package com.ibm.ws.classloading.java2sec;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.kernel.boot.security.PermissionsCombiner;
import com.ibm.ws.kernel.boot.security.WLPDynamicPolicy;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.wsspi.classloading.ClassLoadingService;
import com.ibm.wsspi.kernel.service.utils.ConcurrentServiceReferenceSet;
import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessController;
import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.security.SecurityPermission;
import java.security.UnresolvedPermission;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import javax.security.auth.AuthPermission;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceReference;
import org.osgi.framework.wiring.BundleCapability;
import org.osgi.framework.wiring.BundleWiring;
import org.osgi.framework.wiring.FrameworkWiring;
import org.osgi.resource.Requirement;
import org.osgi.resource.Resource;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.url.URLStreamHandlerService;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/classloading/java2sec/PermissionManager.class */
public class PermissionManager implements PermissionsCombiner {
    private static final TraceComponent tc = Tr.register(PermissionManager.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);
    private BundleContext bundleContext;
    private ClassLoadingService classLoadingService;
    private static Permission[] DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS;
    private static Permission[] DEFAULT_CLIENT_RESTRICTABLE_PERMISSIONS;
    private static boolean expandProps;
    private static final String KEY_PERMISSION = "permission";
    private static final String INCORRECT_PERMISSION_CONFIGURATION = "INCORRECT_PERMISSION_CONFIGURATION";
    private static final String PERMISSION_CLASSNOTFOUND = "PERMISSION_CLASSNOTFOUND";
    private static final String SERVER_XML = "server.xml";
    private static final String CLIENT_XML = "client.xml";
    private static final String JAVA_POLICY = "java.policy";
    private static String os_name;
    private static String os_version;
    static final long serialVersionUID = 8583289148510585888L;
    private boolean isServer = true;
    private boolean wsjarUrlStreamHandlerAvailable = false;
    private ArrayList<Permission> restrictablePermissions = new ArrayList<>();
    private ArrayList<Permission> javaAllCodeBasePermissions = new ArrayList<>();
    private ArrayList<Permission> grantedPermissions = new ArrayList<>();
    private String originationFile = null;
    private final ConcurrentServiceReferenceSet<JavaPermissionsConfiguration> permissions = new ConcurrentServiceReferenceSet<>(KEY_PERMISSION);
    private Map<String, ArrayList<Permission>> codeBasePermissionMap = new HashMap();
    private Map<String, ArrayList<Permission>> permissionXMLPermissionMap = new HashMap();

    @Activate
    protected void activate(ComponentContext componentContext) {
        this.bundleContext = componentContext.getBundleContext();
        this.isServer = "server".equals(this.bundleContext.getProperty("wlp.process.type"));
        this.permissions.activate(componentContext);
        initializePermissions();
        setAsDynamicPolicyPermissionCombiner(this);
    }

    private void setAsDynamicPolicyPermissionCombiner(PermissionsCombiner permissionsCombiner) {
        WLPDynamicPolicy wLPDynamicPolicy = (Policy) AccessController.doPrivileged(new PrivilegedAction<Policy>() { // from class: com.ibm.ws.classloading.java2sec.PermissionManager.1
            static final long serialVersionUID = 2763094408741742358L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.classloading.java2sec.PermissionManager$1", AnonymousClass1.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Policy run() {
                return Policy.getPolicy();
            }
        });
        if (wLPDynamicPolicy instanceof WLPDynamicPolicy) {
            wLPDynamicPolicy.setPermissionsCombiner(permissionsCombiner);
        }
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
        this.permissions.deactivate(componentContext);
        clearPermissions();
        setAsDynamicPolicyPermissionCombiner(null);
    }

    protected void setPermission(ServiceReference<JavaPermissionsConfiguration> serviceReference) {
        this.permissions.addReference(serviceReference);
    }

    protected synchronized void unsetPermission(ServiceReference<JavaPermissionsConfiguration> serviceReference) {
        this.permissions.removeReference(serviceReference);
        if (this.wsjarUrlStreamHandlerAvailable) {
            clearPermissions();
            initializePermissions();
        }
    }

