package weblogic.security.service;

import com.bea.common.engine.InvalidParameterException;
import com.bea.common.security.service.AuthorizationService;
import com.bea.common.security.service.IsProtectedResourceService;
import com.bea.common.security.service.PolicyConsumerService;
import com.bea.common.security.service.PolicyDeploymentService;
import com.bea.common.security.service.RoleConsumerService;
import com.bea.security.css.CSS;
import com.oracle.weblogic.rcm.framework.spi.ManagedAccountingContext;
import com.oracle.weblogic.rcm.framework.spi.RCMResourceContextManager;
import java.security.AccessController;
import java.util.Map;
import javax.security.auth.Subject;
import weblogic.management.security.ProviderMBean;
import weblogic.security.SecurityLogger;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.SecurityService;
import weblogic.security.service.internal.ApplicationVersioningService;
import weblogic.security.service.internal.PolicyDeploymentService;
import weblogic.security.service.internal.WLSIdentityImpl;
import weblogic.security.shared.LoggerWrapper;
import weblogic.security.spi.Direction;
import weblogic.security.spi.Resource;
import weblogic.security.utils.SecurityUtils;

/* loaded from: input_file:weblogic/security/service/AuthorizationManagerImpl.class */
public class AuthorizationManagerImpl implements SecurityService, AuthorizationManager {
    private RealmServices realmServices = null;
    private ApplicationVersioningService appVerService = null;
    private AuthorizationService authorizationService = null;
    private PolicyDeploymentService policyDeploymentService = null;
    private IsProtectedResourceService isProtectedResourceService = null;
    private PolicyConsumerService policyConsumerService = null;
    private RoleConsumerService roleConsumerService = null;
    private RoleManager roleManager = null;
    private boolean initialized;
    private static final AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static LoggerWrapper log = LoggerWrapper.getInstance("SecurityAtz");

    /* loaded from: input_file:weblogic/security/service/AuthorizationManagerImpl$HandlerAdaptor.class */
    private static class HandlerAdaptor implements RealmServicesCleanup, PolicyDeploymentService.DeploymentHandler {
        private volatile PolicyDeploymentService.DeploymentHandler cssHandler;

        public HandlerAdaptor(PolicyDeploymentService.DeploymentHandler deploymentHandler) {
            this.cssHandler = deploymentHandler;
        }

        @Override // weblogic.security.service.RealmServicesCleanup
        public void cleanup() {
            this.cssHandler = null;
        }

        public void deployExcludedPolicy(Resource resource) throws ResourceCreationException {
            PolicyDeploymentService.DeploymentHandler deploymentHandler = this.cssHandler;
            if (deploymentHandler != null) {
                deploymentHandler.deployExcludedPolicy(resource);
            }
        }

        public void deployPolicy(Resource resource, String[] strArr) throws ResourceCreationException {
            PolicyDeploymentService.DeploymentHandler deploymentHandler = this.cssHandler;
            if (deploymentHandler != null) {
                deploymentHandler.deployPolicy(resource, strArr);
            }
        }

        public void deployUncheckedPolicy(Resource resource) throws ResourceCreationException {
            PolicyDeploymentService.DeploymentHandler deploymentHandler = this.cssHandler;
            if (deploymentHandler != null) {
                deploymentHandler.deployUncheckedPolicy(resource);
            }
        }

        public void endDeployPolicies() throws ResourceCreationException {
            PolicyDeploymentService.DeploymentHandler deploymentHandler = this.cssHandler;
            if (deploymentHandler != null) {
                deploymentHandler.endDeployPolicies();
            }
        }

        public void undeployAllPolicies() throws ResourceRemovalException {
            PolicyDeploymentService.DeploymentHandler deploymentHandler = this.cssHandler;
            if (deploymentHandler != null) {
                deploymentHandler.undeployAllPolicies();
            }
        }
    }

    private void assertNotUsingCommon() {
        throw new AssertionError("This code should never be called when using common security");
    }

    public AuthorizationManagerImpl() {
    }

    public AuthorizationManagerImpl(RealmServices realmServices, ProviderMBean[] providerMBeanArr) {
        initialize(realmServices, providerMBeanArr);
    }

