package weblogic.security.jacc.simpleprovider;

import java.security.AccessController;
import java.security.CodeSource;
import java.security.NoSuchAlgorithmException;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.util.Collection;
import java.util.Enumeration;
import javax.security.jacc.PolicyContext;
import weblogic.diagnostics.debug.DebugLogger;
import weblogic.security.SecurityLogger;

/* loaded from: input_file:weblogic/security/jacc/simpleprovider/SimpleJACCPolicy.class */
public final class SimpleJACCPolicy extends Policy {
    private Policy defaultPolicy;
    private static DebugLogger jaccDebugLogger = DebugLogger.getDebugLogger("DebugSecurityJACCPolicy");

    public SimpleJACCPolicy() {
        if (jaccDebugLogger.isDebugEnabled()) {
            log("SimpleJACCPolicy no arg constructor");
        }
        try {
            this.defaultPolicy = (Policy) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: weblogic.security.jacc.simpleprovider.SimpleJACCPolicy.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws PrivilegedActionException {
                    try {
                        return Policy.getInstance("JavaPolicy", null);
                    } catch (NoSuchAlgorithmException e) {
                        throw new PrivilegedActionException(e);
                    } catch (Exception e2) {
                        throw new PrivilegedActionException(e2);
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            if (jaccDebugLogger.isDebugEnabled()) {
                jaccDebugLogger.debug("Failed to create a policy instance: " + e.getException());
            }
            throw new RuntimeException(SecurityLogger.getUnableToCreatePolicyInstance("JavaPolicy", e.getException()), e.getException());
        }
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        String contextID = PolicyContext.getContextID();
        return removeExcludedPermissions(contextID, getPolicyConfigurationPolicyForContext(contextID).getPermissions(codeSource));
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        String contextID = PolicyContext.getContextID();
        return removeExcludedPermissions(contextID, getPolicyConfigurationPolicyForContext(contextID).getPermissions(protectionDomain));
    }

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        if (jaccDebugLogger.isDebugEnabled()) {
            log("SimpleJACCPolicy.implies " + permission);
        }
        String contextID = PolicyContext.getContextID();
        Policy policyConfigurationPolicyForContext = getPolicyConfigurationPolicyForContext(contextID);
        Permissions excludedPermissionsForContext = getExcludedPermissionsForContext(contextID);
        boolean implies = policyConfigurationPolicyForContext.implies(protectionDomain, permission);
        if (jaccDebugLogger.isDebugEnabled()) {
            log("SimpleJACCPolicy.implies " + (!implies ? "denied " : "granted") + " policy: " + (policyConfigurationPolicyForContext == this.defaultPolicy ? "default" : contextID == null ? " null" : contextID) + " " + permission);
        }
        if (implies && excludedPermissionsForContext != null) {
            if (shouldExclude(permission, excludedPermissionsForContext)) {
                implies = false;
            }
            if (jaccDebugLogger.isDebugEnabled()) {
                log("SimpleJACCPolicy.implies " + (!implies ? "denied " : "granted") + permission + " after applying excluded Permissions");
            }
        }
        return implies;
    }

    @Override // java.security.Policy
    public void refresh() {
        if (jaccDebugLogger.isDebugEnabled()) {
            log("SimpleJACCPolicy.refresh");
        }
        this.defaultPolicy.refresh();
        Collection<PolicyConfigurationImpl> policyConfigurationImpls = PolicyConfigurationFactoryImpl.getPolicyConfigurationImpls();
        if (policyConfigurationImpls != null) {
            for (PolicyConfigurationImpl policyConfigurationImpl : policyConfigurationImpls) {
                if (policyConfigurationImpl != null) {
                    policyConfigurationImpl.refresh();
                }
            }
        }
    }

    private Policy getPolicyConfigurationPolicyForContext(String str) {
        PolicyConfigurationImpl policyConfigurationImpl;
        Policy policy = null;
        if (str != null && (policyConfigurationImpl = PolicyConfigurationFactoryImpl.getPolicyConfigurationImpl(str)) != null) {
            policy = policyConfigurationImpl.getPolicy();
        }
        if (policy == null) {
            policy = this.defaultPolicy;
        }
        return policy;
    }

    private Permissions getExcludedPermissionsForContext(String str) {
        PolicyConfigurationImpl policyConfigurationImpl;
        Permissions permissions = null;
        if (str != null && (policyConfigurationImpl = PolicyConfigurationFactoryImpl.getPolicyConfigurationImpl(str)) != null) {
            permissions = policyConfigurationImpl.getExcludedPermissions();
        }
        return permissions;
    }

    private PermissionCollection removeExcludedPermissions(String str, PermissionCollection permissionCollection) {
        boolean z = false;
        Permissions excludedPermissionsForContext = getExcludedPermissionsForContext(str);
        PermissionCollection permissionCollection2 = null;
        if (excludedPermissionsForContext != null && excludedPermissionsForContext.elements().hasMoreElements()) {
            Enumeration<Permission> elements = permissionCollection.elements();
            while (elements.hasMoreElements()) {
                Permission nextElement = elements.nextElement();
                if (shouldExclude(nextElement, excludedPermissionsForContext)) {
                    z = true;
                } else {
                    if (permissionCollection2 == null) {
                        permissionCollection2 = new Permissions();
                    }
                    permissionCollection2.add(nextElement);
                }
            }
        }
        if (!z) {
            permissionCollection2 = permissionCollection;
        }
        return permissionCollection2;
    }

    private boolean shouldExclude(Permission permission, Permissions permissions) {
        boolean z = false;
        if (permissions != null && permissions.elements().hasMoreElements()) {
            if (!permissions.implies(permission)) {
                Enumeration<Permission> elements = permissions.elements();
                while (true) {
                    if (!elements.hasMoreElements() && 0 == 0) {
                        break;
                    }
                    Permission nextElement = elements.nextElement();
                    if (permission.implies(nextElement)) {
                        z = true;
                        log("SimpleJACCPolicy excluding granted: " + permission + " implies: " + nextElement);
                        break;
                    }
                }
            } else {
                z = true;
                log("SimpleJACCPolicy excluding excludedPermissions implies: " + permission);
            }
        }
        return z;
    }

    private void log(String str) {
        System.out.println(str);
    }
}
