package com.raplix.rolloutexpress.systemmodel.userdb;

import com.raplix.rolloutexpress.Application;
import com.raplix.rolloutexpress.message.ROXMessage;
import com.raplix.rolloutexpress.net.rpc.AccessControlNotAvailable;
import com.raplix.rolloutexpress.net.rpc.AccessControlProvider;
import com.raplix.rolloutexpress.net.rpc.RPCException;
import com.raplix.rolloutexpress.net.rpc.RPCManager;
import com.raplix.util.ArrayEdit;
import com.raplix.util.logger.Logger;
import com.raplix.util.message.MessageManager;
import com.raplix.util.string.StringUtil;
import java.io.FilePermission;
import java.io.SerializablePermission;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.ReflectPermission;
import java.net.NetPermission;
import java.net.SocketPermission;
import java.net.URL;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.DomainCombiner;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.SecurityPermission;
import java.security.cert.Certificate;
import java.sql.SQLPermission;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.PropertyPermission;
import java.util.Vector;
import javax.security.auth.AuthPermission;

/* loaded from: input_file:122990-01/SUNWspsms/reloc/server/lib/upgrade/5.2.1/rox.jar:com/raplix/rolloutexpress/systemmodel/userdb/AccessControlManager.class */
public class AccessControlManager {
    private static final String MSG_CONTEXT_ERROR = "userdb.acm.CONTEXT_ERROR";
    private static final String MSG_UNABLE_TO_REGISTER_ROX_PERMISSION = "userdb.acm.UNABLE_TO_REGISTER_ROX_PERMISSION";
    private static final String MSG_NOT_A_PERMISSION = "userdb.acm.NOT_A_PERMISSION";
    private static final String MSG_NOT_A_ROX_PERMISSION = "userdb.acm.NOT_A_ROX_PERMISSION";
    private static final String MSG_NO_SUCH_CLASS = "userdb.acm.NO_SUCH_CLASS";
    private static final String MSG_INVALID_CONSTRUCTOR = "userdb.acm.INVALID_CONSTRUCTOR";
    private static final String MSG_NO_PUBLIC_CONSTRUCTOR = "userdb.acm.NO_PUBLIC_CONSTRUCTOR";
    private static final String MSG_CONSTRUCTION_ERROR = "userdb.acm.CONSTRUCTION_ERROR";
    private static final String MSG_CONTEXT_INFO_REQUIRED = "userdb.acm.CONTEXT_INFO_REQUIRED";
    private RPCManager mRPCManager;
    private static final java.security.Permission[] DEFAULT_PERMISSIONS = {new FilePermission("<<ALL FILES>>", "read,write,execute,delete"), new NetPermission("*"), new PropertyPermission("*", "read,write"), new ReflectPermission("suppressAccessChecks"), new RuntimePermission("*"), new SecurityPermission("*"), new SerializablePermission("*"), new SocketPermission("*", "accept,connect,listen"), new SQLPermission("setLog"), new AuthPermission("createLoginContext.*")};
    private static final Class[] DEFAULT_PARAMS;
    private static final Class[] CONTEXT_PARAMS;
    private static CodeSource INTERNAL_CODESOURCE;
    private SessionTable mSessionTable;
    private PermissionManager mPermissionManager;
    private Application mContext;
    static Class class$com$raplix$rolloutexpress$systemmodel$userdb$AccessControlManager;
    static Class class$java$lang$String;
    static Class class$com$raplix$rolloutexpress$Application;
    static Class class$java$security$Permission;
    static Class class$com$raplix$rolloutexpress$systemmodel$userdb$ROXPermission;
    static Class class$com$raplix$rolloutexpress$systemmodel$userdb$ContextedROXPermission;
    static Class class$com$raplix$rolloutexpress$systemmodel$userdb$TaskPermission;
    private Map mContextCache = Collections.synchronizedMap(new HashMap());
    private Vector mDefaultPermissions = new Vector();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:122990-01/SUNWspsms/reloc/server/lib/upgrade/5.2.1/rox.jar:com/raplix/rolloutexpress/systemmodel/userdb/AccessControlManager$Combiner.class */
    public static class Combiner implements DomainCombiner {
        private PermissionCollection mPermsToAdd;

