package com.ibm.ws.security.java2sec;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.wsspi.classloading.ClassLoadingService;
import com.ibm.wsspi.kernel.service.utils.ConcurrentServiceReferenceSet;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.Permissions;
import java.security.ProtectionDomain;
import java.security.SecurityPermission;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.AuthPermission;
import org.apache.aries.blueprint.parser.Parser;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Deactivate;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.java2sec_1.0.11.jar:com/ibm/ws/security/java2sec/PermissionManager.class */
public class PermissionManager {
    private static final TraceComponent tc = Tr.register(PermissionManager.class);
    private ClassLoadingService classLoadingService;
    private static Permission[] DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS;
    private static Permission[] DEFAULT_CLIENT_RESTRICTABLE_PERMISSIONS;
    private static final String KEY_PERMISSION = "permission";
    private static final String INCORRECT_PERMISSION_CONFIGURATION = "INCORRECT_PERMISSION_CONFIGURATION";
    private static final String SERVER_XML = "server.xml";
    private static final String CLIENT_XML = "client.xml";
    static final long serialVersionUID = -7757723288694399077L;
    private boolean isServer = true;
    private ArrayList<Permission> restrictablePermissions = new ArrayList<>();
    private ArrayList<Permission> grantedPermissions = new ArrayList<>();
    private String originationFile = null;
    private final ConcurrentServiceReferenceSet<JavaPermissionsConfiguration> permissions = new ConcurrentServiceReferenceSet<>(KEY_PERMISSION);
    private Map<String, ArrayList<Permission>> codeBasePermissionMap = new HashMap();

    @Activate
    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        this.isServer = "server".equals(componentContext.getBundleContext().getProperty("wlp.process.type"));
        this.permissions.activate(componentContext);
        initializePermissions();
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
        this.permissions.deactivate(componentContext);
        clearPermissions();
    }

    protected void setPermission(ServiceReference<JavaPermissionsConfiguration> serviceReference) {
        this.permissions.addReference(serviceReference);
    }

    protected void unsetPermission(ServiceReference<JavaPermissionsConfiguration> serviceReference) {
        this.permissions.removeReference(serviceReference);
        clearPermissions();
        initializePermissions();
    }

    protected void updatedConfiguration(ServiceReference<JavaPermissionsConfiguration> serviceReference) {
        this.permissions.removeReference(serviceReference);
        this.permissions.addReference(serviceReference);
        clearPermissions();
        initializePermissions();
    }

    private void clearPermissions() {
        this.restrictablePermissions.clear();
        this.grantedPermissions.clear();
    }

    protected void setClassLoadingService(ClassLoadingService classLoadingService) {
        this.classLoadingService = classLoadingService;
    }

    protected void unsetClassLoadingService(ClassLoadingService classLoadingService) {
        this.classLoadingService = null;
    }

