package weblogic.security.service;

import com.bea.common.security.utils.CommonUtils;
import java.io.File;
import java.io.FilePermission;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.cert.Certificate;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import weblogic.security.SecurityLogger;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.internal.CombiningPermissionCollection;
import weblogic.security.internal.ParsePolicies;

/* loaded from: input_file:weblogic/security/service/SupplementalPolicyObject.class */
public class SupplementalPolicyObject {
    public static final String extraSlash = "/";
    public static final String EJB_COMPONENT = "EJB";
    public static final String WEB_COMPONENT = "WEB";
    public static final String CONNECTOR_COMPONENT = "CONNECTOR";
    public static final String EE_EJB_COMPONENT = "EE_EJB";
    public static final String EE_WEB_COMPONENT = "EE_WEB";
    public static final String EE_CONNECTOR_COMPONENT = "EE_CONNECTOR";
    public static final String EE_RESTRICTED_PERMISSION_SET = "EE_RESTRICTED_PERMISSION_SET";
    private static final String EE_APPLICATION_RESTRICTED_PERMISSION_URL = "file:/javaee/application/restricted/permissions";
    public static final String EE_APPLICATION_CLIENT_COMPONENT = "EE_APPLICATION_CLIENT";
    private static final String JAVA_SEC_POLICY_PROP = "java.security.policy";
    private static final String RESTRICTED_PERMISSIONS_EXCLUDING_ALL_PERMISSION = "RESTRICTED_PERMISSIONS_EXCLUDING_ALL_PERMISSION";
    private static Map runTimePathCache = new Hashtable();
    private static Map deployPathCache = new Hashtable();
    private static Map defaultPermissions = new Hashtable();
    private static Map map = new Hashtable();
    private static final String fileSeparator = System.getProperty("file.separator");
    private static final String appRootPrefix = "WEBLOGIC-APPLICATION-ROOT";
    private static final String appRootString = appRootPrefix + fileSeparator;
    private static final int appRootPrefixLength = appRootPrefix.length();
    private static final Permission ALL_PERMISSION = new AllPermission();
    private static final boolean IS_DD_GRANT_DISABLED = Boolean.getBoolean("weblogic.security.dd.permissionSpecDisabled");
    private static final boolean IS_PACKAGED_PERMISSIONS_DISABLED = Boolean.getBoolean("weblogic.security.dd.javaEESecurityPermissionsDisabled");

    public static void initAppDefaults() {
        try {
            setDefaultPermissions("EJB", "file:/weblogic/application/defaults/EJB");
            setDefaultPermissions(WEB_COMPONENT, "file:/weblogic/application/defaults/Web");
            setDefaultPermissions("CONNECTOR", "file:/weblogic/application/defaults/Connector");
            setDefaultPermissions(EE_EJB_COMPONENT, "file:/javaee/application/defaults/EJB");
            setDefaultPermissions(EE_WEB_COMPONENT, "file:/javaee/application/defaults/Web");
            setDefaultPermissions(EE_CONNECTOR_COMPONENT, "file:/javaee/application/defaults/Connector");
            setDefaultPermissions(EE_APPLICATION_CLIENT_COMPONENT, "file:/javaee/application/defaults/Client");
            initGrantBlockPermissions(EE_APPLICATION_RESTRICTED_PERMISSION_URL, EE_RESTRICTED_PERMISSION_SET);
            copyRestrictedPermissionsIfNecessary();
        } catch (MalformedURLException e) {
            System.out.println("INTERNAL ERROR: " + e);
        }
    }

    public static void setDefaultPermissions(AuthenticatedSubject authenticatedSubject, String str, String str2) throws MalformedURLException {
        SecurityServiceManager.checkKernelIdentity(authenticatedSubject);
        setDefaultPermissions(str, str2);
    }

    private static void setDefaultPermissions(String str, String str2) throws MalformedURLException {
        defaultPermissions.put(str.toUpperCase(), Policy.getPolicy().getPermissions(new CodeSource(new URL(str2), (Certificate[]) null)));
    }

    public static void setPoliciesFromPermissions(AuthenticatedSubject authenticatedSubject, File file, PermissionCollection permissionCollection, String str) {
        setPoliciesInternal(authenticatedSubject, getDeployTimePathKey(file), permissionCollection, str);
    }

    public static void setPoliciesFromPermissions(AuthenticatedSubject authenticatedSubject, File[] fileArr, PermissionCollection permissionCollection, String str) {
        if (fileArr == null || fileArr.length <= 0) {
            return;
        }
        for (File file : fileArr) {
            setPoliciesInternal(authenticatedSubject, getDeployTimePathKey(file), permissionCollection, str);
        }
    }

