package com.ibm.ws.security.authorization.builtin.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.javaee.version.JavaEEVersion;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authorization.AccessDecisionService;
import java.util.Collection;
import java.util.Iterator;
import javax.security.auth.Subject;
import org.osgi.framework.ServiceReference;
import org.osgi.framework.Version;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.authorization.builtin_1.0.10.jar:com/ibm/ws/security/authorization/builtin/internal/BuiltinAccessDecisionService.class */
public class BuiltinAccessDecisionService implements AccessDecisionService {
    private static final TraceComponent tc = Tr.register(BuiltinAccessDecisionService.class);
    private ServiceReference<JavaEEVersion> eeVersionRef;
    private volatile Version eeVersion = JavaEEVersion.DEFAULT_VERSION;
    private static final String ALL_AUTHENTICATED_ROLE = "**";
    private static final String STARSTAR_ROLE = "_starstar_";
    static final long serialVersionUID = -1612858456700178360L;

    public synchronized void setVersion(ServiceReference<JavaEEVersion> serviceReference) {
        this.eeVersionRef = serviceReference;
        this.eeVersion = Version.parseVersion((String) serviceReference.getProperty("version"));
    }

    public synchronized void unsetVersion(ServiceReference<JavaEEVersion> serviceReference) {
        if (serviceReference == this.eeVersionRef) {
            this.eeVersionRef = null;
            this.eeVersion = JavaEEVersion.DEFAULT_VERSION;
        }
    }

    private boolean isEEVersion7() {
        return this.eeVersion.compareTo(JavaEEVersion.VERSION_7_0) >= 0;
    }

    @Override // com.ibm.ws.security.authorization.AccessDecisionService
    public boolean isGranted(String str, Collection<String> collection, Collection<String> collection2, Subject subject) {
        if (subject != null && collection.contains(ALL_AUTHENTICATED_ROLE) && isEEVersion7()) {
            return true;
        }
        if (collection2 == null) {
            return false;
        }
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            String next = it.next();
            if (next.equals(STARSTAR_ROLE)) {
                next = ALL_AUTHENTICATED_ROLE;
            }
            if (collection2.contains(next)) {
                return true;
            }
        }
        return false;
    }
}
