package weblogic.wsee.security;

import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.xml.rpc.handler.soap.SOAPMessageContext;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.AuthorizationManager;
import weblogic.security.service.ContextElement;
import weblogic.security.service.ContextHandler;
import weblogic.security.service.WebServiceResource;
import weblogic.security.utils.ResourceIDDContextWrapper;
import weblogic.utils.Debug;
import weblogic.wsee.message.WlMessageContext;
import weblogic.wsee.security.configuration.MBeanConstants;
import weblogic.wsee.security.configuration.WssConfigurationException;
import weblogic.wsee.security.policy.WssPolicyContext;
import weblogic.wsee.util.ServerSecurityHelper;
import weblogic.wsee.ws.WsMethod;
import weblogic.wsee.ws.WsParameterType;
import weblogic.wsee.ws.dispatch.Dispatcher;
import weblogic.xml.crypto.wss.BinarySecurityTokenHandler;
import weblogic.xml.crypto.wss.SignatureInfo;
import weblogic.xml.crypto.wss.WSSConstants;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss.api.BinarySecurityToken;

/* loaded from: input_file:weblogic/wsee/security/WLAuthorizer.class */
public class WLAuthorizer implements Authorizer {
    private final ResourceMap resourceMap = new ResourceMap();
    private AuthorizationManager am;
    private AuthorizationContext authContext;
    private static final String DEBUG_PROPERTY = "weblogic.wsee.security.debug";
    private static final boolean DEBUG = Boolean.getBoolean(DEBUG_PROPERTY);
    private static final String VERBOSE_PROPERTY = "weblogic.wsee.security.verbose";
    private static final boolean VERBOSE = Boolean.getBoolean(VERBOSE_PROPERTY);

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:weblogic/wsee/security/WLAuthorizer$ResourceMap.class */
    public static class ResourceMap {
        private Map resourceMap;

        protected ResourceMap() {
            this.resourceMap = null;
            this.resourceMap = Collections.synchronizedMap(new HashMap());
        }

        protected WebServiceResource get(WsMethod wsMethod) {
            if (WLAuthorizer.DEBUG) {
                Debug.assertion(wsMethod != null, "WebServiceResource lookup got a null operation");
            }
            return (WebServiceResource) this.resourceMap.get(wsMethod);
        }

        protected WebServiceResource put(WsMethod wsMethod, WebServiceResource webServiceResource) {
            if (WLAuthorizer.DEBUG) {
                Debug.assertion(webServiceResource != null, "WebServiceResource cache got a null resource");
                Debug.assertion(wsMethod != null, "WebServiceResource cache got a null operation");
            }
            this.resourceMap.put(wsMethod, webServiceResource);
            return webServiceResource;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/wsee/security/WLAuthorizer$WebServiceContextHandler.class */
    public static class WebServiceContextHandler implements ContextHandler {
        private ArrayList<String> names = new ArrayList<>();
        private ArrayList<Object> values = new ArrayList<>();

        WebServiceContextHandler(WlMessageContext wlMessageContext) {
            WssPolicyContext wssPolicyContext;
            this.names.add("com.bea.contextelement.wsee.SOAPMessage");
            this.values.add(wlMessageContext);
            WSSecurityContext securityContext = WSSecurityContext.getSecurityContext(wlMessageContext);
            if (securityContext == null || (wssPolicyContext = (WssPolicyContext) wlMessageContext.getProperty(WssPolicyContext.WSS_POLICY_CTX_PROP)) == null || !wssPolicyContext.getWssConfiguration().isSignatureACLEnabled()) {
                return;
            }
            try {
                BinarySecurityTokenHandler binarySecurityTokenHandler = (BinarySecurityTokenHandler) wssPolicyContext.getWssConfiguration().getTokenHandler(MBeanConstants.X509_TYPE, MBeanConstants.X509_TOKEN_HANDLER_CLASS);
                List<BinarySecurityToken> securityTokens = securityContext.getSecurityTokens(WSSConstants.VALUE_TYPE_X509V3);
                securityTokens.addAll(securityContext.getSecurityTokens(WSSConstants.VALUE_TYPE_X509V1));
                for (BinarySecurityToken binarySecurityToken : securityTokens) {
                    Node node = null;
                    Iterator it = securityContext.getSignatures(binarySecurityToken).iterator();
                    while (it.hasNext()) {
                        node = getSignatureNode((SignatureInfo) it.next(), wlMessageContext);
                        if (node != null) {
                            break;
                        }
                    }
                    if (node != null) {
                        String str = "Integrity{" + ("{" + node.getNamespaceURI() + "}" + node.getLocalName()) + "}";
                        Subject subject = binarySecurityTokenHandler.getSubject(binarySecurityToken, wlMessageContext);
                        if (WLAuthorizer.VERBOSE) {
                            Debug.say("** Add Signature ACL name: " + str);
                            Debug.say("** Add Signature ACL value: " + subject);
                        }
                        this.names.add(str);
                        this.values.add(subject);
                    }
                }
            } catch (WssConfigurationException e) {
            } catch (WSSecurityException e2) {
            }
        }