    public static void setPoliciesFromPermissions(AuthenticatedSubject authenticatedSubject, String str, PermissionCollection permissionCollection, String str2) {
        setPoliciesInternal(authenticatedSubject, getDeployTimePathKey(str), permissionCollection, str2);
    }

    public static void setPoliciesFromPermissions(AuthenticatedSubject authenticatedSubject, String[] strArr, PermissionCollection permissionCollection, String str) {
        if (strArr == null || strArr.length <= 0) {
            return;
        }
        for (String str2 : strArr) {
            setPoliciesFromPermissions(authenticatedSubject, str2, permissionCollection, str);
        }
    }

    public static void setPoliciesFromPermissions(AuthenticatedSubject authenticatedSubject, URL url, PermissionCollection permissionCollection, String str) {
        setPoliciesInternal(authenticatedSubject, getDeployTimePathKey(url), permissionCollection, str);
    }

    public static void setPoliciesFromGrantStatement(AuthenticatedSubject authenticatedSubject, File file, String str, String str2) {
        SecurityServiceManager.checkKernelIdentity(authenticatedSubject);
        setPoliciesFromGrantStatement(authenticatedSubject, getDeployTimePathKey(file), str, str2);
    }

    public static void setPoliciesFromGrantStatement(AuthenticatedSubject authenticatedSubject, URL url, String str, String str2) {
        setPoliciesFromGrantStatement(authenticatedSubject, getDeployTimePathKey(url), str, str2);
    }

    public static void setPoliciesFromGrantStatement(AuthenticatedSubject authenticatedSubject, String str, String str2, String str3) {
        setPoliciesFromGrantStatement(authenticatedSubject, new String[]{str}, str2, str3);
    }

    public static void setPoliciesFromGrantStatement(AuthenticatedSubject authenticatedSubject, String[] strArr, String str, String str2) {
        PermissionCollection permissionCollection = null;
        if (str != null && !str.equals("")) {
            permissionCollection = ParsePolicies.parseGrantStatement(str);
        }
        if (strArr == null || strArr.length <= 0) {
            return;
        }
        for (String str3 : strArr) {
            setPoliciesInternal(authenticatedSubject, getDeployTimePathKey(str3), permissionCollection, str2);
        }
    }

    public static PermissionCollection getPolicies(File file) {
        return getPoliciesInternal(getRunTimePathKey(file));
    }

    public static PermissionCollection getPolicies(URL url) {
        if (url == null || !url.getProtocol().equals("file")) {
            return null;
        }
        return getPoliciesInternal(getRunTimePathKey(url));
    }

    public static void removePolicies(AuthenticatedSubject authenticatedSubject, File file) {
        try {
            removePolicies(authenticatedSubject, file.toURL());
        } catch (MalformedURLException e) {
        }
    }

    public static void removePolicies(AuthenticatedSubject authenticatedSubject, URL url) {
        removePolicies(authenticatedSubject, url.getPath());
    }

    public static synchronized void removePolicies(AuthenticatedSubject authenticatedSubject, String str) {
        String str2 = str + "/";
        removePoliciesInternal(authenticatedSubject, getRunTimePathKey(str2));
        if (deployPathCache.remove(str2) == null) {
            return;
        }
        Iterator it = runTimePathCache.keySet().iterator();
        while (it.hasNext()) {
            if (isPathMatched((String) it.next(), str2)) {
                it.remove();
            }
        }
    }

    public static void removePolicies(AuthenticatedSubject authenticatedSubject, String[] strArr) {
        if (strArr == null || strArr.length <= 0) {
            return;
        }
        for (String str : strArr) {
            removePolicies(authenticatedSubject, str);
        }
    }

    public static void clearPolicies(AuthenticatedSubject authenticatedSubject) {
        SecurityServiceManager.checkKernelIdentity(authenticatedSubject);
        map.clear();
    }

    public static boolean isAnyOfThePermissionsRestricted(PermissionCollection permissionCollection) {
        PermissionCollection defaultPermissions2;
        boolean z = false;
        if (permissionCollection != null && permissionCollection.elements().hasMoreElements() && (defaultPermissions2 = getDefaultPermissions(EE_APPLICATION_RESTRICTED_PERMISSION_URL, EE_RESTRICTED_PERMISSION_SET)) != null && defaultPermissions2.elements().hasMoreElements()) {
            if (!defaultPermissions2.implies(ALL_PERMISSION) || !permissionCollection.implies(ALL_PERMISSION)) {
                PermissionCollection permissionCollection2 = defaultPermissions2;
                if (defaultPermissions.get(RESTRICTED_PERMISSIONS_EXCLUDING_ALL_PERMISSION) != null) {
                    permissionCollection2 = (PermissionCollection) defaultPermissions.get(RESTRICTED_PERMISSIONS_EXCLUDING_ALL_PERMISSION);
                }
                Enumeration<Permission> elements = permissionCollection.elements();
                while (true) {
                    if (!elements.hasMoreElements()) {
                        break;
                    }
                    if (permissionCollection2.implies(elements.nextElement())) {
                        z = true;
                        break;
                    }
                }
            } else {
                z = true;
            }
        }
        return z;
    }

