package org.glassfish.exousia.modules.def;

import jakarta.security.jacc.PolicyConfiguration;
import jakarta.security.jacc.PolicyConfigurationFactory;
import jakarta.security.jacc.PolicyContext;
import jakarta.security.jacc.PolicyContextException;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.ProtectionDomain;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import org.glassfish.exousia.spi.PrincipalMapper;

/* loaded from: input_file:org/glassfish/exousia/modules/def/DefaultPolicy.class */
public class DefaultPolicy extends Policy {
    private static final Logger logger = Logger.getLogger(DefaultPolicy.class.getName());
    private Policy defaultPolicy = getDefaultPolicy();

    @Override // java.security.Policy
    public boolean implies(ProtectionDomain protectionDomain, Permission permission) {
        PolicyConfiguration policyConfiguration = getPolicyConfigurationFactory().getPolicyConfiguration();
        PrincipalMapper roleMapper = ((DefaultPolicyConfiguration) policyConfiguration).getRoleMapper();
        if (isExcluded(policyConfiguration.getExcludedPermissions(), permission)) {
            return false;
        }
        if (isUnchecked(policyConfiguration.getUncheckedPermissions(), permission)) {
            return true;
        }
        List asList = Arrays.asList(protectionDomain.getPrincipals());
        if (!roleMapper.isAnyAuthenticatedUserRoleMapped() && !asList.isEmpty() && hasAccessViaRole(policyConfiguration.getPerRolePermissions(), "**", permission)) {
            return true;
        }
        try {
            if (hasAccessViaRoles(policyConfiguration.getPerRolePermissions(), roleMapper.getMappedRoles(asList, (Subject) PolicyContext.getContext("javax.security.auth.Subject.container")), permission)) {
                return true;
            }
            if (this.defaultPolicy != null) {
                return this.defaultPolicy.implies(protectionDomain, permission);
            }
            return false;
        } catch (PolicyContextException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(ProtectionDomain protectionDomain) {
        Permissions permissions = new Permissions();
        PolicyConfiguration policyConfiguration = getPolicyConfigurationFactory().getPolicyConfiguration();
        PrincipalMapper roleMapper = getRoleMapper(policyConfiguration);
        PermissionCollection excludedPermissions = policyConfiguration.getExcludedPermissions();
        if (this.defaultPolicy != null) {
            collectPermissions(this.defaultPolicy.getPermissions(protectionDomain), permissions, excludedPermissions);
        }
        if (protectionDomain.getPermissions() != null) {
            collectPermissions(protectionDomain.getPermissions(), permissions, excludedPermissions);
        }
        collectPermissions(policyConfiguration.getUncheckedPermissions(), permissions, excludedPermissions);
        try {
            Subject subject = (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");
            Map<String, PermissionCollection> perRolePermissions = policyConfiguration.getPerRolePermissions();
            for (String str : roleMapper.getMappedRoles(protectionDomain.getPrincipals(), subject)) {
                if (perRolePermissions.containsKey(str)) {
                    collectPermissions(perRolePermissions.get(str), permissions, excludedPermissions);
                }
            }
            return permissions;
        } catch (PolicyContextException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // java.security.Policy
    public PermissionCollection getPermissions(CodeSource codeSource) {
        Permissions permissions = new Permissions();
        PolicyConfiguration policyConfiguration = getPolicyConfigurationFactory().getPolicyConfiguration();
        PermissionCollection excludedPermissions = policyConfiguration.getExcludedPermissions();
        if (this.defaultPolicy != null) {
            collectPermissions(this.defaultPolicy.getPermissions(codeSource), permissions, excludedPermissions);
        }
        collectPermissions(policyConfiguration.getUncheckedPermissions(), permissions, excludedPermissions);
        return permissions;
    }

    private PolicyConfigurationFactory getPolicyConfigurationFactory() {
        try {
            return PolicyConfigurationFactory.getPolicyConfigurationFactory();
        } catch (PolicyContextException | ClassNotFoundException e) {
            throw new IllegalStateException(e);
        }
    }

    private Policy getDefaultPolicy() {
        Policy policy = Policy.getPolicy();
        if (!(policy instanceof DefaultPolicy)) {
            return policy;
        }
        logger.warning("Cannot obtain default / previous policy.");
        return null;
    }

    private PrincipalMapper getRoleMapper(PolicyConfiguration policyConfiguration) {
        return ((DefaultPolicyConfiguration) policyConfiguration).getRoleMapper();
    }

    private boolean isExcluded(PermissionCollection permissionCollection, Permission permission) {
        if (permissionCollection.implies(permission)) {
            return true;
        }
        Iterator it = Collections.list(permissionCollection.elements()).iterator();
        while (it.hasNext()) {
            if (permission.implies((Permission) it.next())) {
                return true;
            }
        }
        return false;
    }

    private boolean isUnchecked(PermissionCollection permissionCollection, Permission permission) {
        return permissionCollection.implies(permission);
    }

    private boolean hasAccessViaRoles(Map<String, PermissionCollection> map, List<String> list, Permission permission) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (hasAccessViaRole(map, it.next(), permission)) {
                return true;
            }
        }
        return false;
    }

    private boolean hasAccessViaRole(Map<String, PermissionCollection> map, String str, Permission permission) {
        return map.containsKey(str) && map.get(str).implies(permission);
    }

    private void collectPermissions(PermissionCollection permissionCollection, PermissionCollection permissionCollection2, PermissionCollection permissionCollection3) {
        boolean hasMoreElements = permissionCollection3.elements().hasMoreElements();
        Iterator it = Collections.list(permissionCollection.elements()).iterator();
        while (it.hasNext()) {
            Permission permission = (Permission) it.next();
            if (!hasMoreElements || !isExcluded(permissionCollection3, permission)) {
                permissionCollection2.add(permission);
            }
        }
    }
}
