package com.sun.enterprise.security.provider;

import com.sun.enterprise.util.LocalStringManagerImpl;
import com.sun.faces.context.UrlBuilder;
import com.sun.logging.LogDomains;
import java.io.File;
import java.net.URI;
import java.net.URL;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.Security;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.management.MBeanPermission;
import javax.security.jacc.EJBRoleRefPermission;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebRoleRefPermission;
import sun.net.www.ParseUtil;
import sun.security.util.PropertyExpander;

/* loaded from: input_file:com/sun/enterprise/security/provider/BasePolicyWrapper.class */
public class BasePolicyWrapper extends Policy {
    private static final String FACTORY_NAME = "javax.security.jacc.PolicyConfigurationFactory.provider";
    private static final String myFactoryName = "com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl";
    private Policy policy;
    private static Logger logger = Logger.getLogger(LogDomains.SECURITY_LOGGER);
    private static LocalStringManagerImpl localStrings = new LocalStringManagerImpl(BasePolicyWrapper.class);
    private static final String REUSE = "java.security.Policy.supportsReuse";
    private static final String IGNORE_REENTRANCY_PROP_NAME = "com.sun.enterprise.security.provider.PolicyWrapper.ignoreReentrancy";
    private static final boolean avoidReentrancy;
    private static ThreadLocal reentrancyStatus;
    private static final String POLICY = "java.security.policy";
    private static final String POLICY_URL = "policy.url.";
    private static final String AUTH_POLICY = "java.security.auth.policy";
    private static final String AUTH_POLICY_URL = "auth.policy.url.";
    private static final String FORCE_APP_REFRESH_PROP_NAME = "com.sun.enterprise.security.provider.PolicyWrapper.force_app_refresh";
    private static final boolean forceAppRefresh;
    private long refreshTime = 0;

    static String logMsg(Level level, String str, Object[] objArr, String str2) {
        String localString;
        if (str == null) {
            localString = str2;
        } else {
            localString = localStrings.getLocalString(str, str2 == null ? str : str2, objArr);
        }
        String str3 = localString;
        logger.log(level, str3);
        return str3;
    }

    public BasePolicyWrapper() {
        this.policy = null;
        this.policy = getNewPolicy();
        defaultContextChanged();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Policy getNewPolicy() {
        return new sun.security.provider.PolicyFile();
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        String contextID = PolicyContext.getContextID();
        PolicyConfigurationImpl policyConfigForContext = getPolicyConfigForContext(contextID);
        PermissionCollection permissions = getPolicy(policyConfigForContext).getPermissions(codeSource);
        if (permissions != null) {
            permissions = removeExcludedPermissions(policyConfigForContext, permissions);
        }
        if (logger.isLoggable(Level.FINEST)) {
            logger.finest("JACC Policy Provider: PolicyWrapper.getPermissions(cs), context (" + contextID + ") codesource (" + codeSource + ") permissions: " + permissions);
        }
        return permissions;
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        String contextID = PolicyContext.getContextID();
        PolicyConfigurationImpl policyConfigForContext = getPolicyConfigForContext(contextID);
        PermissionCollection permissions = getPolicy(policyConfigForContext).getPermissions(protectionDomain);
        if (permissions != null) {
            permissions = removeExcludedPermissions(policyConfigForContext, permissions);
        }
        if (logger.isLoggable(Level.FINEST)) {
            logger.finest("JACC Policy Provider: PolicyWrapper.getPermissions(d), context (" + contextID + ") permissions: " + permissions);
        }
        return permissions;
    }

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        if (!avoidReentrancy) {
            return doImplies(protectionDomain, permission);
        }
        byte[] bArr = (byte[]) reentrancyStatus.get();
        if (bArr[0] == 1) {
            return true;
        }
        bArr[0] = 1;
        try {
            boolean doImplies = doImplies(protectionDomain, permission);
            bArr[0] = 0;
            return doImplies;
        } catch (Throwable th) {
            bArr[0] = 0;
            throw th;
        }
    }

