package com.sun.enterprise.security.provider;

import com.sun.enterprise.security.SecurityRoleMapperFactoryGen;
import com.sun.enterprise.security.provider.PolicyParser;
import com.sun.enterprise.util.LocalStringManagerImpl;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.net.MalformedURLException;
import java.security.AccessController;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.Security;
import java.security.SecurityPermission;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyContextException;
import org.apache.derby.iapi.services.classfile.VMDescriptor;
import org.glassfish.deployment.common.SecurityRoleMapper;
import org.glassfish.deployment.common.SecurityRoleMapperFactory;
import org.jboss.weld.metadata.Selectors;
import sun.net.www.ParseUtil;
import sun.security.provider.PolicyFile;

/* loaded from: input_file:MICRO-INF/runtime/security-ee.jar:com/sun/enterprise/security/provider/PolicyConfigurationImpl.class */
public class PolicyConfigurationImpl implements PolicyConfiguration {
    String CONTEXT_ID;
    private Permissions excludedPermissions;
    private Permissions uncheckedPermissions;
    private HashMap rolePermissionsTable;
    public static final int OPEN_STATE = 0;
    public static final int INSERVICE_STATE = 2;
    public static final int DELETED_STATE = 3;
    protected int state;
    private ReentrantReadWriteLock rwLock;
    private Lock rLock;
    private Lock wLock;
    private boolean writeOnCommit;
    private boolean wasRefreshed;
    private Policy policy;
    private String policyUrlValue;
    private long[] lastModTimes;
    private final Object refreshLock;
    private String repository;
    private Permission setPolicyPermission;
    private PolicyConfigurationFactoryImpl fact;
    private static Logger logger = Logger.getLogger("javax.enterprise.system.core.security");
    private static LocalStringManagerImpl localStrings = new LocalStringManagerImpl(PolicyConfigurationImpl.class);
    private static String policySuffix = ".policy";
    private static String PROVIDER_URL = "policy.url.";
    private static final Class[] permissionParams = {String.class, String.class};

    /* JADX INFO: Access modifiers changed from: protected */
    public PolicyConfigurationImpl(String str, PolicyConfigurationFactoryImpl policyConfigurationFactoryImpl) {
        this.CONTEXT_ID = null;
        this.excludedPermissions = null;
        this.uncheckedPermissions = null;
        this.rolePermissionsTable = null;
        this.state = 0;
        this.rwLock = new ReentrantReadWriteLock(true);
        this.rLock = this.rwLock.readLock();
        this.wLock = this.rwLock.writeLock();
        this.writeOnCommit = true;
        this.wasRefreshed = false;
        this.policy = null;
        this.policyUrlValue = null;
        this.lastModTimes = new long[2];
        this.refreshLock = new Object();
        this.repository = null;
        this.setPolicyPermission = null;
        this.fact = null;
        this.CONTEXT_ID = str;
        this.fact = policyConfigurationFactoryImpl;
        this.repository = policyConfigurationFactoryImpl.getRepository();
        initialize(true, true, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PolicyConfigurationImpl(File file, boolean z, boolean z2, PolicyConfigurationFactoryImpl policyConfigurationFactoryImpl) {
        this.CONTEXT_ID = null;
        this.excludedPermissions = null;
        this.uncheckedPermissions = null;
        this.rolePermissionsTable = null;
        this.state = 0;
        this.rwLock = new ReentrantReadWriteLock(true);
        this.rLock = this.rwLock.readLock();
        this.wLock = this.rwLock.writeLock();
        this.writeOnCommit = true;
        this.wasRefreshed = false;
        this.policy = null;
        this.policyUrlValue = null;
        this.lastModTimes = new long[2];
        this.refreshLock = new Object();
        this.repository = null;
        this.setPolicyPermission = null;
        this.fact = null;
        this.fact = policyConfigurationFactoryImpl;
        this.CONTEXT_ID = file.getParentFile().getName() + '/' + file.getName();
        this.repository = policyConfigurationFactoryImpl.getRepository();
        String policyFileName = getPolicyFileName(true);
        if (new File(policyFileName).exists()) {
            initialize(z, z2, true);
        } else {
            String str = "Unable to open Policy file: " + policyFileName;
            logger.log(Level.SEVERE, localStrings.getLocalString("pc.file_not_found", str, policyFileName));
            throw new RuntimeException(str);
        }
    }

