package com.ibm.ws.objectgrid.security;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ras.RASFormatter;
import com.ibm.websphere.objectgrid.ObjectGridRuntimeException;
import com.ibm.websphere.objectgrid.security.ObjectGridPermission;
import com.ibm.websphere.objectgrid.security.plugins.ObjectGridAuthorization;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.objectgrid.Constants;
import com.ibm.ws.objectgrid.ObjectGridManagerImpl;
import com.ibm.ws.objectgrid.runtime.RuntimeInfo;
import com.ibm.ws.xs.NLSConstants;
import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;

/* loaded from: input_file:com/ibm/ws/objectgrid/security/ObjectGridAuthorizer.class */
public class ObjectGridAuthorizer {
    static final TraceComponent TC = Tr.register(ObjectGridAuthorizer.class, Constants.TR_SECURITY_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");

    public static void timerBasedCheck(Subject subject, int i, TimerBasedOGPermissionCheckTask timerBasedOGPermissionCheckTask) throws ObjectGridRuntimeException {
        if (CoreSecurityUtil.isOGServerSubject(subject)) {
            return;
        }
        timerBasedOGPermissionCheckTask.checkPermission(subject, i);
    }

    public static void check(final Subject subject, int i, int i2, ObjectGridAuthorization objectGridAuthorization, String str) throws ObjectGridRuntimeException {
        if (CoreSecurityUtil.isOGServerSubject(subject)) {
            if (ObjectGridManagerImpl.isTraceEnabled && TC.isDebugEnabled()) {
                Tr.debug(TC, "check - the subject is a OG server subject, skip authorization.");
                return;
            }
            return;
        }
        if (ObjectGridManagerImpl.isTraceEnabled && TC.isDebugEnabled()) {
            Tr.debug(TC, "check", new Object[]{"Subject", new Integer(i), new Integer(i2), objectGridAuthorization, str});
        }
        if (i2 != 0) {
            try {
                if (!objectGridAuthorization.checkPermission(subject, new ObjectGridPermission(str, i))) {
                    throw getAccessControlException(ObjectGridPermission.PERMISSIONS[i], str);
                }
                return;
            } catch (Throwable th) {
                FFDCFilter.processException(th, "com.ibm.ws.objectgrid.security.ObjectGridAuthorizer.check", "138");
                Tr.warning(TC, NLSConstants.GENERAL_EXCEPTION_WARNING_CWOBJ0006, th);
                throw new ObjectGridRuntimeException(th);
            }
        }
        final ObjectGridPermission objectGridPermission = new ObjectGridPermission(str, ObjectGridPermission.PERMISSIONS[i]);
        final PrivilegedExceptionAction oGPermissionCheckAction = OGPermissionCheckAction.getInstance(objectGridPermission);
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.objectgrid.security.ObjectGridAuthorizer.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws AccessControlException {
                    try {
                        if (RuntimeInfo.instance().isWASServerProcess() && System.getSecurityManager() == null) {
                            WASAuthorizationChecker.getInstance().checkPermission(subject, objectGridPermission);
                            return null;
                        }
                        Subject.doAsPrivileged(subject, oGPermissionCheckAction, (AccessControlContext) null);
                        return null;
                    } catch (PrivilegedActionException e) {
                        Exception exception = e.getException();
                        if (exception instanceof AccessControlException) {
                            throw ((AccessControlException) exception);
                        }
                        throw new ObjectGridRuntimeException(exception);
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            if (!(exception instanceof AccessControlException)) {
                throw new ObjectGridRuntimeException(exception);
            }
            throw ((AccessControlException) exception);
        }
    }

    public static AccessControlException getAccessControlException(String str, String str2) {
        StringBuffer stringBuffer = new StringBuffer(60);
        stringBuffer.append("The following access to the ObjectGrid ").append(str2).append(" is not granted: ").append("com.ibm.websphere.objectgrid.security.ObjectGridPermission ").append(str2).append(RASFormatter.DEFAULT_SEPARATOR).append(str);
        return new AccessControlException(new String(stringBuffer), new ObjectGridPermission(str2, str));
    }
}
