package weblogic.management;

import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import javax.inject.Singleton;
import org.glassfish.hk2.api.ActiveDescriptor;
import org.glassfish.hk2.api.Descriptor;
import org.glassfish.hk2.api.Filter;
import org.glassfish.hk2.api.Operation;
import org.glassfish.hk2.api.ValidationInformation;
import org.glassfish.hk2.api.ValidationService;
import org.glassfish.hk2.api.Validator;
import org.glassfish.hk2.utilities.ServiceLocatorUtilities;
import weblogic.management.internal.ConfigLogger;
import weblogic.utils.annotation.Secure;

@Singleton
/* loaded from: input_file:weblogic/management/ValidationServiceImpl.class */
public class ValidationServiceImpl implements ValidationService {
    private static final Permission DEFAULT_REQUIRED_PERMISSION = new RuntimePermission(Secure.DEFAULT_PERMISSION);
    private static final Filter FILTER = new Filter() { // from class: weblogic.management.ValidationServiceImpl.1
        @Override // org.glassfish.hk2.api.Filter
        public boolean matches(Descriptor descriptor) {
            return descriptor.getQualifiers().contains(Secure.class.getName());
        }
    };
    private final Validator VALIDATOR = new ValidatorImpl();

    /* loaded from: input_file:weblogic/management/ValidationServiceImpl$ValidatorImpl.class */
    private static class ValidatorImpl implements Validator {
        private ValidatorImpl() {
        }

        private boolean checkBinder(ValidationInformation validationInformation) {
            ActiveDescriptor<?> candidate = validationInformation.getCandidate();
            if (ValidationServiceImpl.FILTER.matches(candidate)) {
                return checkPerm(candidate, getVariablePermission(candidate));
            }
            return true;
        }

        private boolean checkUnBinder(ValidationInformation validationInformation) {
            ActiveDescriptor<?> candidate = validationInformation.getCandidate();
            if (ValidationServiceImpl.FILTER.matches(candidate)) {
                return checkPerm(candidate, getVariablePermission(candidate));
            }
            return true;
        }

        private boolean checkLookupAPI(ValidationInformation validationInformation) {
            return checkPerm(validationInformation.getCandidate(), getVariablePermission(validationInformation.getCandidate()));
        }

        private static Permission getVariablePermission(ActiveDescriptor<?> activeDescriptor) {
            String oneMetadataField;
            if (activeDescriptor != null && activeDescriptor.getQualifiers().contains(Secure.class.getName()) && (oneMetadataField = ServiceLocatorUtilities.getOneMetadataField(activeDescriptor, Secure.PERMISSION_METADATA)) != null && !Secure.DEFAULT_PERMISSION.equals(oneMetadataField)) {
                return new RuntimePermission(oneMetadataField);
            }
            return ValidationServiceImpl.DEFAULT_REQUIRED_PERMISSION;
        }

        private boolean checkInjectionPoint(final ValidationInformation validationInformation) {
            final Class<?> injecteeClass = validationInformation.getInjectee().getInjecteeClass();
            final ProtectionDomain protectionDomain = (ProtectionDomain) AccessController.doPrivileged(new PrivilegedAction<ProtectionDomain>() { // from class: weblogic.management.ValidationServiceImpl.ValidatorImpl.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ProtectionDomain run() {
                    return injecteeClass.getProtectionDomain();
                }
            });
            final Permission variablePermission = getVariablePermission(validationInformation.getCandidate());
            boolean implies = protectionDomain.implies(variablePermission);
            if (!implies) {
                AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: weblogic.management.ValidationServiceImpl.ValidatorImpl.2
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        ConfigLogger.logInjectionFailure(validationInformation.getCandidate().toString(), injecteeClass.getName(), protectionDomain.toString(), variablePermission.toString());
                        return null;
                    }
                });
            }
            return implies;
        }

        private boolean checkLookup(ValidationInformation validationInformation) {
            return validationInformation.getInjectee() == null ? checkLookupAPI(validationInformation) : checkInjectionPoint(validationInformation);
        }

        @Override // org.glassfish.hk2.api.Validator
        public boolean validate(ValidationInformation validationInformation) {
            Operation operation = validationInformation.getOperation();
            if (Operation.BIND.equals(operation)) {
                return checkBinder(validationInformation);
            }
            if (Operation.UNBIND.equals(operation)) {
                return checkUnBinder(validationInformation);
            }
            if (Operation.LOOKUP.equals(operation)) {
                return checkLookup(validationInformation);
            }
            return false;
        }

        private static boolean checkPerm(final ActiveDescriptor<?> activeDescriptor, final Permission permission) {
            try {
                AccessController.checkPermission(permission);
                return true;
            } catch (AccessControlException e) {
                AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: weblogic.management.ValidationServiceImpl.ValidatorImpl.3
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        ConfigLogger.logServiceValidationPermissionFailure(ActiveDescriptor.this.toString(), permission.toString(), e);
                        return null;
                    }
                });
                return false;
            }
        }
    }

    @Override // org.glassfish.hk2.api.ValidationService
    public Filter getLookupFilter() {
        return FILTER;
    }

    @Override // org.glassfish.hk2.api.ValidationService
    public Validator getValidator() {
        return this.VALIDATOR;
    }
}