    private void initializePermissions() {
        int length;
        Iterable<JavaPermissionsConfiguration> services;
        if (tc.isDebugEnabled()) {
            if (this.isServer) {
                Tr.debug(tc, "running on server ", new Object[0]);
            } else {
                Tr.debug(tc, "running on client ", new Object[0]);
            }
        }
        if (this.isServer) {
            length = DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS.length;
            this.originationFile = "server.xml";
        } else {
            length = DEFAULT_CLIENT_RESTRICTABLE_PERMISSIONS.length;
            this.originationFile = "client.xml";
        }
        for (int i = 0; i < length; i++) {
            if (this.isServer) {
                this.restrictablePermissions.add(DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS[i]);
            } else {
                this.restrictablePermissions.add(DEFAULT_CLIENT_RESTRICTABLE_PERMISSIONS[i]);
            }
        }
        if (this.permissions != null && !this.permissions.isEmpty() && (services = this.permissions.services()) != null) {
            for (JavaPermissionsConfiguration javaPermissionsConfiguration : services) {
                String valueOf = String.valueOf(javaPermissionsConfiguration.get(JavaPermissionsConfiguration.PERMISSION));
                String valueOf2 = String.valueOf(javaPermissionsConfiguration.get("name"));
                String valueOf3 = String.valueOf(javaPermissionsConfiguration.get(JavaPermissionsConfiguration.ACTIONS));
                String valueOf4 = String.valueOf(javaPermissionsConfiguration.get(JavaPermissionsConfiguration.SIGNED_BY));
                String valueOf5 = String.valueOf(javaPermissionsConfiguration.get(JavaPermissionsConfiguration.PRINCIPAL_TYPE));
                String valueOf6 = String.valueOf(javaPermissionsConfiguration.get("principalName"));
                String valueOf7 = String.valueOf(javaPermissionsConfiguration.get("codebase"));
                Permission createPermissionObject = createPermissionObject(valueOf, valueOf2, valueOf3, valueOf4, valueOf5, valueOf6, this.originationFile);
                if (javaPermissionsConfiguration.get(JavaPermissionsConfiguration.RESTRICTION) != null ? ((Boolean) javaPermissionsConfiguration.get(JavaPermissionsConfiguration.RESTRICTION)).booleanValue() : false) {
                    if (createPermissionObject != null) {
                        this.restrictablePermissions.add(createPermissionObject);
                    }
                } else if (createPermissionObject != null) {
                    if (valueOf7 == null || valueOf7.equalsIgnoreCase(Parser.NULL_ELEMENT)) {
                        this.grantedPermissions.add(createPermissionObject);
                    } else {
                        setCodeBasePermission(valueOf7, createPermissionObject);
                    }
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "restrictablePermissions : " + this.restrictablePermissions, new Object[0]);
                Tr.debug(tc, "grantedPermissions : " + this.grantedPermissions, new Object[0]);
            }
        }
        setSharedLibraryPermission();
    }

    private void setCodeBasePermission(String str, Permission permission) {
        if (this.codeBasePermissionMap.containsKey(str)) {
            this.codeBasePermissionMap.get(str).add(permission);
            return;
        }
        ArrayList<Permission> arrayList = new ArrayList<>();
        arrayList.add(permission);
        this.codeBasePermissionMap.put(str.replace("\\", "/"), arrayList);
    }

    private void setSharedLibraryPermission() {
        HashMap hashMap = new HashMap();
        for (String str : this.codeBasePermissionMap.keySet()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "codeBase = " + str, new Object[0]);
            }
            ArrayList<Permission> arrayList = this.codeBasePermissionMap.get(str);
            if (tc.isDebugEnabled()) {
                for (int i = 0; i < arrayList.size(); i++) {
                    Tr.debug(tc, " permission: " + arrayList.get(i), new Object[0]);
                }
            }
            hashMap.put(str, createProtectionDomain(str, arrayList));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "protectionDomainMap.size = " + hashMap.size(), new Object[0]);
        }
        if (this.classLoadingService != null) {
            this.classLoadingService.setSharedLibraryProtectionDomains(hashMap);
        }
    }

    private ProtectionDomain createProtectionDomain(String str, ArrayList<Permission> arrayList) {
        Permissions permissions = new Permissions();
        if (java2SecurityEnabled()) {
            Iterator<Permission> it = arrayList.iterator();
            while (it.hasNext()) {
                permissions.add(it.next());
            }
        } else {
            permissions.add(new AllPermission());
        }
        CodeSource codeSource = null;
        try {
            codeSource = new CodeSource(new URL("wsjar:file:/" + str), (Certificate[]) null);
        } catch (MalformedURLException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.java2sec.PermissionManager", "293", this, new Object[]{str, arrayList});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to create code source for protection domain", new Object[0]);
            }
        }
        return new ProtectionDomain(codeSource, permissions);
    }

