package weblogic.security.auth;

import java.io.IOException;
import java.lang.annotation.Annotation;
import java.net.MalformedURLException;
import java.rmi.RemoteException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import weblogic.jndi.api.ServerEnvironment;
import weblogic.jndi.api.ThreadEnvironmentService;
import weblogic.kernel.KernelTypeService;
import weblogic.protocol.Protocol;
import weblogic.protocol.ProtocolManager;
import weblogic.rjvm.ClientServerURL;
import weblogic.rjvm.RJVM;
import weblogic.rjvm.RJVMManager;
import weblogic.security.acl.DefaultUserInfoImpl;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.acl.internal.AuthenticatedUser;
import weblogic.security.acl.internal.Security;
import weblogic.security.auth.login.PasswordCredential;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;
import weblogic.server.GlobalServiceLocator;
import weblogic.utils.AssertionError;
import weblogic.utils.LocatorUtilities;

/* loaded from: input_file:weblogic/security/auth/Authenticate.class */
public final class Authenticate {
    public static void authenticate(ServerEnvironment serverEnvironment, Subject subject) throws LoginException, IOException, RemoteException {
        RJVM localRJVM;
        ThreadEnvironmentService threadEnvironmentService;
        String providerUrl = serverEnvironment.getProviderUrl();
        ClientServerURL clientServerURL = null;
        if (providerUrl != null && providerUrl.length() != 0 && providerUrl != "local://") {
            threadEnvironmentService = (ThreadEnvironmentService) GlobalServiceLocator.getServiceLocator().getService(ThreadEnvironmentService.class, new Annotation[0]);
            threadEnvironmentService.push(serverEnvironment);
            try {
                clientServerURL = new ClientServerURL(providerUrl);
                localRJVM = clientServerURL.findOrCreateRJVM(serverEnvironment.getProviderChannel());
                threadEnvironmentService.pop();
            } finally {
            }
        } else {
            if (!((KernelTypeService) LocatorUtilities.getService(KernelTypeService.class)).isServer()) {
                return;
            }
            localRJVM = RJVMManager.getLocalRJVM();
            serverEnvironment.setProperty("java.naming.provider.url", null);
        }
        DefaultUserInfoImpl securityUser = serverEnvironment.getSecurityUser();
        localRJVM.equals(RJVMManager.getLocalRJVM());
        if (securityUser == null && serverEnvironment.isClientCertAvailable()) {
            securityUser = new DefaultUserInfoImpl((String) null, (Object) null);
        }
        if (securityUser != null) {
            threadEnvironmentService = (ThreadEnvironmentService) GlobalServiceLocator.getServiceLocator().getService(ThreadEnvironmentService.class, new Annotation[0]);
            threadEnvironmentService.push(serverEnvironment);
            try {
                try {
                    AuthenticatedUser authenticate = Security.authenticate(securityUser, localRJVM, getProtocol(serverEnvironment), serverEnvironment.getProviderChannel(), 0L, false, providerUrl);
                    threadEnvironmentService.pop();
                    AuthenticatedSubject aSFromAU = SecurityServiceManager.getASFromAU(authenticate);
                    serverEnvironment.setSecuritySubject(aSFromAU);
                    try {
                        if (Boolean.getBoolean("weblogic.security.authenticatePushSubject")) {
                            SecurityServiceManager.pushSubject((AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction()), aSFromAU);
                        }
                    } catch (SecurityException e) {
                    }
                    subject.getPrincipals().addAll(aSFromAU.getPrincipals());
                    if (securityUser instanceof DefaultUserInfoImpl) {
                        DefaultUserInfoImpl defaultUserInfoImpl = securityUser;
                        if (defaultUserInfoImpl.getName() != null && defaultUserInfoImpl.getPassword() != null) {
                            AccessController.doPrivileged((PrivilegedAction) new 1(subject, new PasswordCredential(defaultUserInfoImpl.getName(), defaultUserInfoImpl.getPassword())));
                        }
                        serverEnvironment.setSecurityUser(authenticate);
                        if (((KernelTypeService) LocatorUtilities.getService(KernelTypeService.class)).isServer() || authenticate == null) {
                            return;
                        }
                        localRJVM.setUser(clientServerURL.getCurrentURL(), authenticate);
                    }
                } catch (SecurityException e2) {
                    String securityException = e2.toString();
                    int indexOf = securityException.indexOf("Start server side stack trace:");
                    if (indexOf > 0) {
                        securityException = securityException.substring(0, indexOf - 1);
                    }
                    throw new LoginException(securityException);
                }
            } finally {
            }
        }
    }

    private static Protocol getProtocol(ServerEnvironment serverEnvironment) {
        try {
            String providerUrl = serverEnvironment.getProviderUrl();
            return providerUrl == "local://" ? ((T3ProtocolFetcherService) LocatorUtilities.getService(T3ProtocolFetcherService.class)).fetchT3Protocol() : ProtocolManager.getProtocolByName(new ClientServerURL(providerUrl).getProtocol());
        } catch (MalformedURLException e) {
            throw new AssertionError(e);
        }
    }

    public static void logout(Subject subject) throws LoginException, IOException, RemoteException {
        subject.getPrincipals().clear();
        subject.getPrivateCredentials().clear();
        subject.getPublicCredentials().clear();
    }
}
