package com.oracle.server.ejb.container.codegen;

import com.evermind.server.ejb.compilation.Compilation;
import com.evermind.server.ejb.deployment.MethodDescriptor;
import com.evermind.util.ByteString;
import com.oracle.server.ejb.container.deployment.ContainerEntityDescriptor;
import com.sun.enterprise.deployment.xml.EjbTagNames;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.List;
import javax.security.jacc.EJBMethodPermission;
import oracle.aurora.ncomp.java.ClassDeclaration;
import oracle.aurora.ncomp.java.ClassDefinition;
import oracle.aurora.ncomp.java.Identifier;
import oracle.aurora.ncomp.java.Type;
import oracle.aurora.ncomp.javac.ExpressionStack;
import oracle.aurora.ncomp.javac.IdentifierStack;
import oracle.aurora.ncomp.javac.SourceField;
import oracle.aurora.ncomp.javac.StatementStack;
import oracle.aurora.ncomp.javac.TypeStack;
import oracle.aurora.ncomp.tree.AddExpression;
import oracle.aurora.ncomp.tree.AndExpression;
import oracle.aurora.ncomp.tree.AssignExpression;
import oracle.aurora.ncomp.tree.BooleanExpression;
import oracle.aurora.ncomp.tree.CastExpression;
import oracle.aurora.ncomp.tree.CompoundStatement;
import oracle.aurora.ncomp.tree.DeclarationStatement;
import oracle.aurora.ncomp.tree.EqualExpression;
import oracle.aurora.ncomp.tree.Expression;
import oracle.aurora.ncomp.tree.ExpressionStatement;
import oracle.aurora.ncomp.tree.FieldExpression;
import oracle.aurora.ncomp.tree.FinallyStatement;
import oracle.aurora.ncomp.tree.IdentifierExpression;
import oracle.aurora.ncomp.tree.IfStatement;
import oracle.aurora.ncomp.tree.MethodExpression;
import oracle.aurora.ncomp.tree.NewInstanceExpression;
import oracle.aurora.ncomp.tree.Node;
import oracle.aurora.ncomp.tree.NotExpression;
import oracle.aurora.ncomp.tree.NullExpression;
import oracle.aurora.ncomp.tree.OrExpression;
import oracle.aurora.ncomp.tree.Statement;
import oracle.aurora.ncomp.tree.StringExpression;
import oracle.aurora.ncomp.tree.Syntax;
import oracle.aurora.ncomp.tree.ThisExpression;
import oracle.aurora.ncomp.tree.ThrowStatement;

/* loaded from: input_file:com/oracle/server/ejb/container/codegen/JasperSecurityCodeGen.class */
public class JasperSecurityCodeGen extends JasperAbstractGenerator {
    @Override // com.oracle.server.ejb.container.codegen.JasperAbstractGenerator
    public ByteString generateSource() {
        throw new UnsupportedOperationException("JasperSecurityCodeGen is a utility class, it does not generate independent code");
    }

    @Override // com.oracle.server.ejb.container.codegen.JasperAbstractGenerator, com.evermind.compiler.Compilable
    public String getName() {
        throw new UnsupportedOperationException("JasperSecurityCodeGen is a utility class, it does not generate independent code");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean methodNeedsSecurityRoleCheck(ContainerEntityDescriptor containerEntityDescriptor, Method method, boolean z, boolean z2) {
        return getSecurityRoles(containerEntityDescriptor, method, z, z2).size() != 0;
    }

    static List getSecurityRoles(ContainerEntityDescriptor containerEntityDescriptor, Method method, boolean z, boolean z2) {
        List securityRoles = containerEntityDescriptor.getEntityBeanDescriptor().getSecurityRoles(method, z, z2);
        if (null == securityRoles) {
            Compilation compilation = containerEntityDescriptor.getEntityBeanDescriptor().getEJBPackage().getCompilation();
            if (null == compilation.getDefaultAllowedRoleNames()) {
                ArrayList arrayList = new ArrayList(1);
                arrayList.add("<<default>>");