        public int size() {
            return this.values.size();
        }

        public String[] getNames() {
            return (String[]) this.names.toArray(new String[0]);
        }

        public final Object getValue(String str) {
            for (int i = 0; i < this.names.size(); i++) {
                if (this.names.get(i).equals(str)) {
                    return this.values.get(i);
                }
            }
            return null;
        }

        public ContextElement[] getValues(String[] strArr) {
            ArrayList arrayList = new ArrayList();
            for (String str : strArr) {
                Object value = getValue(str);
                if (value != null) {
                    arrayList.add(new ContextElement(str, value));
                }
            }
            return (ContextElement[]) arrayList.toArray(new ContextElement[0]);
        }

        public void addParameter(String str, Dispatcher dispatcher) {
            Object obj = dispatcher.getInParams().get(str);
            if (obj == null) {
                if (WLAuthorizer.VERBOSE) {
                    Debug.say("** Can not find param value for param name: " + str);
                }
            } else {
                if (WLAuthorizer.VERBOSE) {
                    Debug.say("** Args to ContextHandler");
                    Debug.say("**   paramName = " + str);
                    Debug.say("**   paramValue = " + obj);
                }
                this.names.add(str);
                this.values.add(obj);
            }
        }

        private static Node getFirstSigNode(SignatureInfo signatureInfo, Node node) {
            if (signatureInfo.containsNode(node)) {
                return node;
            }
            NodeList childNodes = node.getChildNodes();
            for (int i = 0; i < childNodes.getLength(); i++) {
                Node firstSigNode = getFirstSigNode(signatureInfo, childNodes.item(i));
                if (firstSigNode != null) {
                    return firstSigNode;
                }
            }
            return null;
        }

        private static Node getSignatureNode(SignatureInfo signatureInfo, WlMessageContext wlMessageContext) {
            Node node = null;
            if (wlMessageContext instanceof SOAPMessageContext) {
                SOAPMessage message = ((SOAPMessageContext) wlMessageContext).getMessage();
                try {
                    node = getFirstSigNode(signatureInfo, message.getSOAPBody());
                    if (node == null) {
                        return getFirstSigNode(signatureInfo, message.getSOAPHeader());
                    }
                } catch (SOAPException e) {
                }
            }
            return node;
        }
    }

    public WLAuthorizer(AuthorizationContext authorizationContext) {
        this.authContext = authorizationContext;
        this.am = ServerSecurityHelper.getAuthManager(this.authContext.getSecurityRealm());
    }