    protected synchronized void setWsjarURLStreamHandler(ServiceReference<URLStreamHandlerService> serviceReference) {
        this.wsjarUrlStreamHandlerAvailable = true;
    }

    protected synchronized void unsetWsjarURLStreamHandler(ServiceReference<URLStreamHandlerService> serviceReference) {
        this.wsjarUrlStreamHandlerAvailable = false;
    }

    protected synchronized void updatedConfiguration(ServiceReference<JavaPermissionsConfiguration> serviceReference) {
        this.permissions.removeReference(serviceReference);
        this.permissions.addReference(serviceReference);
        if (this.wsjarUrlStreamHandlerAvailable) {
            clearPermissions();
            initializePermissions();
        }
    }

    private void clearPermissions() {
        this.restrictablePermissions.clear();
        this.grantedPermissions.clear();
        this.codeBasePermissionMap.clear();
    }

    protected void setClassLoadingService(ClassLoadingService classLoadingService) {
        this.classLoadingService = classLoadingService;
    }

    protected void unsetClassLoadingService(ClassLoadingService classLoadingService) {
        this.classLoadingService = null;
    }

    private void initializePermissions() {
        int length;
        Iterable<JavaPermissionsConfiguration> services;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Processing java.policy file", new Object[0]);
        }
        try {
            new ParseJavaPolicy(expandProps);
            Enumeration enumeration = Collections.enumeration(ParseJavaPolicy.getJavaPolicyGrants());
            while (enumeration.hasMoreElements()) {
                GrantEntry grantEntry = (GrantEntry) enumeration.nextElement();
                if (grantEntry.codeBase != null) {
                    grantEntry.codeBase = normalize(grantEntry.codeBase);
                    Iterator permissions = grantEntry.getPermissions();
                    while (permissions.hasNext()) {
                        PermissionEntry permissionEntry = (PermissionEntry) permissions.next();
                        Permission createPermissionObject = createPermissionObject(permissionEntry.getPermissionType(), permissionEntry.getName(), permissionEntry.getAction(), permissionEntry.getSignatures(), null, null, JAVA_POLICY);
                        setCodeBasePermission(grantEntry.getCodeBase(), createPermissionObject);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "java.policy, added to codebase = " + grantEntry.getCodeBase() + " perm = " + createPermissionObject.toString(), new Object[0]);
                        }
                    }
                } else {
                    Iterator permissions2 = grantEntry.getPermissions();
                    while (permissions2.hasNext()) {
                        PermissionEntry permissionEntry2 = (PermissionEntry) permissions2.next();
                        this.javaAllCodeBasePermissions.add(createPermissionObject(permissionEntry2.getPermissionType(), permissionEntry2.getName(), permissionEntry2.getAction(), permissionEntry2.getSignatures(), null, null, JAVA_POLICY));
                    }
                }
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Permissions gathered from java.policy for all codebases: ", new Object[0]);
                Iterator<Permission> it = this.javaAllCodeBasePermissions.iterator();
                while (it.hasNext()) {
                    Tr.debug(tc, "    javaAllCodeBasePermission = " + it.next().toString(), new Object[0]);
                }
            }
            if (tc.isDebugEnabled()) {
                if (this.isServer) {
                    Tr.debug(tc, "running on server ", new Object[0]);
                } else {
                    Tr.debug(tc, "running on client ", new Object[0]);
                }
            }
            if (this.isServer) {
                length = DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS.length;
                this.originationFile = SERVER_XML;
            } else {
                length = DEFAULT_CLIENT_RESTRICTABLE_PERMISSIONS.length;
                this.originationFile = CLIENT_XML;
            }
            for (int i = 0; i < length; i++) {
                if (this.isServer) {
                    this.restrictablePermissions.add(DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS[i]);
                } else {
                    this.restrictablePermissions.add(DEFAULT_CLIENT_RESTRICTABLE_PERMISSIONS[i]);
                }
            }
            if (this.permissions != null && !this.permissions.isEmpty() && (services = this.permissions.services()) != null) {
                for (JavaPermissionsConfiguration javaPermissionsConfiguration : services) {
                    String valueOf = String.valueOf(javaPermissionsConfiguration.get(JavaPermissionsConfiguration.PERMISSION));
                    String valueOf2 = String.valueOf(javaPermissionsConfiguration.get(JavaPermissionsConfiguration.TARGET_NAME));
                    String valueOf3 = String.valueOf(javaPermissionsConfiguration.get(JavaPermissionsConfiguration.ACTIONS));
                    String valueOf4 = String.valueOf(javaPermissionsConfiguration.get(JavaPermissionsConfiguration.SIGNED_BY));
                    String valueOf5 = String.valueOf(javaPermissionsConfiguration.get(JavaPermissionsConfiguration.PRINCIPAL_TYPE));
                    String valueOf6 = String.valueOf(javaPermissionsConfiguration.get(JavaPermissionsConfiguration.PRINCIPAL_NAME));
                    String normalize = normalize(String.valueOf(javaPermissionsConfiguration.get(JavaPermissionsConfiguration.CODE_BASE)));
                    Permission createPermissionObject2 = createPermissionObject(valueOf, valueOf2, valueOf3, valueOf4, valueOf5, valueOf6, this.originationFile);
                    if (javaPermissionsConfiguration.get(JavaPermissionsConfiguration.RESTRICTION) != null ? ((Boolean) javaPermissionsConfiguration.get(JavaPermissionsConfiguration.RESTRICTION)).booleanValue() : false) {
                        if (createPermissionObject2 != null) {
                            this.restrictablePermissions.add(createPermissionObject2);
                        }
                    } else if (createPermissionObject2 != null) {
                        if (normalize == null || normalize.equalsIgnoreCase("null")) {
                            this.grantedPermissions.add(createPermissionObject2);
                        } else {
                            setCodeBasePermission(normalize, createPermissionObject2);
                        }
                    }
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "restrictablePermissions : " + this.restrictablePermissions, new Object[0]);
                    Tr.debug(tc, "grantedPermissions from server.xml or client.xml : " + this.grantedPermissions, new Object[0]);
                }
            }
            addJavaPolicyPermissions(this.javaAllCodeBasePermissions);
            setSharedLibraryPermission();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.classloading.java2sec.PermissionManager", "246", this, new Object[0]);
            Tr.error(tc, "Error reading java.policy file: " + e.getMessage(), new Object[0]);
        }
    }

