package com.sun.enterprise.security.jmac.config;

import com.sun.enterprise.deployment.runtime.common.MessageSecurityBindingDescriptor;
import com.sun.enterprise.deployment.runtime.web.SunWebApp;
import com.sun.enterprise.security.jmac.AuthMessagePolicy;
import com.sun.enterprise.security.jmac.WebServicesDelegate;
import com.sun.logging.LogDomains;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.config.AuthConfig;
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.config.AuthConfigProvider;
import javax.security.auth.message.config.ClientAuthConfig;
import javax.security.auth.message.config.ClientAuthContext;
import javax.security.auth.message.config.ServerAuthConfig;
import javax.security.auth.message.config.ServerAuthContext;
import javax.security.auth.message.module.ClientAuthModule;
import javax.security.auth.message.module.ServerAuthModule;
import org.glassfish.internal.api.Globals;

/* loaded from: input_file:MICRO-INF/runtime/security-ee.jar:com/sun/enterprise/security/jmac/config/GFServerConfigProvider.class */
public class GFServerConfigProvider implements AuthConfigProvider {
    public static final String SOAP = "SOAP";
    public static final String HTTPSERVLET = "HttpServlet";
    protected static final String CLIENT = "client";
    protected static final String SERVER = "server";
    protected static final String MANAGES_SESSIONS_OPTION = "managessessions";
    private static final String DEFAULT_PARSER_CLASS = "com.sun.enterprise.security.jmac.config.ConfigDomainParser";
    static int epoch;
    static String parserClassName;
    static ConfigParser parser;
    static boolean parserInitialized;
    static AuthConfigFactory slaveFactory;
    static AuthConfigProvider slaveProvider;
    protected AuthConfigFactory factory;
    private WebServicesDelegate wsdelegate;
    private static final Logger logger = LogDomains.getLogger(GFServerConfigProvider.class, "javax.enterprise.system.core.security");
    private static final ThreadLocal<Subject> subjectLocal = new ThreadLocal<>();
    protected static final ReadWriteLock rwLock = new ReentrantReadWriteLock();
    protected static final Map<String, String> layerDefaultRegisIDMap = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:MICRO-INF/runtime/security-ee.jar:com/sun/enterprise/security/jmac/config/GFServerConfigProvider$Entry.class */
    public static class Entry {
        private static final Class<?>[] PARAMS = new Class[0];
        private static final Object[] ARGS = new Object[0];
        private String moduleClassName;
        private MessagePolicy requestPolicy;
        private MessagePolicy responsePolicy;
        private Map<String, Object> options;

        Entry(String str, MessagePolicy messagePolicy, MessagePolicy messagePolicy2, Map<String, Object> map) {
            this.moduleClassName = str;
            this.requestPolicy = messagePolicy;
            this.responsePolicy = messagePolicy2;
            this.options = map;
        }

        MessagePolicy getRequestPolicy() {
            return this.requestPolicy;
        }

        MessagePolicy getResponsePolicy() {
            return this.responsePolicy;
        }

        String getModuleClassName() {
            return this.moduleClassName;
        }

        Map<String, Object> getOptions() {
            return this.options;
        }

        Object newInstance() throws AuthException {
            try {
                return Class.forName(this.moduleClassName, true, GFServerConfigProvider.getClassLoader()).getConstructor(PARAMS).newInstance(ARGS);
            } catch (Exception e) {
                if (GFServerConfigProvider.logger.isLoggable(Level.WARNING)) {
                    GFServerConfigProvider.logger.log(Level.WARNING, "jmac.provider_unable_to_load_authmodule", (Object[]) new String[]{this.moduleClassName, e.toString()});
                }
                AuthException authException = new AuthException();
                authException.initCause(e);
                throw authException;
            }
        }
    }

