package weblogic.security.service;

import com.bea.common.logger.service.LoggerService;
import com.bea.common.logger.spi.LoggerSpi;
import com.bea.common.security.service.AuthorizationService;
import com.bea.common.security.service.Identity;
import java.util.Map;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.spi.Direction;
import weblogic.security.spi.Resource;

/* loaded from: input_file:weblogic/security/service/WLSAuthorizationServiceWrapper.class */
class WLSAuthorizationServiceWrapper implements AuthorizationService {
    private LoggerSpi logger;
    private AuthorizationService baseService;
    private String[] jndiHomeName;
    private String[] localJndiHomeName;
    private String[] adminJndiHomeName;
    private int jndiHomeMinLength;
    private int jndiCommonLength;
    private boolean permitAnonymousAdmin;

    public WLSAuthorizationServiceWrapper(AuthorizationService authorizationService, LoggerService loggerService) {
        this.jndiHomeMinLength = 0;
        this.jndiCommonLength = 0;
        this.permitAnonymousAdmin = false;
        this.logger = loggerService.getLogger("SecurityAtz");
        this.baseService = authorizationService;
        this.permitAnonymousAdmin = SecurityServiceManager.isAnonymousAdminLookupEnabled();
        if (this.permitAnonymousAdmin) {
            return;
        }
        this.jndiHomeName = "weblogic.management.home".split("\\.");
        this.localJndiHomeName = "weblogic.management.home.localhome".split("\\.");
        this.adminJndiHomeName = "weblogic.management.adminhome".split("\\.");
        this.jndiHomeMinLength = this.jndiHomeName.length;
        if (this.localJndiHomeName.length < this.jndiHomeMinLength) {
            this.jndiHomeMinLength = this.localJndiHomeName.length;
        }
        if (this.adminJndiHomeName.length < this.jndiHomeMinLength) {
            this.jndiHomeMinLength = this.adminJndiHomeName.length;
        }
        for (int i = 0; i < this.jndiHomeMinLength; i++) {
            if (!this.jndiHomeName[i].equals(this.localJndiHomeName[i]) || !this.jndiHomeName[i].equals(this.adminJndiHomeName[i])) {
                this.jndiCommonLength = i;
                return;
            }
        }
    }

    private boolean comparePathArrays(String[] strArr, String[] strArr2, int i) {
        if (strArr2.length < strArr.length) {
            return false;
        }
        for (int i2 = i; i2 < strArr.length; i2++) {
            if (!strArr2[i2].equals(strArr[i2])) {
                return false;
            }
        }
        return true;
    }

    public boolean isAccessAllowed(Identity identity, Map map, Resource resource, ContextHandler contextHandler, Direction direction) {
        String[] path;
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        String str = isDebugEnabled ? getClass().getName() + ".isAccessAllowed" : null;
        if (isDebugEnabled) {
            this.logger.debug(str);
        }
        AuthenticatedSubject identityToAuthenticatedSubject = IdentityUtility.identityToAuthenticatedSubject(identity);
        if (SecurityServiceManager.isKernelIdentity(identityToAuthenticatedSubject)) {
            return true;
        }
        if (!this.permitAnonymousAdmin && (resource instanceof JNDIResource) && SubjectUtils.isUserAnonymous(identityToAuthenticatedSubject) && (path = ((JNDIResource) resource).getPath()) != null && path.length >= this.jndiHomeMinLength) {
            boolean z = true;
            int i = 0;
            while (true) {
                if (i >= this.jndiCommonLength) {
                    break;
                }
                if (!this.jndiHomeName[i].equals(path[i])) {
                    z = false;
                    break;
                }
                i++;
            }
            if (z && (comparePathArrays(this.jndiHomeName, path, this.jndiCommonLength) || comparePathArrays(this.localJndiHomeName, path, this.jndiCommonLength) || comparePathArrays(this.adminJndiHomeName, path, this.jndiCommonLength))) {
                if (!this.logger.isDebugEnabled()) {
                    return false;
                }
                this.logger.debug("AuthorizationManager.isAccessAllowed returning false on MBeanHome");
                return false;
            }
        }
        return this.baseService.isAccessAllowed(identity, map, resource, contextHandler, direction);
    }
}