    public void initialize(RealmServices realmServices, ProviderMBean[] providerMBeanArr) {
        if (null == realmServices) {
            throw new InvalidParameterException(SecurityLogger.getValidRealmNameMustBeSpecifed());
        }
        this.realmServices = realmServices;
        if (null == providerMBeanArr) {
            throw new InvalidParameterException(SecurityLogger.getNoAuthAndNoAdjMBeans());
        }
        if (providerMBeanArr.length < 1) {
            throw new InvalidParameterException(SecurityLogger.getNeedAtLeastOneAuthMBean());
        }
        if (log.isDebugEnabled()) {
            log.debug("AuthorizationManager initializing for realm: " + realmServices.getRealmName());
        }
        if (log.isDebugEnabled()) {
            log.debug("AuthorizationManager will use common security");
        }
        try {
            CSS css = realmServices.getCSS();
            this.authorizationService = (AuthorizationService) css.getService("AuthorizationService");
            this.isProtectedResourceService = (IsProtectedResourceService) css.getService("IsProtectedResourceService");
            this.policyConsumerService = (PolicyConsumerService) css.getService("PolicyConsumerService");
            this.roleConsumerService = (RoleConsumerService) css.getService("RoleConsumerService");
            this.policyDeploymentService = (com.bea.common.security.service.PolicyDeploymentService) css.getService("PolicyDeploymentService");
            this.appVerService = (ApplicationVersioningService) css.getService("ApplicationVersioningService");
            this.roleManager = (RoleManager) realmServices.getServices().get(SecurityService.ServiceType.ROLE);
            if (this.roleManager == null) {
                throw new NotYetInitializedException(SecurityLogger.getRoleMgrMustBeInitBeforeAuth());
            }
            this.initialized = true;
        } catch (Exception e) {
            if (log.isDebugEnabled()) {
                SecurityLogger.logStackTrace(e);
            }
            SecurityServiceRuntimeException securityServiceRuntimeException = new SecurityServiceRuntimeException(SecurityLogger.getExceptionObtainingService("Common AuthorizationService", e.toString()));
            securityServiceRuntimeException.initCause(e);
            throw securityServiceRuntimeException;
        }
    }

    public void start() {
    }

    public void suspend() {
    }

    public void shutdown() {
        this.authorizationService = null;
        this.policyDeploymentService = null;
        this.isProtectedResourceService = null;
        this.realmServices = null;
    }

    public boolean isAccessAllowed(AuthenticatedSubject authenticatedSubject, Map map, Resource resource, ContextHandler contextHandler, Direction direction) {
        if (!this.initialized) {
            throw new NotYetInitializedException(SecurityLogger.getCallingIsProtectedBeforeInit());
        }
        if (null == authenticatedSubject || null == resource || null == direction) {
            throw new InvalidParameterException(SecurityLogger.getReqParamNotSuppliedIsAccess());
        }
        if (log.isDebugEnabled()) {
            log.debug("AuthorizationManager will use common security for ATZ");
        }
        return this.authorizationService.isAccessAllowed(IdentityUtility.authenticatedSubjectToIdentity(authenticatedSubject), map, resource, contextHandler, direction);
    }

    public boolean isAccessAllowed(AuthenticatedSubject authenticatedSubject, Resource resource, ContextHandler contextHandler) {
        if (SecurityServiceManager.isKernelIdentity(authenticatedSubject)) {
            return true;
        }
        Map map = null;
        if (this.roleManager != null) {
            map = this.roleManager.getRoles(authenticatedSubject, resource, contextHandler);
        }
        return isAccessAllowed(authenticatedSubject, map, resource, contextHandler, Direction.ONCE);
    }

    public boolean isProtectedResource(Subject subject, Resource resource) {
        if (!this.initialized) {
            throw new NotYetInitializedException(SecurityLogger.getCallingIsProtectedBeforeInit());
        }
        if (null == subject || null == resource) {
            throw new InvalidParameterException(SecurityLogger.getReqParamNotSuppliedIsProt());
        }
        if (log.isDebugEnabled()) {
            log.debug("common security for isProtectedResource");
        }
        return this.isProtectedResourceService.isProtectedResource(IdentityUtility.authenticatedSubjectToIdentity(new AuthenticatedSubject(subject)), resource);
    }

    public boolean isProtectedResource(AuthenticatedSubject authenticatedSubject, Resource resource) {
        if (!this.initialized) {
            throw new NotYetInitializedException(SecurityLogger.getCallingIsProtectedBeforeInit());
        }
        if (null == authenticatedSubject || null == resource) {
            throw new InvalidParameterException(SecurityLogger.getReqParamNotSuppliedIsProt());
        }
        if (log.isDebugEnabled()) {
            log.debug("common security for isProtectedResource");
        }
        return this.isProtectedResourceService.isProtectedResource(IdentityUtility.authenticatedSubjectToIdentity(authenticatedSubject), resource);
    }