    /* loaded from: input_file:MICRO-INF/runtime/security-ee.jar:com/sun/enterprise/security/jmac/config/GFServerConfigProvider$GFAuthConfig.class */
    class GFAuthConfig implements AuthConfig {
        protected AuthConfigProvider provider;
        protected String layer;
        protected String appContext;
        protected CallbackHandler handler;
        protected String type;
        protected String providerID;
        protected boolean init;
        protected boolean onePolicy;
        protected MessageSecurityBindingDescriptor binding;
        protected SunWebApp sunWebApp;

        protected GFAuthConfig(AuthConfigProvider authConfigProvider, String str, String str2, CallbackHandler callbackHandler, String str3) {
            this.provider = authConfigProvider;
            this.layer = str;
            this.appContext = str2;
            this.handler = callbackHandler != null ? callbackHandler : AuthMessagePolicy.getDefaultCallbackHandler();
            this.type = str3;
        }

        @Override // javax.security.auth.message.config.AuthConfig
        public String getMessageLayer() {
            return this.layer;
        }

        @Override // javax.security.auth.message.config.AuthConfig
        public String getAppContext() {
            return this.appContext;
        }

        @Override // javax.security.auth.message.config.AuthConfig
        public String getAuthContextID(MessageInfo messageInfo) {
            if (GFServerConfigProvider.HTTPSERVLET.equals(this.layer)) {
                return Boolean.valueOf((String) messageInfo.getMap().get(HttpServletConstants.IS_MANDATORY)).toString();
            }
            if (!"SOAP".equals(this.layer) || GFServerConfigProvider.this.wsdelegate == null) {
                return null;
            }
            return GFServerConfigProvider.this.wsdelegate.getAuthContextID(messageInfo);
        }

        @Override // javax.security.auth.message.config.AuthConfig
        public void refresh() {
            GFServerConfigProvider.loadParser(this.provider, GFServerConfigProvider.this.factory, null);
        }

        @Override // javax.security.auth.message.config.AuthConfig
        public boolean isProtected() {
            return true;
        }

        CallbackHandler getCallbackHandler() {
            return this.handler;
        }

        protected ModuleInfo getModuleInfo(String str, Map<String, Object> map) throws AuthException {
            if (!this.init) {
                initialize(map);
            }
            MessagePolicy[] httpServletPolicies = GFServerConfigProvider.HTTPSERVLET.equals(this.layer) ? AuthMessagePolicy.getHttpServletPolicies(str) : AuthMessagePolicy.getSOAPPolicies(this.binding, str, this.onePolicy);
            Entry entry = GFServerConfigProvider.this.getEntry(this.layer, this.providerID, httpServletPolicies[0], httpServletPolicies[1], this.type);
            if (entry != null) {
                return GFServerConfigProvider.createModuleInfo(entry, this.handler, this.type, map);
            }
            return null;
        }

        private void initialize(Map<String, ?> map) {
            if (this.init) {
                return;
            }
            if (GFServerConfigProvider.HTTPSERVLET.equals(this.layer)) {
                this.sunWebApp = AuthMessagePolicy.getSunWebApp(map);
                this.providerID = AuthMessagePolicy.getProviderID(this.sunWebApp);
                this.onePolicy = true;
            } else {
                this.binding = AuthMessagePolicy.getMessageSecurityBinding(this.layer, map);
                this.providerID = AuthMessagePolicy.getProviderID(this.binding);
                this.onePolicy = AuthMessagePolicy.oneSOAPPolicy(this.binding);
            }
            this.init = true;
        }
    }

    /* loaded from: input_file:MICRO-INF/runtime/security-ee.jar:com/sun/enterprise/security/jmac/config/GFServerConfigProvider$GFClientAuthConfig.class */
    class GFClientAuthConfig extends GFAuthConfig implements ClientAuthConfig {
        protected GFClientAuthConfig(AuthConfigProvider authConfigProvider, String str, String str2, CallbackHandler callbackHandler) {
            super(authConfigProvider, str, str2, callbackHandler, "client");
        }

        @Override // javax.security.auth.message.config.ClientAuthConfig
        public ClientAuthContext getAuthContext(String str, Subject subject, Map map) throws AuthException {
            ModuleInfo moduleInfo = getModuleInfo(str, map);
            if (moduleInfo == null || moduleInfo.getModule() == null) {
                return null;
            }
            return new GFClientAuthContext((ClientAuthModule) moduleInfo.getModule());
        }
    }

    /* loaded from: input_file:MICRO-INF/runtime/security-ee.jar:com/sun/enterprise/security/jmac/config/GFServerConfigProvider$GFClientAuthContext.class */
    protected static class GFClientAuthContext implements ClientAuthContext {
        private final ClientAuthModule module;

