package com.ibm.ws.security.authorization.jacc.web.impl;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authorization.jacc.common.PolicyContextHandlerImpl;
import com.ibm.ws.security.authorization.jacc.web.WebSecurityValidator;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebUserDataPermission;
import javax.servlet.http.HttpServletRequest;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/authorization/jacc/web/impl/WebSecurityValidatorImpl.class */
public class WebSecurityValidatorImpl implements WebSecurityValidator {
    private static final TraceComponent tc = Tr.register(WebSecurityValidatorImpl.class);
    private static String[] jaccHandlerKeyArray = {"javax.security.auth.Subject.container", "javax.servlet.http.HttpServletRequest"};
    private static ProtectionDomain nullPd = new ProtectionDomain(new CodeSource((URL) null, (Certificate[]) null), null, null, null);
    private static CodeSource nullCs = new CodeSource((URL) null, (Certificate[]) null);
    private static PolicyContextHandlerImpl pch = PolicyContextHandlerImpl.getInstance();
    static final long serialVersionUID = -6992136892718851748L;

    public boolean checkDataConstraints(final String str, Object obj, final WebUserDataPermission webUserDataPermission) {
        Boolean bool;
        HttpServletRequest httpServletRequest = null;
        if (obj != null) {
            try {
                httpServletRequest = (HttpServletRequest) obj;
            } catch (ClassCastException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authorization.jacc.web.impl.WebSecurityValidatorImpl", "49", this, new Object[]{str, obj, webUserDataPermission});
                Tr.error(tc, "JACC_WEB_SPI_PARAMETER_ERROR", new Object[]{obj.getClass().getName(), "checkDataConstraints", "HttpServletRequest"});
                return false;
            }
        }
        Boolean bool2 = Boolean.FALSE;
        try {
            final HashMap hashMap = new HashMap();
            final HttpServletRequest httpServletRequest2 = httpServletRequest;
            bool = (Boolean) AccessController.doPrivileged(new PrivilegedExceptionAction<Boolean>() { // from class: com.ibm.ws.security.authorization.jacc.web.impl.WebSecurityValidatorImpl.1
                static final long serialVersionUID = 5506202845143740964L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Boolean run() throws PolicyContextException {
                    PolicyContext.setContextID(str);
                    for (String str2 : WebSecurityValidatorImpl.jaccHandlerKeyArray) {
                        PolicyContext.registerHandler(str2, WebSecurityValidatorImpl.pch, true);
                    }
                    hashMap.put(WebSecurityValidatorImpl.jaccHandlerKeyArray[1], httpServletRequest2);
                    PolicyContext.setHandlerData(hashMap);
                    if (WebSecurityValidatorImpl.tc.isDebugEnabled()) {
                        Tr.debug(WebSecurityValidatorImpl.tc, "Calling JACC implies", new Object[0]);
                    }
                    return Boolean.valueOf(Policy.getPolicy().implies(WebSecurityValidatorImpl.nullPd, webUserDataPermission));
                }
            });
        } catch (PrivilegedActionException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.authorization.jacc.web.impl.WebSecurityValidatorImpl", "78", this, new Object[]{str, obj, webUserDataPermission});
            Tr.error(tc, "JACC_WEB_IMPLIES_FAILURE", new Object[]{str, e2.getException()});
            bool = Boolean.FALSE;
        }
        return bool.booleanValue();
    }

    public boolean checkResourceConstraints(String str, Object obj, Permission permission, Subject subject) {
        HttpServletRequest httpServletRequest = null;
        if (obj != null) {
            try {
                httpServletRequest = (HttpServletRequest) obj;
            } catch (ClassCastException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.authorization.jacc.web.impl.WebSecurityValidatorImpl", "93", this, new Object[]{str, obj, permission, subject});
                Tr.error(tc, "JACC_WEB_SPI_PARAMETER_ERROR", new Object[]{obj.getClass().getName(), "checkDataConstraints", "HttpServletRequest"});
                return false;
            }
        }
        boolean z = false;
        try {
            z = checkResourceConstraints(str, httpServletRequest, permission, subject, new HashMap<>());
        } catch (PrivilegedActionException e2) {
            FFDCFilter.processException(e2, "com.ibm.ws.security.authorization.jacc.web.impl.WebSecurityValidatorImpl", "106", this, new Object[]{str, obj, permission, subject});
            Tr.error(tc, "JACC_WEB_IMPLIES_FAILURE", new Object[]{str, e2.getException()});
        }
        return z;
    }

    private boolean checkResourceConstraints(final String str, final HttpServletRequest httpServletRequest, final Permission permission, final Subject subject, final HashMap<String, Object> hashMap) throws PrivilegedActionException {
        Boolean bool = Boolean.FALSE;
        return ((Boolean) AccessController.doPrivileged(new PrivilegedExceptionAction<Boolean>() { // from class: com.ibm.ws.security.authorization.jacc.web.impl.WebSecurityValidatorImpl.2
            static final long serialVersionUID = -2021383360035354984L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass2.class);

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Boolean run() throws PolicyContextException {
                PolicyContext.setContextID(str);
                if (WebSecurityValidatorImpl.tc.isDebugEnabled()) {
                    Tr.debug(WebSecurityValidatorImpl.tc, "Registering JACC context handlers", new Object[0]);
                }
                for (String str2 : WebSecurityValidatorImpl.jaccHandlerKeyArray) {
                    PolicyContext.registerHandler(str2, WebSecurityValidatorImpl.pch, true);
                }
                hashMap.put(WebSecurityValidatorImpl.jaccHandlerKeyArray[0], subject);
                hashMap.put(WebSecurityValidatorImpl.jaccHandlerKeyArray[1], httpServletRequest);
                ProtectionDomain protectionDomain = (subject == null || subject.getPrincipals().size() <= 0) ? WebSecurityValidatorImpl.nullPd : new ProtectionDomain(WebSecurityValidatorImpl.nullCs, null, null, (Principal[]) subject.getPrincipals().toArray(new Principal[subject.getPrincipals().size()]));
                if (WebSecurityValidatorImpl.tc.isDebugEnabled()) {
                    Tr.debug(WebSecurityValidatorImpl.tc, "Setting JACC handler data", new Object[0]);
                }
                PolicyContext.setHandlerData(hashMap);
                if (WebSecurityValidatorImpl.tc.isDebugEnabled()) {
                    Tr.debug(WebSecurityValidatorImpl.tc, "Calling JACC implies. PD : " + protectionDomain, new Object[0]);
                }
                return Boolean.valueOf(Policy.getPolicy().implies(protectionDomain, permission));
            }
        })).booleanValue();
    }
}
