package weblogic.ejb.container.internal;

import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.login.LoginException;
import javax.security.jacc.EJBMethodPermission;
import javax.security.jacc.PolicyContextException;
import org.apache.tools.ant.types.selectors.SelectorUtils;
import org.eclipse.persistence.jpa.jpql.parser.Expression;
import weblogic.application.ApplicationContextInternal;
import weblogic.application.SecurityRole;
import weblogic.diagnostics.debug.DebugLogger;
import weblogic.ejb.container.EJBDebugService;
import weblogic.ejb.container.EJBLogger;
import weblogic.ejb.container.compliance.EJBComplianceTextFormatter;
import weblogic.ejb.container.interfaces.DeploymentInfo;
import weblogic.ejb.container.interfaces.ISecurityHelper;
import weblogic.ejb.container.interfaces.MethodInfo;
import weblogic.ejb.container.interfaces.NoSuchRoleException;
import weblogic.ejb.container.interfaces.SecurityRoleMapping;
import weblogic.ejb.container.interfaces.SecurityRoleReference;
import weblogic.ejb.spi.WLDeploymentException;
import weblogic.ejb20.interfaces.PrincipalNotFoundException;
import weblogic.security.SubjectUtils;
import weblogic.security.WLSPrincipals;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.ContextHandler;
import weblogic.security.service.DeployHandleCreationException;
import weblogic.security.service.EJBResource;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.ResourceCreationException;
import weblogic.security.service.RoleCreationException;
import weblogic.security.service.SecurityApplicationInfo;
import weblogic.security.service.SecurityManager;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;

/* loaded from: input_file:weblogic/ejb/container/internal/SecurityHelper.class */
public final class SecurityHelper implements ISecurityHelper {
    private static final int SYSTEM_REALM = 0;
    private static final int APP_REALM = 1;
    private static final AuthenticatedSubject KERNEL_ID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static final DebugLogger debugLogger = EJBDebugService.securityLogger;
    private final boolean jaccEnabled;
    private final SecurityHelperWLS wlsHelper;
    private final SecurityHelperJACC jaccHelper;
    private final String sysRealmName;
    private final String appRealmName;
    private PrincipalAuthenticator appPrincipalAuth;
    private PrincipalAuthenticator sysPrincipalAuth;
    private final Map<String, List<MethodDescriptor>> checkedMethodDescriptors = new HashMap();
    private final Map<String, List<MethodDescriptor>> uncheckedMethodDescriptors = new HashMap();
    private final Map<String, List<MethodDescriptor>> excludedMethodDescriptors = new HashMap();
    private final EJBResource ejbResource;

    private SecurityHelper(DeploymentInfo deploymentInfo) {
        this.appRealmName = deploymentInfo.getSecurityRealmName();
        if (deploymentInfo.getJACCPolicyContextId() != null) {
            this.jaccHelper = new SecurityHelperJACC(deploymentInfo.getJACCPolicyConfig(), deploymentInfo.getJACCPolicyContextId(), deploymentInfo.getJACCCodeSourceURL(), deploymentInfo.getJACCRoleMapper());
            this.jaccEnabled = true;
            this.sysRealmName = null;
            this.wlsHelper = null;
        } else {
            this.sysRealmName = SecurityServiceManager.getDefaultRealmName();
            if (this.sysRealmName == null) {
                throw new RuntimeException("Could not get System Realm Name");
            }
            this.wlsHelper = new SecurityHelperWLS(deploymentInfo.getSecurityRealmName(), this.sysRealmName);
            this.jaccEnabled = false;
            this.jaccHelper = null;
        }
        this.ejbResource = new EJBResource(deploymentInfo.getApplicationId(), deploymentInfo.getModuleId(), null, null, null, null);
    }

    public static SecurityHelper newInstanceFor(DeploymentInfo deploymentInfo, AuthenticatedSubject authenticatedSubject) {
        SecurityServiceManager.checkKernelIdentity(authenticatedSubject);
        return new SecurityHelper(deploymentInfo);
    }

    public void pushSecurityContext(ContextHandler contextHandler) {
        if (this.jaccEnabled) {
            this.jaccHelper.pushSecurityContext(contextHandler);
        }
    }

    public void popSecurityContext() {
        if (this.jaccEnabled) {
            this.jaccHelper.popSecurityContext();
        }
    }

    public void setupApplicationInfo(ApplicationContextInternal applicationContextInternal, SecurityApplicationInfo securityApplicationInfo) {
        if (this.jaccEnabled) {
            this.jaccHelper.setupApplicationInfo(applicationContextInternal);
        } else {
            this.wlsHelper.setupApplicationInfo(securityApplicationInfo);
        }
    }