    private static void removePoliciesInternal(AuthenticatedSubject authenticatedSubject, String str) {
        SecurityServiceManager.checkKernelIdentity(authenticatedSubject);
        if (str == null) {
            return;
        }
        map.remove(str);
    }

    private static void setPoliciesInternal(AuthenticatedSubject authenticatedSubject, String str, PermissionCollection permissionCollection, String str2) {
        SecurityServiceManager.checkKernelIdentity(authenticatedSubject);
        if (str != null) {
            PermissionCollection defaultPermissions2 = getDefaultPermissions(str, str2);
            if (defaultPermissions2 == null && permissionCollection == null) {
                return;
            }
            if (defaultPermissions2 == null) {
                map.put(str, permissionCollection);
            } else if (permissionCollection == null) {
                map.put(str, defaultPermissions2);
            } else {
                map.put(str, new CombiningPermissionCollection(permissionCollection, false, defaultPermissions2, false));
            }
        }
    }

    private static PermissionCollection getDefaultPermissions(String str, String str2) {
        PermissionCollection permissionCollection = null;
        if (str2 != null) {
            permissionCollection = (PermissionCollection) defaultPermissions.get(str2.toUpperCase());
        }
        if (permissionCollection == null) {
            return null;
        }
        Permissions permissions = new Permissions();
        Enumeration<Permission> elements = permissionCollection.elements();
        while (elements.hasMoreElements()) {
            Permission nextElement = elements.nextElement();
            String name = nextElement.getName();
            if (nextElement instanceof FilePermission) {
                File file = new File(str);
                String path = file.getPath();
                FilePermission filePermission = (FilePermission) nextElement;
                if (name.startsWith(appRootString) || name.equals(appRootPrefix)) {
                    String substring = name.substring(appRootPrefixLength);
                    if (file.isDirectory()) {
                        path = path + substring;
                    }
                    permissions.add(new FilePermission(path, filePermission.getActions()));
                } else if (str2 == null || !str2.startsWith("EE_") || name == null || !name.trim().equals("*")) {
                    permissions.add(nextElement);
                } else {
                    if (file.isDirectory()) {
                        path = path + File.separator + "-";
                    }
                    permissions.add(new FilePermission(path, filePermission.getActions()));
                }
            } else {
                permissions.add(nextElement);
            }
        }
        permissions.setReadOnly();
        return permissions;
    }

    private static PermissionCollection getPoliciesInternal(String str) {
        if (str == null) {
            return null;
        }
        return (PermissionCollection) map.get(str);
    }

    private static String getRunTimePathKey(File file) {
        String str = null;
        try {
            str = getRunTimePathKey(file.toURL());
        } catch (MalformedURLException e) {
        }
        return str;
    }

    private static String getRunTimePathKey(URL url) {
        return getRunTimePathKey(url.getPath());
    }

    private static synchronized String getRunTimePathKey(String str) {
        String str2 = str + "/";
        String str3 = (String) deployPathCache.get(str2);
        if (str3 != null) {
            return str3;
        }
        String str4 = (String) runTimePathCache.get(str2);
        if (str4 != null) {
            return str4;
        }
        Iterator it = deployPathCache.keySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String str5 = (String) it.next();
            if (isPathMatched(str2, str5)) {
                str4 = (String) deployPathCache.get(str5);
                break;
            }
        }
        if (str4 != null) {
            runTimePathCache.put(str2, str4);
        }
        return str4;
    }

    private static String getDeployTimePathKey(File file) {
        String str = null;
        try {
            str = getDeployTimePathKey(file.toURL());
        } catch (MalformedURLException e) {
        }
        return str;
    }

    private static String getDeployTimePathKey(URL url) {
        return getDeployTimePathKey(url.getPath());
    }

    private static synchronized String getDeployTimePathKey(String str) {
        String str2 = str + "/";
        String str3 = (String) deployPathCache.get(str2);
        if (str3 == null) {
            str3 = str;
        }
        if (str2 != null && str3 != null) {
            deployPathCache.put(str2, str3);
        }
        return str3;
    }