    @Override // javax.security.jacc.PolicyConfiguration
    public String getContextID() throws PolicyContextException {
        checkSetPolicyPermission();
        return this.CONTEXT_ID;
    }

    @Override // javax.security.jacc.PolicyConfiguration
    public void addToRole(String str, PermissionCollection permissionCollection) throws PolicyContextException {
        assertStateIsOpen();
        if (str == null || permissionCollection == null) {
            return;
        }
        checkSetPolicyPermission();
        Enumeration<Permission> elements = permissionCollection.elements();
        while (elements.hasMoreElements()) {
            getRolePermissions(str).add(elements.nextElement());
            this.writeOnCommit = true;
        }
    }

    @Override // javax.security.jacc.PolicyConfiguration
    public void addToRole(String str, Permission permission) throws PolicyContextException {
        assertStateIsOpen();
        if (str == null || permission == null) {
            return;
        }
        checkSetPolicyPermission();
        getRolePermissions(str).add(permission);
        this.writeOnCommit = true;
    }

    @Override // javax.security.jacc.PolicyConfiguration
    public void addToUncheckedPolicy(PermissionCollection permissionCollection) throws PolicyContextException {
        assertStateIsOpen();
        if (permissionCollection != null) {
            checkSetPolicyPermission();
            Enumeration<Permission> elements = permissionCollection.elements();
            while (elements.hasMoreElements()) {
                getUncheckedPermissions().add(elements.nextElement());
                this.writeOnCommit = true;
            }
        }
    }

    @Override // javax.security.jacc.PolicyConfiguration
    public void addToUncheckedPolicy(Permission permission) throws PolicyContextException {
        assertStateIsOpen();
        if (permission != null) {
            checkSetPolicyPermission();
            getUncheckedPermissions().add(permission);
            this.writeOnCommit = true;
        }
    }

    @Override // javax.security.jacc.PolicyConfiguration
    public void addToExcludedPolicy(PermissionCollection permissionCollection) throws PolicyContextException {
        assertStateIsOpen();
        if (permissionCollection != null) {
            checkSetPolicyPermission();
            Enumeration<Permission> elements = permissionCollection.elements();
            while (elements.hasMoreElements()) {
                getExcludedPermissions().add(elements.nextElement());
                this.writeOnCommit = true;
            }
        }
    }

    @Override // javax.security.jacc.PolicyConfiguration
    public void addToExcludedPolicy(Permission permission) throws PolicyContextException {
        assertStateIsOpen();
        if (permission != null) {
            checkSetPolicyPermission();
            getExcludedPermissions().add(permission);
            this.writeOnCommit = true;
        }
    }

    @Override // javax.security.jacc.PolicyConfiguration
    public void removeRole(String str) throws PolicyContextException {
        assertStateIsOpen();
        if (str == null || this.rolePermissionsTable == null) {
            return;
        }
        checkSetPolicyPermission();
        if (this.rolePermissionsTable.remove(str) != null) {
            if (this.rolePermissionsTable.isEmpty()) {
                this.rolePermissionsTable = null;
            }
            this.writeOnCommit = true;
        } else if (str.equals("*")) {
            boolean isEmpty = this.rolePermissionsTable.isEmpty();
            if (!isEmpty) {
                this.rolePermissionsTable.clear();
            }
            this.rolePermissionsTable = null;
            if (isEmpty) {
                return;
            }
            this.writeOnCommit = true;
        }
    }

    @Override // javax.security.jacc.PolicyConfiguration
    public void removeUncheckedPolicy() throws PolicyContextException {
        assertStateIsOpen();
        checkSetPolicyPermission();
        if (this.uncheckedPermissions != null) {
            this.uncheckedPermissions = null;
            this.writeOnCommit = true;
        }
    }

    @Override // javax.security.jacc.PolicyConfiguration
    public void removeExcludedPolicy() throws PolicyContextException {
        assertStateIsOpen();
        checkSetPolicyPermission();
        if (this.excludedPermissions != null) {
            this.excludedPermissions = null;
            this.writeOnCommit = true;
        }
    }

