package com.ibm.ws.security.core;

import com.ibm.ejs.models.base.bindings.applicationbnd.ApplicationBinding;
import com.ibm.ejs.models.base.bindings.applicationbnd.AuthorizationTable;
import com.ibm.ejs.models.base.bindings.applicationbnd.RoleAssignment;
import com.ibm.ejs.models.base.bindings.applicationbnd.RunAsMap;
import com.ibm.ejs.models.base.config.applicationserver.ApplicationRef;
import com.ibm.ejs.models.base.config.applicationserver.ModuleRef;
import com.ibm.ejs.models.base.config.applicationserver.WebModuleRef;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ejs.security.util.Constants;
import com.ibm.etools.emf.ref.EList;
import com.ibm.websphere.runtime.CustomService;
import com.ibm.ws.event.ApplicationEvent;
import com.ibm.ws.event.ApplicationListener;
import com.ibm.ws.security.ejb.BeanPermissionRoleMapTable;
import com.ibm.ws.security.ejb.RunAsMapTable;
import com.ibm.ws.security.web.WebAppCache;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.Properties;

/* loaded from: input_file:lib/security.jar:com/ibm/ws/security/core/AppListener.class */
public class AppListener implements CustomService, ApplicationListener {
    private static final TraceComponent tc;
    private static final String DENYALL_ROLE_NAME = "DenyAllRole";
    static Class class$com$ibm$ws$security$core$AppListener;

    @Override // com.ibm.websphere.runtime.CustomService
    public void initialize(Properties properties) {
    }

    @Override // com.ibm.websphere.runtime.CustomService
    public void shutdown() {
    }

    @Override // com.ibm.ws.event.ApplicationListener
    public void applicationStarting(ApplicationEvent applicationEvent) {
    }

    @Override // com.ibm.ws.event.ApplicationListener
    public void applicationStarted(ApplicationEvent applicationEvent) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "applicationInstalling");
        }
        try {
            ApplicationRef applicationRef = applicationEvent.getApplicationRef();
            ApplicationBinding binding = applicationRef.getBinding();
            String name = applicationRef.getName();
            AuthorizationTable authorizationTable = binding.getAuthorizationTable();
            if (authorizationTable != null) {
                removeSubjectsFromDenyAllRole(name, authorizationTable);
                WSAccessManager.addAuthorizationTable(name, authorizationTable);
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Authorization Table Not defined for Application ").append(name).toString());
            }
            RunAsMap runAsMap = binding.getRunAsMap();
            if (authorizationTable == null) {
                Tr.event(tc, new StringBuffer().append("Application ").append(name).append(" installed without Authorization Table").toString());
            } else if (runAsMap != null) {
                RunAsMapTable.addRunAsMap(name, runAsMap);
                if (runAsMap.getRunAsBindings().size() != 0) {
                    Tr.event(tc, new StringBuffer().append("Authorization Table and RunAsMap processed for Application ").append(name).toString());
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, new StringBuffer().append("RunAsMap Not defined properly for Application ").append(name).toString());
                }
            } else {
                Tr.event(tc, new StringBuffer().append("Authorization Table processed for Application ").append(name).toString());
            }
            BeanPermissionRoleMapTable.addBeanPermissionRoleMap(name);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "applicationInstalling");
            }
        } catch (Exception e) {
            StringWriter stringWriter = new StringWriter();
            e.printStackTrace(new PrintWriter(stringWriter));
            Tr.error(tc, Constants.nls.getFormattedMessage("security.init.error", new Object[]{e.getMessage(), stringWriter.toString()}, "Error during security initialization. Exception {0} at location: {1}"));
            throw new RuntimeException(e.getMessage());
        }
    }

    @Override // com.ibm.ws.event.ApplicationListener
    public void applicationStopping(ApplicationEvent applicationEvent) {
    }

    @Override // com.ibm.ws.event.ApplicationListener
    public void applicationStopped(ApplicationEvent applicationEvent) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "applicationStopped ");
        }
        try {
            ApplicationRef applicationRef = applicationEvent.getApplicationRef();
            if (applicationRef == null) {
                return;
            }
            String name = applicationRef.getName();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("application is  ").append(name).toString());
            }
            WSAccessManager.removeAuthorizationTable(name);
            RunAsMapTable.removeRunAsMap(name);
            BeanPermissionRoleMapTable.removeBeanPermissionRoleMap(name);
            EList modules = applicationRef.getModules();
            for (int i = 0; i < modules.size(); i++) {
                ModuleRef moduleRef = (ModuleRef) modules.get(i);
                if (moduleRef instanceof WebModuleRef) {
                    String contextRoot = ((WebModuleRef) moduleRef).getWebModule().getContextRoot();
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, new StringBuffer().append("removing web application  with context root ").append(contextRoot).toString());
                    }
                    WebAppCache.removeWebApp(contextRoot);
                }
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "applicationStopped");
            }
        } catch (Exception e) {
            Tr.error(tc, Constants.nls.getFormattedMessage("security.init.error", new Object[]{e.getMessage(), generateStackTraceString(e)}, "Error during security initialization. Exception {0} at location: {1}"));
        }
    }

    protected void removeSubjectsFromDenyAllRole(String str, AuthorizationTable authorizationTable) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "removeUsersFromDenyAllRole", str);
        }
        boolean z = false;
        EList authorizations = authorizationTable.getAuthorizations();
        int i = 0;
        while (true) {
            if (i >= authorizations.size()) {
                break;
            }
            RoleAssignment roleAssignment = (RoleAssignment) authorizations.get(i);
            String roleName = roleAssignment.getRole().getRoleName();
            if (roleName == null || !roleName.equals(DENYALL_ROLE_NAME)) {
                i++;
            } else {
                EList users = roleAssignment.getUsers();
                if (users != null && users.size() > 0) {
                    roleAssignment.getUsers().clear();
                    z = true;
                }
                EList groups = roleAssignment.getGroups();
                if (groups != null && groups.size() > 0) {
                    roleAssignment.getGroups().clear();
                    z = true;
                }
                EList specialSubjects = roleAssignment.getSpecialSubjects();
                if (specialSubjects != null && specialSubjects.size() > 0) {
                    roleAssignment.getSpecialSubjects().clear();
                    z = true;
                }
                if (z) {
                    Tr.warning(tc, new StringBuffer().append("All subjects assigned to Special role DenyAllRole for application ").append(str).append(" are removed").toString());
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "removeUsersFromDenyAllRole");
        }
    }

    public static String generateStackTraceString(Throwable th) {
        StringWriter stringWriter = new StringWriter();
        th.printStackTrace(new PrintWriter(stringWriter));
        return stringWriter.toString();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$core$AppListener == null) {
            cls = class$("com.ibm.ws.security.core.AppListener");
            class$com$ibm$ws$security$core$AppListener = cls;
        } else {
            cls = class$com$ibm$ws$security$core$AppListener;
        }
        tc = Tr.register(cls);
    }
}
