package weblogic.wsee.deploy;

import java.lang.reflect.AnnotatedElement;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.TimeZone;
import javax.servlet.ServletContext;
import weblogic.application.ApplicationContextInternal;
import weblogic.application.SecurityRole;
import weblogic.j2ee.descriptor.wl.SecurityRoleAssignmentBean;
import weblogic.j2ee.descriptor.wl.WeblogicWebAppBean;
import weblogic.jws.CallbackMethod;
import weblogic.jws.security.CallbackRolesAllowed;
import weblogic.jws.security.RolesAllowed;
import weblogic.jws.security.RolesReferenced;
import weblogic.jws.security.SecurityRoleRef;
import weblogic.management.provider.ManagementService;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.ConsumptionException;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.service.WSPolicyConsumer;
import weblogic.security.service.WSPolicyHandler;
import weblogic.security.service.WSRoleConsumer;
import weblogic.security.service.WSRoleHandler;
import weblogic.security.service.WebServiceResource;
import weblogic.servlet.internal.WebAppModule;
import weblogic.wsee.jws.util.Util;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:weblogic/wsee/deploy/SecurityRoleAndPolicyHelper.class */
public final class SecurityRoleAndPolicyHelper {
    private static final String OLD_VERSION = "9.2.0.0";
    private static final String VERSION = "10.0.0.0";
    private Class<?> webService;
    private Class<?> eiClass;
    private WSPolicyConsumer policyConsumer;
    private WSPolicyHandler policyHandler;
    private WSRoleConsumer roleConsumer;
    private WSRoleHandler roleHandler;
    private String serviceName;
    private String appName;
    private String contextPath;
    private ApplicationContextInternal appCtx;
    private ServletContext servletContext;
    private static boolean isEJBDeployInfo;
    private static final AuthenticatedSubject kernelId = getKernelID();
    private static final boolean isInProductionMode = isProduction();
    private static final SimpleDateFormat timeFormatter = getTimeFormatter();
    private boolean policyConsumerEnabled = false;
    private boolean roleConsumerEnabled = false;
    private boolean initted = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityRoleAndPolicyHelper(DeployInfo deployInfo) {
        this.appName = deployInfo.getApplication();
        this.serviceName = deployInfo.getServiceName();
        this.contextPath = deployInfo.getContextPath();
        this.webService = deployInfo.getJwsClass();
        this.appCtx = deployInfo.getApplicationContext();
        this.eiClass = Util.getEIClass(this.webService);
        this.servletContext = deployInfo.getServletContext();
        isEJBDeployInfo = deployInfo instanceof EJBDeployInfo;
    }

    public void deploySecurityRolesAndPolicies() {
        try {
            deployWebMethodRolesAndPolicies();
            deployCallbackMethodRolesAndPolicies();
        } finally {
            cleanUp();
        }
    }

    private void init() {
        if (this.initted) {
            return;
        }
        try {
            String format = timeFormatter.format(new Date());
            this.policyConsumer = SecurityServiceManager.getWSPolicyConsumer(kernelId);
            if (this.policyConsumer != null) {
                this.policyConsumerEnabled = this.policyConsumer.isEnabled();
            }
            String str = this.appName + ":" + this.contextPath + ":" + this.serviceName;
            if (this.policyConsumerEnabled) {
                WSPolicyHandler wSPolicyHandler = this.policyConsumer.getWSPolicyHandler(this.appName, OLD_VERSION, format);
                if (wSPolicyHandler != null) {
                    wSPolicyHandler.done();
                }
                this.policyHandler = this.policyConsumer.getWSPolicyHandler(str, VERSION, format);
            }
            this.roleConsumer = SecurityServiceManager.getWSRoleConsumer(kernelId);
            if (this.roleConsumer != null) {
                this.roleConsumerEnabled = this.roleConsumer.isEnabled();
            }
            if (this.roleConsumerEnabled) {
                WSRoleHandler wSRoleHandler = this.roleConsumer.getWSRoleHandler(this.appName, OLD_VERSION, format);
                if (wSRoleHandler != null) {
                    wSRoleHandler.done();
                }
                this.roleHandler = this.roleConsumer.getWSRoleHandler(str, VERSION, format);
            }
            this.initted = true;
        } catch (ConsumptionException e) {
            throw new WSEEServletEndpointException((Throwable) e);
        }
    }