                compilation.setDefaultAllowedRoleNames(arrayList);
            }
            securityRoles = compilation.getDefaultAllowedRoleNames();
        }
        return securityRoles;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Identifier[] makeSecurityRoleVariables() {
        return new Identifier[]{Identifier.lookup(JasperUtils.gensym(JasperConstants.ROLE_VAR_NAME)), Identifier.lookup(JasperUtils.gensym(JasperConstants.EJBPERMISSION_VAR_NAME))};
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SourceField makeSecurityRoleDeclarations(Identifier[] identifierArr) {
        return JasperUtils.appendFields(new SourceField(0, (ClassDefinition) null, (String) null, 8, Type.tType(Identifier.lookup(Identifier.lookup(Identifier.lookup(Identifier.lookup("com"), Identifier.lookup("evermind")), Identifier.lookup("server")), Identifier.lookup("RuntimeSecurityRole"))), identifierArr[0], (Identifier[]) null, (ClassDeclaration[]) null, (Node) null), new SourceField(0, (ClassDefinition) null, (String) null, 8, Type.tType(Identifier.lookup(Identifier.lookup(Identifier.lookup(Identifier.lookup("javax"), Identifier.lookup("security")), Identifier.lookup("jacc")), Identifier.lookup("EJBMethodPermission"))), identifierArr[1], (Identifier[]) null, (ClassDeclaration[]) null, (Node) null));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Statement addSecurityChecks(Method method, ContainerEntityDescriptor containerEntityDescriptor, boolean z, boolean z2, Identifier[] identifierArr, Identifier[] identifierArr2, Statement statement) {
        if (methodNeedsSecurityRoleCheck(containerEntityDescriptor, method, z, z2)) {
            String[] strArr = (String[]) getSecurityRoles(containerEntityDescriptor, method, z, z2).toArray(new String[0]);
            statement = JasperUtils.removeExtraBrackets(new CompoundStatement(0, new StatementStack(7).push(JasperUtils.codeGenDebug("START: SECURITY Role check")).push(new ExpressionStatement(0, (Expression) null)).push(new IfStatement(0, new FieldExpression(0, new FieldExpression(0, new FieldExpression(0, new FieldExpression(0, new IdentifierExpression(0, Identifier.lookup("oracle")), Identifier.lookup("oc4j")), Identifier.lookup("security")), Identifier.lookup("JACCGlobalState")), Identifier.lookup("enabled")), new CompoundStatement(0, new StatementStack(10).push(makeLazyEJBMethodPermissionInitStatement(containerEntityDescriptor, identifierArr[1], method, z, z2)).push(new ExpressionStatement(0, (Expression) null)).push(JasperUtils.makeObjectArrayInit(Identifier.lookup("args"), identifierArr2, method)).push(new ExpressionStatement(0, (Expression) null)).push(new DeclarationStatement(0, 0, new FieldExpression(0, new FieldExpression(0, new FieldExpression(0, new IdentifierExpression(0, Identifier.lookup("javax")), Identifier.lookup("xml")), Identifier.lookup("soap")), Identifier.lookup("SOAPMessage")), new ExpressionStack(1).push(new AssignExpression(0, new IdentifierExpression(0, Identifier.lookup("soapMsg")), new NullExpression(0))).toArray())).push(new DeclarationStatement(0, 0, new FieldExpression(0, new FieldExpression(0, new IdentifierExpression(0, Identifier.lookup("javax")), Identifier.lookup("ejb")), Identifier.lookup("EnterpriseBean")), new ExpressionStack(1).push(new AssignExpression(0, new IdentifierExpression(0, Identifier.lookup("target")), new NullExpression(0))).toArray())).push(z ? JasperUtils.NO_OP_STATEMENT : new ExpressionStatement(0, new AssignExpression(0, new IdentifierExpression(0, Identifier.lookup("target")), new CastExpression(0, new FieldExpression(0, new FieldExpression(0, new