    @Override // weblogic.ejb.container.interfaces.ISecurityHelper
    public AuthenticatedSubject getSubjectForPrincipal(String str) throws PrincipalNotFoundException {
        try {
            AuthenticatedSubject impersonateIdentity = obtainPA(1).impersonateIdentity(str, null);
            if (debugLogger.isDebugEnabled()) {
                debug("getSubjectForPrincipal: for Principal: '" + str + "', Subject is: '" + impersonateIdentity.toString() + Expression.QUOTE);
            }
            return impersonateIdentity;
        } catch (LoginException e) {
            throw new PrincipalNotFoundException(e.getMessage(), e);
        }
    }

    public void deployRoles(DeploymentInfo deploymentInfo, SecurityRoleMapping securityRoleMapping, ApplicationContextInternal applicationContextInternal, int i) throws WLDeploymentException {
        try {
            if (this.jaccEnabled) {
                this.jaccHelper.deployRoles(deploymentInfo, securityRoleMapping);
            } else {
                this.wlsHelper.deployRoles(deploymentInfo, getDeployableSecurityRoleMapping(securityRoleMapping, applicationContextInternal, i, deploymentInfo), 1);
            }
        } catch (NoSuchRoleException | DeployHandleCreationException | RoleCreationException e) {
            throw new WLDeploymentException("Error occured deploying roles.", e);
        }
    }

    public void unDeployRoles(DeploymentInfo deploymentInfo) {
        if (this.jaccEnabled) {
            this.jaccHelper.unDeployRoles();
        } else {
            this.wlsHelper.unDeployRoles(deploymentInfo, 1);
        }
    }

    public void registerRoleRefs(String str, Map<String, SecurityRoleReference> map, DeploymentInfo deploymentInfo) throws WLDeploymentException {
        if (this.jaccEnabled) {
            try {
                this.jaccHelper.registerRoleRefs(str, map, deploymentInfo);
            } catch (PolicyContextException e) {
                throw new WLDeploymentException("Error registering role refs. ", e);
            }
        }
    }

    public void deployAllPolicies() throws WLDeploymentException {
        try {
            if (!this.jaccEnabled) {
                this.wlsHelper.beginPolicyRegistration();
            }
            for (String str : getEjbNames()) {
                if (debugLogger.isDebugEnabled()) {
                    debug("registering policies for EJB: " + str);
                }
                List<MethodDescriptor> checkedMethodDescriptors = getCheckedMethodDescriptors(str);
                if (debugLogger.isDebugEnabled() && checkedMethodDescriptors != null) {
                    debug("registering policies for all " + checkedMethodDescriptors.size() + " checked methods");
                }
                List<MethodDescriptor> uncheckedMethodDescriptors = getUncheckedMethodDescriptors(str);
                if (debugLogger.isDebugEnabled() && uncheckedMethodDescriptors != null) {
                    debug("registering policies for all " + uncheckedMethodDescriptors.size() + " unchecked methods");
                }
                List<MethodDescriptor> excludedMethodDescriptors = getExcludedMethodDescriptors(str);
                if (debugLogger.isDebugEnabled() && excludedMethodDescriptors != null) {
                    debug("registering policies for all " + excludedMethodDescriptors.size() + " excluded methods");
                }
                checkPolicies(str, checkedMethodDescriptors, uncheckedMethodDescriptors, excludedMethodDescriptors);
                deployPolicies(checkedMethodDescriptors, uncheckedMethodDescriptors, excludedMethodDescriptors, 1);
            }
            if (!this.jaccEnabled) {
                this.wlsHelper.endPolicyRegistration();
            }
        } catch (PolicyContextException | PrincipalNotFoundException | DeployHandleCreationException | ResourceCreationException e) {
            throw new WLDeploymentException("Error deploying policies. ", e);
        }
    }