    public boolean isResourceProtected(Subject subject, Resource resource) {
        if (!this.initialized) {
            throw new NotYetInitializedException(SecurityLogger.getCallingIsProtectedBeforeInit());
        }
        if (null == subject || null == resource) {
            throw new InvalidParameterException(SecurityLogger.getReqParamNotSuppliedIsProt());
        }
        if (log.isDebugEnabled()) {
            log.debug("common security for isProtectedResource");
        }
        return this.isProtectedResourceService.isProtectedResource(new WLSIdentityImpl(new AuthenticatedSubject(subject)), resource);
    }

    public AuthorizationManagerDeployHandle startDeployPolicies(SecurityApplicationInfo securityApplicationInfo) throws DeployHandleCreationException {
        ManagedAccountingContext accountingContextAsGlobal;
        if (log.isDebugEnabled()) {
            log.debug("AuthorizationManager.startDeployPolicies");
        }
        if (null == securityApplicationInfo) {
            throw new InvalidParameterException(SecurityLogger.getApplicationInformationNotSupplied());
        }
        if (log.isDebugEnabled()) {
            log.debug("Using Common ATZ startDeployPolicies");
        }
        RCMResourceContextManager resourceContextManager = SecurityUtils.getResourceContextManager();
        if (resourceContextManager != null) {
            try {
                accountingContextAsGlobal = resourceContextManager.setAccountingContextAsGlobal();
            } catch (Exception e) {
                throw SecurityUtils.wrapRCMCloseException(e);
            } catch (DeployHandleCreationException e2) {
                throw e2;
            }
        } else {
            accountingContextAsGlobal = null;
        }
        ManagedAccountingContext managedAccountingContext = accountingContextAsGlobal;
        Throwable th = null;
        try {
            try {
                HandlerAdaptor handlerAdaptor = new HandlerAdaptor(this.policyDeploymentService.startDeployPolicies(securityApplicationInfo));
                this.realmServices.registerCleanupHandler(handlerAdaptor);
                AuthorizationManagerDeployHandleImpl authorizationManagerDeployHandleImpl = new AuthorizationManagerDeployHandleImpl(handlerAdaptor);
                if (managedAccountingContext != null) {
                    if (0 != 0) {
                        try {
                            managedAccountingContext.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        managedAccountingContext.close();
                    }
                }
                return authorizationManagerDeployHandleImpl;
            } finally {
            }
        } catch (Throwable th3) {
            if (managedAccountingContext != null) {
                if (th != null) {
                    try {
                        managedAccountingContext.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    managedAccountingContext.close();
                }
            }
            throw th3;
        }
    }

    public void deployPolicy(AuthorizationManagerDeployHandle authorizationManagerDeployHandle, Resource resource, String[] strArr) throws ResourceCreationException {
        ManagedAccountingContext accountingContextAsGlobal;
        if (log.isDebugEnabled()) {
            log.debug("AuthorizationManager.deployPolicy");
        }
        if (null == authorizationManagerDeployHandle) {
            throw new InvalidParameterException(SecurityLogger.getDeployHandleNotSupplied());
        }
        if (log.isDebugEnabled()) {
            log.debug("Using Common deployPolicy");
        }
        RCMResourceContextManager resourceContextManager = SecurityUtils.getResourceContextManager();
        if (resourceContextManager != null) {
            try {
                accountingContextAsGlobal = resourceContextManager.setAccountingContextAsGlobal();
            } catch (Exception e) {
                throw SecurityUtils.wrapRCMCloseException(e);
            } catch (ResourceCreationException e2) {
                throw e2;
            }
        } else {
            accountingContextAsGlobal = null;
        }
        ManagedAccountingContext managedAccountingContext = accountingContextAsGlobal;
        Throwable th = null;
        try {
            try {
                authorizationManagerDeployHandle.getPolicyDeploymentHandler().deployPolicy(resource, strArr);
                if (managedAccountingContext != null) {
                    if (0 != 0) {
                        try {
                            managedAccountingContext.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        managedAccountingContext.close();
                    }
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (managedAccountingContext != null) {
                if (th != null) {
                    try {
                        managedAccountingContext.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    managedAccountingContext.close();
                }
            }
            throw th3;
        }
    }