    @Override // javax.security.jacc.PolicyConfiguration
    public void commit() throws PolicyContextException {
        synchronized (this.refreshLock) {
            if (stateIs(3)) {
                logger.log(Level.WARNING, localStrings.getLocalString("pc.invalid_op_for_state_delete", "Cannot perform Operation on a deleted PolicyConfiguration"));
                throw new UnsupportedOperationException("Cannot perform Operation on a deleted PolicyConfiguration");
            }
            try {
                checkSetPolicyPermission();
                if (stateIs(0)) {
                    generatePermissions();
                    setState(2);
                }
                if (logger.isLoggable(Level.FINE)) {
                    logger.fine("JACC Policy Provider: PC.commit " + this.CONTEXT_ID);
                }
            } catch (Exception e) {
                logger.log(Level.SEVERE, localStrings.getLocalString("pc.commit_failure", "commit fail for contextod " + this.CONTEXT_ID, this.CONTEXT_ID, e));
                throw new PolicyContextException(e);
            }
        }
    }

    @Override // javax.security.jacc.PolicyConfiguration
    public void linkConfiguration(PolicyConfiguration policyConfiguration) throws PolicyContextException {
        assertStateIsOpen();
        String contextID = policyConfiguration.getContextID();
        if (this.CONTEXT_ID.equals(contextID)) {
            logger.log(Level.WARNING, localStrings.getLocalString("pc.unsupported_link_operation", "Operation attempted to link PolicyConfiguration to itself."));
            throw new IllegalArgumentException("Operation attempted to link PolicyConfiguration to itself.");
        }
        checkSetPolicyPermission();
        updateLinkTable(contextID);
    }

    @Override // javax.security.jacc.PolicyConfiguration
    public void delete() throws PolicyContextException {
        checkSetPolicyPermission();
        synchronized (this.refreshLock) {
            try {
                removePolicy();
                setState(3);
            } catch (Throwable th) {
                setState(3);
                throw th;
            }
        }
    }

    @Override // javax.security.jacc.PolicyConfiguration
    public boolean inService() throws PolicyContextException {
        checkSetPolicyPermission();
        boolean stateIs = stateIs(2);
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("JACC Policy Provider: inService: " + (stateIs ? "true " : "false ") + this.CONTEXT_ID);
        }
        return stateIs;
    }

    protected void checkSetPolicyPermission() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (this.setPolicyPermission == null) {
                this.setPolicyPermission = new SecurityPermission("setPolicy");
            }
            securityManager.checkPermission(this.setPolicyPermission);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Policy getPolicy() {
        if (stateIs(2)) {
            return this.policy;
        }
        if (!logger.isLoggable(Level.FINEST)) {
            return null;
        }
        logger.finest("JACC Policy Provider: getPolicy (" + this.CONTEXT_ID + ") is NOT in service");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Permissions getExcludedPolicy() {
        if (stateIs(2)) {
            return this.excludedPermissions;
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void refresh(boolean z) {
        String str;
        String securityProperty;
        synchronized (this.refreshLock) {
            if (stateIs(2) && (!this.wasRefreshed || z || filesChanged())) {
                int i = 0;
                try {
                    do {
                        i++;
                        str = PROVIDER_URL + i;
                        securityProperty = getSecurityProperty(str);
                        if (securityProperty != null) {
                        }
                        break;
                    } while (!securityProperty.equals(""));
                    break;
                    setSecurityProperty(str, this.policyUrlValue);
                    if (fileChanged(false)) {
                        this.excludedPermissions = loadExcludedPolicy();
                    }
                    captureFileTime(true);
                    if (this.policy == null) {
                        this.policy = getNewPolicy();
                    } else {
                        this.policy.refresh();
                        if (logger.isLoggable(Level.FINE)) {
                            logger.fine("JACC Policy Provider: Called Policy.refresh on contextId: " + this.CONTEXT_ID + " policyUrlValue was " + this.policyUrlValue);
                        }
                    }
                    this.wasRefreshed = true;
                    setSecurityProperty(str, "");
                } catch (Throwable th) {
                    setSecurityProperty(str, "");
                    throw th;
                }
            }
        }
    }

    private Policy getNewPolicy() {
        Policy policy = Policy.getPolicy();
        return (policy == null || !(policy instanceof BasePolicyWrapper)) ? new PolicyFile() : ((BasePolicyWrapper) policy).getNewPolicy();
    }