    private void checkPolicies(String str, List<MethodDescriptor> list, List<MethodDescriptor> list2, List<MethodDescriptor> list3) {
        HashSet<String> hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        if (list != null) {
            Iterator<MethodDescriptor> it = list.iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().getMethodName());
            }
        }
        if (list2 != null) {
            Iterator<MethodDescriptor> it2 = list2.iterator();
            while (it2.hasNext()) {
                hashSet.add(it2.next().getMethodName());
            }
        }
        if (list3 != null) {
            Iterator<MethodDescriptor> it3 = list3.iterator();
            while (it3.hasNext()) {
                hashSet.add(it3.next().getMethodName());
            }
        }
        for (String str2 : hashSet) {
            for (String str3 : hashSet) {
                if (!hashSet2.contains(str2) && !str2.equals(str3) && str2.equalsIgnoreCase(str3)) {
                    hashSet2.add(str3);
                    EJBLogger.logMethodNameIsConflicteddUnderCaseInsensitiveComparison(str, str2, str3);
                }
            }
        }
    }

    private void deployPolicies(List<MethodDescriptor> list, List<MethodDescriptor> list2, List<MethodDescriptor> list3, int i) throws PolicyContextException, PrincipalNotFoundException {
        if (this.jaccEnabled) {
            this.jaccHelper.deployPolicies(list, list2, list3, this);
        } else {
            this.wlsHelper.deployPolicies(list, list2, list3, this, i);
        }
    }

    void unDeployAllPolicies() {
        if (this.jaccEnabled) {
            return;
        }
        this.wlsHelper.unDeployAllPolicies();
    }

    public boolean processUncheckedExcludedMethod(MethodDescriptor methodDescriptor) throws WLDeploymentException {
        try {
            if (methodDescriptor.getMethodInfo().getUnchecked()) {
                addUncheckedMethod(methodDescriptor);
                createEJBResource(methodDescriptor);
                if (!this.jaccEnabled) {
                    return true;
                }
                this.jaccHelper.processUncheckedExcludedMethod(methodDescriptor);
                return true;
            }
            if (!methodDescriptor.getMethodInfo().getIsExcluded()) {
                addCheckedMethod(methodDescriptor);
                return false;
            }
            addExcludedMethod(methodDescriptor);
            createEJBResource(methodDescriptor);
            if (!this.jaccEnabled) {
                return true;
            }
            this.jaccHelper.processUncheckedExcludedMethod(methodDescriptor);
            return true;
        } catch (PolicyContextException e) {
            throw new WLDeploymentException("Error processing policy. ", e);
        }
    }

    public void activate() {
        if (this.jaccEnabled) {
            this.jaccHelper.activate();
        }
    }

    public void deactivate() {
        if (this.jaccEnabled) {
            this.jaccHelper.deactivate();
        } else {
            this.wlsHelper.unDeployAllPolicies();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean fullyDelegateSecurityCheck() {
        if (this.jaccEnabled) {
            return true;
        }
        return this.wlsHelper.fullyDelegateSecurityCheck();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isAccessAllowed(EJBResource eJBResource, EJBMethodPermission eJBMethodPermission, ContextHandler contextHandler) {
        return this.jaccEnabled ? this.jaccHelper.isAccessAllowed(eJBMethodPermission, contextHandler) : this.wlsHelper.isAccessAllowed(eJBResource, contextHandler, 1);
    }

    @Override // weblogic.ejb.container.interfaces.ISecurityHelper
    public boolean isCallerInRole(String str, String str2, String str3) {
        AuthenticatedSubject currentSubject = CallerSubjectStack.getCurrentSubject();
        if (currentSubject != null) {
            return this.jaccEnabled ? this.jaccHelper.isCallerInRole(str, currentSubject, str2) : this.wlsHelper.isCallerInRole(this.ejbResource, currentSubject, str3, 1);
        }
        if (!debugLogger.isDebugEnabled()) {
            return false;
        }
        debug("isCallerInRole: Caller subject is null. isCallerInRole returns false");
        return false;
    }