    private String normalize(String str) {
        if (str != null) {
            str = str.replace("\\", "/").replace("//", "/");
        }
        return str;
    }

    private void addJavaPolicyPermissions(List list) {
        for (String str : this.codeBasePermissionMap.keySet()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "codeBase = " + str, new Object[0]);
            }
            Iterator it = list.iterator();
            new ArrayList();
            ArrayList<Permission> arrayList = this.codeBasePermissionMap.get(str);
            while (it.hasNext()) {
                arrayList.add((Permission) it.next());
                this.codeBasePermissionMap.put(str, arrayList);
            }
        }
    }

    private void setCodeBasePermission(String str, Permission permission) {
        if (this.codeBasePermissionMap.containsKey(str)) {
            this.codeBasePermissionMap.get(str).add(permission);
            return;
        }
        ArrayList<Permission> arrayList = new ArrayList<>();
        arrayList.add(permission);
        this.codeBasePermissionMap.put(str, arrayList);
    }

    private void setSharedLibraryPermission() {
        HashMap hashMap = new HashMap();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Setting the final protection domain: ", new Object[0]);
        }
        for (String str : this.codeBasePermissionMap.keySet()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "codeBase = " + str, new Object[0]);
            }
            ArrayList<Permission> arrayList = this.codeBasePermissionMap.get(str);
            if (tc.isDebugEnabled()) {
                for (int i = 0; i < arrayList.size(); i++) {
                    Tr.debug(tc, " permission: " + arrayList.get(i), new Object[0]);
                }
            }
            if (str.startsWith("/")) {
                createProtectionDomain(createCodeSource(str.substring(1, str.length())), arrayList);
            }
            hashMap.put(str, createProtectionDomain(createCodeSource(str), arrayList));
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "   protectionDomainMap.size = " + hashMap.size(), new Object[0]);
            for (Map.Entry entry : hashMap.entrySet()) {
                Tr.debug(tc, "         Key (codeBase)= " + ((String) entry.getKey()) + ", Value (protectionDomain) = " + entry.getValue(), new Object[0]);
            }
        }
        if (this.classLoadingService != null) {
            this.classLoadingService.setSharedLibraryProtectionDomains(hashMap);
        }
    }