        Combiner(PermissionCollection permissionCollection) {
            this.mPermsToAdd = permissionCollection;
            this.mPermsToAdd.setReadOnly();
        }

        @Override // java.security.DomainCombiner
        public ProtectionDomain[] combine(ProtectionDomain[] protectionDomainArr, ProtectionDomain[] protectionDomainArr2) {
            if (protectionDomainArr2 == null) {
                return protectionDomainArr;
            }
            int length = protectionDomainArr == null ? 0 : protectionDomainArr.length;
            int length2 = protectionDomainArr2.length;
            ArrayList arrayList = new ArrayList(length + length2);
            for (ProtectionDomain protectionDomain : protectionDomainArr2) {
                arrayList.add(addPermsToDomain(protectionDomain));
            }
            for (int i = 0; i < length; i++) {
                ProtectionDomain protectionDomain2 = protectionDomainArr[i];
                boolean z = false;
                int i2 = 0;
                while (true) {
                    if (i2 >= length2) {
                        break;
                    }
                    if (protectionDomain2 == protectionDomainArr2[i2]) {
                        z = true;
                        break;
                    }
                    i2++;
                }
                if (!z) {
                    arrayList.add(protectionDomain2);
                }
            }
            return (ProtectionDomain[]) arrayList.toArray(new ProtectionDomain[arrayList.size()]);
        }

        private ProtectionDomain addPermsToDomain(ProtectionDomain protectionDomain) {
            if (protectionDomain.getCodeSource() == AccessControlManager.INTERNAL_CODESOURCE) {
                Permissions permissions = null;
                Enumeration<java.security.Permission> elements = this.mPermsToAdd.elements();
                while (elements.hasMoreElements()) {
                    java.security.Permission nextElement = elements.nextElement();
                    if (!protectionDomain.implies(nextElement)) {
                        if (permissions == null) {
                            permissions = new Permissions();
                        }
                        permissions.add(nextElement);
                    }
                }
                if (permissions != null) {
                    Enumeration<java.security.Permission> elements2 = protectionDomain.getPermissions().elements();
                    while (elements2.hasMoreElements()) {
                        permissions.add(elements2.nextElement());
                    }
                    protectionDomain = AccessControlManager.getProtectionDomain(permissions);
                }
            }
            return protectionDomain;
        }
    }

    /* loaded from: input_file:122990-01/SUNWspsms/reloc/server/lib/upgrade/5.2.1/rox.jar:com/raplix/rolloutexpress/systemmodel/userdb/AccessControlManager$Provider.class */
    private class Provider implements AccessControlProvider {
        private final AccessControlManager this$0;

        private Provider(AccessControlManager accessControlManager) {
            this.this$0 = accessControlManager;
        }

        @Override // com.raplix.rolloutexpress.net.rpc.AccessControlProvider
        public AccessControlContext provideAccessControl(boolean z, String str) throws AccessControlNotAvailable {
            if (z) {
                try {
                    if (null == this.this$0.getCurrentUserID() && this.this$0.getRPCManager() != null && this.this$0.getRPCManager().getInvokerTransportInfo().isServerSide()) {
                        throw new AccessControlNotAvailable(new ROXMessage(AccessControlManager.MSG_CONTEXT_INFO_REQUIRED, new Object[]{str}));
                    }
                } catch (RPCException e) {
                    throw this.this$0.newAccessControlNotAvailable(e);
                } catch (UserDBException e2) {
                    throw this.this$0.newAccessControlNotAvailable(e2);
                }
            }
            return this.this$0.getCurrentUserAccessControlContext();
        }

