package com.sun.enterprise.security.ee;

import com.sun.enterprise.deployment.Application;
import com.sun.enterprise.deployment.EjbBundleDescriptor;
import com.sun.enterprise.deployment.WebBundleDescriptor;
import com.sun.enterprise.deployment.web.LoginConfiguration;
import com.sun.enterprise.security.AppCNonceCacheMap;
import com.sun.enterprise.security.CNonceCacheFactory;
import com.sun.enterprise.security.EjbSecurityPolicyProbeProvider;
import com.sun.enterprise.security.WebSecurityDeployerProbeProvider;
import com.sun.enterprise.security.jacc.JaccWebAuthorizationManager;
import com.sun.enterprise.security.util.IASSecurityException;
import com.sun.enterprise.security.web.integration.WebSecurityManagerFactory;
import com.sun.logging.LogDomains;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Provider;
import org.glassfish.api.deployment.DeployCommandParameters;
import org.glassfish.api.deployment.DeploymentContext;
import org.glassfish.api.deployment.MetaData;
import org.glassfish.api.deployment.OpsParams;
import org.glassfish.api.event.EventListener;
import org.glassfish.api.event.EventTypes;
import org.glassfish.api.event.Events;
import org.glassfish.api.invocation.RegisteredComponentInvocationHandler;
import org.glassfish.deployment.common.DeploymentException;
import org.glassfish.deployment.common.DummyApplication;
import org.glassfish.deployment.common.SimpleDeployer;
import org.glassfish.hk2.api.PostConstruct;
import org.glassfish.internal.api.ServerContext;
import org.glassfish.internal.data.ApplicationInfo;
import org.glassfish.internal.data.ModuleInfo;
import org.glassfish.internal.deployment.Deployment;
import org.glassfish.security.common.CNonceCache;
import org.glassfish.security.common.HAUtil;
import org.jvnet.hk2.annotations.Service;

@Service(name = "Security")
/* loaded from: input_file:MICRO-INF/runtime/security-ee.jar:com/sun/enterprise/security/ee/SecurityDeployer.class */
public class SecurityDeployer extends SimpleDeployer<SecurityContainer, DummyApplication> implements PostConstruct {

    @Inject
    private ServerContext serverContext;

    @Inject
    @Named("webSecurityCIH")
    private Provider<RegisteredComponentInvocationHandler> registeredComponentInvocationHandlerProvider;

    @Inject
    private Provider<Events> eventsProvider;

    @Inject
    private Provider<HAUtil> haUtilProvider;

    @Inject
    private Provider<AppCNonceCacheMap> appCNonceCacheMapProvider;

    @Inject
    private Provider<CNonceCacheFactory> cNonceCacheFactoryProvider;

    @Inject
    private WebSecurityManagerFactory webSecurityManagerFactory;
    private AppCNonceCacheMap appCnonceMap;
    private HAUtil haUtil;
    private CNonceCacheFactory cnonceCacheFactory;
    private static final String HA_CNONCE_BS_NAME = "HA-CNonceCache-Backingstore";
    private EventListener listener;
    private static final Logger _logger = LogDomains.getLogger(SecurityDeployer.class, "javax.enterprise.system.core.security");
    private static WebSecurityDeployerProbeProvider websecurityProbeProvider = new WebSecurityDeployerProbeProvider();
    private static EjbSecurityPolicyProbeProvider ejbProbeProvider = new EjbSecurityPolicyProbeProvider();

    /* loaded from: input_file:MICRO-INF/runtime/security-ee.jar:com/sun/enterprise/security/ee/SecurityDeployer$AppDeployEventListener.class */
    private class AppDeployEventListener implements EventListener {
        private AppDeployEventListener() {
        }

        @Override // org.glassfish.api.event.EventListener
        public void event(EventListener.Event event) {
            RegisteredComponentInvocationHandler registeredComponentInvocationHandler;
            if (Deployment.MODULE_LOADED.equals(event.type())) {
                ModuleInfo moduleInfo = (ModuleInfo) event.hook();
                if (moduleInfo instanceof ApplicationInfo) {
                    return;
                }
                SecurityDeployer.this.loadPolicy((WebBundleDescriptor) moduleInfo.getMetaData("org.glassfish.web.deployment.descriptor.WebBundleDescriptorImpl"), false);
                return;
            }
            if (!Deployment.APPLICATION_LOADED.equals(event.type())) {
                if (WebBundleDescriptor.AFTER_SERVLET_CONTEXT_INITIALIZED_EVENT.equals(event.type())) {
                    SecurityDeployer.this.commitWebPolicy((WebBundleDescriptor) event.hook());
                    return;
                }
                return;
            }
            Application application = (Application) ((ApplicationInfo) event.hook()).getMetaData(Application.class);
            if (application == null) {
                return;
            }
            Set bundleDescriptors = application.getBundleDescriptors(WebBundleDescriptor.class);
            SecurityDeployer.this.linkPolicies(application, bundleDescriptors);
            SecurityDeployer.this.commitEjbPolicies(application);
            if (bundleDescriptors == null || bundleDescriptors.isEmpty() || (registeredComponentInvocationHandler = (RegisteredComponentInvocationHandler) SecurityDeployer.this.registeredComponentInvocationHandlerProvider.get2()) == null) {
                return;
            }
            registeredComponentInvocationHandler.register();
        }
    }