    public void deployUncheckedPolicy(AuthorizationManagerDeployHandle authorizationManagerDeployHandle, Resource resource) throws ResourceCreationException {
        ManagedAccountingContext accountingContextAsGlobal;
        if (log.isDebugEnabled()) {
            log.debug("AuthorizationManager.deployUncheckedPolicy");
        }
        if (null == authorizationManagerDeployHandle) {
            throw new InvalidParameterException(SecurityLogger.getDeployHandleNotSupplied());
        }
        if (log.isDebugEnabled()) {
            log.debug("Using Common deployUncheckedPolicy");
        }
        RCMResourceContextManager resourceContextManager = SecurityUtils.getResourceContextManager();
        if (resourceContextManager != null) {
            try {
                accountingContextAsGlobal = resourceContextManager.setAccountingContextAsGlobal();
            } catch (Exception e) {
                throw SecurityUtils.wrapRCMCloseException(e);
            } catch (ResourceCreationException e2) {
                throw e2;
            }
        } else {
            accountingContextAsGlobal = null;
        }
        ManagedAccountingContext managedAccountingContext = accountingContextAsGlobal;
        Throwable th = null;
        try {
            try {
                authorizationManagerDeployHandle.getPolicyDeploymentHandler().deployUncheckedPolicy(resource);
                if (managedAccountingContext != null) {
                    if (0 != 0) {
                        try {
                            managedAccountingContext.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        managedAccountingContext.close();
                    }
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (managedAccountingContext != null) {
                if (th != null) {
                    try {
                        managedAccountingContext.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    managedAccountingContext.close();
                }
            }
            throw th3;
        }
    }

    public void deployExcludedPolicy(AuthorizationManagerDeployHandle authorizationManagerDeployHandle, Resource resource) throws ResourceCreationException {
        ManagedAccountingContext accountingContextAsGlobal;
        if (log.isDebugEnabled()) {
            log.debug("AuthorizationManager.deployExcludedPolicy");
        }
        if (null == authorizationManagerDeployHandle) {
            throw new InvalidParameterException(SecurityLogger.getDeployHandleNotSupplied());
        }
        if (log.isDebugEnabled()) {
            log.debug("Using Common deployExcludedPolicy");
        }
        RCMResourceContextManager resourceContextManager = SecurityUtils.getResourceContextManager();
        if (resourceContextManager != null) {
            try {
                accountingContextAsGlobal = resourceContextManager.setAccountingContextAsGlobal();
            } catch (Exception e) {
                throw SecurityUtils.wrapRCMCloseException(e);
            } catch (ResourceCreationException e2) {
                throw e2;
            }
        } else {
            accountingContextAsGlobal = null;
        }
        ManagedAccountingContext managedAccountingContext = accountingContextAsGlobal;
        Throwable th = null;
        try {
            try {
                authorizationManagerDeployHandle.getPolicyDeploymentHandler().deployExcludedPolicy(resource);
                if (managedAccountingContext != null) {
                    if (0 != 0) {
                        try {
                            managedAccountingContext.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        managedAccountingContext.close();
                    }
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (managedAccountingContext != null) {
                if (th != null) {
                    try {
                        managedAccountingContext.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    managedAccountingContext.close();
                }
            }
            throw th3;
        }
    }

    public void endDeployPolicies(AuthorizationManagerDeployHandle authorizationManagerDeployHandle) throws ResourceCreationException {
        ManagedAccountingContext accountingContextAsGlobal;
        if (log.isDebugEnabled()) {
            log.debug("AuthorizationManager.endDeployPolicies");
        }
        if (null == authorizationManagerDeployHandle) {
            throw new InvalidParameterException(SecurityLogger.getDeployHandleNotSupplied());
        }
        if (log.isDebugEnabled()) {
            log.debug("Using Common endDeployPolicies");
        }
        RCMResourceContextManager resourceContextManager = SecurityUtils.getResourceContextManager();
        if (resourceContextManager != null) {
            try {
                accountingContextAsGlobal = resourceContextManager.setAccountingContextAsGlobal();
            } catch (ResourceCreationException e) {
                throw e;
            } catch (Exception e2) {
                throw SecurityUtils.wrapRCMCloseException(e2);
            }
        } else {
            accountingContextAsGlobal = null;
        }
        ManagedAccountingContext managedAccountingContext = accountingContextAsGlobal;
        Throwable th = null;
        try {
            try {
                authorizationManagerDeployHandle.getPolicyDeploymentHandler().endDeployPolicies();
                if (managedAccountingContext != null) {
                    if (0 != 0) {
                        try {
                            managedAccountingContext.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        managedAccountingContext.close();
                    }
                }
            } finally {
            }
        } finally {
        }
    }