    private void addCheckedMethod(MethodDescriptor methodDescriptor) {
        List<MethodDescriptor> list = this.checkedMethodDescriptors.get(methodDescriptor.getEjbName());
        if (list == null) {
            list = new ArrayList();
            this.checkedMethodDescriptors.put(methodDescriptor.getEjbName(), list);
        }
        list.add(methodDescriptor);
    }

    private void addUncheckedMethod(MethodDescriptor methodDescriptor) {
        List<MethodDescriptor> list = this.uncheckedMethodDescriptors.get(methodDescriptor.getEjbName());
        if (list == null) {
            list = new ArrayList();
            this.uncheckedMethodDescriptors.put(methodDescriptor.getEjbName(), list);
        }
        list.add(methodDescriptor);
    }

    private void addExcludedMethod(MethodDescriptor methodDescriptor) {
        List<MethodDescriptor> list = this.excludedMethodDescriptors.get(methodDescriptor.getEjbName());
        if (list == null) {
            list = new ArrayList();
            this.excludedMethodDescriptors.put(methodDescriptor.getEjbName(), list);
        }
        list.add(methodDescriptor);
    }

    private Set<String> getEjbNames() {
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.checkedMethodDescriptors.keySet());
        hashSet.addAll(this.uncheckedMethodDescriptors.keySet());
        hashSet.addAll(this.excludedMethodDescriptors.keySet());
        return hashSet;
    }

    private List<MethodDescriptor> getCheckedMethodDescriptors(String str) {
        return this.checkedMethodDescriptors.get(str);
    }

    private List<MethodDescriptor> getUncheckedMethodDescriptors(String str) {
        return this.uncheckedMethodDescriptors.get(str);
    }

    private List<MethodDescriptor> getExcludedMethodDescriptors(String str) {
        return this.excludedMethodDescriptors.get(str);
    }

    private PrincipalAuthenticator obtainPA(int i) {
        switch (i) {
            case 0:
                if (this.sysPrincipalAuth != null) {
                    return this.sysPrincipalAuth;
                }
                this.sysPrincipalAuth = (PrincipalAuthenticator) SecurityServiceManager.getSecurityService(KERNEL_ID, this.sysRealmName, SecurityService.ServiceType.AUTHENTICATION);
                return this.sysPrincipalAuth;
            case 1:
                if (this.appPrincipalAuth != null) {
                    return this.appPrincipalAuth;
                }
                this.appPrincipalAuth = (PrincipalAuthenticator) SecurityServiceManager.getSecurityService(KERNEL_ID, this.appRealmName, SecurityService.ServiceType.AUTHENTICATION);
                return this.appPrincipalAuth;
            default:
                throw new IllegalArgumentException("Unknown realm type: " + i);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Principal getPrincipalFromSubject(AuthenticatedSubject authenticatedSubject) {
        Principal userPrincipal;
        if (authenticatedSubject != null && (userPrincipal = SubjectUtils.getUserPrincipal(authenticatedSubject)) != null) {
            return userPrincipal;
        }
        return WLSPrincipals.getAnonymousUserPrincipal();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Principal getCurrentPrincipal() {
        return getPrincipalFromSubject(getCurrentSubject());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AuthenticatedSubject getCurrentSubject() {
        return SecurityManager.getCurrentSubject(KERNEL_ID);
    }

    public static void pushAnonymousSubject(AuthenticatedSubject authenticatedSubject) {
        pushRunAsSubject(authenticatedSubject, SubjectUtils.getAnonymousSubject());
    }

    public static void pushRunAsSubject(AuthenticatedSubject authenticatedSubject, AuthenticatedSubject authenticatedSubject2) {
        if (debugLogger.isDebugEnabled()) {
            debug("pushRunAsSubject to push: '" + authenticatedSubject2.toString() + "', currentSubject is: '" + getCurrentSubject() + "' ");
        }
        SecurityManager.pushSubject(authenticatedSubject, authenticatedSubject2);
    }

    public static void popRunAsSubject(AuthenticatedSubject authenticatedSubject) {
        if (debugLogger.isDebugEnabled()) {
            debug("popRunAsSubject,  subject before pop is: '" + getCurrentSubject() + Expression.QUOTE);
        }
        SecurityManager.popSubject(authenticatedSubject);
        if (debugLogger.isDebugEnabled()) {
            debug("popRunAsSubject,  subject after  pop is: '" + getCurrentSubject() + Expression.QUOTE);
        }
    }