    @Override // weblogic.wsee.security.Authorizer
    public boolean isAccessAllowed(WlMessageContext wlMessageContext) {
        AuthenticatedSubject currentSubject = ServerSecurityHelper.getCurrentSubject();
        Dispatcher dispatcher = wlMessageContext.getDispatcher();
        WsMethod wsMethod = dispatcher.getWsMethod();
        String localPart = dispatcher.getWsdlPort().getName().getLocalPart();
        WebServiceContextHandler webServiceContextHandler = new WebServiceContextHandler(wlMessageContext);
        WebServiceResource resource = getResource(wlMessageContext, wsMethod, localPart, webServiceContextHandler);
        if (VERBOSE) {
            Debug.say("** Authorizer got Operation " + wsMethod.getMethodName() + " and user " + currentSubject);
            Debug.say("** Authorizer using Resource " + resource);
        }
        if (DEBUG) {
            Debug.assertion(resource != null, "Failed to retrieve Resource for Operation " + wsMethod);
            Debug.assertion(currentSubject != null, "Failed to retrieve subject for invoke");
        }
        boolean isAccessAllowed = this.am.isAccessAllowed(currentSubject, resource, new ResourceIDDContextWrapper(webServiceContextHandler));
        if (VERBOSE) {
            if (isAccessAllowed) {
                Debug.say("** Access granted for subject " + currentSubject + " to Resource " + resource);
            } else {
                Debug.say("** Access denied for subject " + currentSubject + " to Resource " + resource);
            }
        }
        return isAccessAllowed;
    }

    public WebServiceResource getResource(WlMessageContext wlMessageContext, WsMethod wsMethod, String str, WebServiceContextHandler webServiceContextHandler) {
        WebServiceResource lookupResource = lookupResource(wsMethod);
        if (lookupResource == null) {
            if (VERBOSE) {
                Debug.say("** Missed on cache for Operation " + wsMethod.getMethodName());
            }
            lookupResource = createResource(wlMessageContext, this.authContext, str, wsMethod, webServiceContextHandler);
            cacheResource(wsMethod, lookupResource);
        } else if (VERBOSE) {
            Debug.say("** Cache hit for Operation " + wsMethod.getMethodName());
        }
        return lookupResource;
    }

    private WebServiceResource lookupResource(WsMethod wsMethod) {
        return this.resourceMap.get(wsMethod);
    }

    private WebServiceResource cacheResource(WsMethod wsMethod, WebServiceResource webServiceResource) {
        this.resourceMap.put(wsMethod, webServiceResource);
        return webServiceResource;
    }

    private static WebServiceResource createResource(WlMessageContext wlMessageContext, AuthorizationContext authorizationContext, String str, WsMethod wsMethod, WebServiceContextHandler webServiceContextHandler) {
        if (VERBOSE) {
            Debug.say("** Creating resource for " + wsMethod.getMethodName());
        }
        if (DEBUG) {
            Debug.assertion(wsMethod != null, "Operation provided WLAuthorizer was null");
        }
        String methodName = wsMethod.getMethodName();
        Iterator parameters = wsMethod.getParameters();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        while (parameters.hasNext()) {
            WsParameterType wsParameterType = (WsParameterType) parameters.next();
            arrayList2.add(wsParameterType.getJavaType().getCanonicalName());
            String name = wsParameterType.getName();
            arrayList.add(name);
            webServiceContextHandler.addParameter(name, wlMessageContext.getDispatcher());
        }
        int size = arrayList2.size();
        String[] strArr = new String[size];
        arrayList2.toArray(strArr);
        String[] strArr2 = new String[size];
        arrayList.toArray(strArr2);
        if (VERBOSE) {
            Debug.say("** Args to WebServiceResource");
            Debug.say("**   methodName = " + methodName);
            Debug.say("**   methodParams = ");
            for (String str2 : strArr) {
                Debug.say(str2);
            }
            Debug.say("**   paramNames = ");
            for (String str3 : strArr2) {
                Debug.say(str3);
            }
        }
        WebServiceResource webServiceResource = new WebServiceResource(authorizationContext.getApplicationName(), authorizationContext.getContextPath(), str, methodName, strArr);
        if (DEBUG) {
            Debug.assertion(webServiceResource != null, "Failed to create WebServiceResource for " + methodName);
        }
        if (VERBOSE) {
            Debug.say("** Created resource " + webServiceResource);
        }
        return webServiceResource;
    }

    String getSecurityRealm() {
        return this.authContext.getSecurityRealm();
    }
}
