package com.ibm.ws.objectgrid.security;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.objectgrid.ObjectGridRuntimeException;
import com.ibm.websphere.objectgrid.security.MapPermission;
import com.ibm.websphere.objectgrid.security.plugins.ObjectGridAuthorization;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.objectgrid.Constants;
import com.ibm.ws.objectgrid.ObjectGridManagerImpl;
import com.ibm.ws.objectgrid.SystemObjectGridAccessor;
import com.ibm.ws.xs.NLSConstants;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Policy;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;

/* loaded from: input_file:com/ibm/ws/objectgrid/security/TimerBasedPermissionCheckTask.class */
public class TimerBasedPermissionCheckTask {
    private static final TraceComponent TC = Tr.register(TimerBasedPermissionCheckTask.class, Constants.TR_SECURITY_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");
    private static String CLASS_NAME = TimerBasedPermissionCheckTask.class.getName();
    private static Constructor constructor;
    private ObjectGridAuthorization ogAuth;
    private String ogName;
    private String mapName;
    protected MapPermission[] permissions;
    private int authMechanism = -1;
    private SystemObjectGridAccessor systemOGAccessor = null;
    private PrivilegedAction permissionCheckAction = null;

    public TimerBasedPermissionCheckTask(String str, String str2, int i, ObjectGridAuthorization objectGridAuthorization, SystemObjectGridAccessor systemObjectGridAccessor) {
        this.ogAuth = null;
        if (ObjectGridManagerImpl.isTraceEnabled && TC.isEntryEnabled()) {
            Tr.entry(TC, com.ibm.ws.xs.cglib.core.Constants.CONSTRUCTOR_NAME, new Object[]{str, str2, new Integer(i), objectGridAuthorization, systemObjectGridAccessor});
        }
        this.ogAuth = objectGridAuthorization;
        init(str, str2, i, systemObjectGridAccessor);
    }

    private void init(String str, String str2, int i, SystemObjectGridAccessor systemObjectGridAccessor) {
        if (ObjectGridManagerImpl.isTraceEnabled && TC.isEntryEnabled()) {
            Tr.entry(TC, com.ibm.ws.xs.cglib.core.Constants.CONSTRUCTOR_NAME, new Object[]{str, str2, new Integer(i), this.ogAuth, systemObjectGridAccessor});
        }
        this.authMechanism = i;
        this.systemOGAccessor = systemObjectGridAccessor;
        this.ogName = str;
        this.mapName = str2;
        this.permissions = PermissionStore.getMapPermissions(str, str2);
        if (i == 0) {
            try {
                this.permissionCheckAction = (PrivilegedAction) constructor.newInstance(this.permissions);
            } catch (IllegalAccessException e) {
                FFDCFilter.processException(e, CLASS_NAME + ".<init>", "91", this);
                if (ObjectGridManagerImpl.isTraceEnabled && TC.isEntryEnabled()) {
                    Tr.exit(TC, com.ibm.ws.xs.cglib.core.Constants.CONSTRUCTOR_NAME, "ObjectGridRuntimeException-" + e.getMessage());
                }
                throw new ObjectGridRuntimeException(e);
            } catch (InstantiationException e2) {
                FFDCFilter.processException(e2, CLASS_NAME + ".<init>", "65", this);
                if (ObjectGridManagerImpl.isTraceEnabled && TC.isEntryEnabled()) {
                    Tr.exit(TC, com.ibm.ws.xs.cglib.core.Constants.CONSTRUCTOR_NAME, "ObjectGridRuntimeException-" + e2.getMessage());
                }
                throw new ObjectGridRuntimeException(e2);
            } catch (InvocationTargetException e3) {
                FFDCFilter.processException(e3, CLASS_NAME + ".<init>", "97", this);
                if (ObjectGridManagerImpl.isTraceEnabled && TC.isEntryEnabled()) {
                    Tr.exit(TC, com.ibm.ws.xs.cglib.core.Constants.CONSTRUCTOR_NAME, "ObjectGridRuntimeException-" + e3.getMessage());
                }
                throw new ObjectGridRuntimeException(e3);
            }
        }
        if (ObjectGridManagerImpl.isTraceEnabled && TC.isEntryEnabled()) {
            Tr.exit(TC, com.ibm.ws.xs.cglib.core.Constants.CONSTRUCTOR_NAME, this);
        }
    }

    public void checkPermission(Subject subject, int i) {
        if ((this.systemOGAccessor.getPermission(new PermissionKey(subject, this.ogName, this.mapName)).intValue() & i) != i) {
            throw MapAuthorizer.getAccessControlException(MapPermission.PERMISSIONS[i], this.ogName, this.mapName);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Integer realCheckPermission(final Subject subject) {
        Integer num;
        if (ObjectGridManagerImpl.isTraceEnabled && TC.isEntryEnabled()) {
            Tr.entry(TC, "realCheckPermission", new Object[]{this, subject});
        }
        if (this.authMechanism == 0) {
            final PrivilegedAction privilegedAction = this.permissionCheckAction;
            num = (Integer) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.objectgrid.security.TimerBasedPermissionCheckTask.2
                @Override // java.security.PrivilegedAction
                public Object run() {
                    Policy.getPolicy().refresh();
                    return Subject.doAsPrivileged(subject, privilegedAction, (AccessControlContext) null);
                }
            });
        } else {
            final ObjectGridAuthorization objectGridAuthorization = this.ogAuth;
            try {
                num = (Integer) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.objectgrid.security.TimerBasedPermissionCheckTask.3
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        int i = 0;
                        int i2 = 1;
                        for (int i3 = 0; i3 < 5; i3++) {
                            if (objectGridAuthorization.checkPermission(subject, TimerBasedPermissionCheckTask.this.permissions[i3])) {
                                i |= i2;
                            }
                            i2 *= 2;
                        }
                        return Integer.valueOf(i);
                    }
                });
            } catch (Throwable th) {
                FFDCFilter.processException(th, "com.ibm.ws.objectgrid.security.TimerBasedPermissionCheckTask.checkPermission", "184", this);
                Tr.warning(TC, NLSConstants.GENERAL_EXCEPTION_WARNING_CWOBJ0006, th);
                throw new ObjectGridRuntimeException(th);
            }
        }
        if (ObjectGridManagerImpl.isTraceEnabled && TC.isEntryEnabled()) {
            Tr.exit(TC, "realCheckPermission", num);
        }
        return num;
    }

    static {
        constructor = null;
        try {
            constructor = ((Class) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.objectgrid.security.TimerBasedPermissionCheckTask.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return AccessClassLoader.getSingleton().getTimerActionClass();
                }
            })).getConstructor(MapPermission[].class);
        } catch (NoSuchMethodException e) {
            FFDCFilter.processException((Throwable) e, CLASS_NAME + ".<cinit>", "81", (Object[]) null);
            throw new ObjectGridRuntimeException(e);
        }
    }
}