    public void undeployAllPolicies(AuthorizationManagerDeployHandle authorizationManagerDeployHandle) throws ResourceRemovalException {
        ManagedAccountingContext accountingContextAsGlobal;
        if (log.isDebugEnabled()) {
            log.debug("AuthorizationManager.undeployAllPolicies");
        }
        if (null == authorizationManagerDeployHandle) {
            throw new InvalidParameterException(SecurityLogger.getDeployHandleNotSupplied());
        }
        if (log.isDebugEnabled()) {
            log.debug("Using Common undeployAllPolicies");
        }
        RCMResourceContextManager resourceContextManager = SecurityUtils.getResourceContextManager();
        if (resourceContextManager != null) {
            try {
                accountingContextAsGlobal = resourceContextManager.setAccountingContextAsGlobal();
            } catch (Exception e) {
                throw SecurityUtils.wrapRCMCloseException(e);
            } catch (ResourceRemovalException e2) {
                throw e2;
            }
        } else {
            accountingContextAsGlobal = null;
        }
        ManagedAccountingContext managedAccountingContext = accountingContextAsGlobal;
        Throwable th = null;
        try {
            try {
                RealmServicesCleanup policyDeploymentHandler = authorizationManagerDeployHandle.getPolicyDeploymentHandler();
                if (policyDeploymentHandler instanceof HandlerAdaptor) {
                    this.realmServices.removeCleanupHandler((HandlerAdaptor) policyDeploymentHandler);
                }
                authorizationManagerDeployHandle.getPolicyDeploymentHandler().undeployAllPolicies();
                if (managedAccountingContext != null) {
                    if (0 != 0) {
                        try {
                            managedAccountingContext.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        managedAccountingContext.close();
                    }
                }
            } finally {
            }
        } catch (Throwable th3) {
            if (managedAccountingContext != null) {
                if (th != null) {
                    try {
                        managedAccountingContext.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    managedAccountingContext.close();
                }
            }
            throw th3;
        }
    }

    public void deleteApplicationPolicies(SecurityApplicationInfo securityApplicationInfo) throws ResourceRemovalException {
        ManagedAccountingContext accountingContextAsGlobal;
        if (log.isDebugEnabled()) {
            log.debug("AuthorizationManager.deleteApplicationPolicies");
        }
        if (null == securityApplicationInfo) {
            throw new InvalidParameterException(SecurityLogger.getApplicationInformationNotSupplied());
        }
        if (log.isDebugEnabled()) {
            log.debug("Using Common deleteApplicationPolicies");
        }
        RCMResourceContextManager resourceContextManager = SecurityUtils.getResourceContextManager();
        if (resourceContextManager != null) {
            try {
                accountingContextAsGlobal = resourceContextManager.setAccountingContextAsGlobal();
            } catch (ResourceRemovalException e) {
                throw e;
            } catch (Exception e2) {
                throw SecurityUtils.wrapRCMCloseException(e2);
            }
        } else {
            accountingContextAsGlobal = null;
        }
        ManagedAccountingContext managedAccountingContext = accountingContextAsGlobal;
        Throwable th = null;
        try {
            this.policyDeploymentService.deleteApplicationPolicies(securityApplicationInfo);
            if (managedAccountingContext != null) {
                if (0 != 0) {
                    try {
                        managedAccountingContext.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    managedAccountingContext.close();
                }
            }
        } finally {
        }
    }

    public boolean isVersionableApplicationSupported() {
        if (log.isDebugEnabled()) {
            log.debug("AuthorizationManager.isVersionableApplicationSupported");
        }
        return this.appVerService.isApplicationVersioningSupported();
    }

    public void createApplicationVersion(String str, String str2) throws ApplicationVersionCreationException {
        assertNotUsingCommon();
    }

    public void deleteApplicationVersion(String str) throws ApplicationVersionRemovalException {
        assertNotUsingCommon();
    }

    public void deleteApplication(String str) throws ApplicationRemovalException {
        assertNotUsingCommon();
    }

    PolicyConsumerService getPolicyConsumerService() {
        return this.policyConsumerService;
    }

    RoleConsumerService getRoleConsumerService() {
        return this.roleConsumerService;
    }

    public AuthorizationPolicyHandler getAuthorizationPolicyHandler(String str, String str2, String str3, Resource[] resourceArr) throws ConsumptionException {
        assertNotUsingCommon();
        if (str == null || str2 == null || str3 == null || resourceArr == null || resourceArr.length == 0) {
            throw new InvalidParameterException("NULL parameter supplied");
        }
        if (log.isDebugEnabled()) {
            log.debug("AuthorizationManager.getAuthorizationPolicyHandler: " + str + " : " + str2 + " : " + str3);
        }
        if (!log.isDebugEnabled()) {
            return null;
        }
        log.debug("AuthorizationManager.getAuthorizationPolicyHandler: No policy handler");
        return null;
    }
}
