package org.apache.geronimo.security.jacc;

import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContextException;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.gbean.GBeanLifecycle;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.IdentificationPrincipal;
import org.apache.geronimo.security.credentialstore.CredentialStore;
import org.apache.geronimo.security.deploy.SubjectInfo;

/* loaded from: input_file:org/apache/geronimo/security/jacc/ApplicationPolicyConfigurationManager.class */
public class ApplicationPolicyConfigurationManager implements GBeanLifecycle, RunAsSource {
    private final Map<String, PolicyConfiguration> contextIdToPolicyConfigurationMap = new HashMap();
    private final Map<String, Subject> roleDesignates = new HashMap();
    private final Subject defaultSubject;
    private final PrincipalRoleMapper principalRoleMapper;
    public static final GBeanInfo GBEAN_INFO;

    public ApplicationPolicyConfigurationManager(Map<String, ComponentPermissions> map, SubjectInfo subjectInfo, Map<String, SubjectInfo> map2, ClassLoader classLoader, CredentialStore credentialStore, PrincipalRoleMapper principalRoleMapper) throws PolicyContextException, ClassNotFoundException, LoginException {
        if (credentialStore == null && (!map2.isEmpty() || subjectInfo != null)) {
            throw new NullPointerException("No CredentialStore supplied to resolve default and run-as subjects");
        }
        this.principalRoleMapper = principalRoleMapper;
        Thread currentThread = Thread.currentThread();
        ClassLoader contextClassLoader = currentThread.getContextClassLoader();
        currentThread.setContextClassLoader(classLoader);
        try {
            PolicyConfigurationFactory policyConfigurationFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
            currentThread.setContextClassLoader(contextClassLoader);
            for (Map.Entry<String, ComponentPermissions> entry : map.entrySet()) {
                String key = entry.getKey();
                ComponentPermissions value = entry.getValue();
                PolicyConfiguration policyConfiguration = policyConfigurationFactory.getPolicyConfiguration(key, true);
                this.contextIdToPolicyConfigurationMap.put(key, policyConfiguration);
                policyConfiguration.addToExcludedPolicy(value.getExcludedPermissions());
                policyConfiguration.addToUncheckedPolicy(value.getUncheckedPermissions());
                for (Map.Entry<String, PermissionCollection> entry2 : value.getRolePermissions().entrySet()) {
                    String key2 = entry2.getKey();
                    Enumeration<Permission> elements = entry2.getValue().elements();
                    while (elements.hasMoreElements()) {
                        policyConfiguration.addToRole(key2, elements.nextElement());
                    }
                }
            }
            if (principalRoleMapper != null) {
                principalRoleMapper.install(map.keySet());
            }
            for (PolicyConfiguration policyConfiguration2 : this.contextIdToPolicyConfigurationMap.values()) {
                for (PolicyConfiguration policyConfiguration3 : this.contextIdToPolicyConfigurationMap.values()) {
                    if (policyConfiguration2 != policyConfiguration3) {
                        policyConfiguration2.linkConfiguration(policyConfiguration3);
                    }
                }
            }
            Iterator<PolicyConfiguration> it = this.contextIdToPolicyConfigurationMap.values().iterator();
            while (it.hasNext()) {
                it.next().commit();
            }
            Policy.getPolicy().refresh();
            if (subjectInfo == null) {
                this.defaultSubject = ContextManager.EMPTY;
            } else {
                this.defaultSubject = credentialStore.getSubject(subjectInfo.getRealm(), subjectInfo.getId());
                registerSubject(this.defaultSubject);
            }
            for (Map.Entry<String, SubjectInfo> entry3 : map2.entrySet()) {
                String key3 = entry3.getKey();
                SubjectInfo value2 = entry3.getValue();
                if (value2 == null || credentialStore == null) {
                    throw new NullPointerException("No subjectInfo for role " + key3);
                }
                Subject subject = credentialStore.getSubject(value2.getRealm(), value2.getId());
                registerSubject(subject);
                this.roleDesignates.put(key3, subject);
            }
        } catch (Throwable th) {
            currentThread.setContextClassLoader(contextClassLoader);
            throw th;
        }
    }

    private void registerSubject(Subject subject) {
        ContextManager.registerSubject(subject);
        subject.getPrincipals().add(new IdentificationPrincipal(ContextManager.getSubjectId(subject)));
    }

    @Override // org.apache.geronimo.security.jacc.RunAsSource
    public Subject getDefaultSubject() {
        return this.defaultSubject;
    }

    @Override // org.apache.geronimo.security.jacc.RunAsSource
    public Subject getSubjectForRole(String str) {
        return this.roleDesignates.get(str);
    }

    public void doStart() throws Exception {
    }

    public void doStop() throws Exception {
        Iterator<Map.Entry<String, Subject>> it = this.roleDesignates.entrySet().iterator();
        while (it.hasNext()) {
            ContextManager.unregisterSubject(it.next().getValue());
        }
        if (this.defaultSubject != ContextManager.EMPTY) {
            ContextManager.unregisterSubject(this.defaultSubject);
        }
        if (this.principalRoleMapper != null) {
            this.principalRoleMapper.uninstall(this.contextIdToPolicyConfigurationMap.keySet());
        }
        Iterator<PolicyConfiguration> it2 = this.contextIdToPolicyConfigurationMap.values().iterator();
        while (it2.hasNext()) {
            it2.next().delete();
        }
    }

    public void doFail() {
    }

    public static GBeanInfo getGBeanInfo() {
        return GBEAN_INFO;
    }

    static {
        GBeanInfoBuilder createStatic = GBeanInfoBuilder.createStatic(ApplicationPolicyConfigurationManager.class, "JACCManager");
        createStatic.addAttribute("contextIdToPermissionsMap", Map.class, true);
        createStatic.addAttribute("defaultSubjectInfo", SubjectInfo.class, true);
        createStatic.addAttribute("roleDesignates", Map.class, true);
        createStatic.addAttribute("classLoader", ClassLoader.class, false);
        createStatic.addReference("CredentialStore", CredentialStore.class, "GBean");
        createStatic.addReference("PrincipalRoleMapper", PrincipalRoleMapper.class, "JACCManager");
        createStatic.setConstructor(new String[]{"contextIdToPermissionsMap", "defaultSubjectInfo", "roleDesignates", "classLoader", "CredentialStore", "PrincipalRoleMapper"});
        GBEAN_INFO = createStatic.getBeanInfo();
    }
}