    private void captureFileTime(boolean z) {
        this.lastModTimes[z ? (char) 1 : (char) 0] = new File(getPolicyFileName(z)).lastModified();
    }

    private boolean _fileChanged(boolean z, File file) {
        return this.lastModTimes[z ? (char) 1 : (char) 0] != file.lastModified();
    }

    private boolean fileChanged(boolean z) {
        return _fileChanged(z, new File(getPolicyFileName(z)));
    }

    private boolean filesChanged() {
        return fileChanged(true) || fileChanged(false);
    }

    private boolean fileArrived(boolean z) {
        File file = new File(getPolicyFileName(z));
        boolean z2 = file.exists() && _fileChanged(z, file);
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("JACC Policy Provider: file arrival check type: " + (z ? "granted " : "excluded ") + " arrived: " + z2 + " exists: " + file.exists() + " lastModified: " + file.lastModified() + " storedTime: " + this.lastModTimes[z ? (char) 1 : (char) 0] + " state: " + (this.state == 0 ? "open " : "deleted ") + this.CONTEXT_ID);
        }
        return z2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initialize(boolean z, boolean z2, boolean z3) {
        synchronized (this.refreshLock) {
            String policyFileName = getPolicyFileName(true);
            if (z || z2) {
                setState(0);
            } else {
                setState(2);
            }
            if (z2) {
                try {
                    removePolicy();
                } catch (MalformedURLException e) {
                    String str = "Unable to convert Policy file Name to URL: " + policyFileName;
                    logger.log(Level.SEVERE, localStrings.getLocalString("pc.file_to_url", str, policyFileName, e));
                    throw new RuntimeException(str);
                }
            }
            this.policyUrlValue = ParseUtil.fileToEncodedURL(new File(policyFileName)).toString();
            if (z3 && !z2) {
                this.uncheckedPermissions = null;
                this.rolePermissionsTable = null;
                this.excludedPermissions = loadExcludedPolicy();
                initLinkTable();
                captureFileTime(true);
                this.writeOnCommit = false;
            }
            this.wasRefreshed = false;
        }
    }

    private String getPolicyFileName(boolean z) {
        return z ? getContextDirectoryName() + File.separator + "granted" + policySuffix : getContextDirectoryName() + File.separator + "excluded" + policySuffix;
    }

    private String getContextDirectoryName() {
        if (this.repository == null) {
            throw new RuntimeException("JACC Policy provider: repository not initialized");
        }
        return this.fact.getContextDirectoryName(this.CONTEXT_ID);
    }

    private void removePolicyContextDirectory() {
        String contextDirectoryName = getContextDirectoryName();
        File file = new File(contextDirectoryName);
        if (file.exists()) {
            File[] listFiles = file.listFiles();
            if (listFiles != null && listFiles.length > 0) {
                for (File file2 : listFiles) {
                    if (!file2.delete()) {
                        String localString = localStrings.getLocalString("pc.file_delete_error", "Error while deleting policy file");
                        logger.log(Level.SEVERE, localString);
                        throw new RuntimeException(localString);
                    }
                }
            }
            if (!file.delete()) {
                String str = "Failure removing policy context directory: " + contextDirectoryName;
                logger.log(Level.SEVERE, localStrings.getLocalString("pc.file_delete_error", str));
                throw new RuntimeException(str);
            }
            if (logger.isLoggable(Level.FINE)) {
                logger.fine("JACC Policy Provider: Policy context directory removed: " + contextDirectoryName);
            }
            File parentFile = file.getParentFile();
            File[] listFiles2 = parentFile.listFiles();
            if (listFiles2 != null && listFiles2.length > 0) {
                boolean z = false;
                int i = 0;
                while (true) {
                    if (i >= listFiles2.length) {
                        break;
                    }
                    if (listFiles2[i].isDirectory()) {
                        z = true;
                        break;
                    }
                    i++;
                }
                if (!z) {
                    for (File file3 : listFiles2) {
                        file3.delete();
                    }
                }
            }
            File[] listFiles3 = parentFile.listFiles();
            if ((listFiles3 == null || listFiles3.length == 0) && !parentFile.delete()) {
                String str2 = "Failure removing policy context directory: " + parentFile;
                logger.log(Level.SEVERE, localStrings.getLocalString("pc.file_delete_error", str2));
                throw new RuntimeException(str2);
            }
        }
    }

