package weblogic.servlet.security.internal;

import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.Collections;
import java.util.Map;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import javax.security.jacc.WebUserDataPermission;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import weblogic.application.ApplicationContext;
import weblogic.application.utils.ApplicationVersionUtils;
import weblogic.management.DeploymentException;
import weblogic.management.configuration.AppDeploymentMBean;
import weblogic.security.jacc.PolicyContextHandlerData;
import weblogic.security.jacc.RoleMapper;
import weblogic.security.jacc.RoleMapperFactory;
import weblogic.servlet.spi.JaccApplicationSecurity;
import weblogic.servlet.spi.SubjectHandle;
import weblogic.utils.collections.SoftHashMap;

/* loaded from: input_file:weblogic/servlet/security/internal/JACCSecurity.class */
public class JACCSecurity extends AbstractAppSecurity implements JaccApplicationSecurity {
    private static final boolean CACHE = true;
    private static final char DELIMITER = '_';
    private final RoleMapper roleMapper;
    private PolicyConfiguration policyConfig;
    private final CodeSource codeSource;
    private final ProtectionDomain protectionDomain;
    private final String contextId;
    private Map<SubjectHandle, ProtectionDomain> pdCache;
    private SoftHashMap<PermKey, WebUserDataPermission> udPermCache;
    private SoftHashMap<PermKey, WebRoleRefPermission> rrPermCache;
    private SoftHashMap<PermKey, WebResourcePermission> resPermCache;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/servlet/security/internal/JACCSecurity$PermKey.class */
    public class PermKey {
        private String key1;
        private String key2;

        private PermKey(String str, String str2) {
            this.key1 = str;
            this.key2 = str2;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof PermKey)) {
                return false;
            }
            PermKey permKey = (PermKey) obj;
            if (this.key2 != null) {
                if (!this.key2.equals(permKey.key2)) {
                    return false;
                }
            } else if (permKey.key2 != null) {
                return false;
            }
            return this.key1 != null ? this.key1.equals(permKey.key1) : permKey.key1 == null;
        }

        public int hashCode() {
            return (29 * (this.key1 != null ? this.key1.hashCode() : 0)) + (this.key2 != null ? this.key2.hashCode() : 0);
        }
    }

    public JACCSecurity(ServletSecurityServices servletSecurityServices, AppDeploymentMBean appDeploymentMBean, String str, String str2, ApplicationContext applicationContext, String str3, String str4) throws DeploymentException {
        super(servletSecurityServices, appDeploymentMBean, str, applicationContext == null ? null : applicationContext.getApplicationSecurityRealmName());
        this.pdCache = Collections.synchronizedMap(new SoftHashMap());
        this.udPermCache = new SoftHashMap<>();
        this.rrPermCache = new SoftHashMap<>();
        this.resPermCache = new SoftHashMap<>();
        this.contextId = str3 + '_' + ApplicationVersionUtils.replaceDelimiter(str2, '_') + '_' + str.replace('/', '_');
        try {
            this.policyConfig = PolicyConfigurationFactory.getPolicyConfigurationFactory().getPolicyConfiguration(this.contextId, true);
            this.roleMapper = RoleMapperFactory.getRoleMapperFactory().getRoleMapper(str2, this.contextId, false);
            this.codeSource = initializeCodeSource(str4);
            this.protectionDomain = new ProtectionDomain(this.codeSource, null);
            applicationContext.addJACCPolicyConfiguration(this.policyConfig);
        } catch (ClassNotFoundException e) {
            throw new DeploymentException(e);
        } catch (PolicyContextException e2) {
            throw new DeploymentException(e2);
        }
    }

    private CodeSource initializeCodeSource(String str) throws DeploymentException {
        try {
            return new CodeSource(new URL(new URI("file:///" + str.replace('\\', '/')).toString()), (Certificate[]) null);
        } catch (MalformedURLException e) {
            throw new DeploymentException(e);
        } catch (URISyntaxException e2) {
            throw new DeploymentException(e2);
        }
    }

    @Override // weblogic.servlet.spi.ApplicationSecurity
    public boolean isFullSecurityDelegationRequired() {
        return true;
    }