    public static boolean pushSpecificRunAsMaybe(AuthenticatedSubject authenticatedSubject, AuthenticatedSubject authenticatedSubject2, AuthenticatedSubject authenticatedSubject3) {
        if (authenticatedSubject2 != null) {
            pushRunAsSubject(authenticatedSubject, authenticatedSubject2);
            return true;
        }
        if (authenticatedSubject3 != null) {
            pushRunAsSubject(authenticatedSubject, authenticatedSubject3);
            return true;
        }
        if (!SecurityServiceManager.isKernelIdentity(getCurrentSubject())) {
            return false;
        }
        pushAnonymousSubject(authenticatedSubject);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Principal getCallerPrincipal() throws PrincipalNotFoundException {
        Principal principalFromSubject = getPrincipalFromSubject(CallerSubjectStack.getCurrentSubject());
        if (principalFromSubject == null) {
            throw new PrincipalNotFoundException(EJBLogger.logmissingCallerPrincipalLoggable("getCallerPrincipal").getMessage());
        }
        return principalFromSubject;
    }

    public static void pushCallerPrincipal(AuthenticatedSubject authenticatedSubject) {
        SecurityServiceManager.checkKernelIdentity(authenticatedSubject);
        pushCallerPrincipal();
    }

    public static void popCallerPrincipal(AuthenticatedSubject authenticatedSubject) throws PrincipalNotFoundException {
        SecurityServiceManager.checkKernelIdentity(authenticatedSubject);
        popCallerPrincipal();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void pushCallerPrincipal() {
        AuthenticatedSubject currentSubject = getCurrentSubject();
        if (debugLogger.isDebugEnabled()) {
            debug("pushCallerPrincipal to push Subject: '" + currentSubject + "'  from which we get principal '" + getPrincipalFromSubject(currentSubject) + Expression.QUOTE);
        }
        CallerSubjectStack.pushSubject(currentSubject);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void popCallerPrincipal() throws PrincipalNotFoundException {
        if (debugLogger.isDebugEnabled()) {
            debug("popCallerPrincipal, CallerSubject before pop is: '" + CallerSubjectStack.getCurrentSubject() + Expression.QUOTE);
        }
        if (CallerSubjectStack.popSubject() == null) {
            throw new PrincipalNotFoundException(EJBLogger.logmissingCallerPrincipalLoggable("popCallerPrincipal").getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EJBResource createEJBResource(MethodDescriptor methodDescriptor) {
        String applicationName = methodDescriptor.getApplicationName();
        String moduleId = methodDescriptor.getModuleId();
        String ejbName = methodDescriptor.getEjbName();
        MethodInfo methodInfo = methodDescriptor.getMethodInfo();
        String[] canonicalMethodParamNames = getCanonicalMethodParamNames(methodDescriptor.getMethod());
        if (debugLogger.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            if (canonicalMethodParamNames.length > 0) {
                for (String str : canonicalMethodParamNames) {
                    sb.append(str).append(", ");
                }
            } else {
                sb.append(" NONE ");
            }
            debug("Creating EJBResource: application: '" + applicationName + "' moduleId: '" + moduleId + "' ejbName: '" + ejbName + "' methodName: '" + methodInfo.getMethodName() + "' interfaceType: '" + methodInfo.getMethodInterfaceType() + "' methodParams:     '" + sb.toString() + Expression.QUOTE);
        }
        return new EJBResource(applicationName, moduleId, ejbName, methodInfo.getMethodName(), methodInfo.getMethodInterfaceType(), canonicalMethodParamNames);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String[] getCanonicalMethodParamNames(Method method) {
        Class<?>[] parameterTypes = method.getParameterTypes();
        String[] strArr = new String[parameterTypes.length];
        for (int i = 0; i < parameterTypes.length; i++) {
            strArr[i] = parameterTypes[i].getCanonicalName();
        }
        return strArr;
    }