    @Override // org.glassfish.hk2.api.PostConstruct
    public void postConstruct() {
        this.listener = new AppDeployEventListener();
        this.eventsProvider.get2().register(this.listener);
    }

    @Override // org.glassfish.deployment.common.SimpleDeployer
    protected void generateArtifacts(DeploymentContext deploymentContext) throws DeploymentException {
        OpsParams commandParameters = deploymentContext.getCommandParameters(OpsParams.class);
        if (commandParameters.origin.isArtifactsPresent()) {
            return;
        }
        String name = commandParameters.name();
        try {
            Set bundleDescriptors = ((Application) deploymentContext.getModuleMetaData(Application.class)).getBundleDescriptors(WebBundleDescriptor.class);
            if (bundleDescriptors == null) {
                return;
            }
            Iterator it = bundleDescriptors.iterator();
            while (it.hasNext()) {
                loadPolicy((WebBundleDescriptor) it.next(), false);
            }
        } catch (Exception e) {
            throw new DeploymentException("Error in generating security policy for " + name, e);
        }
    }

    @Override // org.glassfish.deployment.common.SimpleDeployer
    protected void cleanArtifacts(DeploymentContext deploymentContext) throws DeploymentException {
        CNonceCache remove;
        removePolicy(deploymentContext);
        SecurityUtil.removeRoleMapper(deploymentContext);
        OpsParams commandParameters = deploymentContext.getCommandParameters(OpsParams.class);
        if (this.appCnonceMap == null || (remove = this.appCnonceMap.remove(commandParameters.name())) == null) {
            return;
        }
        remove.destroy();
    }

    @Override // org.glassfish.deployment.common.SimpleDeployer, org.glassfish.api.deployment.Deployer
    public DummyApplication load(SecurityContainer securityContainer, DeploymentContext deploymentContext) {
        DeployCommandParameters deployCommandParameters = (DeployCommandParameters) deploymentContext.getCommandParameters(DeployCommandParameters.class);
        Application application = (Application) deploymentContext.getModuleMetaData(Application.class);
        handleCNonceCacheBSInit(application.getAppName(), application.getBundleDescriptors(WebBundleDescriptor.class), deployCommandParameters.availabilityenabled.booleanValue());
        return new DummyApplication();
    }

    @Override // org.glassfish.deployment.common.SimpleDeployer, org.glassfish.api.deployment.Deployer
    public void unload(DummyApplication dummyApplication, DeploymentContext deploymentContext) {
        cleanSecurityContext(deploymentContext.getCommandParameters(OpsParams.class).name());
    }

    @Override // org.glassfish.deployment.common.SimpleDeployer, org.glassfish.api.deployment.Deployer
    public MetaData getMetaData() {
        return new MetaData(false, null, new Class[]{Application.class});
    }

    public void loadPolicy(WebBundleDescriptor webBundleDescriptor, boolean z) throws DeploymentException {
        if (webBundleDescriptor != null) {
            if (z) {
                try {
                    JaccWebAuthorizationManager manager = this.webSecurityManagerFactory.getManager(SecurityUtil.getContextID(webBundleDescriptor), null, true);
                    if (manager != null) {
                        manager.release();
                    }
                } catch (Exception e) {
                    throw new DeploymentException("Error in generating security policy for " + webBundleDescriptor.getModuleDescriptor().getModuleName(), e);
                }
            }
            this.webSecurityManagerFactory.createManager(webBundleDescriptor, true, this.serverContext);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void commitWebPolicy(WebBundleDescriptor webBundleDescriptor) throws DeploymentException {
        if (webBundleDescriptor != null) {
            try {
                if (webBundleDescriptor.isPolicyModified()) {
                    loadPolicy(webBundleDescriptor, true);
                }
                String contextID = SecurityUtil.getContextID(webBundleDescriptor);
                websecurityProbeProvider.policyCreationStartedEvent(contextID);
                SecurityUtil.generatePolicyFile(contextID);
                websecurityProbeProvider.policyCreationEndedEvent(contextID);
                websecurityProbeProvider.policyCreationEvent(contextID);
            } catch (Exception e) {
                throw new DeploymentException("Error in generating security policy for " + webBundleDescriptor.getModuleDescriptor().getModuleName(), e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void commitEjbPolicies(Application application) throws DeploymentException {
        try {
            Iterator it = application.getBundleDescriptors(EjbBundleDescriptor.class).iterator();
            while (it.hasNext()) {
                String contextID = SecurityUtil.getContextID((EjbBundleDescriptor) it.next());
                ejbProbeProvider.policyCreationStartedEvent(contextID);
                SecurityUtil.generatePolicyFile(contextID);
                ejbProbeProvider.policyCreationEndedEvent(contextID);
                ejbProbeProvider.policyCreationEvent(contextID);
            }
        } catch (Exception e) {
            throw new DeploymentException("Error in committing security policy for ejbs of " + application.getRegistrationName(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void linkPolicies(Application application, Collection<WebBundleDescriptor> collection) throws DeploymentException {
        try {
            String str = null;
            boolean z = false;
            Iterator<WebBundleDescriptor> it = collection.iterator();
            while (it.hasNext()) {
                String contextID = SecurityUtil.getContextID(it.next());
                z = SecurityUtil.linkPolicyFile(contextID, str, z);
                str = contextID;
            }
            String str2 = null;
            Iterator it2 = application.getBundleDescriptors(EjbBundleDescriptor.class).iterator();
            while (it2.hasNext()) {
                String contextID2 = SecurityUtil.getContextID((EjbBundleDescriptor) it2.next());
                z = SecurityUtil.linkPolicyFile(contextID2, str2, z);
                str2 = contextID2;
            }
        } catch (IASSecurityException e) {
            throw new DeploymentException("Error in linking security policy for " + application.getRegistrationName(), e);
        }
    }