        GFClientAuthContext(ClientAuthModule clientAuthModule) {
            this.module = clientAuthModule;
        }

        @Override // javax.security.auth.message.ClientAuth
        public AuthStatus secureRequest(MessageInfo messageInfo, Subject subject) throws AuthException {
            if (this.module == null) {
                throw new AuthException();
            }
            return this.module.secureRequest(messageInfo, subject);
        }

        @Override // javax.security.auth.message.ClientAuth
        public AuthStatus validateResponse(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
            if (this.module == null) {
                throw new AuthException();
            }
            return this.module.validateResponse(messageInfo, subject, subject2);
        }

        @Override // javax.security.auth.message.ClientAuth
        public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
            if (this.module == null) {
                throw new AuthException();
            }
            this.module.cleanSubject(messageInfo, subject);
        }
    }

    /* loaded from: input_file:MICRO-INF/runtime/security-ee.jar:com/sun/enterprise/security/jmac/config/GFServerConfigProvider$GFServerAuthConfig.class */
    class GFServerAuthConfig extends GFAuthConfig implements ServerAuthConfig {
        protected GFServerAuthConfig(AuthConfigProvider authConfigProvider, String str, String str2, CallbackHandler callbackHandler) {
            super(authConfigProvider, str, str2, callbackHandler, "server");
        }

        @Override // javax.security.auth.message.config.ServerAuthConfig
        public ServerAuthContext getAuthContext(String str, Subject subject, Map map) throws AuthException {
            ModuleInfo moduleInfo = getModuleInfo(str, map);
            if (moduleInfo == null || moduleInfo.getModule() == null) {
                return null;
            }
            return new GFServerAuthContext((ServerAuthModule) moduleInfo.getModule());
        }
    }

    /* loaded from: input_file:MICRO-INF/runtime/security-ee.jar:com/sun/enterprise/security/jmac/config/GFServerConfigProvider$GFServerAuthContext.class */
    protected static class GFServerAuthContext implements ServerAuthContext {
        private final ServerAuthModule module;

        GFServerAuthContext(ServerAuthModule serverAuthModule) {
            this.module = serverAuthModule;
        }

        @Override // javax.security.auth.message.ServerAuth
        public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
            if (this.module == null) {
                throw new AuthException();
            }
            return this.module.validateRequest(messageInfo, subject, subject2);
        }

        @Override // javax.security.auth.message.ServerAuth
        public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
            if (this.module == null) {
                throw new AuthException();
            }
            return this.module.secureResponse(messageInfo, subject);
        }

        @Override // javax.security.auth.message.ServerAuth
        public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
            if (this.module == null) {
                throw new AuthException();
            }
            this.module.cleanSubject(messageInfo, subject);
        }
    }

    /* loaded from: input_file:MICRO-INF/runtime/security-ee.jar:com/sun/enterprise/security/jmac/config/GFServerConfigProvider$IDEntry.class */
    public static class IDEntry {
        private String type;
        private String moduleClassName;
        private MessagePolicy requestPolicy;
        private MessagePolicy responsePolicy;
        private Map<String, Object> options;

        public IDEntry(String str, String str2, MessagePolicy messagePolicy, MessagePolicy messagePolicy2, Map<String, Object> map) {
            this.type = str;
            this.moduleClassName = str2;
            this.requestPolicy = messagePolicy;
            this.responsePolicy = messagePolicy2;
            this.options = map;
        }

        public String getModuleClassName() {
            return this.moduleClassName;
        }

        public Map<String, Object> getOptions() {
            return this.options;
        }

        public MessagePolicy getRequestPolicy() {
            return this.requestPolicy;
        }

        public MessagePolicy getResponsePolicy() {
            return this.responsePolicy;
        }

        public String getType() {
            return this.type;
        }
    }

    /* loaded from: input_file:MICRO-INF/runtime/security-ee.jar:com/sun/enterprise/security/jmac/config/GFServerConfigProvider$InterceptEntry.class */
    public static class InterceptEntry {
        String defaultClientID;
        String defaultServerID;
        Map<String, IDEntry> idMap;