    private CodeSource createCodeSource(String str) {
        CodeSource codeSource = null;
        try {
            if (str.startsWith("file:")) {
                str = str.substring("file:".length());
            }
            codeSource = new CodeSource(new URL("file:/" + str), (Certificate[]) null);
        } catch (MalformedURLException e) {
            FFDCFilter.processException(e, "com.ibm.ws.classloading.java2sec.PermissionManager", "470", this, new Object[]{str});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to create code source for protection domain", new Object[0]);
            }
        }
        return codeSource;
    }

    private ProtectionDomain createProtectionDomain(CodeSource codeSource, ArrayList<Permission> arrayList) {
        Permissions permissions = new Permissions();
        if (java2SecurityEnabled()) {
            Iterator<Permission> it = arrayList.iterator();
            while (it.hasNext()) {
                permissions.add(it.next());
            }
        } else {
            permissions.add(new AllPermission());
        }
        return new ProtectionDomain(codeSource, permissions);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v41, types: [java.security.Permission] */
    /* JADX WARN: Type inference failed for: r0v48, types: [java.security.Permission] */
    /* JADX WARN: Type inference failed for: r0v55, types: [java.security.Permission] */
    /* JADX WARN: Type inference failed for: r0v74, types: [java.security.Permission] */
    /* JADX WARN: Type inference failed for: r0v81, types: [java.security.Permission] */
    public Permission createPermissionObject(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        UnresolvedPermission unresolvedPermission = null;
        if (str2 != null && (str2.equals("ALL FILES") || str2.contains("ALL FILES"))) {
            str2 = "<<ALL FILES>>";
        }
        if (str != null) {
            try {
                if (!str.equalsIgnoreCase("null")) {
                    if (!str.equalsIgnoreCase("javax.security.auth.PrivateCredentialPermission")) {
                        unresolvedPermission = (str3 == null || str3.equalsIgnoreCase("null")) ? (str2 == null || str2.equalsIgnoreCase("null")) ? (Permission) getPermissionClass(str).newInstance() : (Permission) getPermissionClass(str).getConstructor(String.class).newInstance(str2) : (Permission) getPermissionClass(str).getConstructor(String.class, String.class).newInstance(str2, str3);
                    } else if (str2 == null || str2.equalsIgnoreCase("null")) {
                        unresolvedPermission = (Permission) getPermissionClass(str).getConstructor(String.class, String.class).newInstance(str4 + " " + str5 + " \"" + str6 + "\"", "read");
                    } else {
                        unresolvedPermission = (Permission) getPermissionClass(str).getConstructor(String.class, String.class).newInstance(str2, "read");
                    }
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.classloading.java2sec.PermissionManager", "538", this, new Object[]{str, str2, str3, str4, str5, str6, str7});
                if (tc.isWarningEnabled()) {
                    String str8 = null;
                    if (e.getCause() != null) {
                        str8 = e.getCause().getClass().getName() + "[" + e.getCause().getMessage() + "]";
                    } else if (e.getMessage() != null) {
                        str8 = e.getClass().getName() + "[" + e.getMessage() + "]";
                    }
                    if (str8 == null) {
                        str8 = "unknown reasons";
                    }
                    if (e instanceof ClassNotFoundException) {
                        Tr.warning(tc, PERMISSION_CLASSNOTFOUND, new Object[]{str, str8, str7});
                    } else {
                        Tr.warning(tc, INCORRECT_PERMISSION_CONFIGURATION, new Object[]{str, str8, str7});
                    }
                }
                if (e instanceof ClassNotFoundException) {
                    unresolvedPermission = new UnresolvedPermission(str, str2, str3, null);
                }
            }
        }
        return unresolvedPermission;
    }