IdentifierExpression(0, Identifier.lookup("javax")), Identifier.lookup("ejb")), Identifier.lookup("EnterpriseBean")), new MethodExpression(0, new ThisExpression(0), Identifier.lookup("getEntityBean"), new ExpressionStack(0).toArray()))))).push(new ExpressionStatement(0, (Expression) null)).push(new DeclarationStatement(0, 0, new IdentifierExpression(0, Identifier.lookup("JACCAuthorization")), new ExpressionStack(1).push(new AssignExpression(0, new IdentifierExpression(0, Identifier.lookup("authorizer")), new MethodExpression(0, new IdentifierExpression(0, Identifier.lookup("thread")), Identifier.lookup("getAuthorizer"), new ExpressionStack(0).toArray()))).toArray())).push(new IfStatement(0, new OrExpression(0, new EqualExpression(0, new IdentifierExpression(0, Identifier.lookup("authorizer")), new NullExpression(0)), new NotExpression(0, new MethodExpression(0, new IdentifierExpression(0, Identifier.lookup("authorizer")), Identifier.lookup("authorizeEJB"), new ExpressionStack(5).push(new IdentifierExpression(0, identifierArr[1])).push(new MethodExpression(0, new IdentifierExpression(0, Identifier.lookup("thread")), Identifier.lookup("getUser"), new ExpressionStack(0).toArray())).push(new IdentifierExpression(0, Identifier.lookup("args"))).push(new IdentifierExpression(0, Identifier.lookup("target"))).push(new IdentifierExpression(0, Identifier.lookup("soapMsg"))).toArray()))), new CompoundStatement(0, new StatementStack(2).push(makeLocalOrRemoteAccessException(z2)).push(new ExpressionStatement(0, (Expression) null)).toArray()), (Statement) null)).toArray()), new CompoundStatement(0, new StatementStack(3).push(makeLazyRoleInitStatement(identifierArr, strArr, z)).push(new ExpressionStatement(0, (Expression) null)).push(new IfStatement(0, new AndExpression(0, new NotExpression(0, new MethodExpression(0, new IdentifierExpression(0, identifierArr[0]), Identifier.lookup("impliesAll"), new ExpressionStack(0).toArray())), new NotExpression(0, new MethodExpression(0, new IdentifierExpression(0, identifierArr[0]), Identifier.lookup("impliesUser"), new ExpressionStack(2).push(new MethodExpression(0, new IdentifierExpression(0, Identifier.lookup("thread")), Identifier.lookup("getUser"), new ExpressionStack(0).toArray())).push(new NullExpression(0)).toArray()))), new CompoundStatement(0, new StatementStack(2).push(makeLocalOrRemoteAccessException(z2)).push(new ExpressionStatement(0, (Expression) null)).toArray()), (Statement) null)).toArray()))).push(JasperUtils.codeGenDebug("END: SECURITY Role check")).push(new ExpressionStatement(0, (Expression) null)).push(statement).push(new ExpressionStatement(0, (Expression) null)).toArray()));
        }
        return statement;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Statement addRunAsLogic(Method method, ContainerEntityDescriptor containerEntityDescriptor, boolean z, boolean z2, Statement statement) {
        return (containerEntityDescriptor.getEntityBeanDescriptor().getSecurityIdentity() == null || containerEntityDescriptor.getEntityBeanDescriptor().getSecurityIdentity().getSpecifiedIdentity() == null) ? JasperUtils.removeExtraBrackets(new CompoundStatement(0, new StatementStack(5).push(JasperUtils.codeGenDebug("NOTE: 'shieldedUser = false' indicates no RunAs identity")).push(new ExpressionStatement(0, (Expression) null)).push(new ExpressionStatement(0, new AssignExpression(0, new FieldExpression(0, new MethodExpression(0, new FieldExpression(0, new FieldExpression(0, new FieldExpression(0, new IdentifierExpression(0, Identifier.lookup("com")), Identifier.lookup("evermind")), Identifier.lookup("server")), Identifier.lookup("ThreadState")), Identifier.lookup("getCurrentState"), new