package oracle.security.jazn.spi.ldap;

import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.AuthPermission;
import javax.security.auth.Subject;
import oracle.security.jazn.JAZNConfig;
import oracle.security.jazn.JAZNException;
import oracle.security.jazn.JAZNRuntimeException;
import oracle.security.jazn.policy.AdminPermission;
import oracle.security.jazn.policy.Grantee;
import oracle.security.jazn.policy.JAZNPolicy;
import oracle.security.jazn.policy.PolicyManager;
import oracle.security.jazn.realm.Realm;
import oracle.security.jazn.realm.RealmPrincipal;
import oracle.security.jazn.realm.RealmRole;
import oracle.security.jazn.realm.RealmUser;
import oracle.security.jazn.spi.GranteeEntry;
import oracle.security.jazn.spi.PermissionEntry;
import oracle.security.jazn.util.Dbg;
import oracle.security.jazn.util.Misc;
import oracle.security.jazn.util.Resources;

/* loaded from: input_file:oracle/security/jazn/spi/ldap/LDAPJAZNPolicy.class */
public class LDAPJAZNPolicy implements JAZNPolicy {
    private JAZNConfig _config;
    private LDAPUtil _ldapUtil;
    private HashMap _realmModBaseHM;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:oracle/security/jazn/spi/ldap/LDAPJAZNPolicy$Decision.class */
    public static class Decision {
        private boolean _doGlobal;
        private boolean _doRealm;
        private int _numPrincipals;
        private Principal _pr;
        private RealmUser _realmUser;
        private HashSet _realmRoles;
        private HashSet _realmPrincipals;
        private HashSet _globalPrincipals;
        private Realm _realm;
        private GranteeEntry _gteEntry;

        public Decision() {
            this._doGlobal = false;
            this._doRealm = false;
            this._numPrincipals = 0;
            this._pr = null;
            this._realmUser = null;
            this._realmRoles = null;
            this._realmPrincipals = null;
            this._globalPrincipals = null;
            this._realm = null;
            this._gteEntry = null;
        }

        public Decision(GranteeEntry granteeEntry) {
            this._doGlobal = false;
            this._doRealm = false;
            this._numPrincipals = 0;
            this._pr = null;
            this._realmUser = null;
            this._realmRoles = null;
            this._realmPrincipals = null;
            this._globalPrincipals = null;
            this._realm = null;
            this._gteEntry = null;
            if (granteeEntry == null) {
                return;
            }
            this._gteEntry = granteeEntry;
            Set principals = granteeEntry.getPrincipals();
            if (principals == null) {
                this._doGlobal = true;
                return;
            }
            this._numPrincipals = principals.size();
            Iterator it = principals.iterator();
            if (this._numPrincipals == 0) {
                this._doGlobal = true;
                return;
            }
            if (this._numPrincipals == 1) {
                this._pr = (Principal) it.next();
                if (!(this._pr instanceof RealmPrincipal)) {
                    this._doGlobal = true;
                    return;
                }
                if (this._realm == null) {
                    this._realm = ((RealmPrincipal) this._pr).getRealm();
                }
                this._doRealm = true;
                return;
            }
            while (it.hasNext()) {
                Principal principal = (Principal) it.next();
                if (principal instanceof RealmPrincipal) {
                    RealmPrincipal realmPrincipal = (RealmPrincipal) principal;
                    if (this._realm == null) {
                        this._realm = realmPrincipal.getRealm();
                    } else if (!this._realm.equals(realmPrincipal.getRealm())) {
                        if (Dbg.LOG) {
                            System.out.println(new StringBuffer().append("JAAS-LDAP: **ERROR** Realm mismatch. configured realm: ").append(this._realm).append(" principal's realm: ").append(realmPrincipal.getRealm()).toString());
                        }
                        throw new IllegalArgumentException(Misc.getResourceBundle().getString(Resources.Key.INVALID_ARGUMENT));
                    }
                    if (this._realmPrincipals == null) {
                        this._realmPrincipals = new HashSet();
                    }
                    this._realmPrincipals.add(principal);
                    if (principal instanceof RealmUser) {
                        this._realmUser = (RealmUser) principal;
                    } else if (principal instanceof RealmRole) {
                        if (this._realmRoles == null) {
                            this._realmRoles = new HashSet();
                        }
                        this._realmRoles.add(principal);
                    }
                    this._doRealm = true;
                } else {
                    if (this._globalPrincipals == null) {
                        this._globalPrincipals = new HashSet();
                    }
                    this._globalPrincipals.add(principal);
                    this._doGlobal = true;
                }
            }
        }