    private Class<?> getPermissionClass(String str) throws ClassNotFoundException {
        Class<?> permissionClassUsingBundleClassLoader = getPermissionClassUsingBundleClassLoader(str);
        if (permissionClassUsingBundleClassLoader == null) {
            permissionClassUsingBundleClassLoader = Class.forName(str);
        }
        return permissionClassUsingBundleClassLoader;
    }

    private Class<?> getPermissionClassUsingBundleClassLoader(String str) throws ClassNotFoundException {
        Class<?> cls = null;
        ClassLoader bundleClassLoader = getBundleClassLoader(str);
        if (bundleClassLoader != null) {
            cls = bundleClassLoader.loadClass(str);
        }
        return cls;
    }

    private ClassLoader getBundleClassLoader(String str) {
        BundleWiring bundleWiring = getBundleWiring(getBundlesProvidingPackage(str.substring(0, str.lastIndexOf("."))));
        if (bundleWiring != null) {
            return bundleWiring.getClassLoader();
        }
        return null;
    }

    private Collection<BundleCapability> getBundlesProvidingPackage(final String str) {
        return ((FrameworkWiring) this.bundleContext.getBundle("System Bundle").adapt(FrameworkWiring.class)).findProviders(new Requirement() { // from class: com.ibm.ws.classloading.java2sec.PermissionManager.2
            static final long serialVersionUID = -9161294685101063159L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.classloading.java2sec.PermissionManager$2", AnonymousClass2.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);

            public Resource getResource() {
                return null;
            }

            public String getNamespace() {
                return "osgi.wiring.package";
            }

            public Map<String, String> getDirectives() {
                return Collections.singletonMap("filter", "(osgi.wiring.package=" + str + ")");
            }

            public Map<String, Object> getAttributes() {
                return Collections.emptyMap();
            }
        });
    }

    private BundleWiring getBundleWiring(Collection<BundleCapability> collection) {
        BundleCapability bundleCapability = null;
        for (BundleCapability bundleCapability2 : collection) {
            if (bundleCapability != null && bundleCapability2.getRevision().getBundle().getBundleId() == 0) {
                break;
            }
            bundleCapability = bundleCapability2;
        }
        if (bundleCapability != null) {
            return bundleCapability.getRevision().getWiring();
        }
        return null;
    }

    public ArrayList<Permission> getRestrictablePermissions() {
        return (ArrayList) this.restrictablePermissions.clone();
    }

    public ArrayList<Permission> getEffectivePermissions(String str) {
        return getEffectivePermissions(Collections.emptyList(), str);
    }

    public ArrayList<Permission> getEffectivePermissions(List<Permission> list, String str) {
        ArrayList<Permission> arrayList = new ArrayList<>();
        arrayList.addAll(this.grantedPermissions);
        String normalize = normalize(str);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "os_name: " + os_name + " os_version: " + os_version, new Object[0]);
        }
        if (os_name.contains("Windows") && os_version.equals("10.0") && normalize.startsWith("/")) {
            normalize = normalize.substring(1);
        }
        if (tc.isDebugEnabled()) {
            this.codeBasePermissionMap.keySet();
            Iterator<String> it = this.codeBasePermissionMap.keySet().iterator();
            while (it.hasNext()) {
                Tr.debug(tc, "codebase key: " + it.next(), new Object[0]);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "codeBase: " + normalize + " original_codeBase: " + str, new Object[0]);
        }
        if (this.codeBasePermissionMap.containsKey(normalize)) {
            arrayList.addAll(this.codeBasePermissionMap.get(normalize));
        } else if (this.codeBasePermissionMap.containsKey(str)) {
            arrayList.addAll(this.codeBasePermissionMap.get(str));
        }
        if (this.permissionXMLPermissionMap.containsKey(normalize)) {
            arrayList.addAll(this.permissionXMLPermissionMap.get(normalize));
        } else if (this.permissionXMLPermissionMap.containsKey(str)) {
            arrayList.addAll(this.permissionXMLPermissionMap.get(str));
        }
        for (Permission permission : list) {
            if (!isRestricted(permission)) {
                arrayList.add(permission);
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Effective permissions from static policy: ", new Object[0]);
            for (int i = 0; i < arrayList.size(); i++) {
                Tr.debug(tc, "CodeBase: " + normalize + " Original codeBase: " + str + " Permission: " + arrayList.get(i).toString(), new Object[0]);
            }
        }
        return arrayList;
    }

