package weblogic.security.services;

import java.security.AccessController;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import weblogic.security.SecurityLogger;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.AdminResource;
import weblogic.security.service.AppContextHandler;
import weblogic.security.service.AuthorizationManager;
import weblogic.security.service.InvalidParameterException;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.shared.LoggerWrapper;
import weblogic.security.spi.IdentityAssertionException;
import weblogic.security.utils.ResourceIDDContextWrapper;

/* loaded from: input_file:weblogic/security/services/Authentication.class */
public final class Authentication {
    private static LoggerWrapper log = LoggerWrapper.getInstance("SecurityAtn");
    private static AuthenticatedSubject kernelID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());

    public static Subject login(CallbackHandler callbackHandler) throws LoginException {
        return login(callbackHandler, (AppContext) null);
    }

    public static Subject login(CallbackHandler callbackHandler, AppContext appContext) throws LoginException {
        return doLogin(callbackHandler, appContext, SecurityServiceManager.getPrincipalAuthenticator(kernelID, SecurityServiceManager.getContextSensitiveRealmName()));
    }

    @Deprecated
    public static Subject login(String str, CallbackHandler callbackHandler) throws LoginException {
        return login(str, callbackHandler, null);
    }

    @Deprecated
    public static Subject login(String str, CallbackHandler callbackHandler, AppContext appContext) throws LoginException {
        return doLogin(callbackHandler, appContext, SecurityServiceManager.getPrincipalAuthenticator(kernelID, str));
    }

    private static Subject doLogin(CallbackHandler callbackHandler, AppContext appContext, PrincipalAuthenticator principalAuthenticator) throws LoginException {
        if (principalAuthenticator == null) {
            throw new InvalidParameterException(SecurityLogger.getSecurityServiceUnavailable());
        }
        return principalAuthenticator.authenticate(callbackHandler, AppContextHandler.getInstance(appContext)).getSubject();
    }

    public static Subject assertIdentity(String str, Object obj) throws LoginException {
        return assertIdentity(str, obj, (AppContext) null);
    }

    public static Subject assertIdentity(String str, Object obj, AppContext appContext) throws LoginException {
        return doAssertIdentity(str, obj, appContext, SecurityServiceManager.getContextSensitiveRealmName());
    }

    @Deprecated
    public static Subject assertIdentity(String str, String str2, Object obj) throws LoginException {
        return assertIdentity(str, str2, obj, null);
    }

    @Deprecated
    public static Subject assertIdentity(String str, String str2, Object obj, AppContext appContext) throws LoginException {
        return doAssertIdentity(str2, obj, appContext, str);
    }

    private static Subject doAssertIdentity(String str, Object obj, AppContext appContext, String str2) throws LoginException {
        PrincipalAuthenticator principalAuthenticator = SecurityServiceManager.getPrincipalAuthenticator(kernelID, str2);
        if (principalAuthenticator == null) {
            throw new InvalidParameterException("Security Service Unavailable");
        }
        AuthorizationManager authorizationManager = SecurityServiceManager.getAuthorizationManager(kernelID, SecurityServiceManager.getAdministrativeRealmName());
        if (authorizationManager == null) {
            throw new SecurityException("Security Service Unavailable");
        }
        AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(kernelID);
        AdminResource adminResource = new AdminResource("IdentityAssertion", str2, "assertIdentity");
        if (log.isDebugEnabled()) {
            log.debug(" isAccessAllowed:  checking Permission for: '" + adminResource + "', currentSubject: '" + SubjectUtils.displaySubject(currentSubject) + "'");
        }
        if (authorizationManager.isAccessAllowed(currentSubject, adminResource, new ResourceIDDContextWrapper())) {
            return principalAuthenticator.assertIdentity(str, obj, AppContextHandler.getInstance(appContext)).getSubject();
        }
        if (log.isDebugEnabled()) {
            log.debug(" isAccessAllowed:  currentSubject: " + currentSubject + " does not have permission to assert identity of type " + str + " in realm " + str2);
        }
        throw new SecurityException(" isAccessAllowed:  currentSubject: " + currentSubject + " does not have permission to assert identity of type " + str + " in realm " + str2);
    }

    public Object getChallengeToken(String str, AppContext appContext) throws LoginException {
        PrincipalAuthenticator principalAuthenticator = SecurityServiceManager.getPrincipalAuthenticator(kernelID, SecurityServiceManager.getContextSensitiveRealmName());
        if (principalAuthenticator == null) {
            throw new InvalidParameterException("Security Service Unavailable");
        }
        try {
            return principalAuthenticator.getChallengeToken(str, AppContextHandler.getInstance(appContext));
        } catch (IdentityAssertionException e) {
            throw new LoginException(e.getMessage());
        }
    }

    public void continueChallengeIdentity(AppChallengeContext appChallengeContext, String str, Object obj, AppContext appContext) throws LoginException {
        PrincipalAuthenticator principalAuthenticator = SecurityServiceManager.getPrincipalAuthenticator(kernelID, SecurityServiceManager.getContextSensitiveRealmName());
        if (principalAuthenticator == null) {
            throw new InvalidParameterException("Security Service Unavailable");
        }
        principalAuthenticator.continueChallengeIdentity(((AppChallengeContextImpl) appChallengeContext).getChallengeContext(), str, obj, AppContextHandler.getInstance(appContext));
    }

    public AppChallengeContext assertChallengeIdentity(String str, Object obj, AppContext appContext) throws LoginException {
        String contextSensitiveRealmName = SecurityServiceManager.getContextSensitiveRealmName();
        PrincipalAuthenticator principalAuthenticator = SecurityServiceManager.getPrincipalAuthenticator(kernelID, contextSensitiveRealmName);
        if (principalAuthenticator == null) {
            throw new InvalidParameterException("Security Service Unavailable");
        }
        AuthorizationManager authorizationManager = SecurityServiceManager.getAuthorizationManager(kernelID, SecurityServiceManager.getAdministrativeRealmName());
        if (authorizationManager == null) {
            throw new SecurityException("Security Service Unavailable");
        }
        AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(kernelID);
        AdminResource adminResource = new AdminResource("IdentityAssertion", contextSensitiveRealmName, "assertIdentity");
        if (log.isDebugEnabled()) {
            log.debug(" isAccessAllowed:  checking Permission for: '" + adminResource + "', currentSubject: '" + SubjectUtils.displaySubject(currentSubject) + "'");
        }
        if (authorizationManager.isAccessAllowed(currentSubject, adminResource, new ResourceIDDContextWrapper())) {
            return new AppChallengeContextImpl(principalAuthenticator.assertChallengeIdentity(str, obj, AppContextHandler.getInstance(appContext)), log);
        }
        if (log.isDebugEnabled()) {
            log.debug(" isAccessAllowed:  currentSubject: " + currentSubject + " does not have permission to assert identity of type " + str + " in realm " + contextSensitiveRealmName);
        }
        throw new SecurityException(" isAccessAllowed:  currentSubject: " + currentSubject + " does not have permission to assert identity of type " + str + " in realm " + contextSensitiveRealmName);
    }
}
