAssignedTo(new Role(str));
            Vector vector2 = new Vector();
            while (usersAssignedTo.hasMoreElements()) {
                PrincipalImpl principalImpl = (PrincipalImpl) usersAssignedTo.nextElement();
                vector2.add(new PrincipalImpl(principalImpl.getName()));
                addRoleToPrincipal(principalImpl, str);
            }
            this.roleToPrincipal.put(str, vector2);
        }
    }

    private static String getDefaultP2RMappingClassName() {
        ConfigContext configContext;
        SecurityService securityServiceBean;
        String str = null;
        try {
            ServerContext serverContext = ApplicationServer.getServerContext();
            if (serverContext != null && (configContext = serverContext.getConfigContext()) != null && (securityServiceBean = ServerBeansFactory.getSecurityServiceBean(configContext)) != null && securityServiceBean.isActivateDefaultPrincipalToRoleMapping()) {
                str = securityServiceBean.getMappedPrincipalClass();
                if (str == null || "".equals(str)) {
                    str = "com.sun.enterprise.deployment.Group";
                }
            }
            if (str == null) {
                return null;
            }
            return str;
        } catch (Exception e) {
            _logger.log(Level.SEVERE, "pc.getDefaultP2RMappingClass: " + e);
            return null;
        }
    }

    static {
        $assertionsDisabled = !RoleMapper.class.desiredAssertionStatus();
        ROLEMAPPER = new HashMap();
        defaultRole = null;
        defaultRoleName = null;
        _logger = LogDomains.getLogger(LogDomains.SECURITY_LOGGER);
    }
}