    public PermissionCollection getCombinedPermissions(PermissionCollection permissionCollection, CodeSource codeSource) {
        Permissions permissions = new Permissions();
        ArrayList list = Collections.list(permissionCollection.elements());
        String path = codeSource.getLocation().getPath();
        ArrayList<Permission> effectivePermissions = getEffectivePermissions(list, path);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "***********   Effective combined permissions: **********", new Object[0]);
        }
        Iterator<Permission> it = effectivePermissions.iterator();
        while (it.hasNext()) {
            Permission next = it.next();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "         CodeBase: " + path + " Permission: " + next.toString(), new Object[0]);
            }
            permissions.add(next);
        }
        return permissions;
    }

    private boolean isRestricted(Permission permission) {
        Iterator<Permission> it = this.restrictablePermissions.iterator();
        while (it.hasNext()) {
            if (it.next().implies(permission)) {
                return true;
            }
        }
        return false;
    }

    private boolean java2SecurityEnabled() {
        return System.getSecurityManager() != null;
    }

    public void addPermissionsXMLPermission(CodeSource codeSource, Permission permission) {
        String path = codeSource.getLocation().getPath();
        String file = codeSource.getLocation().getFile();
        String substring = file.substring(file.lastIndexOf("/") + 1);
        File file2 = new File(getInstallRoot());
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " getInstallRoot: " + getInstallRoot() + " fileName: " + substring + " codeBase: " + path, new Object[0]);
        }
        if (isRestricted(permission)) {
            return;
        }
        if (this.permissionXMLPermissionMap.containsKey(path)) {
            this.permissionXMLPermissionMap.get(path).add(permission);
            return;
        }
        ArrayList<Permission> arrayList = new ArrayList<>();
        arrayList.add(permission);
        this.permissionXMLPermissionMap.put(path, arrayList);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, " added new perm to codebase: " + path + ", calling recursive find on filename: " + substring + " codeBase: " + path, new Object[0]);
        }
        RecursiveFind(file2, substring, path, arrayList);
    }

    public static String getInstallRoot() {
        return (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: com.ibm.ws.classloading.java2sec.PermissionManager.3
            static final long serialVersionUID = -1602707647904548481L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.classloading.java2sec.PermissionManager$3", AnonymousClass3.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public String run() {
                String property = System.getProperty("server.config.dir");
                if (property == null) {
                    property = System.getenv("SERVER_CONFIG_DIR");
                }
                if (property == null) {
                    property = ".";
                }
                if (PermissionManager.tc.isDebugEnabled()) {
                    Tr.debug(PermissionManager.tc, "The install root is " + property, new Object[0]);
                }
                return property;
            }
        });
    }

    private void RecursiveArchiveFind(File file, String str, String str2, ArrayList<Permission> arrayList) {
        File[] listFiles = file.listFiles();
        if (listFiles == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Directory, " + file + " does not exist or threw an IO exception while listing it's files - skipping", new Object[0]);
                return;
            }
            return;
        }
        if (listFiles == null) {
            return;
        }
        for (File file2 : listFiles) {
            if (file2.isFile()) {
                String concat = "/".concat(file2.getPath().replace("\\", "/"));
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, ".....RecursiveFind: found file: " + file2.getName() + " individualArchive: " + str + "   file.getPath(): " + file2.getPath() + " codeBase: " + str2 + " newcodebase: " + concat, new Object[0]);
                }
                if (file2.getName().equals(str)) {
                    if (!concat.equals(str2)) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "          the file names matched, but the codebase didnt, so let's see if it's in cache", new Object[0]);
                        }
                        if (concat.contains("workarea") && concat.contains("data") && concat.contains("cache")) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "                        newcodebase contains workarea, adding perm to cached entry", new Object[0]);
                            }
                            this.permissionXMLPermissionMap.put(concat, arrayList);
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, " ... cached file, adding permissions", new Object[0]);
                            }
                        }
                    } else if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "       the filenames and codebases matched, keep searching", new Object[0]);
                    }
                }
            } else if (file2.isDirectory()) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, ".....RecursiveFind: found directory: " + file2.getName(), new Object[0]);
                }
                RecursiveArchiveFind(file2, str, str2, arrayList);
            }
        }
    }

