package com.ibm.ws.objectgrid.security;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.objectgrid.ObjectGridRuntimeException;
import com.ibm.websphere.objectgrid.security.AgentPermission;
import com.ibm.websphere.objectgrid.security.plugins.ObjectGridAuthorization;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.objectgrid.Constants;
import com.ibm.ws.objectgrid.ObjectGridManagerImpl;
import com.ibm.ws.objectgrid.em.RegistryAgent;
import com.ibm.ws.objectgrid.index.agent.GetKeysValuesAgent;
import com.ibm.ws.objectgrid.index.agent.GetPartitionsAgent;
import com.ibm.ws.objectgrid.index.agent.GlobalIndexDebuggerAgent;
import com.ibm.ws.objectgrid.index.agent.GlobalIndexUpdateAgent;
import com.ibm.ws.objectgrid.index.agent.GlobalIndexUpdateByKeyAgent;
import com.ibm.ws.objectgrid.index.agent.IndexUtilityAgent;
import com.ibm.ws.objectgrid.plugins.SerializationInfoAgent;
import com.ibm.ws.objectgrid.plugins.SerializationInfoRecoveryAgent;
import com.ibm.ws.objectgrid.runtime.RuntimeInfo;
import com.ibm.ws.objectgrid.xdf.XDFRecoveryAgent;
import com.ibm.ws.xs.NLSConstants;
import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.Subject;

/* loaded from: input_file:com/ibm/ws/objectgrid/security/AgentAuthorizer.class */
public class AgentAuthorizer {
    static final TraceComponent TC = Tr.register(AgentAuthorizer.class, Constants.TR_SECURITY_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");
    private static final Set SYSTEM_AGENTS;

    public static void check(final Subject subject, final AgentPermission agentPermission, int i, ObjectGridAuthorization objectGridAuthorization) throws ObjectGridRuntimeException {
        if (ObjectGridManagerImpl.isTraceEnabled && TC.isDebugEnabled()) {
            Tr.debug(TC, "check", new Object[]{"Subject", agentPermission, new Integer(i), objectGridAuthorization});
        }
        if (i != 0) {
            try {
                if (!objectGridAuthorization.checkPermission(subject, agentPermission)) {
                    throw getAccessControlException(agentPermission);
                }
                return;
            } catch (Throwable th) {
                FFDCFilter.processException(th, "com.ibm.ws.objectgrid.security.ObjectGridAuthorizer.check", "138");
                Tr.warning(TC, NLSConstants.GENERAL_EXCEPTION_WARNING_CWOBJ0006, th);
                throw new ObjectGridRuntimeException(th);
            }
        }
        final PrivilegedExceptionAction agentPermissionCheckAction = AgentPermissionCheckAction.getInstance(agentPermission);
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.objectgrid.security.AgentAuthorizer.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws AccessControlException {
                    try {
                        if (RuntimeInfo.instance().isWASServerProcess() && System.getSecurityManager() == null) {
                            WASAuthorizationChecker.getInstance().checkPermission(subject, agentPermission);
                            return null;
                        }
                        Subject.doAsPrivileged(subject, agentPermissionCheckAction, (AccessControlContext) null);
                        return null;
                    } catch (PrivilegedActionException e) {
                        Exception exception = e.getException();
                        if (exception instanceof AccessControlException) {
                            throw ((AccessControlException) exception);
                        }
                        throw new ObjectGridRuntimeException(exception);
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            if (!(exception instanceof AccessControlException)) {
                throw new ObjectGridRuntimeException(exception);
            }
            throw ((AccessControlException) exception);
        }
    }

    public static AccessControlException getAccessControlException(AgentPermission agentPermission) {
        StringBuffer stringBuffer = new StringBuffer(60);
        stringBuffer.append("The following access to the ObjectGrid map ").append(agentPermission.getName()).append(" is not granted: ").append(agentPermission);
        return new AccessControlException(new String(stringBuffer), agentPermission);
    }

    public static final boolean isSystemAgentClass(String str) {
        return SYSTEM_AGENTS.contains(str);
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add(IndexUtilityAgent.class.getName());
        hashSet.add(GetKeysValuesAgent.class.getName());
        hashSet.add(GetPartitionsAgent.class.getName());
        hashSet.add(GlobalIndexDebuggerAgent.class.getName());
        hashSet.add(GlobalIndexUpdateAgent.class.getName());
        hashSet.add(GlobalIndexUpdateByKeyAgent.class.getName());
        hashSet.add(RegistryAgent.class.getName());
        hashSet.add(SerializationInfoAgent.class.getName());
        hashSet.add(SerializationInfoRecoveryAgent.class.getName());
        hashSet.add(XDFRecoveryAgent.class.getName());
        hashSet.add("com.ibm.ws.objectgrid.jpa.batch.InsertAgent");
        hashSet.add("com.ibm.ws.objectgrid.jpa.batch.ClearAgent");
        hashSet.add("com.ibm.ws.objectgrid.jpa.batch.QueryClearAgent");
        hashSet.add("com.ibm.ws.objectgrid.dbupdate.DBUpdateAgent");
        hashSet.add("com.ibm.ws.objectgrid.dynacache.agents.CacheConfigAgent");
        hashSet.add("com.ibm.ws.objectgrid.dynacache.agents.CacheIdAgent");
        hashSet.add("com.ibm.ws.objectgrid.dynacache.agents.DependencyAgent");
        hashSet.add("com.ibm.ws.objectgrid.dynacache.agents.ExternalizedInvalidateAgent");
        hashSet.add("com.ibm.ws.objectgrid.dynacache.agents.InvalidateAgent");
        hashSet.add("com.ibm.ws.objectgrid.dynacache.agents.PutAgent");
        hashSet.add("com.ibm.ws.objectgrid.dynacache.agents.SinglePartitionInvalidateAgent");
        hashSet.add("com.ibm.ws.objectgrid.dynacache.agents.StatisticsAgent");
        hashSet.add("com.ibm.ws.xs.admin.common.KeySearchAgent");
        hashSet.add("com.ibm.ws.xs.continuousquery.agent.ContinuousQueryAgent");
        hashSet.add("com.ibm.ws.xs.cacheinvalidator.agent.TTLUpdateAgent");
        hashSet.add("com.ibm.ws.xs.cacheinvalidator.agent.SynchAgent");
        hashSet.add("com.ibm.ws.xs.sessionmanager.EvictedAgent");
        hashSet.add("com.ibm.ws.xs.locationdata.trigger.impl.TriggerAddAgent");
        hashSet.add("com.ibm.ws.xs.locationdata.trigger.impl.TriggerRemoveAgent");
        SYSTEM_AGENTS = Collections.unmodifiableSet(hashSet);
    }
}