    private void removePolicyFile(boolean z) {
        String policyFileName = getPolicyFileName(z);
        File file = new File(policyFileName);
        if (file.exists()) {
            if (!file.delete()) {
                String str = "Failure removing policy file: " + policyFileName;
                logger.log(Level.SEVERE, localStrings.getLocalString("pc.file_delete_error", str, policyFileName));
                throw new RuntimeException(str);
            }
            if (logger.isLoggable(Level.FINE)) {
                logger.fine("JACC Policy Provider: Policy file removed: " + policyFileName);
            }
        }
    }

    private void removePolicy() {
        this.excludedPermissions = null;
        this.uncheckedPermissions = null;
        this.rolePermissionsTable = null;
        removePolicyFile(true);
        removePolicyFile(false);
        removePolicyContextDirectory();
        initLinkTable();
        this.policy = null;
        this.writeOnCommit = true;
    }

    private void initLinkTable() {
        synchronized (this.refreshLock) {
            Set set = (Set) this.fact.getLinkTable().get(this.CONTEXT_ID);
            if (set != null) {
                set.remove(this.CONTEXT_ID);
                this.fact.getLinkTable().remove(this.CONTEXT_ID);
            }
            HashSet hashSet = new HashSet();
            hashSet.add(this.CONTEXT_ID);
            this.fact.getLinkTable().put(this.CONTEXT_ID, hashSet);
        }
    }

    private void updateLinkTable(String str) {
        synchronized (this.refreshLock) {
            Set set = (Set) this.fact.getLinkTable().get(this.CONTEXT_ID);
            Set<String> set2 = (Set) this.fact.getLinkTable().get(str);
            if (set2 == null) {
                String str2 = "Linked policy configuration (" + str + ") does not exist";
                logger.log(Level.SEVERE, "pc.invalid_link_target", str);
                throw new RuntimeException(str2);
            }
            for (String str3 : set2) {
                set.add(str3);
                this.fact.getLinkTable().put(str3, set);
            }
        }
    }

    private void setState(int i) {
        this.wLock.lock();
        try {
            this.state = i;
        } finally {
            this.wLock.unlock();
        }
    }

    private boolean _stateIs(int i) {
        this.rLock.lock();
        try {
            return this.state == i;
        } finally {
            this.rLock.unlock();
        }
    }

    private boolean stateIs(int i) {
        boolean _stateIs = _stateIs(i);
        if (i == 2 && !_stateIs) {
            if (fileArrived(true) || fileArrived(false)) {
                if (logger.isLoggable(Level.FINE)) {
                    logger.fine("JACC Policy Provider: file arrived transition to inService:  state: " + (this.state == 0 ? "open " : "deleted ") + this.CONTEXT_ID);
                }
                initialize(false, false, true);
            }
            _stateIs = _stateIs(2);
        }
        return _stateIs;
    }

    private void assertStateIsOpen() {
        if (stateIs(0)) {
            return;
        }
        logger.log(Level.WARNING, localStrings.getLocalString("pc.op_requires_state_open", "Operation invoked on closed or deleted PolicyConfiguration."));
        throw new UnsupportedOperationException("Operation invoked on closed or deleted PolicyConfiguration.");
    }

    private Permissions getUncheckedPermissions() {
        if (this.uncheckedPermissions == null) {
            this.uncheckedPermissions = new Permissions();
        }
        return this.uncheckedPermissions;
    }

    private Permissions getExcludedPermissions() {
        if (this.excludedPermissions == null) {
            this.excludedPermissions = new Permissions();
        }
        return this.excludedPermissions;
    }

    private Permissions getRolePermissions(String str) {
        if (this.rolePermissionsTable == null) {
            this.rolePermissionsTable = new HashMap();
        }
        Permissions permissions = (Permissions) this.rolePermissionsTable.get(str);
        if (permissions == null) {
            permissions = new Permissions();
            this.rolePermissionsTable.put(str, permissions);
        }
        return permissions;
    }

