package weblogic.application.internal.flow;

import java.security.Policy;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyContextException;
import weblogic.application.internal.FlowContext;
import weblogic.j2ee.descriptor.ApplicationBean;
import weblogic.j2ee.descriptor.SecurityRoleBean;
import weblogic.j2ee.descriptor.wl.ApplicationSecurityRoleAssignmentBean;
import weblogic.management.DeploymentException;
import weblogic.security.jacc.RoleMapperFactory;

/* loaded from: input_file:weblogic/application/internal/flow/JACCPolicyConfigurationFlow.class */
public final class JACCPolicyConfigurationFlow extends BaseFlow {
    private final boolean useJACC;

    public JACCPolicyConfigurationFlow(FlowContext flowContext) {
        super(flowContext);
        this.useJACC = flowContext.getSecurityProvider().isJACCEnabled();
    }

    @Override // weblogic.application.internal.flow.BaseFlow, weblogic.application.internal.Flow
    public void prepare() throws DeploymentException {
        if (this.useJACC) {
            handleRoleMapping();
        }
    }

    @Override // weblogic.application.internal.flow.BaseFlow, weblogic.application.internal.Flow
    public void activate() throws DeploymentException {
        if (this.useJACC) {
            PolicyConfiguration[] jACCPolicyConfigurations = this.appCtx.getJACCPolicyConfigurations();
            linkPolicyConfigurations(jACCPolicyConfigurations);
            commitPolicyConfigurations(jACCPolicyConfigurations);
            refreshPolicy(jACCPolicyConfigurations);
        }
    }

    @Override // weblogic.application.internal.flow.BaseFlow, weblogic.application.internal.Flow
    public void unprepare() {
        if (this.useJACC) {
            refreshPolicy(this.appCtx.getJACCPolicyConfigurations());
        }
    }

    private void handleRoleMapping() throws DeploymentException {
        Map processRoleMappings = processRoleMappings();
        if (processRoleMappings != null) {
            try {
                RoleMapperFactory.getRoleMapperFactory().getRoleMapper(this.appCtx.getApplicationId(), false).addAppRolesToPrincipalMap(processRoleMappings);
            } catch (ClassNotFoundException e) {
                throw new DeploymentException(e);
            } catch (PolicyContextException e2) {
                throw new DeploymentException(e2);
            }
        }
    }

    private void refreshPolicy(PolicyConfiguration[] policyConfigurationArr) {
        if (policyConfigurationArr.length > 0) {
            Policy.getPolicy().refresh();
        }
    }

    private void linkPolicyConfigurations(PolicyConfiguration[] policyConfigurationArr) throws DeploymentException {
        if (policyConfigurationArr.length == 1) {
            return;
        }
        for (int length = policyConfigurationArr.length - 1; length > 0; length--) {
            try {
                policyConfigurationArr[length].linkConfiguration(policyConfigurationArr[length - 1]);
            } catch (PolicyContextException e) {
                throw new DeploymentException(e);
            }
        }
    }

    private void commitPolicyConfigurations(PolicyConfiguration[] policyConfigurationArr) throws DeploymentException {
        for (PolicyConfiguration policyConfiguration : policyConfigurationArr) {
            try {
                policyConfiguration.commit();
            } catch (PolicyContextException e) {
                throw new DeploymentException(e);
            }
        }
    }

    private String[] getSecurityRoleNames() {
        String[] strArr = null;
        ApplicationBean applicationDD = this.appCtx.getApplicationDD();
        if (applicationDD == null) {
            return null;
        }
        SecurityRoleBean[] securityRoles = applicationDD.getSecurityRoles();
        if (securityRoles != null && securityRoles.length != 0) {
            strArr = new String[securityRoles.length];
            for (int i = 0; i < securityRoles.length; i++) {
                strArr[i] = securityRoles[i].getRoleName();
            }
        }
        return strArr;
    }

    private Map processRoleMappings() throws DeploymentException {
        String[] securityRoleNames = getSecurityRoleNames();
        Map roleToPrincipalsMapping = getRoleToPrincipalsMapping();
        if (roleToPrincipalsMapping == null) {
            return null;
        }
        if (securityRoleNames == null || securityRoleNames.length == 0) {
            securityRoleNames = (String[]) roleToPrincipalsMapping.keySet().toArray(new String[roleToPrincipalsMapping.size()]);
        }
        if (securityRoleNames == null || securityRoleNames.length == 0) {
            return null;
        }
        HashMap hashMap = new HashMap(securityRoleNames.length);
        HashSet hashSet = new HashSet();
        for (String str : securityRoleNames) {
            String[] strArr = (String[]) roleToPrincipalsMapping.get(str);
            if (strArr == null) {
                hashSet.add(str);
            } else {
                hashMap.put(str, strArr);
            }
        }
        if (hashSet.isEmpty()) {
            return hashMap;
        }
        throw new DeploymentException("Cannot find a role mapping for the following roles: " + hashSet);
    }

    private Map getRoleToPrincipalsMapping() {
        ApplicationSecurityRoleAssignmentBean[] securityRoleAssignments;
        if (this.appCtx.getWLApplicationDD() == null || this.appCtx.getWLApplicationDD().getSecurity() == null || (securityRoleAssignments = this.appCtx.getWLApplicationDD().getSecurity().getSecurityRoleAssignments()) == null || securityRoleAssignments.length == 0) {
            return null;
        }
        HashMap hashMap = new HashMap();
        for (int i = 0; i < securityRoleAssignments.length; i++) {
            String[] principalNames = securityRoleAssignments[i].getPrincipalNames();
            if (principalNames != null && principalNames.length > 0) {
                hashMap.put(securityRoleAssignments[i].getRoleName(), principalNames);
            }
        }
        return hashMap;
    }
}