    private void removePolicy(DeploymentContext deploymentContext) throws DeploymentException {
        OpsParams commandParameters = deploymentContext.getCommandParameters(OpsParams.class);
        if (commandParameters.origin.needsCleanArtifacts()) {
            String name = commandParameters.name();
            try {
                String[] contextsForApp = this.webSecurityManagerFactory.getContextsForApp(name, false);
                if (contextsForApp != null) {
                    for (int i = 0; i < contextsForApp.length; i++) {
                        if (contextsForApp[i] != null) {
                            websecurityProbeProvider.policyDestructionStartedEvent(contextsForApp[i]);
                            SecurityUtil.removePolicy(contextsForApp[i]);
                            websecurityProbeProvider.policyDestructionEndedEvent(contextsForApp[i]);
                            websecurityProbeProvider.policyDestructionEvent(contextsForApp[i]);
                        }
                    }
                }
                cleanSecurityContext(name);
            } catch (IASSecurityException e) {
                String str = "Error in removing security policy for " + name;
                _logger.log(Level.WARNING, str, (Throwable) e);
                throw new DeploymentException(str, e);
            }
        }
    }

    private boolean cleanSecurityContext(String str) {
        boolean z = false;
        List<JaccWebAuthorizationManager> managersForApp = this.webSecurityManagerFactory.getManagersForApp(str, false);
        if (managersForApp == null) {
            return false;
        }
        for (JaccWebAuthorizationManager jaccWebAuthorizationManager : managersForApp) {
            try {
                websecurityProbeProvider.securityManagerDestructionStartedEvent(str);
                jaccWebAuthorizationManager.destroy();
                websecurityProbeProvider.securityManagerDestructionEndedEvent(str);
                websecurityProbeProvider.securityManagerDestructionEvent(str);
                z = true;
            } catch (Exception e) {
                _logger.log(Level.WARNING, "Unable to destroy WebSecurityManager", (Throwable) e);
            }
        }
        return z;
    }

    public static List<EventTypes> getDeploymentEvents() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(Deployment.APPLICATION_PREPARED);
        return arrayList;
    }

    private void handleCNonceCacheBSInit(String str, Set<WebBundleDescriptor> set, boolean z) {
        boolean z2 = false;
        Iterator<WebBundleDescriptor> it = set.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            LoginConfiguration loginConfiguration = it.next().getLoginConfiguration();
            if (loginConfiguration != null && "DIGEST".equals(loginConfiguration.getAuthenticationMethod())) {
                z2 = true;
                break;
            }
        }
        if (z2 && isHaEnabled() && z) {
            String clusterName = this.haUtil.getClusterName();
            String instanceName = this.haUtil.getInstanceName();
            if (this.cnonceCacheFactory != null) {
                this.appCnonceMap.put(str, this.cnonceCacheFactory.createCNonceCache(str, clusterName, instanceName, HA_CNONCE_BS_NAME));
            }
        }
    }

    private boolean isHaEnabled() {
        boolean z = false;
        synchronized (this) {
            if (this.haUtil == null) {
                this.haUtil = this.haUtilProvider.get2();
            }
        }
        if (this.haUtil != null && this.haUtil.isHAEnabled()) {
            z = true;
            synchronized (this) {
                if (this.appCnonceMap == null) {
                    this.appCnonceMap = this.appCNonceCacheMapProvider.get2();
                }
                if (this.cnonceCacheFactory == null) {
                    this.cnonceCacheFactory = this.cNonceCacheFactoryProvider.get2();
                }
            }
        }
        return z;
    }
}