        public boolean doGlobal() {
            return this._doGlobal;
        }

        public boolean doRealm() {
            return this._doRealm;
        }

        public int getNumPrincipals() {
            return this._numPrincipals;
        }

        public Principal getPrincipal() {
            return this._pr;
        }

        public Set getRealmRoles() {
            return this._realmRoles;
        }

        public Realm getRealm() {
            return this._realm;
        }

        public Principal getRealmUser() {
            return this._realmUser;
        }

        public Set getGlobalPrincipals() {
            return this._globalPrincipals;
        }

        public GranteeEntry getGranteeEntry() {
            return this._gteEntry;
        }

        public String toString() {
            StringBuffer stringBuffer = new StringBuffer("{LDAPJAZNPolicy.Decision:");
            stringBuffer.append(" doGlobal=").append(this._doGlobal);
            stringBuffer.append(" ,doRealm=").append(this._doRealm);
            stringBuffer.append(" ,numPrincipals=").append(this._numPrincipals);
            if (this._pr != null) {
                stringBuffer.append(" ,principal=").append(this._pr.getClass().getName()).append("$").append(this._pr.getName());
            }
            if (this._doGlobal && this._pr == null && this._globalPrincipals != null) {
                Iterator it = this._globalPrincipals.iterator();
                while (it.hasNext()) {
                    Principal principal = (Principal) it.next();
                    stringBuffer.append(" ,globalPrincipal=").append(principal.getClass().getName()).append("$").append(principal.getName());
                }
            }
            if (this._doRealm && this._pr == null) {
                stringBuffer.append(", realm=").append(this._realm.getName());
                if (this._realmUser != null) {
                    stringBuffer.append(", realmUser=").append(this._realmUser.getName());
                }
                if (this._realmRoles != null) {
                    Iterator it2 = this._realmRoles.iterator();
                    while (it2.hasNext()) {
                        stringBuffer.append(" ,realmRole=").append(((Principal) it2.next()).getName());
                    }
                }
            }
            stringBuffer.append("}");
            return stringBuffer.toString();
        }
    }

    public LDAPJAZNPolicy() {
        this(null);
    }

    public LDAPJAZNPolicy(JAZNConfig jAZNConfig) {
        this._realmModBaseHM = new HashMap();
        if (jAZNConfig == null) {
            this._config = JAZNConfig.getJAZNConfig();
        } else {
            this._config = jAZNConfig;
        }
        this._ldapUtil = LDAPUtil.getLDAPUtil(this._config);
    }

    JAZNConfig getJAZNConfig() {
        return this._config;
    }

    LDAPUtil getLDAPUtil() {
        return this._ldapUtil;
    }

    protected void grant(GranteeEntry granteeEntry, PermissionEntry permissionEntry) throws JAZNException {
        try {
            if (Dbg.LOG) {
                System.out.println(new StringBuffer().append("JAAS-LDAP: Grant permission: ").append(permissionEntry).append(" to grantee: ").append(granteeEntry).toString());
            }
            Decision decision = new Decision(granteeEntry);
            if (decision.doRealm() && decision.doGlobal()) {
                if (Dbg.LOG) {
                    System.out.println(new StringBuffer().append("JAAS-LDAP: **ERROR** Cannot grant permission: ").append(permissionEntry).append(" to INVALID grantee: ").append(granteeEntry).toString());
                }
                throw new IllegalArgumentException(Misc.getResourceBundle().getString(Resources.Key.INVALID_ARGUMENT));
            }
            LDAPPolicyManager lDAPPolicyManager = new LDAPPolicyManager(getJAZNConfig());
            (decision.doRealm() ? (LDAPLocalPolicy) lDAPPolicyManager.getRealmPolicy(decision.getRealm()) : (LDAPLocalPolicy) lDAPPolicyManager.getGlobalPolicy()).grant(granteeEntry, permissionEntry);
        } catch (JAZNException e) {
            if (Dbg.LOG) {
                e.printStackTrace();
            }
            throw e;
        } catch (Throwable th) {
            if (Dbg.LOG) {
                th.printStackTrace();
            }
            throw new JAZNRuntimeException(th.getMessage(), th);
        }
    }