    private Map<String, String[]> getDeployableSecurityRoleMapping(SecurityRoleMapping securityRoleMapping, ApplicationContextInternal applicationContextInternal, int i, DeploymentInfo deploymentInfo) throws NoSuchRoleException, WLDeploymentException {
        switch (i) {
            case 0:
                if (debugLogger.isDebugEnabled()) {
                    debug("Deployable role map calculated for Compatibility mode");
                }
                return getCompatibilitySecurityRoleMapping(securityRoleMapping, deploymentInfo);
            case 1:
                if (debugLogger.isDebugEnabled()) {
                    debug("Deployable role map calculated for Application mode");
                }
                return getApplicationSecurityRoleMapping(securityRoleMapping, applicationContextInternal, i);
            case 2:
                if (debugLogger.isDebugEnabled()) {
                    debug("Deployable role map calculated for Externally Defined mode");
                }
                return getApplicationSecurityRoleMapping(securityRoleMapping, applicationContextInternal, i);
            default:
                throw new AssertionError("Unexpected role mapping behavior: " + i);
        }
    }

    private Map<String, String[]> getCompatibilitySecurityRoleMapping(SecurityRoleMapping securityRoleMapping, DeploymentInfo deploymentInfo) throws NoSuchRoleException, WLDeploymentException {
        HashMap hashMap = new HashMap();
        for (String str : securityRoleMapping.getSecurityRoleNames()) {
            if (!securityRoleMapping.isExternallyDefinedRole(str)) {
                if (!securityRoleMapping.isRoleMappedToPrincipals(str) && (!SelectorUtils.DEEP_TREE_MATCH.equals(str) || deploymentInfo.isAnyAuthUserRoleDefinedInDD())) {
                    throw new WLDeploymentException(EJBComplianceTextFormatter.getInstance().ROLE_NOT_MAPPED_TO_PRINCIPALS(str));
                }
                hashMap.put(str, securityRoleMapping.getSecurityRolePrincipalNames(str).toArray(new String[0]));
            } else if (debugLogger.isDebugEnabled()) {
                debug("Role '" + str + "' is externally defined; skipping deployment");
            }
        }
        return hashMap;
    }

    private Map<String, String[]> getApplicationSecurityRoleMapping(SecurityRoleMapping securityRoleMapping, ApplicationContextInternal applicationContextInternal, int i) throws NoSuchRoleException {
        HashMap hashMap = new HashMap();
        for (String str : securityRoleMapping.getSecurityRoleNames()) {
            if (!securityRoleMapping.isExternallyDefinedRole(str)) {
                SecurityRole securityRole = applicationContextInternal.getSecurityRole(str);
                if (securityRoleMapping.isRoleMappedToPrincipals(str)) {
                    if (securityRole != null && securityRole.isExternallyDefined()) {
                        hashMap.put(str, securityRoleMapping.getSecurityRolePrincipalNames(str).toArray(new String[0]));
                    }
                    if (securityRole == null || securityRole.getPrincipalNames() == null || securityRole.getPrincipalNames().length == 0) {
                        hashMap.put(str, securityRoleMapping.getSecurityRolePrincipalNames(str).toArray(new String[0]));
                    } else {
                        HashSet hashSet = new HashSet();
                        hashSet.addAll(securityRoleMapping.getSecurityRolePrincipalNames(str));
                        hashSet.addAll(Arrays.asList(securityRole.getPrincipalNames()));
                        hashMap.put(str, hashSet.toArray(new String[0]));
                    }
                } else if (securityRole == null || !securityRole.isExternallyDefined()) {
                    if (securityRole != null && securityRole.getPrincipalNames() != null && securityRole.getPrincipalNames().length != 0) {
                        hashMap.put(str, securityRole.getPrincipalNames());
                    } else if (i == 1) {
                        hashMap.put(str, new String[0]);
                    } else if (debugLogger.isDebugEnabled()) {
                        debug("Role '" + str + "' has no principals defined at app level or module level; skipping deployment");
                    }
                } else if (debugLogger.isDebugEnabled()) {
                    debug("Role '" + str + "' is externally defined at app level and no module principals defined; skipping deployment");
                }
            } else if (debugLogger.isDebugEnabled()) {
                debug("Role '" + str + "' is externally defined at module level; skipping deployment");
            }
        }
        return hashMap;
    }

    private static void debug(String str) {
        debugLogger.debug("[SecurityHelper] " + str);
    }
}