    @Override // java.security.Policy
    public void refresh() {
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("JACC Policy Provider: Refreshing Policy files!");
        }
        this.policy.refresh();
        boolean defaultContextChanged = defaultContextChanged();
        PolicyConfigurationFactoryImpl policyFactory = getPolicyFactory();
        PolicyConfigurationImpl[] policyConfigurationImpls = policyFactory != null ? policyFactory.getPolicyConfigurationImpls() : null;
        if (policyConfigurationImpls != null) {
            for (PolicyConfigurationImpl policyConfigurationImpl : policyConfigurationImpls) {
                if (policyConfigurationImpl != null) {
                    policyConfigurationImpl.refresh(defaultContextChanged);
                }
            }
        }
        try {
            if (PolicyContext.getHandlerKeys().contains("java.security.Policy.supportsReuse")) {
                PolicyContext.getContext("java.security.Policy.supportsReuse");
            }
        } catch (PolicyContextException e) {
            throw new IllegalStateException(e.toString());
        }
    }

    private PolicyConfigurationImpl getPolicyConfigForContext(String str) {
        PolicyConfigurationImpl policyConfigurationImpl = null;
        PolicyConfigurationFactoryImpl policyFactory = getPolicyFactory();
        if (str != null && policyFactory != null) {
            policyConfigurationImpl = policyFactory.getPolicyConfigurationImpl(str);
        }
        return policyConfigurationImpl;
    }

    private Policy getPolicy(PolicyConfigurationImpl policyConfigurationImpl) {
        Policy policy;
        if (policyConfigurationImpl == null) {
            policy = this.policy;
        } else {
            policy = policyConfigurationImpl.getPolicy();
            if (policy == null) {
                policy = this.policy;
            }
        }
        return policy;
    }

    private static Permissions getExcludedPolicy(PolicyConfigurationImpl policyConfigurationImpl) {
        Permissions permissions = null;
        if (policyConfigurationImpl != null) {
            permissions = policyConfigurationImpl.getExcludedPolicy();
        }
        return permissions;
    }

    private static PermissionCollection removeExcludedPermissions(PolicyConfigurationImpl policyConfigurationImpl, PermissionCollection permissionCollection) {
        PermissionCollection permissionCollection2 = permissionCollection;
        boolean z = true;
        Permissions excludedPolicy = getExcludedPolicy(policyConfigurationImpl);
        if (excludedPolicy != null && excludedPolicy.elements().hasMoreElements()) {
            permissionCollection2 = null;
            Enumeration<Permission> elements = permissionCollection.elements();
            while (elements.hasMoreElements()) {
                Permission nextElement = elements.nextElement();
                if (grantedIsExcluded(nextElement, excludedPolicy)) {
                    z = false;
                } else {
                    if (permissionCollection2 == null) {
                        permissionCollection2 = new Permissions();
                    }
                    permissionCollection2.add(nextElement);
                }
            }
            if (z) {
                permissionCollection2 = permissionCollection;
            }
        }
        return permissionCollection2;
    }

    private static boolean grantedIsExcluded(Permission permission, Permissions permissions) {
        boolean z = false;
        if (permissions != null) {
            if (permissions.implies(permission)) {
                z = true;
            } else {
                Enumeration<Permission> elements = permissions.elements();
                while (!z && elements.hasMoreElements()) {
                    if (permission.implies(elements.nextElement())) {
                        z = true;
                    }
                }
            }
        }
        if (logger.isLoggable(Level.FINEST) && z) {
            logger.finest("JACC Policy Provider: permission is excluded: " + permission);
        }
        return z;
    }

    private boolean doImplies(final ProtectionDomain protectionDomain, final Permission permission) {
        final String contextID = PolicyContext.getContextID();
        PolicyConfigurationImpl policyConfigForContext = getPolicyConfigForContext(contextID);
        boolean implies = getPolicy(policyConfigForContext).implies(protectionDomain, permission);
        if (implies) {
            Permissions excludedPolicy = getExcludedPolicy(policyConfigForContext);
            if (excludedPolicy != null) {
                implies = !grantedIsExcluded(permission, excludedPolicy);
            }
        } else if (!(permission instanceof WebResourcePermission) && !(permission instanceof MBeanPermission) && !(permission instanceof WebRoleRefPermission) && !(permission instanceof EJBRoleRefPermission)) {
            if (logger.isLoggable(Level.FINE)) {
                Exception exc = new Exception();
                exc.fillInStackTrace();
                logger.log(Level.FINE, "JACC Policy Provider, failed Permission Check at :", (Throwable) exc);
            }
            AccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.provider.BasePolicyWrapper.2
                @Override // java.security.PrivilegedAction
                public Object run() {
                    BasePolicyWrapper.logger.info("JACC Policy Provider: Failed Permission Check, context(" + contextID + ")- permission(" + permission + ")");
                    if (!BasePolicyWrapper.logger.isLoggable(Level.FINE)) {
                        return null;
                    }
                    BasePolicyWrapper.logger.fine("Domain that failed(" + protectionDomain + ")");
                    return null;
                }
            });
        }
        if (!implies && logger.isLoggable(Level.FINEST)) {
            logger.finest("JACC Policy Provider: PolicyWrapper.implies, context (" + contextID + ")- result was(" + implies + ") permission (" + permission + ")");
        }
        return implies;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized boolean defaultContextChanged() {
        if (forceAppRefresh) {
            return true;
        }
        long timeStamp = getTimeStamp(POLICY, POLICY_URL) + getTimeStamp(AUTH_POLICY, AUTH_POLICY_URL);
        boolean z = this.refreshTime != timeStamp;
        this.refreshTime = timeStamp;
        return z;
    }