    @Override // weblogic.servlet.spi.ApplicationSecurity
    public void deployUncheckedPolicy(String str, String str2) throws DeploymentException {
        try {
            this.policyConfig.addToUncheckedPolicy(new WebResourcePermission(encodeColon(str), str2));
        } catch (PolicyContextException e) {
            throw new DeploymentException(e);
        }
    }

    @Override // weblogic.servlet.security.internal.AbstractAppSecurity, weblogic.servlet.spi.ApplicationSecurity
    public void deployUncheckedPolicy(Permission permission) throws DeploymentException {
        try {
            this.policyConfig.addToUncheckedPolicy(permission);
        } catch (PolicyContextException e) {
            throw new DeploymentException(e);
        }
    }

    @Override // weblogic.servlet.spi.ApplicationSecurity
    public void deployExcludedPolicy(String str, String str2) throws DeploymentException {
        String encodeColon = encodeColon(str);
        WebResourcePermission webResourcePermission = new WebResourcePermission(encodeColon, str2);
        WebUserDataPermission webUserDataPermission = new WebUserDataPermission(encodeColon, str2);
        try {
            this.policyConfig.addToExcludedPolicy(webResourcePermission);
            this.policyConfig.addToExcludedPolicy(webUserDataPermission);
        } catch (PolicyContextException e) {
            throw new DeploymentException(e);
        }
    }

    @Override // weblogic.servlet.spi.ApplicationSecurity
    public void deployRole(String str, String[] strArr) throws DeploymentException {
        try {
            this.policyConfig.addToRole(str, new WebRoleRefPermission("", str));
        } catch (PolicyContextException e) {
            throw new DeploymentException(e);
        }
    }

    @Override // weblogic.servlet.spi.JaccApplicationSecurity
    public void deployRole(String str, String str2, String str3) throws DeploymentException {
        try {
            this.policyConfig.addToRole(str, new WebResourcePermission(encodeColon(str2), str3));
        } catch (PolicyContextException e) {
            throw new DeploymentException(e);
        }
    }

    @Override // weblogic.servlet.spi.JaccApplicationSecurity
    public void deployRoleLink(String str, String str2, String str3) throws DeploymentException {
        try {
            this.policyConfig.addToRole(str, new WebRoleRefPermission(str2, str3));
        } catch (PolicyContextException e) {
            throw new DeploymentException(e);
        }
    }

    @Override // weblogic.servlet.spi.ApplicationSecurity
    public void startRoleAndPolicyDeployments() throws DeploymentException {
        try {
            this.policyConfig = PolicyConfigurationFactory.getPolicyConfigurationFactory().getPolicyConfiguration(this.contextId, false);
        } catch (ClassNotFoundException e) {
            throw new DeploymentException(e);
        } catch (PolicyContextException e2) {
            throw new DeploymentException(e2);
        }
    }

    @Override // weblogic.servlet.spi.ApplicationSecurity
    public void endRoleAndPolicyDeployments(Map map) throws DeploymentException {
        if (map != null && !map.isEmpty()) {
            this.roleMapper.addAppRolesToPrincipalMap(map);
        }
        try {
            this.policyConfig.commit();
            Policy.getPolicy().refresh();
        } catch (PolicyContextException e) {
            throw new DeploymentException(e);
        }
    }

    @Override // weblogic.servlet.spi.ApplicationSecurity
    public void unregisterPolicies() throws DeploymentException {
        try {
            this.policyConfig.delete();
        } catch (PolicyContextException e) {
            throw new DeploymentException(e);
        }
    }

    @Override // weblogic.servlet.spi.ApplicationSecurity
    public void unregisterRoles() throws DeploymentException {
        throw new UnsupportedOperationException("Unimplemented");
    }

    @Override // weblogic.servlet.spi.ApplicationSecurity
    public boolean isSubjectInRole(SubjectHandle subjectHandle, String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str2) {
        try {
            return implies(getWebRoleRefPermission(str2, str), getProtectionDomainForSubject(subjectHandle));
        } catch (SecurityException e) {
            return false;
        }
    }

    @Override // weblogic.servlet.spi.ApplicationSecurity
    public boolean hasPermission(SubjectHandle subjectHandle, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        try {
            return implies(getWebResourcePermission(httpServletRequest), getProtectionDomainForSubject(subjectHandle));
        } catch (SecurityException e) {
            return false;
        }
    }