    private String escapeName(String str) {
        return (str == null || str.indexOf(34) <= 0) ? str : str.replaceAll("\"", "\\\\\"");
    }

    private void generatePermissions() throws FileNotFoundException, IOException {
        Set<String> set;
        if (this.writeOnCommit) {
            SecurityRoleMapperFactory securityRoleMapperFactory = SecurityRoleMapperFactoryGen.getSecurityRoleMapperFactory();
            if (this.rolePermissionsTable != null && securityRoleMapperFactory != null) {
                SecurityRoleMapper roleMapper = securityRoleMapperFactory.getRoleMapper(this.CONTEXT_ID);
                r9 = roleMapper != null ? roleMapper.getRoleToSubjectMapping() : null;
                if (r9 != null && (set = (Set) this.fact.getLinkTable().get(this.CONTEXT_ID)) != null) {
                    for (String str : set) {
                        if (!this.CONTEXT_ID.equals(str)) {
                            SecurityRoleMapper roleMapper2 = securityRoleMapperFactory.getRoleMapper(str);
                            if ((roleMapper2 != null ? roleMapper2.getRoleToSubjectMapping() : null) != r9) {
                                String str2 = "Linked policy contexts have different roleToSubjectMaps (" + this.CONTEXT_ID + ")<->(" + str + VMDescriptor.ENDMETHOD;
                                logger.log(Level.SEVERE, localStrings.getLocalString("pc.linked_with_different_role_maps", str2, this.CONTEXT_ID, str));
                                throw new RuntimeException(str2);
                            }
                        }
                    }
                }
            }
            if (r9 == null && this.rolePermissionsTable != null) {
                logger.log(Level.SEVERE, localStrings.getLocalString("pc.role_map_not_defined_at_commit", "This application has no role mapper factory defined", this.CONTEXT_ID));
                throw new RuntimeException(localStrings.getLocalString("enterprise.deployment.deployment.norolemapperfactorydefine", "This application has no role mapper factory defined"));
            }
            PolicyParser policyParser = new PolicyParser(false);
            if (this.uncheckedPermissions != null) {
                Enumeration<Permission> elements = this.uncheckedPermissions.elements();
                if (elements.hasMoreElements()) {
                    PolicyParser.GrantEntry grantEntry = new PolicyParser.GrantEntry();
                    while (elements.hasMoreElements()) {
                        Permission nextElement = elements.nextElement();
                        grantEntry.add(new PolicyParser.PermissionEntry(nextElement.getClass().getName(), nextElement.getName(), nextElement.getActions()));
                    }
                    policyParser.add(grantEntry);
                }
            }
            if (this.rolePermissionsTable != null) {
                for (String str3 : this.rolePermissionsTable.keySet()) {
                    boolean z = false;
                    Permissions rolePermissions = getRolePermissions(str3);
                    Subject subject = (Subject) r9.get(str3);
                    if (subject != null) {
                        for (Principal principal : subject.getPrincipals()) {
                            if (principal != null) {
                                z = true;
                                PolicyParser.PrincipalEntry principalEntry = new PolicyParser.PrincipalEntry(principal.getClass().getName(), escapeName(principal.getName()));
                                PolicyParser.GrantEntry grantEntry2 = new PolicyParser.GrantEntry();
                                grantEntry2.principals.add(principalEntry);
                                Enumeration<Permission> elements2 = rolePermissions.elements();
                                while (elements2.hasMoreElements()) {
                                    Permission nextElement2 = elements2.nextElement();
                                    grantEntry2.add(new PolicyParser.PermissionEntry(nextElement2.getClass().getName(), nextElement2.getName(), nextElement2.getActions()));
                                }
                                policyParser.add(grantEntry2);
                            } else {
                                logger.log(Level.WARNING, localStrings.getLocalString("pc.non_principal_mapped_to_role", "non principal mapped to role " + str3, principal, str3));
                            }
                        }
                    }
                    if (!z && Selectors.DEEP_TREE_MATCH.equals(str3)) {
                        z = true;
                        PolicyParser.PrincipalEntry principalEntry2 = new PolicyParser.PrincipalEntry(PolicyParser.PrincipalEntry.WILDCARD_CLASS, PolicyParser.PrincipalEntry.WILDCARD_NAME);
                        PolicyParser.GrantEntry grantEntry3 = new PolicyParser.GrantEntry();
                        grantEntry3.principals.add(principalEntry2);
                        Enumeration<Permission> elements3 = rolePermissions.elements();
                        while (elements3.hasMoreElements()) {
                            Permission nextElement3 = elements3.nextElement();
                            grantEntry3.add(new PolicyParser.PermissionEntry(nextElement3.getClass().getName(), nextElement3.getName(), nextElement3.getActions()));
                        }
                        policyParser.add(grantEntry3);
                        if (logger.isLoggable(Level.FINE)) {
                            logger.fine("JACC Policy Provider: added role grant for any authenticated user");
                        }
                    }
                    if (!z) {
                        logger.log(Level.WARNING, localStrings.getLocalString("pc.no_principals_mapped_to_role", "no principals mapped to role " + str3, str3));
                    }
                }
            }
            this.writeOnCommit = createPolicyFile(true, policyParser, this.writeOnCommit);
            if (this.excludedPermissions != null) {
                PolicyParser policyParser2 = new PolicyParser(false);
                Enumeration<Permission> elements4 = this.excludedPermissions.elements();
                if (elements4.hasMoreElements()) {
                    PolicyParser.GrantEntry grantEntry4 = new PolicyParser.GrantEntry();
                    while (elements4.hasMoreElements()) {
                        Permission nextElement4 = elements4.nextElement();
                        grantEntry4.add(new PolicyParser.PermissionEntry(nextElement4.getClass().getName(), nextElement4.getName(), nextElement4.getActions()));
                    }
                    policyParser2.add(grantEntry4);
                }
                this.writeOnCommit = createPolicyFile(false, policyParser2, this.writeOnCommit);
            }
            if (this.writeOnCommit) {
                return;
            }
            this.wasRefreshed = false;
        }
    }