    private void RecursiveFind(File file, String str, final String str2, ArrayList<Permission> arrayList) {
        ZipFile zipFile = null;
        File file2 = new File(str2);
        if (str == null || str.trim().equals("")) {
            if (str2.endsWith("/")) {
                String substring = str2.substring(0, str2.length() - 1);
                str = substring.substring(substring.lastIndexOf("/"), substring.length());
            } else {
                str = str2;
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "codebase: " + str2 + " tempFile: " + file2 + " fileName: " + str, new Object[0]);
            Tr.debug(tc, "   is " + file2 + " a directory: " + file2.isDirectory(), new Object[0]);
            Tr.debug(tc, "      " + str + " ends with ear? " + str.endsWith(".ear"), new Object[0]);
            Tr.debug(tc, "      " + str + " ends with war? " + str.endsWith(".war"), new Object[0]);
        }
        if (str2 == null || str2.contains("expanded") || file2.isDirectory()) {
            return;
        }
        if (str.endsWith(".ear") || str.endsWith(".war")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "        codebase: " + str2 + " will expanded recursively to ensure all sub-modules get the right permissions", new Object[0]);
            }
            try {
                zipFile = (ZipFile) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.classloading.java2sec.PermissionManager.4
                    static final long serialVersionUID = -6092075804626869330L;
                    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.classloading.java2sec.PermissionManager$4", AnonymousClass4.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);

                    @Override // java.security.PrivilegedExceptionAction
                    public ZipFile run() {
                        try {
                            return new ZipFile(str2);
                        } catch (IOException e) {
                            FFDCFilter.processException(e, "com.ibm.ws.classloading.java2sec.PermissionManager$4", "931", this, new Object[0]);
                            return null;
                        }
                    }
                });
            } catch (PrivilegedActionException e) {
                FFDCFilter.processException(e, "com.ibm.ws.classloading.java2sec.PermissionManager", "937", this, new Object[]{file, str, str2, arrayList});
            }
            if (zipFile != null) {
                Enumeration<? extends ZipEntry> entries = zipFile.entries();
                while (entries.hasMoreElements()) {
                    ZipEntry nextElement = entries.nextElement();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "for every  enumerated archive name: " + nextElement.getName(), new Object[0]);
                    }
                    RecursiveArchiveFind(file, nextElement.getName(), str2, arrayList);
                }
            }
        }
    }

    static {
        DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS = null;
        DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS = new Permission[4];
        DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS[0] = new RuntimePermission("exitVM");
        DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS[1] = new RuntimePermission("setSecurityManager");
        DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS[2] = new SecurityPermission("setPolicy");
        DEFAULT_SERVER_RESTRICTABLE_PERMISSIONS[3] = new AuthPermission("setLoginConfiguration");
        DEFAULT_CLIENT_RESTRICTABLE_PERMISSIONS = null;
        DEFAULT_CLIENT_RESTRICTABLE_PERMISSIONS = new Permission[3];
        DEFAULT_CLIENT_RESTRICTABLE_PERMISSIONS[0] = new RuntimePermission("setSecurityManager");
        DEFAULT_CLIENT_RESTRICTABLE_PERMISSIONS[1] = new SecurityPermission("setPolicy");
        DEFAULT_CLIENT_RESTRICTABLE_PERMISSIONS[2] = new AuthPermission("setLoginConfiguration");
        expandProps = true;
        os_name = System.getProperty("os.name");
        os_version = System.getProperty("os.version");
    }
}