    @Override // weblogic.servlet.spi.JaccApplicationSecurity
    public boolean checkTransport(String str, String str2) {
        return implies(getWebUserDataPermission(str, str2), this.protectionDomain);
    }

    @Override // weblogic.servlet.spi.JaccApplicationSecurity
    public PolicyContextHandlerData createContextHandlerData(HttpServletRequest httpServletRequest) {
        return getSecurityServices().createContextHandlerData(httpServletRequest);
    }

    private WebUserDataPermission getWebUserDataPermission(String str, String str2) {
        String encodeColon = encodeColon(str);
        PermKey permKey = new PermKey(encodeColon, str2);
        WebUserDataPermission webUserDataPermission = this.udPermCache.get(permKey);
        if (webUserDataPermission != null) {
            return webUserDataPermission;
        }
        WebUserDataPermission webUserDataPermission2 = new WebUserDataPermission(encodeColon, str2);
        this.udPermCache.put(permKey, webUserDataPermission2);
        return webUserDataPermission2;
    }

    private WebRoleRefPermission getWebRoleRefPermission(String str, String str2) {
        PermKey permKey = new PermKey(str, str2);
        WebRoleRefPermission webRoleRefPermission = this.rrPermCache.get(permKey);
        if (webRoleRefPermission != null) {
            return webRoleRefPermission;
        }
        WebRoleRefPermission webRoleRefPermission2 = new WebRoleRefPermission(str, str2);
        this.rrPermCache.put(permKey, webRoleRefPermission2);
        return webRoleRefPermission2;
    }

    private WebResourcePermission getWebResourcePermission(HttpServletRequest httpServletRequest) {
        String encodeColon = encodeColon(httpServletRequest.getServletPath());
        if (encodeColon.length() == 1 && encodeColon.charAt(0) == '/') {
            encodeColon = "";
        }
        String method = httpServletRequest.getMethod();
        PermKey permKey = new PermKey(encodeColon, method);
        WebResourcePermission webResourcePermission = this.resPermCache.get(permKey);
        if (webResourcePermission != null) {
            return webResourcePermission;
        }
        WebResourcePermission webResourcePermission2 = new WebResourcePermission(encodeColon, method);
        this.resPermCache.put(permKey, webResourcePermission2);
        return webResourcePermission2;
    }

    private ProtectionDomain getProtectionDomainForSubject(SubjectHandle subjectHandle) {
        Principal[] principals = getSecurityServices().getPrincipals(subjectHandle);
        ProtectionDomain protectionDomain = this.pdCache.get(subjectHandle);
        if (protectionDomain != null) {
            return protectionDomain;
        }
        ProtectionDomain protectionDomain2 = new ProtectionDomain(this.codeSource, null, null, principals);
        this.pdCache.put(subjectHandle, protectionDomain2);
        return protectionDomain2;
    }

    private boolean implies(Permission permission, ProtectionDomain protectionDomain) {
        String contextID = PolicyContext.getContextID();
        setPolicyContext(this.contextId);
        try {
            boolean implies = Policy.getPolicy().implies(protectionDomain, permission);
            setPolicyContext(contextID);
            return implies;
        } catch (Throwable th) {
            setPolicyContext(contextID);
            throw th;
        }
    }

    @Override // weblogic.servlet.spi.JaccApplicationSecurity
    public String getContextID() {
        return this.contextId;
    }

    private void setPolicyContext(final String str) {
        String contextID = PolicyContext.getContextID();
        if (contextID != str) {
            if (contextID == null || str == null || !contextID.equals(str)) {
                try {
                    AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: weblogic.servlet.security.internal.JACCSecurity.1
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            PolicyContext.setContextID(str);
                            return null;
                        }
                    });
                } catch (PrivilegedActionException e) {
                    PrivilegedActionException privilegedActionException = e;
                    if (e.getCause() != null) {
                        privilegedActionException = e.getCause();
                    }
                    throw new SecurityException(privilegedActionException.getMessage());
                }
            }
        }
    }

    private String encodeColon(String str) {
        return str.replaceAll(":", "%3A");
    }
}