    @Override // oracle.security.jazn.policy.JAZNPolicy
    public void grant(Grantee grantee, Permission permission) throws JAZNException {
        if (Dbg.LOG) {
            System.out.println(new StringBuffer().append("JAAS-LDAP: Grant permission: ").append(permission).append(" to grantee: ").append(grantee).toString());
        }
        if (permission == null) {
            if (Dbg.LOG) {
                System.out.println(new StringBuffer().append("JAAS-LDAP: **ERROR** Attempt to grant NULL permission to grantee: ").append(grantee).toString());
            }
            throw new IllegalArgumentException(Misc.getResourceBundle().getString(Resources.Key.INVALID_ARGUMENT));
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (permission instanceof AdminPermission) {
                securityManager.checkPermission(permission);
            } else {
                securityManager.checkPermission(new AdminPermission(permission));
            }
        }
        grant(grantee == null ? new GranteeEntry(null, null) : new GranteeEntry(grantee.getPrincipals(), grantee.getCodeSource()), new PermissionEntry(permission));
    }

    protected void revoke(GranteeEntry granteeEntry, PermissionEntry permissionEntry) throws JAZNException {
        if (Dbg.LOG) {
            System.out.println(new StringBuffer().append("JAAS-LDAP: Revoke permission: ").append(permissionEntry).append(" from grantee: ").append(granteeEntry).toString());
        }
        Decision decision = new Decision(granteeEntry);
        if (decision.doRealm() && decision.doGlobal()) {
            if (Dbg.LOG) {
                System.out.println(new StringBuffer().append("JAAS-LDAP: **ERROR** Cannot grant permission: ").append(permissionEntry).append(" to INVALID grantee: ").append(granteeEntry).toString());
            }
            throw new IllegalArgumentException(Misc.getResourceBundle().getString(Resources.Key.INVALID_ARGUMENT));
        }
        LDAPPolicyManager lDAPPolicyManager = new LDAPPolicyManager(getJAZNConfig());
        (decision.doRealm() ? (LDAPLocalPolicy) lDAPPolicyManager.getRealmPolicy(decision.getRealm()) : (LDAPLocalPolicy) lDAPPolicyManager.getGlobalPolicy()).revoke(granteeEntry, permissionEntry);
    }

    @Override // oracle.security.jazn.policy.JAZNPolicy
    public void revoke(Grantee grantee, Permission permission) throws JAZNException {
        if (Dbg.LOG) {
            System.out.println(new StringBuffer().append("JAAS-LDAP: Revoke permission: ").append(permission).append(" from grantee: ").append(grantee).toString());
        }
        if (permission == null) {
            if (Dbg.LOG) {
                System.out.println(new StringBuffer().append("JAAS-LDAP: **ERROR** Attempt to revoke NULL permission from grantee: ").append(grantee).toString());
            }
            throw new IllegalArgumentException(Misc.getResourceBundle().getString(Resources.Key.INVALID_ARGUMENT));
        }
        if (grantee == null) {
            grantee = new Grantee(null);
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (permission instanceof AdminPermission) {
                securityManager.checkPermission(permission);
            } else {
                securityManager.checkPermission(new AdminPermission(permission));
            }
        }
        revoke(new GranteeEntry(grantee.getPrincipals(), grantee.getCodeSource()), new PermissionEntry(permission));
    }

    public PermissionCollection getPermissions(GranteeEntry granteeEntry, Class cls) throws JAZNException {
        if (Dbg.LOG) {
            System.out.println(new StringBuffer().append("JAAS-LDAP: Retrieve permissions for grantee: ").append(granteeEntry).append(" restricted to permission class: ").append(cls).toString());
        }
        PermissionCollection permissions = getPermissions(granteeEntry);
        if (cls == null) {
            if (Dbg.LOG) {
                System.out.println(new StringBuffer().append("JAAS-LDAP: Grantee: ").append(granteeEntry).append(" has permissions: ").append(permissions).toString());
            }
            return permissions;
        }
        Permissions permissions2 = null;
        Enumeration<Permission> elements = permissions.elements();
        while (elements.hasMoreElements()) {
            Permission nextElement = elements.nextElement();
            if (cls.isInstance(nextElement)) {
                if (permissions2 == null) {
                    permissions2 = new Permissions();
                }
                permissions2.add(nextElement);
            }
        }
        if (Dbg.LOG) {
            System.out.println(new StringBuffer().append("JAAS-LDAP: Grantee: ").append(granteeEntry).append(" has permissions: ").append(permissions2).toString());
        }
        return permissions2;
    }