        Provider(AccessControlManager accessControlManager, AnonymousClass1 anonymousClass1) {
            this(accessControlManager);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AccessControlManager(SessionTable sessionTable, PermissionManager permissionManager, RPCManager rPCManager, Application application) throws RPCException {
        setSessionTable(sessionTable);
        setPermissionManager(permissionManager);
        setContext(application);
        setRPCManager(rPCManager);
        initDefaultPermissions();
        if (rPCManager != null) {
            rPCManager.registerAccessControlProvider(new Provider(this, null));
        }
    }

    private void setRPCManager(RPCManager rPCManager) {
        this.mRPCManager = rPCManager;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public RPCManager getRPCManager() {
        return this.mRPCManager;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public AccessControlNotAvailable newAccessControlNotAvailable(Exception exc) {
        if (Logger.isErrorEnabled(this)) {
            Logger.error("error", exc, this);
        }
        return new AccessControlNotAvailable(MSG_CONTEXT_ERROR, exc);
    }

    private void initDefaultPermissions() {
        for (int i = 0; i < DEFAULT_PERMISSIONS.length; i++) {
            registerDefaultPermission(DEFAULT_PERMISSIONS[i]);
        }
    }

    public void registerDefaultPermission(java.security.Permission permission) {
        if (permission instanceof ROXPermission) {
            throw new IllegalArgumentException(toText(MSG_UNABLE_TO_REGISTER_ROX_PERMISSION, permission));
        }
        this.mDefaultPermissions.addElement(permission);
    }

    private Enumeration getDefaultPermissions() {
        return this.mDefaultPermissions.elements();
    }

    public AccessControlContext getCurrentUserAccessControlContext() throws UserDBException, RPCException {
        return getAccessControlContext(getCurrentUserID());
    }

    public AccessControlContext getAccessControlContext(UserID userID) throws UserDBException, RPCException {
        AccessControlContext accessControlContext = (AccessControlContext) this.mContextCache.get(userID);
        if (accessControlContext == null) {
            accessControlContext = createAccessControlContext(userID);
            this.mContextCache.put(userID, accessControlContext);
        }
        return accessControlContext;
    }

    public AccessControlContext addToCurrent(PermissionCollection permissionCollection) {
        return (AccessControlContext) AccessController.doPrivileged(new PrivilegedAction(this) { // from class: com.raplix.rolloutexpress.systemmodel.userdb.AccessControlManager.1
            private final AccessControlManager this$0;

            {
                this.this$0 = this;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return AccessController.getContext();
            }
        }, new AccessControlContext(AccessController.getContext(), new Combiner(permissionCollection)));
    }

    private AccessControlContext createAccessControlContext(UserID userID) throws UserDBException, RPCException {
        Permissions permissions = getPermissions(userID);
        if (Logger.isDebugEnabled(this)) {
            Logger.debug(new StringBuffer().append("permissions for ").append(userID).append(":").append(permissions).toString(), this);
        }
        addDefaultPermissions(permissions);
        return new AccessControlContext(new ProtectionDomain[]{getProtectionDomain(permissions)});
    }

    private void addDefaultPermissions(Permissions permissions) {
        Enumeration defaultPermissions = getDefaultPermissions();
        while (defaultPermissions.hasMoreElements()) {
            permissions.add((java.security.Permission) defaultPermissions.nextElement());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public UserID getCurrentUserID() {
        Session currentSession = getSessionTable().getCurrentSession();
        if (currentSession != null) {
            return currentSession.getUserID();
        }
        return null;
    }

    private Permissions getPermissions(UserID userID) throws UserDBException, RPCException {
        return toJavaPermissions(getPermissionsByUser(userID), getContext());
    }

