package com.sun.enterprise.security.perms;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URL;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.cert.Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import sun.security.provider.PolicyFile;

/* loaded from: input_file:com/sun/enterprise/security/perms/SMGlobalPolicyUtil.class */
public class SMGlobalPolicyUtil {
    public static final String EE_GRANT_FILE = "javaee.server.policy";
    public static final String EE_RESTRICTED_FILE = "restrict.server.policy";
    public static final String SERVER_ALLOWED_FILE = "restrict.server.policy";
    protected static final String SYS_PROP_JAVA_SEC_POLICY = "java.security.policy";
    public static final String EJB_TYPE_CODESOURCE = "file:/module/Ejb";
    public static final String WEB_TYPE_CODESOURCE = "file:/module/Web";
    public static final String RAR_TYPE_CODESOURCE = "file:/module/Rar";
    public static final String CLIENT_TYPE_CODESOURCE = "file:/module/Car";
    public static final String EAR_TYPE_CODESOURCE = "file:/module/Ear";
    public static final String EAR_CLASS_LOADER = "org.glassfish.javaee.full.deployment.EarClassLoader";
    private static final Map<CommponentType, PermissionCollection> compTypeToEEGarntsMap;
    private static final Map<CommponentType, PermissionCollection> compTypeToEERestrictedMap;
    private static final Map<CommponentType, PermissionCollection> compTypeToServAllowedMap;
    private static boolean eeGrantedPolicyInitDone;
    protected static final String domainCfgFolder;
    private static final AllPermission ALL_PERM;
    static Logger logger = Logger.getLogger("javax.enterprise.system.core.security");
    private static final Map<CommponentType, String> CompTypeToCodeBaseMap = new HashMap();

    /* loaded from: input_file:com/sun/enterprise/security/perms/SMGlobalPolicyUtil$CommponentType.class */
    public enum CommponentType {
        ear,
        ejb,
        war,
        rar,
        car
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sun/enterprise/security/perms/SMGlobalPolicyUtil$PolicyType.class */
    public enum PolicyType {
        EEGranted,
        EERestricted,
        ServerAllowed
    }

    public static CommponentType convertComponentType(String str) {
        return (CommponentType) Enum.valueOf(CommponentType.class, str);
    }

    public static PermissionCollection getEECompGrantededPerms(CommponentType commponentType) {
        initDefPolicy();
        return compTypeToEEGarntsMap.get(commponentType);
    }

    public static PermissionCollection getEECompGrantededPerms(String str) {
        return getEECompGrantededPerms(convertComponentType(str));
    }

    public static PermissionCollection getCompRestrictedPerms(CommponentType commponentType) {
        initDefPolicy();
        return compTypeToEERestrictedMap.get(commponentType);
    }

    public static PermissionCollection getCompRestrictedPerms(String str) {
        return getCompRestrictedPerms(convertComponentType(str));
    }

    private static synchronized void initDefPolicy() {
        try {
            if (logger.isLoggable(Level.FINE)) {
                logger.fine("defGrantedPolicyInitDone= " + eeGrantedPolicyInitDone);
            }
            if (eeGrantedPolicyInitDone) {
                return;
            }
            eeGrantedPolicyInitDone = true;
            loadServerPolicy(PolicyType.EEGranted);
            loadServerPolicy(PolicyType.EERestricted);
            loadServerPolicy(PolicyType.ServerAllowed);
            checkDomainRestrictionsForDefaultPermissions();
        } catch (FileNotFoundException e) {
        } catch (IOException e2) {
            logger.warning(e2.getMessage());
            throw new RuntimeException(e2);
        }
    }

    private static String getJavaPolicyFolder() {
        String property = System.getProperty(SYS_PROP_JAVA_SEC_POLICY);
        if (property == null) {
            return null;
        }
        return new File(property).getParent();
    }

    private static void loadServerPolicy(PolicyType policyType) throws IOException {
        if (policyType == null) {
            return;
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("PolicyType= " + policyType);
        }
        String str = null;
        Map<CommponentType, PermissionCollection> map = null;
        switch (policyType) {
            case EEGranted:
                str = domainCfgFolder + EE_GRANT_FILE;
                map = compTypeToEEGarntsMap;
                break;
            case EERestricted:
                str = domainCfgFolder + "restrict.server.policy";
                map = compTypeToEERestrictedMap;
                break;
            case ServerAllowed:
                str = domainCfgFolder + "restrict.server.policy";
                map = compTypeToServAllowedMap;
                break;
        }
        if (str == null || map == null) {
            throw new IllegalArgumentException("Unrecognized policy type: " + policyType);
        }
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("policyFilename= " + str);
        }
        if (new File(str).exists()) {
            URL url = new URL("file:" + str);
            if (logger.isLoggable(Level.FINE)) {
                logger.fine("Loading policy from " + url);
            }
            PolicyFile policyFile = new PolicyFile(url);
            PermissionCollection permissions = policyFile.getPermissions(new CodeSource(new URL(EJB_TYPE_CODESOURCE), (Certificate[]) null));
            map.put(CommponentType.ejb, permissions);
            if (logger.isLoggable(Level.FINE)) {
                logger.fine("Loaded EJB policy = " + permissions);
            }
            PermissionCollection permissions2 = policyFile.getPermissions(new CodeSource(new URL(WEB_TYPE_CODESOURCE), (Certificate[]) null));
            map.put(CommponentType.war, permissions2);
            if (logger.isLoggable(Level.FINE)) {
                logger.fine("Loaded WEB policy =" + permissions2);
            }
            PermissionCollection permissions3 = policyFile.getPermissions(new CodeSource(new URL(RAR_TYPE_CODESOURCE), (Certificate[]) null));
            map.put(CommponentType.rar, permissions3);
            if (logger.isLoggable(Level.FINE)) {
                logger.fine("Loaded rar policy =" + permissions3);
            }
            PermissionCollection permissions4 = policyFile.getPermissions(new CodeSource(new URL(CLIENT_TYPE_CODESOURCE), (Certificate[]) null));
            map.put(CommponentType.car, permissions4);
            if (logger.isLoggable(Level.FINE)) {
                logger.fine("Loaded car policy =" + permissions4);
            }
            PermissionCollection permissions5 = policyFile.getPermissions(new CodeSource(new URL(EAR_TYPE_CODESOURCE), (Certificate[]) null));
            map.put(CommponentType.ear, permissions5);
            if (logger.isLoggable(Level.FINE)) {
                logger.fine("Loaded ear policy =" + permissions5);
            }
        }
    }