        public InterceptEntry(String str, String str2, Map<String, IDEntry> map) {
            this.defaultClientID = str;
            this.defaultServerID = str2;
            this.idMap = map;
        }

        public Map<String, IDEntry> getIdMap() {
            return this.idMap;
        }

        public void setIdMap(Map<String, IDEntry> map) {
            this.idMap = map;
        }

        public String getDefaultClientID() {
            return this.defaultClientID;
        }

        public String getDefaultServerID() {
            return this.defaultServerID;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:MICRO-INF/runtime/security-ee.jar:com/sun/enterprise/security/jmac/config/GFServerConfigProvider$ModuleInfo.class */
    public static class ModuleInfo {
        private final Object module;
        private final Map<String, Object> map;

        ModuleInfo(Object obj, Map<String, Object> map) {
            this.module = obj;
            this.map = map;
        }

        <T> T getModule() {
            return (T) this.module;
        }

        Map<String, Object> getMap() {
            return this.map;
        }
    }

    /* JADX WARN: Finally extract failed */
    public GFServerConfigProvider(Map map, AuthConfigFactory authConfigFactory) {
        this.factory = authConfigFactory;
        initializeParser();
        if (authConfigFactory != null) {
            try {
                rwLock.readLock().lock();
                boolean z = slaveFactory != null;
                rwLock.readLock().unlock();
                if (!z) {
                    try {
                        rwLock.writeLock().lock();
                        if (slaveFactory == null) {
                            slaveFactory = authConfigFactory;
                        }
                        rwLock.writeLock().unlock();
                    } catch (Throwable th) {
                        rwLock.writeLock().unlock();
                        throw th;
                    }
                }
            } catch (Throwable th2) {
                throw th2;
            }
        }
        try {
            rwLock.readLock().lock();
            boolean z2 = slaveProvider != null;
            rwLock.readLock().unlock();
            if (!z2) {
                try {
                    rwLock.writeLock().lock();
                    if (slaveProvider == null) {
                        slaveProvider = this;
                    }
                    rwLock.writeLock().unlock();
                } catch (Throwable th3) {
                    rwLock.writeLock().unlock();
                    throw th3;
                }
            }
            this.wsdelegate = (WebServicesDelegate) Globals.get(WebServicesDelegate.class);
        } finally {
            rwLock.readLock().unlock();
        }
    }

    private void initializeParser() {
        try {
            rwLock.readLock().lock();
            if (parserInitialized) {
                rwLock.readLock().unlock();
                return;
            }
            try {
                rwLock.writeLock().lock();
                if (!parserInitialized) {
                    parserClassName = System.getProperty("config.parser", DEFAULT_PARSER_CLASS);
                    loadParser(this, this.factory, null);
                    parserInitialized = true;
                }
                rwLock.writeLock().unlock();
            } catch (Throwable th) {
                rwLock.writeLock().unlock();
                throw th;
            }
        } finally {
            rwLock.readLock().unlock();
        }
    }

    static ModuleInfo createModuleInfo(Entry entry, CallbackHandler callbackHandler, String str, Map<String, Object> map) throws AuthException {
        try {
            Object newInstance = entry.newInstance();
            Map<String, Object> map2 = map;
            Map<String, Object> options = entry.getOptions();
            if (options != null) {
                map2 = map2 == null ? new HashMap() : new HashMap(map2);
                map2.putAll(options);
            }
            if ("server".equals(str)) {
                ((ServerAuthModule) newInstance).initialize(entry.getRequestPolicy(), entry.getResponsePolicy(), callbackHandler, map2);
            } else {
                ((ClientAuthModule) newInstance).initialize(entry.getRequestPolicy(), entry.getResponsePolicy(), callbackHandler, map2);
            }
            return new ModuleInfo(newInstance, map2);
        } catch (Exception e) {
            if (e instanceof AuthException) {
                throw ((AuthException) e);
            }
            throw ((AuthException) new AuthException().initCause(e));
        }
    }

