package com.sun.enterprise.security.jmac;

import com.sun.enterprise.deployment.ServiceReferenceDescriptor;
import com.sun.enterprise.deployment.WebBundleDescriptor;
import com.sun.enterprise.deployment.WebServiceEndpoint;
import com.sun.enterprise.deployment.runtime.common.MessageDescriptor;
import com.sun.enterprise.deployment.runtime.common.MessageSecurityBindingDescriptor;
import com.sun.enterprise.deployment.runtime.common.MessageSecurityDescriptor;
import com.sun.enterprise.deployment.runtime.common.ProtectionDescriptor;
import com.sun.enterprise.deployment.runtime.web.SunWebApp;
import com.sun.enterprise.security.common.AppservAccessController;
import com.sun.enterprise.security.jmac.config.HttpServletConstants;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.MessagePolicy;
import org.glassfish.internal.api.Globals;

/* loaded from: input_file:MICRO-INF/runtime/security-ee.jar:com/sun/enterprise/security/jmac/AuthMessagePolicy.class */
public class AuthMessagePolicy {
    private static final String SENDER = "sender";
    private static final String CONTENT = "content";
    private static final String BEFORE_CONTENT = "before-content";
    private static final String HANDLER_CLASS_PROPERTY = "security.jmac.config.ConfigHelper.CallbackHandler";
    private static final String DEFAULT_HANDLER_CLASS = "com.sun.enterprise.security.jmac.callback.ContainerCallbackHandler";
    private static final MessagePolicy MANDATORY_POLICY = getMessagePolicy("sender", null, true);
    private static final MessagePolicy OPTIONAL_POLICY = getMessagePolicy("sender", null, false);
    private static String handlerClassName = null;

    private AuthMessagePolicy() {
    }

    public static MessageSecurityBindingDescriptor getMessageSecurityBinding(String str, Map<String, ?> map) {
        WebServicesDelegate webServicesDelegate;
        if (map == null) {
            return null;
        }
        MessageSecurityBindingDescriptor messageSecurityBindingDescriptor = null;
        WebServiceEndpoint webServiceEndpoint = (WebServiceEndpoint) map.get("SERVICE_ENDPOINT");
        if (webServiceEndpoint != null) {
            messageSecurityBindingDescriptor = webServiceEndpoint.getMessageSecurityBinding();
        } else {
            ServiceReferenceDescriptor serviceReferenceDescriptor = (ServiceReferenceDescriptor) map.get("SERVICE_REF");
            if (serviceReferenceDescriptor != null && (webServicesDelegate = (WebServicesDelegate) Globals.get(WebServicesDelegate.class)) != null) {
                messageSecurityBindingDescriptor = webServicesDelegate.getBinding(serviceReferenceDescriptor, map);
            }
        }
        if (messageSecurityBindingDescriptor == null) {
            return null;
        }
        String attributeValue = messageSecurityBindingDescriptor.getAttributeValue(MessageSecurityBindingDescriptor.AUTH_LAYER);
        if (attributeValue == null || str.equals(attributeValue)) {
            return messageSecurityBindingDescriptor;
        }
        return null;
    }

    public static MessagePolicy getMessagePolicy(String str, String str2) {
        return getMessagePolicy(str, str2, "sender".equals(str) || "content".equals(str) || (str2 != null));
    }