    private void deployWebMethodRolesAndPolicies() {
        Map<String, String[]> rolesAllowed = getRolesAllowed(this.webService);
        for (Method method : this.webService.getMethods()) {
            if (Util.isWebMethod(method, this.eiClass)) {
                Map<String, String[]> rolesAllowed2 = getRolesAllowed(method);
                if (rolesAllowed2.size() == 0) {
                    if (rolesAllowed.size() != 0) {
                        rolesAllowed2 = rolesAllowed;
                    }
                }
                deployMethodRolesAndPolicies(method, rolesAllowed2);
            }
        }
    }

    private void deployCallbackMethodRolesAndPolicies() {
        for (Method method : this.webService.getMethods()) {
            CallbackMethod annotation = method.getAnnotation(CallbackMethod.class);
            if (annotation != null) {
                Map<String, String[]> callbackRolesAllowed = getCallbackRolesAllowed(method);
                if (callbackRolesAllowed.size() == 0) {
                    try {
                        callbackRolesAllowed = getCallbackRolesAllowed(this.webService.getDeclaredField(annotation.target()));
                    } catch (NoSuchFieldException e) {
                        throw new WSEEServletEndpointException(e);
                    }
                }
                if (callbackRolesAllowed.size() > 0) {
                    deployMethodRolesAndPolicies(method, callbackRolesAllowed);
                }
            }
        }
    }

    private void deployMethodRolesAndPolicies(Method method, Map<String, String[]> map) {
        String name = method.getName();
        ArrayList arrayList = new ArrayList();
        for (Class<?> cls : method.getParameterTypes()) {
            arrayList.add(cls.getCanonicalName());
        }
        WebServiceResource createWebServiceResource = createWebServiceResource(this.appName, this.contextPath, this.serviceName, name, (String[]) arrayList.toArray(new String[arrayList.size()]));
        for (Map.Entry<String, String[]> entry : map.entrySet()) {
            deployRole(createWebServiceResource, entry.getKey(), entry.getValue());
        }
        deployPolicy(createWebServiceResource, (String[]) map.keySet().toArray(new String[map.size()]));
    }

    private final void cleanUp() {
        try {
            if (this.policyConsumerEnabled && this.policyHandler != null) {
                this.policyHandler.done();
            }
            if (this.roleConsumerEnabled && this.roleHandler != null) {
                this.roleHandler.done();
            }
        } catch (ConsumptionException e) {
            throw new WSEEServletEndpointException((Throwable) e);
        }
    }

    private void deployRole(WebServiceResource webServiceResource, String str, String[] strArr) {
        SecurityRole securityRole;
        init();
        String[] strArr2 = strArr;
        if (strArr2.length == 0 && this.appCtx != null && (securityRole = this.appCtx.getSecurityRole(str)) != null && !securityRole.isExternallyDefined()) {
            strArr2 = securityRole.getPrincipalNames();
            if (strArr2 == null) {
                return;
            }
        }
        if (strArr2.length == 0) {
            return;
        }
        if (!this.roleConsumerEnabled) {
            if (isInProductionMode) {
                throw new WSEEServletEndpointException("Role consumer  is not supported");
            }
        } else {
            try {
                if (this.roleHandler != null) {
                    this.roleHandler.setRole(webServiceResource, str, strArr2);
                }
            } catch (ConsumptionException e) {
                throw new WSEEServletEndpointException((Throwable) e);
            }
        }
    }