    private static Object createObject(String str) {
        ClassLoader classLoader = getClassLoader();
        if (System.getSecurityManager() != null) {
            try {
                return AccessController.doPrivileged(() -> {
                    return Class.forName(str, true, classLoader).newInstance();
                });
            } catch (PrivilegedActionException e) {
                throw new RuntimeException(e.getException());
            }
        }
        try {
            return Class.forName(str, true, classLoader).newInstance();
        } catch (Throwable th) {
            throw new RuntimeException(th);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:15:0x009e, code lost:
    
        if (r0 == null) goto L25;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    com.sun.enterprise.security.jmac.config.GFServerConfigProvider.Entry getEntry(java.lang.String r8, java.lang.String r9, javax.security.auth.message.MessagePolicy r10, javax.security.auth.message.MessagePolicy r11, java.lang.String r12) {
        /*
            Method dump skipped, instructions count: 564
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.enterprise.security.jmac.config.GFServerConfigProvider.getEntry(java.lang.String, java.lang.String, javax.security.auth.message.MessagePolicy, javax.security.auth.message.MessagePolicy, java.lang.String):com.sun.enterprise.security.jmac.config.GFServerConfigProvider$Entry");
    }

    @Override // javax.security.auth.message.config.AuthConfigProvider
    public ClientAuthConfig getClientAuthConfig(String str, String str2, CallbackHandler callbackHandler) throws AuthException {
        return new GFClientAuthConfig(this, str, str2, callbackHandler);
    }

    @Override // javax.security.auth.message.config.AuthConfigProvider
    public ServerAuthConfig getServerAuthConfig(String str, String str2, CallbackHandler callbackHandler) throws AuthException {
        return new GFServerAuthConfig(this, str, str2, callbackHandler);
    }

    @Override // javax.security.auth.message.config.AuthConfigProvider
    public void refresh() {
        loadParser(this, this.factory, null);
    }

    public static void loadConfigContext(Object obj) {
        rwLock.readLock().lock();
        try {
            boolean z = slaveFactory != null;
            rwLock.readLock().unlock();
            if (slaveProvider == null) {
                if (logger.isLoggable(Level.SEVERE)) {
                    logger.severe("unableToLoad.noSlaveProvider");
                    return;
                }
                return;
            }
            if (!z) {
                rwLock.writeLock().lock();
                try {
                    if (slaveFactory == null) {
                        slaveFactory = AuthConfigFactory.getFactory();
                    }
                    rwLock.writeLock().unlock();
                } catch (Throwable th) {
                    rwLock.writeLock().unlock();
                    throw th;
                }
            }
            loadParser(slaveProvider, slaveFactory, obj);
        } catch (Throwable th2) {
            rwLock.readLock().unlock();
            throw th2;
        }
    }

    protected static void loadParser(AuthConfigProvider authConfigProvider, AuthConfigFactory authConfigFactory, Object obj) {
        rwLock.writeLock().lock();
        try {
            try {
                int i = epoch + 1;
                ConfigParser configParser = (ConfigParser) createObject(parserClassName);
                configParser.initialize(obj);
                if (authConfigFactory != null && authConfigProvider != null) {
                    Set<String> layersWithDefault = configParser.getLayersWithDefault();
                    for (String str : layerDefaultRegisIDMap.keySet()) {
                        if (!layersWithDefault.contains(str)) {
                            authConfigFactory.removeRegistration(layerDefaultRegisIDMap.remove(str));
                        }
                    }
                    for (String str2 : layersWithDefault) {
                        if (!layerDefaultRegisIDMap.containsKey(str2)) {
                            layerDefaultRegisIDMap.put(str2, authConfigFactory.registerConfigProvider(authConfigProvider, str2, null, "GFServerConfigProvider: self registration"));
                        }
                    }
                }
                epoch = i == 0 ? 1 : i;
                parser = configParser;
                rwLock.writeLock().unlock();
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            rwLock.writeLock().unlock();
            throw th;
        }
    }

    protected static ClassLoader getClassLoader() {
        return System.getSecurityManager() == null ? Thread.currentThread().getContextClassLoader() : (ClassLoader) AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.sun.enterprise.security.jmac.config.GFServerConfigProvider.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                return Thread.currentThread().getContextClassLoader();
            }
        });
    }

    public static void setValidateRequestSubject(Subject subject) {
        subjectLocal.set(subject);
    }
}