    private void createPolicyContextDirectory() {
        String contextDirectoryName = getContextDirectoryName();
        File file = new File(contextDirectoryName);
        String localString = localStrings.getLocalString("pc.unable_to_create_context_directory", "unable to create policy context directory", contextDirectoryName);
        if (file.exists()) {
            if (file.isDirectory()) {
                return;
            }
            logger.log(Level.SEVERE, localString);
            throw new RuntimeException("unable to create policy context directory");
        }
        if (file.mkdirs()) {
            return;
        }
        logger.log(Level.SEVERE, localString);
        throw new RuntimeException("unable to create policy context directory");
    }

    private boolean createPolicyFile(boolean z, PolicyParser policyParser, boolean z2) throws IOException {
        createPolicyContextDirectory();
        removePolicyFile(z);
        String policyFileName = getPolicyFileName(z);
        OutputStreamWriter outputStreamWriter = null;
        try {
            try {
                if (logger.isLoggable(Level.FINE)) {
                    logger.fine("JACC Policy Provider: Writing grant statements to policy file: " + policyFileName);
                }
                outputStreamWriter = new OutputStreamWriter(new FileOutputStream(policyFileName), "UTF-8");
                policyParser.write(outputStreamWriter);
                if (outputStreamWriter != null) {
                    try {
                        outputStreamWriter.close();
                        captureFileTime(z);
                    } catch (Exception e) {
                        String str = "Unable to close Policy file: " + policyFileName;
                        logger.log(Level.SEVERE, localStrings.getLocalString("pc.file_close_error", str, policyFileName, e));
                        throw new RuntimeException(str);
                    }
                }
                return false;
            } catch (FileNotFoundException e2) {
                logger.log(Level.SEVERE, localStrings.getLocalString("pc.file_error", "file not found " + policyFileName, policyFileName, e2));
                throw e2;
            } catch (IOException e3) {
                logger.log(Level.SEVERE, localStrings.getLocalString("pc.file_write_error", "file IO error on file " + policyFileName, policyFileName, e3));
                throw e3;
            }
        } catch (Throwable th) {
            if (outputStreamWriter != null) {
                try {
                    outputStreamWriter.close();
                    captureFileTime(z);
                } catch (Exception e4) {
                    String str2 = "Unable to close Policy file: " + policyFileName;
                    logger.log(Level.SEVERE, localStrings.getLocalString("pc.file_close_error", str2, policyFileName, e4));
                    throw new RuntimeException(str2);
                }
            }
            throw th;
        }
    }