    @Override // oracle.security.jazn.policy.JAZNPolicy
    public PermissionCollection getPermissions(Grantee grantee, Class cls) throws JAZNException {
        return getPermissions(new GranteeEntry(grantee.getPrincipals(), grantee.getCodeSource()), cls);
    }

    public boolean hasPermission(GranteeEntry granteeEntry, Permission permission) throws JAZNException {
        if (permission == null) {
            throw new IllegalArgumentException(Misc.getResourceBundle().getString(Resources.Key.INVALID_ARGUMENT));
        }
        boolean implies = getPermissions(granteeEntry, (Class) null).implies(permission);
        if (Dbg.LOG && !implies) {
            System.out.println(new StringBuffer().append("JAAS-LDAP: Permission check failure for grantee: ").append(granteeEntry).append(" and permission: ").append(permission).toString());
        }
        return implies;
    }

    @Override // oracle.security.jazn.policy.JAZNPolicy
    public boolean hasPermission(Grantee grantee, Permission permission) throws JAZNException {
        return hasPermission(grantee == null ? new GranteeEntry(null, null) : new GranteeEntry(grantee.getPrincipals(), grantee.getCodeSource()), permission);
    }

    public PermissionCollection getPermissions(GranteeEntry granteeEntry) throws JAZNException {
        Decision decision = new Decision(granteeEntry);
        Permissions permissions = new Permissions();
        PolicyManager policyManager = getJAZNConfig().getPolicyManager();
        ((LDAPGlobalPolicy) policyManager.getGlobalPolicy()).getPermissions(granteeEntry, permissions);
        if (decision.doRealm()) {
            ((LDAPRealmPolicy) policyManager.getRealmPolicy(decision.getRealm())).getPermissions(granteeEntry, permissions);
        }
        if (Dbg.LOG) {
            System.out.println(new StringBuffer().append("JAAS-LDAP: getPermissions(").append(granteeEntry).append(")=").append(permissions).toString());
        }
        return permissions;
    }

    @Override // oracle.security.jazn.policy.JAZNPolicy
    public PermissionCollection getPermissions(Subject subject, CodeSource codeSource) {
        try {
            return getPermissions(new GranteeEntry(subject == null ? null : subject.getPrincipals(), codeSource));
        } catch (JAZNException e) {
            if (Dbg.LOG) {
                System.out.println(new StringBuffer().append("JAAS-LDAP: Caught Exception: ").append(e.getMessage()).append(" while retrieving permissions for subject: ").append(subject).append(" and codesource: ").append(codeSource).toString());
            }
            if (!Dbg.LOG) {
                return null;
            }
            e.printStackTrace();
            return null;
        } catch (Throwable th) {
            if (Dbg.LOG) {
                th.printStackTrace();
            }
            if (!Dbg.LOG) {
                return null;
            }
            System.out.println(new StringBuffer().append("JAAS-LDAP: Caught Exception: ").append(th.getMessage()).append(" while retrieving permissions for subject: ").append(subject).append(" and codesource: ").append(codeSource).toString());
            return null;
        }
    }

    @Override // oracle.security.jazn.policy.JAZNPolicy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        return getPermissions((Subject) null, codeSource);
    }

    @Override // oracle.security.jazn.policy.JAZNPolicy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        try {
            if (protectionDomain == null) {
                return new Permissions();
            }
            HashSet hashSet = null;
            Principal[] principals = protectionDomain.getPrincipals();
            if (principals != null && principals.length != 0) {
                hashSet = new HashSet();
                for (Principal principal : principals) {
                    hashSet.add(principal);
                }
            }
            return getPermissions(new GranteeEntry(hashSet, protectionDomain.getCodeSource()));
        } catch (JAZNException e) {
            if (Dbg.LOG) {
                e.printStackTrace();
            }
            if (!Dbg.LOG) {
                return null;
            }
            System.out.println(new StringBuffer().append("JAAS-LDAP: Caught Exception: ").append(e.getMessage()).append(" while retrieving permissions for domain: ").append(protectionDomain).toString());
            return null;
        } catch (Throwable th) {
            if (Dbg.LOG) {
                th.printStackTrace();
            }
            if (!Dbg.LOG) {
                return null;
            }
            System.out.println(new StringBuffer().append("JAAS-LDAP: Caught Exception: ").append(th.getMessage()).append(" while retrieving permissions for domain: ").append(protectionDomain).toString());
            return null;
        }
    }

    @Override // oracle.security.jazn.policy.JAZNPolicy
    public void refresh() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new AuthPermission("refreshPolicy"));
        }
    }
}