    private static void checkDomainRestrictionsForDefaultPermissions() throws SecurityException {
        checkEETypePermsAgainstServerRestiction(CommponentType.ejb);
        checkEETypePermsAgainstServerRestiction(CommponentType.war);
        checkEETypePermsAgainstServerRestiction(CommponentType.rar);
        checkEETypePermsAgainstServerRestiction(CommponentType.car);
        checkEETypePermsAgainstServerRestiction(CommponentType.ear);
    }

    private static void checkEETypePermsAgainstServerRestiction(CommponentType commponentType) throws SecurityException {
        checkRestriction(compTypeToEEGarntsMap.get(commponentType), compTypeToEERestrictedMap.get(commponentType));
    }

    public static void checkRestriction(CommponentType commponentType, PermissionCollection permissionCollection) throws SecurityException {
        checkRestriction(permissionCollection, getCompRestrictedPerms(commponentType));
    }

    public static void checkRestriction(PermissionCollection permissionCollection, PermissionCollection permissionCollection2) throws SecurityException {
        if (permissionCollection2 == null || permissionCollection == null) {
            return;
        }
        checkContains(permissionCollection, permissionCollection2);
        checkContains(permissionCollection2, permissionCollection);
    }

    private static void checkContains(PermissionCollection permissionCollection, PermissionCollection permissionCollection2) throws SecurityException {
        if (permissionCollection == null || permissionCollection2 == null) {
            return;
        }
        Enumeration<Permission> elements = permissionCollection2.elements();
        while (elements.hasMoreElements()) {
            Permission nextElement = elements.nextElement();
            if (permissionCollection.implies(nextElement)) {
                throw new SecurityException("Restricted permission " + nextElement + " is declared or implied in the " + permissionCollection);
            }
        }
    }

    public static void checkRestrictionOfComponentType(PermissionCollection permissionCollection, CommponentType commponentType) throws SecurityException {
        if (CommponentType.ear == commponentType) {
            checkRestrictionOfEar(permissionCollection);
        }
        checkRestriction(permissionCollection, compTypeToEERestrictedMap.get(commponentType));
    }

    public static void checkRestrictionOfEar(PermissionCollection permissionCollection) throws SecurityException {
        PermissionCollection permissionCollection2 = compTypeToEERestrictedMap.get(CommponentType.ejb);
        if (permissionCollection2 != null) {
            checkRestriction(permissionCollection, permissionCollection2);
        }
        PermissionCollection permissionCollection3 = compTypeToEERestrictedMap.get(CommponentType.war);
        if (permissionCollection3 != null) {
            checkRestriction(permissionCollection, permissionCollection3);
        }
        PermissionCollection permissionCollection4 = compTypeToEERestrictedMap.get(CommponentType.rar);
        if (permissionCollection4 != null) {
            checkRestriction(permissionCollection, permissionCollection4);
        }
        PermissionCollection permissionCollection5 = compTypeToEERestrictedMap.get(CommponentType.car);
        if (permissionCollection5 != null) {
            checkRestriction(permissionCollection, permissionCollection5);
        }
    }

    static {
        CompTypeToCodeBaseMap.put(CommponentType.ejb, EJB_TYPE_CODESOURCE);
        CompTypeToCodeBaseMap.put(CommponentType.war, WEB_TYPE_CODESOURCE);
        CompTypeToCodeBaseMap.put(CommponentType.rar, RAR_TYPE_CODESOURCE);
        CompTypeToCodeBaseMap.put(CommponentType.car, CLIENT_TYPE_CODESOURCE);
        CompTypeToCodeBaseMap.put(CommponentType.ear, EAR_TYPE_CODESOURCE);
        compTypeToEEGarntsMap = new HashMap();
        compTypeToEERestrictedMap = new HashMap();
        compTypeToServAllowedMap = new HashMap();
        eeGrantedPolicyInitDone = false;
        domainCfgFolder = getJavaPolicyFolder() + File.separator;
        ALL_PERM = new AllPermission();
    }
}
