package com.sun.jini.discovery;

import com.sun.jini.collection.SoftCache;
import java.net.URL;
import java.security.AccessControlException;
import java.security.CodeSource;
import java.security.Permission;
import java.security.Principal;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.Set;
import javax.security.auth.Subject;

/* JADX WARN: Classes with same name are omitted:
  input_file:jini-ext.jar:com/sun/jini/discovery/ClientPermissionChecker.class
 */
/* loaded from: input_file:jsk-platform.jar:com/sun/jini/discovery/ClientPermissionChecker.class */
public class ClientPermissionChecker implements ClientSubjectChecker {
    private static final CodeSource emptyCS = new CodeSource((URL) null, (Certificate[]) null);
    private static final ProtectionDomain emptyPD = new ProtectionDomain(emptyCS, null, null, null);
    private final SoftCache domains = new SoftCache();
    private final Permission permission;

    public ClientPermissionChecker(Permission permission) {
        if (permission == null) {
            throw new NullPointerException();
        }
        this.permission = permission;
    }

    @Override // com.sun.jini.discovery.ClientSubjectChecker
    public void checkClientSubject(Subject subject) {
        ProtectionDomain protectionDomain;
        if (subject != null && !subject.isReadOnly()) {
            throw new IllegalArgumentException("subject is not read-only");
        }
        if (System.getSecurityManager() == null) {
            return;
        }
        if (subject == null) {
            protectionDomain = emptyPD;
        } else {
            synchronized (this.domains) {
                protectionDomain = (ProtectionDomain) this.domains.get(subject);
            }
            if (protectionDomain == null) {
                Set<Principal> principals = subject.getPrincipals();
                protectionDomain = new ProtectionDomain(emptyCS, null, null, (Principal[]) principals.toArray(new Principal[principals.size()]));
                synchronized (this.domains) {
                    this.domains.put(subject, protectionDomain);
                }
            }
        }
        if (!protectionDomain.implies(this.permission)) {
            throw new AccessControlException("access denied " + this.permission);
        }
    }
}