    private Permission loadPermission(String str, String str2, String str3) {
        try {
            return (Permission) Class.forName(str).getConstructor(permissionParams).newInstance(str2, str3);
        } catch (Exception e) {
            logger.log(Level.SEVERE, localStrings.getLocalString("pc.permission_load_error", "PolicyConfiguration error loading permission", str, e));
            throw new RuntimeException("PolicyConfiguration error loading permission", e);
        }
    }

    private Permissions loadExcludedPolicy() {
        Permissions permissions = null;
        String policyFileName = getPolicyFileName(false);
        FileReader fileReader = null;
        PolicyParser policyParser = new PolicyParser(false);
        try {
            try {
                try {
                    captureFileTime(false);
                    fileReader = new FileReader(policyFileName);
                    policyParser.read(fileReader);
                    if (fileReader != null) {
                        try {
                            fileReader.close();
                        } catch (Exception e) {
                            String str = "Unable to close Policy file: " + policyFileName;
                            logger.log(Level.SEVERE, localStrings.getLocalString("pc.file_close_error", str, policyFileName, e));
                            throw new RuntimeException(str);
                        }
                    }
                } catch (Throwable th) {
                    if (fileReader != null) {
                        try {
                            fileReader.close();
                        } catch (Exception e2) {
                            String str2 = "Unable to close Policy file: " + policyFileName;
                            logger.log(Level.SEVERE, localStrings.getLocalString("pc.file_close_error", str2, policyFileName, e2));
                            throw new RuntimeException(str2);
                        }
                    }
                    throw th;
                }
            } catch (PolicyParser.ParsingException e3) {
                String str3 = "Unable to parse Policy file: " + policyFileName;
                logger.log(Level.SEVERE, localStrings.getLocalString("pc.policy_parsing_exception", str3, policyFileName, e3));
                throw new RuntimeException(str3);
            }
        } catch (FileNotFoundException e4) {
            policyParser = null;
            if (fileReader != null) {
                try {
                    fileReader.close();
                } catch (Exception e5) {
                    String str4 = "Unable to close Policy file: " + policyFileName;
                    logger.log(Level.SEVERE, localStrings.getLocalString("pc.file_close_error", str4, policyFileName, e5));
                    throw new RuntimeException(str4);
                }
            }
        } catch (IOException e6) {
            String str5 = "Error reading Policy file: " + policyFileName;
            logger.log(Level.SEVERE, localStrings.getLocalString("pc.file_read_error", str5, policyFileName, e6));
            throw new RuntimeException(str5);
        }
        if (policyParser != null) {
            Enumeration grantElements = policyParser.grantElements();
            while (grantElements.hasMoreElements()) {
                PolicyParser.GrantEntry grantEntry = (PolicyParser.GrantEntry) grantElements.nextElement();
                if (grantEntry.codeBase == null && grantEntry.signedBy == null && grantEntry.principals.size() == 0) {
                    Enumeration elements = grantEntry.permissionEntries.elements();
                    while (elements.hasMoreElements()) {
                        PolicyParser.PermissionEntry permissionEntry = (PolicyParser.PermissionEntry) elements.nextElement();
                        Permission loadPermission = loadPermission(permissionEntry.permission, permissionEntry.name, permissionEntry.action);
                        if (permissions == null) {
                            permissions = new Permissions();
                        }
                        permissions.add(loadPermission);
                    }
                } else {
                    logger.log(Level.WARNING, localStrings.getLocalString("pc.excluded_grant_context_ignored", "ignore excluded grant context", grantEntry));
                }
            }
        }
        return permissions;
    }

    private void setSecurityProperty(final String str, final String str2) {
        if (System.getSecurityManager() == null) {
            Security.setProperty(str, str2);
        } else {
            AccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.enterprise.security.provider.PolicyConfigurationImpl.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    Security.setProperty(str, str2);
                    return null;
                }
            });
        }
    }

    private String getSecurityProperty(final String str) {
        return System.getSecurityManager() == null ? Security.getProperty(str) : (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: com.sun.enterprise.security.provider.PolicyConfigurationImpl.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public String run() {
                return Security.getProperty(str);
            }
        });
    }
}