ExpressionStack(0).toArray()), Identifier.lookup("shieldedUser")), new BooleanExpression(0, false)))).push(statement).push(new ExpressionStatement(0, (Expression) null)).toArray())) : JasperUtils.removeExtraBrackets(new CompoundStatement(0, new StatementStack(8).push(JasperUtils.codeGenDebug("START: RunAs Preparation")).push(new ExpressionStatement(0, (Expression) null)).push(new ExpressionStatement(0, new AssignExpression(0, new FieldExpression(0, new MethodExpression(0, new FieldExpression(0, new FieldExpression(0, new FieldExpression(0, new IdentifierExpression(0, Identifier.lookup("com")), Identifier.lookup("evermind")), Identifier.lookup("server")), Identifier.lookup("ThreadState")), Identifier.lookup("getCurrentState"), new ExpressionStack(0).toArray()), Identifier.lookup("shieldedUser")), new BooleanExpression(0, true)))).push(new DeclarationStatement(0, 0, new FieldExpression(0, new FieldExpression(0, new FieldExpression(0, new IdentifierExpression(0, Identifier.lookup("com")), Identifier.lookup("evermind")), Identifier.lookup("security")), Identifier.lookup("User")), new ExpressionStack(1).push(new AssignExpression(0, new IdentifierExpression(0, Identifier.lookup("previousUser")), new MethodExpression(0, new IdentifierExpression(0, Identifier.lookup("thread")), Identifier.lookup("getUser"), new ExpressionStack(0).toArray()))).toArray())).push(new ExpressionStatement(0, new AssignExpression(0, new FieldExpression(0, new MethodExpression(0, new FieldExpression(0, new FieldExpression(0, new FieldExpression(0, new IdentifierExpression(0, Identifier.lookup("com")), Identifier.lookup("evermind")), Identifier.lookup("server")), Identifier.lookup("ThreadState")), Identifier.lookup("getCurrentState"), new ExpressionStack(0).toArray()), Identifier.lookup("user")), new MethodExpression(0, new IdentifierExpression(0, JasperUtils.makeHomeReference(z)), Identifier.lookup("getRunAsUser"), new ExpressionStack(2).push(new IdentifierExpression(0, Identifier.lookup("previousUser"))).push(new ThisExpression(0)).toArray())))).push(JasperUtils.codeGenDebug("END: RunAs Preparation")).push(new ExpressionStatement(0, (Expression) null)).push(new FinallyStatement(0, new CompoundStatement(0, new StatementStack(4).push(JasperUtils.codeGenDebug("START: try-finally to Restore User after RunAs")).push(new ExpressionStatement(0, (Expression) null)).push(statement).push(new ExpressionStatement(0, (Expression) null)).toArray()), new CompoundStatement(0, new StatementStack(3).push(JasperUtils.codeGenDebug("END: try-finally to Restore User after RunAs")).push(new ExpressionStatement(0, (Expression) null)).push(new ExpressionStatement(0, new AssignExpression(0, new FieldExpression(0, new MethodExpression(0, new FieldExpression(0, new FieldExpression(0, new FieldExpression(0, new IdentifierExpression(0, Identifier.lookup("com")), Identifier.lookup("evermind")), Identifier.lookup("server")), Identifier.lookup("ThreadState")), Identifier.lookup("getCurrentState"), new ExpressionStack(0).toArray()), Identifier.lookup("user")), new IdentifierExpression(0, Identifier.lookup("previousUser"))))).toArray()))).toArray()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isMethodInExcludeList(Method method, ContainerEntityDescriptor containerEntityDescriptor, boolean z, boolean z2) {
        List excludeListMethods = containerEntityDescriptor.getEntityBeanDescriptor().getEJBPackage().getExcludeListMethods();
        for (int i = 0; i < excludeListMethods.size(); i++) {
            if (((MethodDescriptor) excludeListMethods.get(i)).implies(containerEntityDescriptor.getBeanName(), method, z2 ? z ? 4 : 3 : z ? 2 : 1) > 0) {