    public static MessagePolicy getMessagePolicy(String str, String str2, boolean z) {
        boolean equals = "sender".equals(str);
        boolean equals2 = "content".equals(str);
        boolean z2 = str2 != null;
        boolean equals3 = "before-content".equals(str2);
        ArrayList arrayList = new ArrayList();
        if (z2 && equals3) {
            arrayList.add(new MessagePolicy.TargetPolicy(null, () -> {
                return MessagePolicy.ProtectionPolicy.AUTHENTICATE_RECIPIENT;
            }));
            if (equals) {
                arrayList.add(new MessagePolicy.TargetPolicy(null, () -> {
                    return MessagePolicy.ProtectionPolicy.AUTHENTICATE_SENDER;
                }));
            } else if (equals2) {
                arrayList.add(new MessagePolicy.TargetPolicy(null, () -> {
                    return MessagePolicy.ProtectionPolicy.AUTHENTICATE_CONTENT;
                }));
            }
        } else {
            if (equals) {
                arrayList.add(new MessagePolicy.TargetPolicy(null, () -> {
                    return MessagePolicy.ProtectionPolicy.AUTHENTICATE_SENDER;
                }));
            } else if (equals2) {
                arrayList.add(new MessagePolicy.TargetPolicy(null, () -> {
                    return MessagePolicy.ProtectionPolicy.AUTHENTICATE_CONTENT;
                }));
            }
            if (z2) {
                arrayList.add(new MessagePolicy.TargetPolicy(null, () -> {
                    return MessagePolicy.ProtectionPolicy.AUTHENTICATE_RECIPIENT;
                }));
            }
        }
        return new MessagePolicy((MessagePolicy.TargetPolicy[]) arrayList.toArray(new MessagePolicy.TargetPolicy[arrayList.size()]), z);
    }

    public static MessagePolicy getMessagePolicy(ProtectionDescriptor protectionDescriptor) {
        if (protectionDescriptor == null) {
            return null;
        }
        return getMessagePolicy(protectionDescriptor.getAttributeValue(ProtectionDescriptor.AUTH_SOURCE), protectionDescriptor.getAttributeValue(ProtectionDescriptor.AUTH_RECIPIENT));
    }

    public static String getProviderID(MessageSecurityBindingDescriptor messageSecurityBindingDescriptor) {
        String str = null;
        if (messageSecurityBindingDescriptor != null && "SOAP".equals(messageSecurityBindingDescriptor.getAttributeValue(MessageSecurityBindingDescriptor.AUTH_LAYER))) {
            str = messageSecurityBindingDescriptor.getAttributeValue(MessageSecurityBindingDescriptor.PROVIDER_ID);
        }
        return str;
    }

    public static MessagePolicy[] getSOAPPolicies(MessageSecurityBindingDescriptor messageSecurityBindingDescriptor, String str, boolean z) {
        MessagePolicy messagePolicy = null;
        MessagePolicy messagePolicy2 = null;
        if (messageSecurityBindingDescriptor != null) {
            ArrayList messageSecurityDescriptors = "SOAP".equals(messageSecurityBindingDescriptor.getAttributeValue(MessageSecurityBindingDescriptor.AUTH_LAYER)) ? messageSecurityBindingDescriptor.getMessageSecurityDescriptors() : null;
            if (messageSecurityDescriptors != null) {
                if (!z) {
                    MessageSecurityDescriptor messageSecurityDescriptor = null;
                    for (int i = 0; i < messageSecurityDescriptors.size(); i++) {
                        MessageSecurityDescriptor messageSecurityDescriptor2 = (MessageSecurityDescriptor) messageSecurityDescriptors.get(i);
                        ArrayList messageDescriptors = messageSecurityDescriptor2.getMessageDescriptors();
                        int i2 = i + 1;
                        while (true) {
                            if (i2 >= messageDescriptors.size()) {
                                break;
                            }
                            String operationName = ((MessageDescriptor) messageDescriptors.get(i2)).getOperationName();
                            if (operationName != null || messageSecurityDescriptor != null) {
                                if (operationName != null && operationName.equals(str)) {
                                    messageSecurityDescriptor = messageSecurityDescriptor2;
                                    break;
                                }
                            } else {
                                messageSecurityDescriptor = messageSecurityDescriptor2;
                            }
                            i2++;
                        }
                        if (messageSecurityDescriptor != null) {
                            messagePolicy = getMessagePolicy(messageSecurityDescriptor.getRequestProtectionDescriptor());
                            messagePolicy2 = getMessagePolicy(messageSecurityDescriptor.getResponseProtectionDescriptor());
                        }
                    }
                } else if (messageSecurityDescriptors.size() > 0) {
                    MessageSecurityDescriptor messageSecurityDescriptor3 = (MessageSecurityDescriptor) messageSecurityDescriptors.get(0);
                    messagePolicy = getMessagePolicy(messageSecurityDescriptor3.getRequestProtectionDescriptor());
                    messagePolicy2 = getMessagePolicy(messageSecurityDescriptor3.getResponseProtectionDescriptor());
                }
            }
        }
        return new MessagePolicy[]{messagePolicy, messagePolicy2};
    }