    public static Permissions toJavaPermissions(Permission[] permissionArr, Application application) {
        Class cls;
        Class cls2;
        Class cls3;
        Class cls4;
        Permissions permissions = new Permissions();
        for (Permission permission : permissionArr) {
            try {
                permissions.add(toJavaPermission(permission, application));
            } catch (RPCException e) {
                if (class$com$raplix$rolloutexpress$systemmodel$userdb$AccessControlManager == null) {
                    cls3 = class$("com.raplix.rolloutexpress.systemmodel.userdb.AccessControlManager");
                    class$com$raplix$rolloutexpress$systemmodel$userdb$AccessControlManager = cls3;
                } else {
                    cls3 = class$com$raplix$rolloutexpress$systemmodel$userdb$AccessControlManager;
                }
                if (Logger.isErrorEnabled(cls3)) {
                    if (class$com$raplix$rolloutexpress$systemmodel$userdb$AccessControlManager == null) {
                        cls4 = class$("com.raplix.rolloutexpress.systemmodel.userdb.AccessControlManager");
                        class$com$raplix$rolloutexpress$systemmodel$userdb$AccessControlManager = cls4;
                    } else {
                        cls4 = class$com$raplix$rolloutexpress$systemmodel$userdb$AccessControlManager;
                    }
                    Logger.error("unable to create permission", e, cls4);
                }
            } catch (UserDBException e2) {
                if (class$com$raplix$rolloutexpress$systemmodel$userdb$AccessControlManager == null) {
                    cls = class$("com.raplix.rolloutexpress.systemmodel.userdb.AccessControlManager");
                    class$com$raplix$rolloutexpress$systemmodel$userdb$AccessControlManager = cls;
                } else {
                    cls = class$com$raplix$rolloutexpress$systemmodel$userdb$AccessControlManager;
                }
                if (Logger.isErrorEnabled(cls)) {
                    if (class$com$raplix$rolloutexpress$systemmodel$userdb$AccessControlManager == null) {
                        cls2 = class$("com.raplix.rolloutexpress.systemmodel.userdb.AccessControlManager");
                        class$com$raplix$rolloutexpress$systemmodel$userdb$AccessControlManager = cls2;
                    } else {
                        cls2 = class$com$raplix$rolloutexpress$systemmodel$userdb$AccessControlManager;
                    }
                    Logger.error("unable to create permission", e2, cls2);
                }
            }
        }
        return permissions;
    }

    private static java.security.Permission toJavaPermission(Permission permission, Application application) throws UserDBException, RPCException {
        return toJavaPermission(permission.getClassName(), permission.getName(), permission.getActions(), application);
    }

    public static java.security.Permission toJavaPermission(String str, String str2, String str3, Application application) throws UserDBException {
        Class cls;
        Class cls2;
        Class cls3;
        Class<?>[] clsArr;
        Object[] objArr;
        try {
            if (StringUtil.isEmpty(str)) {
                throw new UserDBException(MSG_NOT_A_PERMISSION, str);
            }
            Class<?> cls4 = Class.forName(str);
            if (class$java$security$Permission == null) {
                cls = class$("java.security.Permission");
                class$java$security$Permission = cls;
            } else {
                cls = class$java$security$Permission;
            }
            if (!cls.isAssignableFrom(cls4)) {
                throw new UserDBException(MSG_NOT_A_PERMISSION, str);
            }
            if (class$com$raplix$rolloutexpress$systemmodel$userdb$ROXPermission == null) {
                cls2 = class$("com.raplix.rolloutexpress.systemmodel.userdb.ROXPermission");
                class$com$raplix$rolloutexpress$systemmodel$userdb$ROXPermission = cls2;
            } else {
                cls2 = class$com$raplix$rolloutexpress$systemmodel$userdb$ROXPermission;
            }
            if (!cls2.isAssignableFrom(cls4)) {
                throw new UserDBException(MSG_NOT_A_ROX_PERMISSION, str);
            }
            if (class$com$raplix$rolloutexpress$systemmodel$userdb$ContextedROXPermission == null) {
                cls3 = class$("com.raplix.rolloutexpress.systemmodel.userdb.ContextedROXPermission");
                class$com$raplix$rolloutexpress$systemmodel$userdb$ContextedROXPermission = cls3;
            } else {
                cls3 = class$com$raplix$rolloutexpress$systemmodel$userdb$ContextedROXPermission;
            }
            if (cls3.isAssignableFrom(cls4)) {
                clsArr = CONTEXT_PARAMS;
                objArr = new Object[]{str2, str3, application};
            } else {
                clsArr = DEFAULT_PARAMS;
                objArr = new Object[]{str2, str3};
            }
            return (java.security.Permission) cls4.getConstructor(clsArr).newInstance(objArr);
        } catch (ClassNotFoundException e) {
            throw new UserDBException(MSG_NO_SUCH_CLASS, e, str);
        } catch (ExceptionInInitializerError e2) {
            throw new UserDBException(MSG_CONSTRUCTION_ERROR, e2.getException());
        } catch (IllegalAccessException e3) {
            throw new UserDBException(MSG_NO_PUBLIC_CONSTRUCTOR, (Throwable) e3);
        } catch (IllegalArgumentException e4) {
            throw new UserDBException(MSG_NO_PUBLIC_CONSTRUCTOR, (Throwable) e4);
        } catch (InstantiationException e5) {
            throw new UserDBException(MSG_CONSTRUCTION_ERROR, (Throwable) e5);
        } catch (NoSuchMethodException e6) {
            throw new UserDBException(MSG_INVALID_CONSTRUCTOR, (Throwable) e6);
        } catch (InvocationTargetException e7) {
            throw new UserDBException(MSG_CONSTRUCTION_ERROR, e7.getTargetException());
        }
    }

