package org.apache.derby.iapi.security;

import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashSet;
import javax.security.auth.Subject;
import org.apache.derby.authentication.SystemPrincipal;
import org.apache.derby.iapi.error.StandardException;
import org.apache.derby.iapi.services.context.Context;
import org.apache.derby.iapi.services.context.ContextService;
import org.apache.derby.iapi.sql.conn.Authorizer;
import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
import org.apache.derby.iapi.sql.dictionary.AliasDescriptor;
import org.apache.derby.iapi.sql.dictionary.StatementRoutinePermission;
import org.apache.derby.iapi.util.IdUtil;
import org.apache.derby.security.SystemPermission;

/* loaded from: input_file:WEB-INF/lib/derby-10.14.1.0.jar:org/apache/derby/iapi/security/SecurityUtil.class */
public class SecurityUtil {
    private static final SystemPermission USE_DERBY_INTERNALS = new SystemPermission(SystemPermission.ENGINE, SystemPermission.USE_DERBY_INTERNALS);

    public static Subject createSystemPrincipalSubject(String str) {
        HashSet hashSet = new HashSet();
        if (str != null) {
            hashSet.add(new SystemPrincipal(str));
            hashSet.add(new SystemPrincipal(getAuthorizationId(str)));
        }
        HashSet hashSet2 = new HashSet();
        return new Subject(true, hashSet, hashSet2, hashSet2);
    }

    private static String getAuthorizationId(String str) {
        if (str == null) {
            throw new NullPointerException("name can't be null");
        }
        if (str.length() == 0) {
            throw new IllegalArgumentException("name can't be empty");
        }
        try {
            return IdUtil.getUserAuthorizationId(str);
        } catch (StandardException e) {
            throw new IllegalArgumentException(e.getMessage());
        }
    }

    public static void checkSubjectHasPermission(final Subject subject, final Permission permission) {
        final PrivilegedAction<Void> privilegedAction = new PrivilegedAction<Void>() { // from class: org.apache.derby.iapi.security.SecurityUtil.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                AccessController.checkPermission(permission);
                return null;
            }
        };
        AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: org.apache.derby.iapi.security.SecurityUtil.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                Subject.doAsPrivileged(subject, privilegedAction, (AccessControlContext) null);
                return null;
            }
        });
    }

    public static void checkUserHasPermission(String str, Permission permission) {
        if (System.getSecurityManager() == null) {
            return;
        }
        checkSubjectHasPermission(createSystemPrincipalSubject(str), permission);
    }

    public static void authorize(Securable securable) throws StandardException {
        LanguageConnectionContext languageConnectionContext = (LanguageConnectionContext) getContextOrNull("LanguageConnectionContext");
        if (languageConnectionContext.usesSqlAuthorization()) {
            Authorizer authorizer = languageConnectionContext.getAuthorizer();
            AliasDescriptor aliasDescriptor = languageConnectionContext.getDataDictionary().getRoutineList(securable.routineSchemaID, securable.routineName, securable.routineType).get(0);
            ArrayList arrayList = new ArrayList();
            arrayList.add(new StatementRoutinePermission(aliasDescriptor.getObjectID()));
            authorizer.authorize(arrayList, languageConnectionContext.getLastActivation());
        }
    }

    public static void checkDerbyInternalsPrivilege() {
        if (System.getSecurityManager() != null) {
            AccessController.checkPermission(USE_DERBY_INTERNALS);
        }
    }

    private static Context getContextOrNull(final String str) {
        return System.getSecurityManager() == null ? ContextService.getContextOrNull(str) : (Context) AccessController.doPrivileged(new PrivilegedAction<Context>() { // from class: org.apache.derby.iapi.security.SecurityUtil.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Context run() {
                return ContextService.getContextOrNull(str);
            }
        });
    }
}