    public Permission createPermissionObject(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        Permission permission = null;
        if (str2 != null && (str2.equals("ALL FILES") || str2.contains("ALL FILES"))) {
            str2 = "<<ALL FILES>>";
        }
        if (str != null) {
            try {
                if (!str.equalsIgnoreCase(Parser.NULL_ELEMENT)) {
                    if (!str.equalsIgnoreCase("javax.security.auth.PrivateCredentialPermission")) {
                        permission = (str3 == null || str3.equalsIgnoreCase(Parser.NULL_ELEMENT)) ? (str2 == null || str2.equalsIgnoreCase(Parser.NULL_ELEMENT)) ? (Permission) Class.forName(str).newInstance() : (Permission) Class.forName(str).getConstructor(String.class).newInstance(str2) : (Permission) Class.forName(str).getConstructor(String.class, String.class).newInstance(str2, str3);
                    } else if (str2 == null || str2.equalsIgnoreCase(Parser.NULL_ELEMENT)) {
                        permission = (Permission) Class.forName(str).getConstructor(String.class, String.class).newInstance(str4 + " " + str5 + " \"" + str6 + "\"", "read");
                    } else {
                        permission = (Permission) Class.forName(str).getConstructor(String.class, String.class).newInstance(str2, "read");
                    }
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.java2sec.PermissionManager", "352", this, new Object[]{str, str2, str3, str4, str5, str6, str7});
                if (tc.isWarningEnabled()) {
                    String str8 = null;
                    if (e.getCause() != null) {
                        str8 = e.getCause().getClass().getName() + "[" + e.getCause().getMessage() + "]";
                    } else if (e.getMessage() != null) {
                        str8 = e.getClass().getName() + "[" + e.getMessage() + "]";
                    }
                    if (str8 == null) {
                        str8 = "unknown reasons";
                    }
                    Tr.warning(tc, INCORRECT_PERMISSION_CONFIGURATION, str, str8, str7);
                }
            }
        }
        return permission;
    }

    public ArrayList<Permission> getRestrictablePermissions() {
        return (ArrayList) this.restrictablePermissions.clone();
    }

    public ArrayList<Permission> getEffectivePermissions(List<Permission> list, String str) {
        ArrayList<Permission> arrayList = new ArrayList<>();
        arrayList.addAll(this.grantedPermissions);
        String replace = str.replace('\\', '/');
        if (this.codeBasePermissionMap.containsKey(replace)) {
            arrayList.addAll(this.codeBasePermissionMap.get(replace));
        }
        for (Permission permission : list) {
            if (!isRestricted(permission)) {
                arrayList.add(permission);
            }
        }
        return arrayList;
    }

    public ArrayList<Permission> getEffectivePermissions(Permission[] permissionArr, String str) {
        ArrayList<Permission> arrayList = new ArrayList<>();
        arrayList.addAll(this.grantedPermissions);
        String replace = str.replace('\\', '/');
        if (this.codeBasePermissionMap.containsKey(replace)) {
            arrayList.addAll(this.codeBasePermissionMap.get(replace));
        }
        if (permissionArr != null) {
            int length = permissionArr.length;
            for (int i = 0; i < length; i++) {
                if (!isRestricted(permissionArr[i])) {
                    arrayList.add(permissionArr[i]);
                }
            }
        }
        return arrayList;
    }

    private boolean isRestricted(Permission permission) {
        Iterator<Permission> it = this.restrictablePermissions.iterator();
        while (it.hasNext()) {
            if (it.next().implies(permission)) {
                return true;
            }
        }
        return false;
    }

    private boolean java2SecurityEnabled() {
        return System.getSecurityManager() != null;
    }

    static {
        DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS = null;
        DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS = new Permission[4];
        DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS[0] = new RuntimePermission("exitVM");
        DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS[1] = new RuntimePermission("setSecurityManager");
        DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS[2] = new SecurityPermission("setPolicy");
        DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS[3] = new AuthPermission("setLoginConfiguration");
        DEFAULT_CLIENT_RESTRICTABLE_PERMISSIONS = null;
        DEFAULT_CLIENT_RESTRICTABLE_PERMISSIONS = new Permission[3];
        DEFAULT_CLIENT_RESTRICTABLE_PERMISSIONS[0] = new RuntimePermission("setSecurityManager");
        DEFAULT_CLIENT_RESTRICTABLE_PERMISSIONS[1] = new SecurityPermission("setPolicy");
        DEFAULT_CLIENT_RESTRICTABLE_PERMISSIONS[2] = new AuthPermission("setLoginConfiguration");
    }
}
