package weblogic.wsee.jws.context;

import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import weblogic.jws.CallbackMethod;
import weblogic.security.SubjectUtils;
import weblogic.security.WLSPrincipals;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.ContextHandler;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.RoleManager;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.service.WebServiceResource;
import weblogic.servlet.internal.ServletRequestImpl;
import weblogic.servlet.provider.WlsSecurityProvider;
import weblogic.utils.Debug;
import weblogic.wsee.connection.transport.servlet.HttpTransportUtils;
import weblogic.wsee.jws.util.Util;
import weblogic.wsee.message.WlMessageContext;

/* loaded from: input_file:weblogic/wsee/jws/context/WebSecurityContext.class */
public class WebSecurityContext implements JwsSecurityContext {
    private static final String DEBUG_PROPERTY = "weblogic.wsee.security.debug";
    private static final boolean DEBUG = Boolean.getBoolean(DEBUG_PROPERTY);
    private static final AuthenticatedSubject KERNEL_ID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private WlMessageContext messageContext;
    private Class jws;
    private Class<?> eiClass;
    private boolean initted = false;
    private HashMap<WebServiceResource, Map> roles = new HashMap<>();

    public WebSecurityContext(WlMessageContext wlMessageContext, Class cls) {
        this.messageContext = wlMessageContext;
        this.jws = cls;
        this.eiClass = Util.getEIClass(cls);
    }

    public void setMessageContext(WlMessageContext wlMessageContext) {
        this.messageContext = wlMessageContext;
    }

    @Override // weblogic.wsee.jws.context.JwsSecurityContext
    public Principal getCallerPrincipal() {
        Principal principal = null;
        AuthenticatedSubject subject = getSubject();
        if (subject != null) {
            principal = SubjectUtils.getUserPrincipal(subject);
        }
        if (principal == null) {
            principal = WLSPrincipals.getAnonymousUserPrincipal();
        }
        return principal;
    }

    @Override // weblogic.wsee.jws.context.JwsSecurityContext
    public boolean isCallerInRole(String str) {
        if (str == null) {
            return false;
        }
        AuthenticatedSubject subject = getSubject();
        initRoleMaps(subject);
        Iterator<Map.Entry<WebServiceResource, Map>> it = this.roles.entrySet().iterator();
        while (it.hasNext()) {
            if (SecurityServiceManager.isUserInRole(subject, str, it.next().getValue())) {
                return true;
            }
        }
        ServletRequestImpl httpServletRequest = HttpTransportUtils.getHttpServletRequest(this.messageContext);
        if (httpServletRequest == null || !(httpServletRequest instanceof ServletRequestImpl)) {
            return false;
        }
        return httpServletRequest.getContext().getSecurityManager().isSubjectInRole(WlsSecurityProvider.toSubjectHandle(subject), str, httpServletRequest, httpServletRequest.getResponse(), httpServletRequest.getServletStub());
    }

    private void initRoleMaps(AuthenticatedSubject authenticatedSubject) {
        WebServiceResource createWebServiceResource;
        Map roles;
        if (this.initted) {
            return;
        }
        String str = (String) this.messageContext.getProperty("weblogic.wsee.service_name");
        String str2 = (String) this.messageContext.getProperty("weblogic.wsee.context_path");
        String str3 = (String) this.messageContext.getProperty("weblogic.wsee.security_realm");
        String str4 = (String) this.messageContext.getProperty("weblogic.wsee.application_id");
        RoleManager securityService = SecurityServiceManager.getSecurityService(KERNEL_ID, str3, SecurityService.ServiceType.ROLE);
        for (Method method : this.jws.getMethods()) {
            if ((Util.isWebMethod(method, this.eiClass) || method.isAnnotationPresent(CallbackMethod.class)) && (roles = securityService.getRoles(authenticatedSubject, (createWebServiceResource = createWebServiceResource(str4, str2, str, method)), (ContextHandler) null)) != null) {
                this.roles.put(createWebServiceResource, roles);
                if (DEBUG) {
                    Debug.say("*** Roles map for " + createWebServiceResource + " is " + roles);
                }
            }
        }
        this.initted = true;
    }

    private static final WebServiceResource createWebServiceResource(String str, String str2, String str3, Method method) {
        String name = method.getName();
        ArrayList arrayList = new ArrayList();
        for (Class<?> cls : method.getParameterTypes()) {
            arrayList.add(cls.getCanonicalName());
        }
        WebServiceResource webServiceResource = new WebServiceResource(str, str2, str3, name, (String[]) arrayList.toArray(new String[arrayList.size()]));
        if (DEBUG) {
            Debug.say("*** Creating WebServiceResource: " + webServiceResource);
        }
        return webServiceResource;
    }

    private static AuthenticatedSubject getSubject() {
        return SecurityServiceManager.getCurrentSubject(KERNEL_ID);
    }
}