    private static long getTimeStamp(final String str, final String str2) {
        return ((Long) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.provider.BasePolicyWrapper.3
            @Override // java.security.PrivilegedAction
            public Long run() {
                long j = 0;
                if ("true".equalsIgnoreCase(Security.getProperty("policy.allowSystemProperty"))) {
                    String property = System.getProperty(str);
                    if (property != null) {
                        boolean z = false;
                        if (property.startsWith(UrlBuilder.PARAMETER_NAME_VALUE_SEPARATOR)) {
                            z = true;
                            property = property.substring(1);
                        }
                        try {
                            String expand = PropertyExpander.expand(property);
                            File file = new File(expand);
                            boolean exists = file.exists();
                            if (!exists) {
                                URL url = new URL(expand);
                                if ("file".equals(url.getProtocol())) {
                                    expand = ParseUtil.decode(url.getFile().replace('/', File.separatorChar));
                                    file = new File(expand);
                                    exists = file.exists();
                                }
                            }
                            if (exists) {
                                j = 0 + file.lastModified();
                                if (BasePolicyWrapper.logger.isLoggable(Level.FINE)) {
                                    BasePolicyWrapper.logMsg(Level.FINE, "pc.file_refreshed", new Object[]{expand}, null);
                                }
                            } else if (BasePolicyWrapper.logger.isLoggable(Level.FINE)) {
                                BasePolicyWrapper.logMsg(Level.FINE, "pc.file_not_refreshed", new Object[]{expand}, null);
                            }
                        } catch (Exception e) {
                        }
                        if (z) {
                            return Long.valueOf(j);
                        }
                    }
                }
                int i = 1;
                while (true) {
                    String property2 = Security.getProperty(str2 + i);
                    if (property2 == null) {
                        return Long.valueOf(j);
                    }
                    try {
                        String replace = PropertyExpander.expand(property2).replace(File.separatorChar, '/');
                        URL url2 = (property2.startsWith("file:${java.home}/") || property2.startsWith("file:${user.home}/")) ? new File(replace.substring(5)).toURI().toURL() : new URI(replace).toURL();
                        if ("file".equals(url2.getProtocol())) {
                            String decode = ParseUtil.decode(url2.getFile().replace('/', File.separatorChar));
                            File file2 = new File(decode);
                            if (file2.exists()) {
                                j += file2.lastModified();
                                if (BasePolicyWrapper.logger.isLoggable(Level.FINE)) {
                                    BasePolicyWrapper.logMsg(Level.FINE, "pc.file_refreshed", new Object[]{decode}, null);
                                }
                            } else if (BasePolicyWrapper.logger.isLoggable(Level.FINE)) {
                                BasePolicyWrapper.logMsg(Level.FINE, "pc.file_not_refreshed", new Object[]{decode}, null);
                            }
                        } else if (BasePolicyWrapper.logger.isLoggable(Level.FINE)) {
                            BasePolicyWrapper.logMsg(Level.FINE, "pc.file_not_refreshed", new Object[]{url2}, null);
                        }
                    } catch (Exception e2) {
                    }
                    i++;
                }
            }
        })).longValue();
    }

    private PolicyConfigurationFactoryImpl getPolicyFactory() {
        return PolicyConfigurationFactoryImpl.getInstance();
    }

    static {
        avoidReentrancy = (Boolean.getBoolean(IGNORE_REENTRANCY_PROP_NAME) || System.getSecurityManager() == null) ? false : true;
        if (avoidReentrancy) {
            reentrancyStatus = new ThreadLocal() { // from class: com.sun.enterprise.security.provider.BasePolicyWrapper.1
                @Override // java.lang.ThreadLocal
                protected synchronized Object initialValue() {
                    return new byte[]{0};
                }
            };
        }
        forceAppRefresh = Boolean.getBoolean(FORCE_APP_REFRESH_PROP_NAME);
    }
}