                return true;
            }
        }
        return false;
    }

    static Statement makeLazyRoleInitStatement(Identifier[] identifierArr, String[] strArr, boolean z) {
        Identifier lookup = Identifier.lookup("roleArray");
        return new IfStatement(0, new EqualExpression(0, new IdentifierExpression(0, identifierArr[0]), new NullExpression(0)), new CompoundStatement(0, new StatementStack(3).push(JasperUtils.makeStringArrayInit(lookup, strArr)).push(new ExpressionStatement(0, (Expression) null)).push(new ExpressionStatement(0, new AssignExpression(0, new IdentifierExpression(0, identifierArr[0]), new MethodExpression(0, new IdentifierExpression(0, JasperUtils.makeHomeReference(z)), Identifier.lookup("getCallers"), new ExpressionStack(1).push(new IdentifierExpression(0, lookup)).toArray())))).toArray()), (Statement) null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SourceField makeExcludedBusinessMethod(Method method, Identifier identifier, Type[] typeArr, Identifier[] identifierArr, Identifier[] identifierArr2, ContainerEntityDescriptor containerEntityDescriptor, boolean z, boolean z2) {
        return new SourceField(env, (Identifier) null, (String) null, 1, Type.tMethod(Type.tType(JasperUtils.getJVMTypeString(method.getReturnType())), new TypeStack(1).push(typeArr).toArray()), identifier, new IdentifierStack(1).push(identifierArr).toArray(), new IdentifierStack(1).push(identifierArr2).toArray(), new CompoundStatement(0, new StatementStack(1).push(new ThrowStatement(0, new NewInstanceExpression(0, new IdentifierExpression(0, Identifier.lookup(z2 ? "javax.ejb.EJBException" : "com.evermind.server.rmi.OrionRemoteException")), new ExpressionStack(1).push(new StringExpression(0, "Method in exclude-list")).toArray()))).toArray()));
    }

    static Statement makeLazyEJBMethodPermissionInitStatement(ContainerEntityDescriptor containerEntityDescriptor, Identifier identifier, Method method, boolean z, boolean z2) {
        String str;
        if (z2) {
            str = z ? "LocalHome" : EjbTagNames.QUERY_LOCAL_TYPE_MAPPING;
        } else {
            str = z ? "Home" : null;
        }
        return new IfStatement(0, new EqualExpression(0, new IdentifierExpression(0, identifier), new NullExpression(0)), new ExpressionStatement(0, new AssignExpression(0, new IdentifierExpression(0, identifier), new NewInstanceExpression(0, new IdentifierExpression(0, Identifier.lookup("EJBMethodPermission")), new ExpressionStack(2).push(Syntax.make(containerEntityDescriptor.getBeanName())).push(Syntax.make(new EJBMethodPermission(containerEntityDescriptor.getBeanName(), str, method).getActions())).toArray()))), (Statement) null);
    }

    static Statement makeLocalOrRemoteAccessException(boolean z) {
        return new ThrowStatement(0, new NewInstanceExpression(0, new IdentifierExpression(0, Identifier.lookup(z ? "javax.ejb.AccessLocalException" : "com.evermind.server.rmi.OrionRemoteException")), new ExpressionStack(1).push(new AddExpression(0, new AddExpression(0, new AddExpression(0, new MethodExpression(0, new MethodExpression(0, new IdentifierExpression(0, Identifier.lookup("thread")), Identifier.lookup("getUser"), new ExpressionStack(0).toArray()), Identifier.lookup("getName"), new ExpressionStack(0).toArray()), new StringExpression(0, " is not allowed to call this EJB method, ")), new StringExpression(0, "check your security settings (method-permission in ejb-jar.xml and ")), new StringExpression(0, "security-role-mapping in orion-application.xml)."))).toArray()));
    }
}