    public static boolean oneSOAPPolicy(MessageSecurityBindingDescriptor messageSecurityBindingDescriptor) {
        boolean z = true;
        ArrayList arrayList = null;
        if (messageSecurityBindingDescriptor != null && "SOAP".equals(messageSecurityBindingDescriptor.getAttributeValue(MessageSecurityBindingDescriptor.AUTH_LAYER))) {
            arrayList = messageSecurityBindingDescriptor.getMessageSecurityDescriptors();
        }
        if (arrayList == null) {
            return true;
        }
        for (int i = 0; i < arrayList.size(); i++) {
            MessageSecurityDescriptor messageSecurityDescriptor = (MessageSecurityDescriptor) arrayList.get(i);
            for (int i2 = 0; i2 < arrayList.size(); i2++) {
                if (i2 != i && !policiesAreEqual(messageSecurityDescriptor, (MessageSecurityDescriptor) arrayList.get(i2))) {
                    z = false;
                }
            }
        }
        return z;
    }

    public static SunWebApp getSunWebApp(Map map) {
        if (map == null) {
            return null;
        }
        return ((WebBundleDescriptor) map.get(HttpServletConstants.WEB_BUNDLE)).getSunDescriptor();
    }

    public static String getProviderID(SunWebApp sunWebApp) {
        String str = null;
        if (sunWebApp != null) {
            str = sunWebApp.getAttributeValue(SunWebApp.HTTPSERVLET_SECURITY_PROVIDER);
        }
        return str;
    }

    public static MessagePolicy[] getHttpServletPolicies(String str) {
        return Boolean.valueOf(str).booleanValue() ? new MessagePolicy[]{MANDATORY_POLICY, null} : new MessagePolicy[]{OPTIONAL_POLICY, null};
    }

    public static CallbackHandler getDefaultCallbackHandler() {
        try {
            return (CallbackHandler) AppservAccessController.doPrivileged((PrivilegedExceptionAction<Object>) new PrivilegedExceptionAction() { // from class: com.sun.enterprise.security.jmac.AuthMessagePolicy.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
                    if (AuthMessagePolicy.handlerClassName == null) {
                        String unused = AuthMessagePolicy.handlerClassName = System.getProperty(AuthMessagePolicy.HANDLER_CLASS_PROPERTY, AuthMessagePolicy.DEFAULT_HANDLER_CLASS);
                    }
                    return Class.forName(AuthMessagePolicy.handlerClassName, true, contextClassLoader).newInstance();
                }
            });
        } catch (PrivilegedActionException e) {
            throw new RuntimeException(e.getException());
        }
    }

    private static boolean policiesAreEqual(MessageSecurityDescriptor messageSecurityDescriptor, MessageSecurityDescriptor messageSecurityDescriptor2) {
        return protectionDescriptorsAreEqual(messageSecurityDescriptor.getRequestProtectionDescriptor(), messageSecurityDescriptor2.getRequestProtectionDescriptor()) && protectionDescriptorsAreEqual(messageSecurityDescriptor.getResponseProtectionDescriptor(), messageSecurityDescriptor2.getResponseProtectionDescriptor());
    }

    private static boolean protectionDescriptorsAreEqual(ProtectionDescriptor protectionDescriptor, ProtectionDescriptor protectionDescriptor2) {
        String attributeValue = protectionDescriptor.getAttributeValue(ProtectionDescriptor.AUTH_SOURCE);
        String attributeValue2 = protectionDescriptor.getAttributeValue(ProtectionDescriptor.AUTH_RECIPIENT);
        String attributeValue3 = protectionDescriptor2.getAttributeValue(ProtectionDescriptor.AUTH_SOURCE);
        String attributeValue4 = protectionDescriptor2.getAttributeValue(ProtectionDescriptor.AUTH_RECIPIENT);
        return ((attributeValue == null && attributeValue3 == null) || (attributeValue != null && attributeValue.equals(attributeValue3))) && ((attributeValue2 == null && attributeValue4 == null) || (attributeValue2 != null && attributeValue2.equals(attributeValue4)));
    }
}