    private Permission[] getPermissionsByUser(UserID userID) throws UserDBException, RPCException {
        Class cls;
        Permission[] permissionsByUser = getPermissionManager().getPermissionsByUser(userID);
        if (userID != null) {
            RemotePermission remotePermission = (RemotePermission) getPermissionManager().newPermission();
            if (class$com$raplix$rolloutexpress$systemmodel$userdb$TaskPermission == null) {
                cls = class$("com.raplix.rolloutexpress.systemmodel.userdb.TaskPermission");
                class$com$raplix$rolloutexpress$systemmodel$userdb$TaskPermission = cls;
            } else {
                cls = class$com$raplix$rolloutexpress$systemmodel$userdb$TaskPermission;
            }
            remotePermission.setClassName(cls.getName());
            remotePermission.setName(TaskPermission.getPermissionName(userID));
            permissionsByUser = (RemotePermission[]) ArrayEdit.add(permissionsByUser, remotePermission);
        }
        return permissionsByUser;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ProtectionDomain getProtectionDomain(PermissionCollection permissionCollection) {
        return new ProtectionDomain(INTERNAL_CODESOURCE, permissionCollection);
    }

    private SessionTable getSessionTable() {
        return this.mSessionTable;
    }

    private void setSessionTable(SessionTable sessionTable) {
        this.mSessionTable = sessionTable;
    }

    private PermissionManager getPermissionManager() {
        return this.mPermissionManager;
    }

    private void setPermissionManager(PermissionManager permissionManager) {
        this.mPermissionManager = permissionManager;
    }

    private Application getContext() {
        return this.mContext;
    }

    private void setContext(Application application) {
        this.mContext = application;
    }

    private static String toText(String str, Object obj) {
        return MessageManager.messageAsString(str, new Object[]{obj});
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void invalidate() {
        this.mContextCache.clear();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        Class cls3;
        Class cls4;
        Class cls5;
        Class[] clsArr = new Class[2];
        if (class$java$lang$String == null) {
            cls = class$("java.lang.String");
            class$java$lang$String = cls;
        } else {
            cls = class$java$lang$String;
        }
        clsArr[0] = cls;
        if (class$java$lang$String == null) {
            cls2 = class$("java.lang.String");
            class$java$lang$String = cls2;
        } else {
            cls2 = class$java$lang$String;
        }
        clsArr[1] = cls2;
        DEFAULT_PARAMS = clsArr;
        Class[] clsArr2 = new Class[3];
        if (class$java$lang$String == null) {
            cls3 = class$("java.lang.String");
            class$java$lang$String = cls3;
        } else {
            cls3 = class$java$lang$String;
        }
        clsArr2[0] = cls3;
        if (class$java$lang$String == null) {
            cls4 = class$("java.lang.String");
            class$java$lang$String = cls4;
        } else {
            cls4 = class$java$lang$String;
        }
        clsArr2[1] = cls4;
        if (class$com$raplix$rolloutexpress$Application == null) {
            cls5 = class$("com.raplix.rolloutexpress.Application");
            class$com$raplix$rolloutexpress$Application = cls5;
        } else {
            cls5 = class$com$raplix$rolloutexpress$Application;
        }
        clsArr2[2] = cls5;
        CONTEXT_PARAMS = clsArr2;
        INTERNAL_CODESOURCE = new CodeSource((URL) null, (Certificate[]) null);
    }
}
