package org.glassfish.security.services.impl.authorization;

import com.sun.enterprise.config.serverbeans.Domain;
import com.sun.enterprise.util.LocalStringManagerImpl;
import com.sun.messaging.jms.management.server.LogLevel;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import java.net.URI;
import java.security.AccessController;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import org.glassfish.hk2.api.PostConstruct;
import org.glassfish.hk2.api.ServiceLocator;
import org.glassfish.logging.annotation.LogMessageInfo;
import org.glassfish.security.services.api.authorization.AzAttributeResolver;
import org.glassfish.security.services.api.authorization.AzResource;
import org.glassfish.security.services.api.authorization.AzSubject;
import org.glassfish.security.services.api.authorization.RoleMappingService;
import org.glassfish.security.services.common.PrivilegedLookup;
import org.glassfish.security.services.common.Secure;
import org.glassfish.security.services.config.SecurityConfiguration;
import org.glassfish.security.services.config.SecurityProvider;
import org.glassfish.security.services.impl.ServiceFactory;
import org.glassfish.security.services.impl.ServiceLogging;
import org.glassfish.security.services.spi.authorization.RoleMappingProvider;
import org.jvnet.hk2.annotations.Service;

@Singleton
@Secure(accessPermissionName = "security/service/rolemapper")
@Service
/* loaded from: input_file:org/glassfish/security/services/impl/authorization/RoleMappingServiceImpl.class */
public final class RoleMappingServiceImpl implements RoleMappingService, PostConstruct {
    private static final Level DEBUG_LEVEL = Level.FINER;
    private static final Logger logger = Logger.getLogger(ServiceLogging.SEC_SVCS_LOGGER, ServiceLogging.SHARED_LOGMESSAGE_RESOURCE);
    private static LocalStringManagerImpl localStrings = new LocalStringManagerImpl(RoleMappingServiceImpl.class);

    @Inject
    private Domain domain;

    @Inject
    private ServiceLocator serviceLocator;
    private org.glassfish.security.services.config.RoleMappingService config;
    private RoleMappingProvider provider;
    private volatile InitializationState initialized = InitializationState.NOT_INITIALIZED;
    private volatile String reasonInitFailed = localStrings.getLocalString("service.role.not_config", "The Role Mapping Service was not configured properly.");
    private final List<AzAttributeResolver> attributeResolvers = Collections.synchronizedList(new ArrayList());

    @LogMessageInfo(message = "Role Mapping Service has successfully initialized.", level = LogLevel.INFO)
    private static final String ROLEMAPSVC_INITIALIZED = "SEC-SVCS-00150";

    @LogMessageInfo(message = "Role Mapping Service initialization failed, exception {0}, message {1}", level = LogLevel.WARNING)
    private static final String ROLEMAPSVC_INIT_FAILED = "SEC-SVCS-00151";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/glassfish/security/services/impl/authorization/RoleMappingServiceImpl$InitializationState.class */
    public enum InitializationState {
        NOT_INITIALIZED,
        SUCCESS_INIT,
        FAILED_INIT
    }

    InitializationState getInitializationState() {
        return this.initialized;
    }

    String getReasonInitializationFailed() {
        return this.reasonInitFailed;
    }

    void checkServiceAvailability() {
        if (InitializationState.SUCCESS_INIT != getInitializationState()) {
            throw new IllegalStateException(localStrings.getLocalString("service.role.not_avail", "The Role Mapping Service is not available.") + getReasonInitializationFailed());
        }
    }

    private boolean isDebug() {
        return logger.isLoggable(DEBUG_LEVEL);
    }

    private AzSubject makeAzSubject(Subject subject) {
        return new AzSubjectImpl(subject);
    }

    private AzResource makeAzResource(URI uri) {
        return new AzResourceImpl(uri);
    }