    private void deployPolicy(WebServiceResource webServiceResource, String[] strArr) {
        init();
        if (!this.policyConsumerEnabled) {
            if (isInProductionMode) {
                throw new WSEEServletEndpointException("Policy consumer is not supported");
            }
        } else {
            try {
                if (this.policyHandler != null) {
                    this.policyHandler.setPolicy(webServiceResource, strArr);
                }
            } catch (ConsumptionException e) {
                throw new WSEEServletEndpointException((Throwable) e);
            }
        }
    }

    private static final WebServiceResource createWebServiceResource(String str, String str2, String str3, String str4, String[] strArr) {
        return new WebServiceResource(str, str2, str3, str4, strArr);
    }

    private Map<String, String[]> getRolesAllowed(AnnotatedElement annotatedElement) {
        HashMap hashMap = new HashMap();
        RolesAllowed annotation = annotatedElement.getAnnotation(RolesAllowed.class);
        javax.annotation.security.RolesAllowed rolesAllowed = annotation == null ? (javax.annotation.security.RolesAllowed) annotatedElement.getAnnotation(javax.annotation.security.RolesAllowed.class) : null;
        if (annotation != null) {
            for (weblogic.jws.security.SecurityRole securityRole : annotation.value()) {
                hashMap.put(securityRole.role(), securityRole.mapToPrincipals());
            }
        }
        if (!isEJBDeployInfo && rolesAllowed != null) {
            String[] value = rolesAllowed.value();
            WebAppModule webAppModule = this.servletContext != null ? this.servletContext.getWebAppModule() : null;
            WeblogicWebAppBean wlWebAppBean = webAppModule != null ? webAppModule.getWlWebAppBean() : null;
            String[] strArr = {""};
            if (this.servletContext == null || webAppModule == null || wlWebAppBean == null) {
                for (String str : value) {
                    hashMap.put(str, strArr);
                }
            } else {
                SecurityRoleAssignmentBean[] securityRoleAssignments = wlWebAppBean.getSecurityRoleAssignments();
                for (String str2 : value) {
                    int length = securityRoleAssignments.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        SecurityRoleAssignmentBean securityRoleAssignmentBean = securityRoleAssignments[i];
                        if (str2.equals(securityRoleAssignmentBean.getRoleName())) {
                            hashMap.put(str2, securityRoleAssignmentBean.getPrincipalNames());
                            break;
                        }
                        i++;
                    }
                    if (!hashMap.containsKey(str2)) {
                        hashMap.put(str2, strArr);
                    }
                }
            }
        }
        return hashMap;
    }

    private static Map<String, String[]> getCallbackRolesAllowed(AnnotatedElement annotatedElement) {
        HashMap hashMap = new HashMap();
        CallbackRolesAllowed annotation = annotatedElement.getAnnotation(CallbackRolesAllowed.class);
        if (annotation != null) {
            for (weblogic.jws.security.SecurityRole securityRole : annotation.value()) {
                hashMap.put(securityRole.role(), securityRole.mapToPrincipals());
            }
        }
        return hashMap;
    }

    private static Map<String, String> getRolesReferenced(AnnotatedElement annotatedElement) {
        HashMap hashMap = new HashMap();
        RolesReferenced annotation = annotatedElement.getAnnotation(RolesReferenced.class);
        if (annotation != null) {
            for (SecurityRoleRef securityRoleRef : annotation.value()) {
                String role = securityRoleRef.role();
                String link = securityRoleRef.link();
                if (link.length() == 0) {
                    link = role;
                }
                hashMap.put(role, link);
            }
        }
        return hashMap;
    }

    private static AuthenticatedSubject getKernelID() {
        return (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    }

    private static final boolean isProduction() {
        return ManagementService.getRuntimeAccess(kernelId).getDomain().isProductionModeEnabled();
    }

    private static final SimpleDateFormat getTimeFormatter() {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
        return simpleDateFormat;
    }
}