    private static boolean isPathMatched(String str, String str2) {
        if (str.length() < str2.length()) {
            return false;
        }
        if (File.separator.equals(CommonUtils.SINGLE_ESCAPE_STR)) {
            if (str.indexOf(92) >= 0) {
                str = str.replace('\\', '/');
            }
            if (str2.indexOf(92) >= 0) {
                str2 = str2.replace('\\', '/');
            }
        }
        return str.startsWith(str2) || str.regionMatches(1, str2, 0, str2.length());
    }

    private static void outln(String str) {
        System.out.println(str);
    }

    private static PermissionCollection parsePermissionsFromGrant(String str) {
        PermissionCollection permissionCollection = null;
        String property = System.getProperty(JAVA_SEC_POLICY_PROP);
        if (property != null) {
            try {
                permissionCollection = ParsePolicies.parseGrantPermissionsFromPolicyFile((!property.startsWith("=") || property.length() <= 1) ? property : property.substring(1), str);
            } catch (SecurityServiceException e) {
                throw new InvalidParameterException(e);
            }
        }
        return permissionCollection;
    }

    private static void initGrantBlockPermissions(String str, String str2) {
        PermissionCollection parsePermissionsFromGrant;
        if (System.getSecurityManager() == null || (parsePermissionsFromGrant = parsePermissionsFromGrant(str)) == null) {
            return;
        }
        defaultPermissions.put(str2, parsePermissionsFromGrant);
    }

    private static void copyRestrictedPermissionsIfNecessary() {
        PermissionCollection defaultPermissions2 = getDefaultPermissions(EE_APPLICATION_RESTRICTED_PERMISSION_URL, EE_RESTRICTED_PERMISSION_SET);
        if (defaultPermissions2 == null || !defaultPermissions2.implies(ALL_PERMISSION)) {
            return;
        }
        Permissions permissions = new Permissions();
        Enumeration<Permission> elements = defaultPermissions2.elements();
        while (elements.hasMoreElements()) {
            Permission nextElement = elements.nextElement();
            if (!(nextElement instanceof AllPermission)) {
                permissions.add(nextElement);
            }
        }
        defaultPermissions.put(RESTRICTED_PERMISSIONS_EXCLUDING_ALL_PERMISSION, permissions);
    }

    public static boolean registerSEPermissions(AuthenticatedSubject authenticatedSubject, String[] strArr, PermissionCollection permissionCollection, String str, String str2, String str3, String str4) throws SecurityServiceException {
        return registerSEPermissions(authenticatedSubject, strArr, permissionCollection, (str == null || str.trim().length() <= 0) ? null : new String[]{str}, str2, str3, str4);
    }

    public static boolean registerSEPermissions(AuthenticatedSubject authenticatedSubject, String[] strArr, PermissionCollection permissionCollection, String[] strArr2, String str, String str2, String str3) throws SecurityServiceException {
        boolean z = false;
        if (System.getSecurityManager() != null) {
            PermissionCollection parseMultipleGrantStatements = ParsePolicies.parseMultipleGrantStatements(strArr2);
            if (!IS_PACKAGED_PERMISSIONS_DISABLED && !IS_DD_GRANT_DISABLED && parseMultipleGrantStatements != null && parseMultipleGrantStatements.elements().hasMoreElements() && permissionCollection != null && permissionCollection.elements().hasMoreElements()) {
                throw new SecurityServiceException(SecurityLogger.getConflictingPermissionsDeclarationError());
            }
            if (IS_PACKAGED_PERMISSIONS_DISABLED) {
                if (permissionCollection != null && IS_DD_GRANT_DISABLED) {
                    throw new SecurityServiceException(SecurityLogger.getPackagedPermissionsDisabledError());
                }
            } else if (permissionCollection != null || IS_DD_GRANT_DISABLED || strArr2 == null) {
                if (isAnyOfThePermissionsRestricted(permissionCollection)) {
                    throw new SecurityServiceException(SecurityLogger.getProhibitedPermissionsError());
                }
                setPoliciesFromPermissions(authenticatedSubject, strArr, permissionCollection, str3);
                z = true;
            }
            if (!z) {
                if (IS_DD_GRANT_DISABLED && parseMultipleGrantStatements != null && parseMultipleGrantStatements.elements().hasMoreElements()) {
                    throw new SecurityServiceException(SecurityLogger.getDeploymentDescriptorGrantDisabledError(str));
                }
                setPoliciesFromPermissions(authenticatedSubject, strArr, parseMultipleGrantStatements, str2);
                z = true;
            }
        }
        return z;
    }
}