    @Override // org.glassfish.security.services.api.SecurityService
    public void initialize(SecurityConfiguration securityConfiguration) {
        try {
            if (InitializationState.NOT_INITIALIZED != this.initialized) {
                return;
            }
            try {
                this.config = (org.glassfish.security.services.config.RoleMappingService) securityConfiguration;
                if (this.config != null) {
                    List<SecurityProvider> securityProviders = this.config.getSecurityProviders();
                    SecurityProvider securityProvider = null;
                    if (securityProviders != null) {
                        securityProvider = securityProviders.get(0);
                    }
                    if (securityProvider != null) {
                        String name = securityProvider.getName();
                        if (isDebug()) {
                            logger.log(DEBUG_LEVEL, "Attempting to get Role Mapping Provider \"{0}\".", name);
                        }
                        this.provider = (RoleMappingProvider) AccessController.doPrivileged(new PrivilegedLookup(this.serviceLocator, RoleMappingProvider.class, name));
                        if (this.provider == null) {
                            throw new IllegalStateException(localStrings.getLocalString("service.role.not_provider", "Role Mapping Provider {0} not found.", name));
                        }
                        this.provider.initialize(securityProvider);
                        this.initialized = InitializationState.SUCCESS_INIT;
                        this.reasonInitFailed = null;
                        logger.log(Level.INFO, ROLEMAPSVC_INITIALIZED);
                    }
                }
                if (InitializationState.SUCCESS_INIT != this.initialized) {
                    this.initialized = InitializationState.FAILED_INIT;
                }
            } catch (Exception e) {
                String message = e.getMessage();
                String name2 = e.getClass().getName();
                this.reasonInitFailed = localStrings.getLocalString("service.role.init_failed", "Role Mapping Service initialization failed, exception {0}, message {1}", name2, message);
                logger.log(Level.WARNING, ROLEMAPSVC_INIT_FAILED, new Object[]{name2, message});
                throw new RuntimeException(this.reasonInitFailed, e);
            }
        } catch (Throwable th) {
            if (InitializationState.SUCCESS_INIT != this.initialized) {
                this.initialized = InitializationState.FAILED_INIT;
            }
            throw th;
        }
    }

    @Override // org.glassfish.security.services.api.authorization.RoleMappingService
    public boolean isUserInRole(String str, Subject subject, URI uri, String str2) {
        if (subject == null) {
            throw new IllegalArgumentException(localStrings.getLocalString("service.subject_null", "The supplied Subject is null."));
        }
        if (uri == null) {
            throw new IllegalArgumentException(localStrings.getLocalString("service.resource_null", "The supplied Resource is null."));
        }
        return isUserInRole(str, makeAzSubject(subject), makeAzResource(uri), str2);
    }

    @Override // org.glassfish.security.services.api.authorization.RoleMappingService
    public boolean isUserInRole(String str, AzSubject azSubject, AzResource azResource, String str2) {
        if (azSubject == null) {
            throw new IllegalArgumentException(localStrings.getLocalString("service.subject_null", "The supplied Subject is null."));
        }
        if (azResource == null) {
            throw new IllegalArgumentException(localStrings.getLocalString("service.resource_null", "The supplied Resource is null."));
        }
        checkServiceAvailability();
        boolean isUserInRole = this.provider.isUserInRole(str, azSubject, azResource, str2, new AzEnvironmentImpl(), this.attributeResolvers);
        if (isDebug()) {
            logger.log(DEBUG_LEVEL, "Role Mapping Service result {0} for role {1} with resource {2} using subject {3} in context {4}.", (Object[]) new String[]{Boolean.toString(isUserInRole), str2, azResource.toString(), azSubject.toString(), str});
        }
        return isUserInRole;
    }

    @Override // org.glassfish.security.services.api.authorization.RoleMappingService
    public RoleMappingService.RoleDeploymentContext findOrCreateDeploymentContext(String str) {
        checkServiceAvailability();
        return this.provider.findOrCreateDeploymentContext(str);
    }

    @Override // org.glassfish.hk2.api.PostConstruct
    public void postConstruct() {
        initialize((org.glassfish.security.services.config.RoleMappingService) ServiceFactory.getSecurityServiceConfiguration(this.domain, org.glassfish.security.services.config.RoleMappingService.class));
    }
}
