package com.ibm.ws.objectgrid.security;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.objectgrid.Constants;
import com.ibm.ws.xs.util.dopriv.DoPrivUtil;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.CodeSigner;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
import java.security.Policy;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.Security;
import javax.security.auth.Subject;

/* loaded from: input_file:com/ibm/ws/objectgrid/security/WASAuthorizationChecker.class */
public class WASAuthorizationChecker {
    private CodeSource codeSource;
    private Policy policy;
    private TraceComponent TC;

    /* loaded from: input_file:com/ibm/ws/objectgrid/security/WASAuthorizationChecker$SingletonHolder.class */
    private static class SingletonHolder {
        private static final WASAuthorizationChecker INSTANCE = new WASAuthorizationChecker();

        private SingletonHolder() {
        }
    }

    private WASAuthorizationChecker() {
        this.TC = Tr.register(WASAuthorizationChecker.class, Constants.TR_SECURITY_GROUP_NAME, "com.ibm.ws.objectgrid.resources.ObjectGridMessages");
        init();
    }

    public static WASAuthorizationChecker getInstance() {
        return SingletonHolder.INSTANCE;
    }

    private void init() {
        try {
            this.codeSource = new CodeSource(new URL("http://www.ibm.com/com/ibm/ws/objectgrid/security/PrivilegedAction"), (CodeSigner[]) null);
            String str = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.objectgrid.security.WASAuthorizationChecker.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return Security.getProperty("policy.provider");
                }
            });
            Class<?> cls = null;
            if (str != null && str.length() > 0) {
                cls = DoPrivUtil.forName(str);
                if (this.TC.isDebugEnabled()) {
                    Tr.debug(this.TC, "found policy provider " + str);
                }
            }
            if (cls != null) {
                this.policy = (Policy) cls.newInstance();
            } else {
                Tr.error(this.TC, "Authorization policy initilization failed, all authorization will fail!");
            }
        } catch (ClassNotFoundException e) {
            Tr.debug(this.TC, "init failed: " + e.getMessage());
        } catch (IllegalAccessException e2) {
            Tr.debug(this.TC, "init failed: " + e2.getMessage());
        } catch (InstantiationException e3) {
            Tr.debug(this.TC, "init failed: " + e3.getMessage());
        } catch (MalformedURLException e4) {
            Tr.debug(this.TC, "init failed");
        }
    }

    public void checkPermission(Subject subject, Permission permission) throws AccessControlException {
        if (this.policy != null) {
            if (this.TC.isDebugEnabled()) {
                Tr.debug(this.TC, "checking subject: " + subject + " Permission: " + permission);
            }
            PermissionCollection permissions = this.policy.getPermissions(new ProtectionDomain(this.codeSource, null, null, (Principal[]) subject.getPrincipals().toArray(new Principal[0])));
            if (this.TC.isDebugEnabled()) {
                Tr.debug(this.TC, "PermissionCollection: " + permissions);
            }
            if (permissions.implies(permission)) {
                return;
            }
        }
        throw new AccessControlException("Access denied " + permission, permission);
    }
}
