package com.sun.enterprise.security.application;

import com.sun.ejb.Invocation;
import com.sun.enterprise.SecurityManager;
import com.sun.enterprise.ServerConfiguration;
import com.sun.enterprise.deployment.Application;
import com.sun.enterprise.deployment.EjbDescriptor;
import com.sun.enterprise.security.SecurityContext;
import com.sun.enterprise.security.acl.AccessControlEntryImpl;
import com.sun.enterprise.security.acl.AccessControlList;
import com.sun.enterprise.security.acl.AccessControlListImpl;
import com.sun.enterprise.security.acl.EJBResource;
import com.sun.enterprise.security.acl.ResourceAccessManager;
import com.sun.enterprise.security.acl.ResourceGuard;
import com.sun.enterprise.security.acl.Role;
import com.sun.enterprise.security.acl.RoleMapper;
import com.sun.enterprise.util.LocalStringManagerImpl;
import java.lang.reflect.Method;
import java.security.Principal;
import java.util.Enumeration;
import java.util.Iterator;
import org.apache.tomcat.core.Constants;

/* loaded from: input_file:com/sun/enterprise/security/application/EJBSecurityManager.class */
public final class EJBSecurityManager implements SecurityManager {
    private static final boolean debug = false;
    private ResourceAccessManager ram;
    private EjbDescriptor deploymentDescriptor;
    private ClassLoader loader;
    private Authorizer authorizer;
    private ServerConfiguration config;
    private static AuditLog audit = new AuditLog();
    private boolean loggingOn;
    private static final String AUDIT_ON = "auth.audit";
    private static LocalStringManagerImpl localStrings;
    static Class class$com$sun$enterprise$security$application$EJBSecurityManager;

    static {
        Class class$;
        if (class$com$sun$enterprise$security$application$EJBSecurityManager != null) {
            class$ = class$com$sun$enterprise$security$application$EJBSecurityManager;
        } else {
            class$ = class$("com.sun.enterprise.security.application.EJBSecurityManager");
            class$com$sun$enterprise$security$application$EJBSecurityManager = class$;
        }
        localStrings = new LocalStringManagerImpl(class$);
    }

    public EJBSecurityManager(ClassLoader classLoader, EjbDescriptor ejbDescriptor) {
        this.ram = null;
        this.deploymentDescriptor = null;
        this.loader = null;
        this.authorizer = null;
        this.config = null;
        this.loggingOn = false;
        this.loader = classLoader;
        this.deploymentDescriptor = ejbDescriptor;
        if (this.deploymentDescriptor == null) {
            throw new IllegalArgumentException("Illegal Deployment Descriptor Information.");
        }
        this.config = ServerConfiguration.getConfiguration();
        if (this.config.getProperty(AUDIT_ON).trim().equals(Constants.JSP.Directive.Compile.Value)) {
            this.loggingOn = true;
        }
        this.authorizer = new AuthorizerImpl();
        this.ram = ResourceAccessManager.getDefault();
        initialize();
    }

    @Override // com.sun.enterprise.SecurityManager
    public void audit(Invocation invocation) {
        if (this.loggingOn) {
            audit.log(invocation, "Audit");
        }
    }

    @Override // com.sun.enterprise.SecurityManager
    public boolean authorize(Invocation invocation) {
        boolean authorize = this.authorizer.authorize(getAppName(), invocation);
        if (this.loggingOn) {
            audit.log(invocation, authorize ? localStrings.getLocalString("enterprise.security.successful", "Successful.") : localStrings.getLocalString("enterprise.security.failed", "Failed."));
            if (!authorize) {
                audit.flush();
            }
        }
        return authorize;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    @Override // com.sun.enterprise.SecurityManager
    public void destroy() {
        String appName = getAppName();
        RoleMapper.removeRoleMapper(appName);
        Enumeration elements = this.deploymentDescriptor.getMethods(this.loader).elements();
        while (elements.hasMoreElements()) {
            this.ram.unprotect(new EJBResource(appName, (Method) elements.nextElement()));
        }
        this.deploymentDescriptor = null;
    }

    private AccessControlList getAccessControlList(EjbDescriptor ejbDescriptor, Method method) {
        AccessControlListImpl accessControlListImpl;
        Iterator it = ejbDescriptor.getPermissionedRolesForMethod(method).iterator();
        if (it.hasNext()) {
            accessControlListImpl = new AccessControlListImpl();
        } else {
            accessControlListImpl = new AccessControlListImpl();
            accessControlListImpl.addEntry(new AccessControlEntryImpl(RoleMapper.getDefaultRole()));
        }
        while (it.hasNext()) {
            accessControlListImpl.addEntry(new AccessControlEntryImpl((Role) it.next()));
        }
        return accessControlListImpl;
    }

    private String getAppName() {
        Application application = this.deploymentDescriptor.getApplication();
        return application != null ? application.getName() : "default";
    }

    public static AuditLog getAuditLog() {
        return audit;
    }

    @Override // com.sun.enterprise.SecurityManager
    public Principal getCallerPrincipal() {
        SecurityContext securityContext = getSecurityContext();
        if (securityContext != null) {
            return securityContext.getCallerPrincipal();
        }
        throw new IllegalStateException("Bad or improper security context.");
    }

    private SecurityContext getSecurityContext() {
        return SecurityContext.getCurrent();
    }

    private void initialize() {
        String appName = getAppName();
        EjbDescriptor ejbDescriptor = this.deploymentDescriptor;
        RoleMapper.setRoleMapper(appName, ejbDescriptor.getApplication().getRoleMapper());
        Enumeration elements = ejbDescriptor.getMethods(this.loader).elements();
        while (elements.hasMoreElements()) {
            Method method = (Method) elements.nextElement();
            EJBResource eJBResource = new EJBResource(appName, method);
            AccessControlList accessControlList = getAccessControlList(ejbDescriptor, method);
            if (accessControlList != null) {
                this.ram.protect(eJBResource, new ResourceGuard(accessControlList));
            }
        }
    }

    @Override // com.sun.enterprise.SecurityManager
    public boolean isCallerInRole(String str) {
        return this.authorizer.isCallerInRole(getAppName(), str);
    }
}
