package com.sun.enterprise.security.jmac.config;

import com.sun.enterprise.config.serverbeans.MessageSecurityConfig;
import com.sun.enterprise.config.serverbeans.Property;
import com.sun.enterprise.config.serverbeans.ProviderConfig;
import com.sun.enterprise.config.serverbeans.RequestPolicy;
import com.sun.enterprise.config.serverbeans.ResponsePolicy;
import com.sun.enterprise.config.serverbeans.SecurityService;
import com.sun.enterprise.security.common.Util;
import com.sun.enterprise.security.jmac.AuthMessagePolicy;
import com.sun.enterprise.security.jmac.config.GFServerConfigProvider;
import com.sun.logging.LogDomains;
import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.message.MessagePolicy;
import sun.security.util.PropertyExpander;

/* loaded from: input_file:com/sun/enterprise/security/jmac/config/ConfigDomainParser.class */
public class ConfigDomainParser implements ConfigParser {
    private static Logger _logger;
    private Map configMap = new HashMap();
    private Set<String> layersWithDefault = new HashSet();

    ConfigDomainParser() throws IOException {
    }

    @Override // com.sun.enterprise.security.jmac.config.ConfigParser
    public void initialize(Object obj) throws IOException {
        if (obj == null) {
            obj = Util.getDefaultHabitat().getComponent(SecurityService.class);
        }
        if (!(obj instanceof SecurityService)) {
            throw new IOException("invalid configBean type passed to parser");
        }
        processServerConfig((SecurityService) obj, this.configMap);
    }

    private void processServerConfig(SecurityService securityService, Map map) throws IOException {
        List<MessageSecurityConfig> messageSecurityConfig = securityService.getMessageSecurityConfig();
        if (messageSecurityConfig != null) {
            for (MessageSecurityConfig messageSecurityConfig2 : messageSecurityConfig) {
                String parseInterceptEntry = parseInterceptEntry(messageSecurityConfig2, map);
                List<ProviderConfig> providerConfig = messageSecurityConfig2.getProviderConfig();
                if (providerConfig != null) {
                    Iterator<ProviderConfig> it = providerConfig.iterator();
                    while (it.hasNext()) {
                        parseIDEntry(it.next(), map, parseInterceptEntry);
                    }
                }
            }
        }
    }

    @Override // com.sun.enterprise.security.jmac.config.ConfigParser
    public Map getConfigMap() {
        return this.configMap;
    }

    @Override // com.sun.enterprise.security.jmac.config.ConfigParser
    public Set<String> getLayersWithDefault() {
        return this.layersWithDefault;
    }

    private String parseInterceptEntry(MessageSecurityConfig messageSecurityConfig, Map map) throws IOException {
        String authLayer = messageSecurityConfig.getAuthLayer();
        String defaultProvider = messageSecurityConfig.getDefaultProvider();
        String defaultClientProvider = messageSecurityConfig.getDefaultClientProvider();
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine("Intercept Entry: \n    intercept: " + authLayer + "\n    defaultServerID: " + defaultProvider + "\n    defaultClientID:  " + defaultClientProvider);
        }
        if (defaultProvider != null || defaultClientProvider != null) {
            this.layersWithDefault.add(authLayer);
        }
        if (((GFServerConfigProvider.InterceptEntry) map.get(authLayer)) != null) {
            throw new IOException("found multiple MessageSecurityConfig entries with the same auth-layer");
        }
        map.put(authLayer, new GFServerConfigProvider.InterceptEntry(defaultClientProvider, defaultProvider, null));
        return authLayer;
    }

    private void parseIDEntry(ProviderConfig providerConfig, Map map, String str) throws IOException {
        String providerId = providerConfig.getProviderId();
        String providerType = providerConfig.getProviderType();
        String className = providerConfig.getClassName();
        MessagePolicy parsePolicy = parsePolicy(providerConfig.getRequestPolicy());
        MessagePolicy parsePolicy2 = parsePolicy(providerConfig.getResponsePolicy());
        HashMap hashMap = new HashMap();
        List<Property> property = providerConfig.getProperty();
        if (property != null) {
            for (Property property2 : property) {
                try {
                    hashMap.put(property2.getName(), PropertyExpander.expand(property2.getValue(), false));
                } catch (PropertyExpander.ExpandException e) {
                    if (_logger.isLoggable(Level.WARNING)) {
                        _logger.warning("jmac.unexpandedproperty");
                    }
                    hashMap.put(property2.getName(), property2.getValue());
                }
            }
        }
        if (_logger.isLoggable(Level.FINE)) {
            _logger.fine("ID Entry: \n    module class: " + className + "\n    id: " + providerId + "\n    type: " + providerType + "\n    request policy: " + parsePolicy + "\n    response policy: " + parsePolicy2 + "\n    options: " + hashMap);
        }
        GFServerConfigProvider.IDEntry iDEntry = new GFServerConfigProvider.IDEntry(providerType, className, parsePolicy, parsePolicy2, hashMap);
        GFServerConfigProvider.InterceptEntry interceptEntry = (GFServerConfigProvider.InterceptEntry) map.get(str);
        if (interceptEntry == null) {
            throw new IOException("intercept entry for " + str + " must be specified before ID entries");
        }
        if (interceptEntry.idMap == null) {
            interceptEntry.idMap = new HashMap();
        }
        interceptEntry.idMap.put(providerId, iDEntry);
    }

    private MessagePolicy parsePolicy(RequestPolicy requestPolicy) {
        if (requestPolicy == null) {
            return null;
        }
        return AuthMessagePolicy.getMessagePolicy(requestPolicy.getAuthSource(), requestPolicy.getAuthRecipient());
    }

    private MessagePolicy parsePolicy(ResponsePolicy responsePolicy) {
        if (responsePolicy == null) {
            return null;
        }
        return AuthMessagePolicy.getMessagePolicy(responsePolicy.getAuthSource(), responsePolicy.getAuthRecipient());
    }

    static {
        _logger = null;
        _logger = LogDomains.getLogger(ConfigDomainParser.class, LogDomains.SECURITY_LOGGER);
    }
}
