package weblogic.servlet.provider;

import java.io.IOException;
import java.io.Serializable;
import java.security.AccessController;
import java.security.PermissionCollection;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.util.Map;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import weblogic.j2ee.J2EEUtils;
import weblogic.management.DeploymentException;
import weblogic.management.security.RealmMBean;
import weblogic.rjvm.LocalRJVM;
import weblogic.security.Salt;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.jacc.CommonPolicyContextHandler;
import weblogic.security.jacc.DelegatingPolicyContextHandler;
import weblogic.security.service.ContextHandler;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceException;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.service.SupplementalPolicyObject;
import weblogic.security.utils.SSLCertUtility;
import weblogic.security.utils.SSLCipherUtility;
import weblogic.security.utils.SSLSetup;
import weblogic.servlet.security.internal.WebAppContextHandler;
import weblogic.servlet.security.internal.WebAppContextHandlerData;
import weblogic.servlet.spi.SecurityProvider;
import weblogic.servlet.spi.SubjectHandle;
import weblogic.servlet.spi.WebServerRegistry;

/* loaded from: input_file:weblogic/servlet/provider/WlsSecurityProvider.class */
public class WlsSecurityProvider implements SecurityProvider {
    private static final AuthenticatedSubject KERNEL_ID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static final SubjectHandle KERNEL_HANDLE = toSubjectHandle(KERNEL_ID);
    private static final SubjectHandle ANON_HANDLE = toSubjectHandle(SubjectUtils.getAnonymousSubject());

    @Override // weblogic.servlet.spi.SecurityProvider
    public final boolean getEnforceStrictURLPattern() {
        return SecurityServiceManager.getEnforceStrictURLPattern();
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public final boolean getEnforceValidBasicAuthCredentials() {
        return SecurityServiceManager.getEnforceValidBasicAuthCredentials();
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public void pushSubject(SubjectHandle subjectHandle) {
        SecurityServiceManager.checkKernelPermission();
        SecurityServiceManager.pushSubject(KERNEL_ID, toAuthSubject(subjectHandle));
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public void popSubject() {
        SecurityServiceManager.checkKernelPermission();
        SecurityServiceManager.popSubject(KERNEL_ID);
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public SubjectHandle getAnonymousSubject() {
        return ANON_HANDLE;
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public SubjectHandle getKernelSubject() {
        SecurityServiceManager.checkKernelPermission();
        return KERNEL_HANDLE;
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public Object unwrapSubject(SubjectHandle subjectHandle) {
        return toAuthSubject(subjectHandle);
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public SubjectHandle wrapSubject(Object obj) {
        return toSubjectHandle((AuthenticatedSubject) obj);
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public SubjectHandle wrapSubject(Object obj, Object obj2) {
        return obj2 == null ? toSubjectHandle((AuthenticatedSubject) obj) : toSubjectHandle((AuthenticatedSubject) obj, (Map) obj2);
    }

    public boolean isUserAnonymous(SubjectHandle subjectHandle) {
        return SubjectUtils.isUserAnonymous(toAuthSubject(subjectHandle));
    }

    public String getUsername(SubjectHandle subjectHandle) {
        return SubjectUtils.getUsername(toAuthSubject(subjectHandle));
    }

    public Principal getUserPrincipal(SubjectHandle subjectHandle) {
        return SubjectUtils.getUserPrincipal(toAuthSubject(subjectHandle));
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public boolean registerSEPermissions(String[] strArr, PermissionCollection permissionCollection, String str) throws SecurityServiceException {
        SecurityServiceManager.checkKernelPermission();
        return SupplementalPolicyObject.registerSEPermissions(KERNEL_ID, strArr, permissionCollection, str, J2EEUtils.WLWEB_DD_NAME, SupplementalPolicyObject.WEB_COMPONENT, SupplementalPolicyObject.EE_WEB_COMPONENT);
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public void setJavaSecurityPolicies(String[] strArr, String str) {
        SecurityServiceManager.checkKernelPermission();
        SupplementalPolicyObject.setPoliciesFromGrantStatement(KERNEL_ID, strArr, str, SupplementalPolicyObject.WEB_COMPONENT);
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public void removeJavaSecurityPolices(String[] strArr) {
        SecurityServiceManager.checkKernelPermission();
        SupplementalPolicyObject.removePolicies(KERNEL_ID, strArr);
    }

    public boolean isUserAnAdministrator(SubjectHandle subjectHandle) {
        return SubjectUtils.isUserAnAdministrator(toAuthSubject(subjectHandle));
    }

    public boolean isUserInAdminRoles(SubjectHandle subjectHandle, String[] strArr) {
        return SubjectUtils.isUserInAdminRoles(toAuthSubject(subjectHandle), strArr);
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public boolean isAdminPrivilegeEscalation(SubjectHandle subjectHandle, SubjectHandle subjectHandle2) {
        return SubjectUtils.isAdminPrivilegeEscalation(toAuthSubject(subjectHandle), toAuthSubject(subjectHandle2));
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public byte[] getRandomBytesFromSalt(int i) {
        return Salt.getRandomBytes(i);
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public String getRealmAuthMethods() {
        RealmMBean defaultRealm = WebServerRegistry.getInstance().getManagementProvider().getDomainMBean().getSecurityConfiguration().getDefaultRealm();
        if (defaultRealm != null) {
            return defaultRealm.getAuthMethods();
        }
        return null;
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public SecureRandom getSecureRandom() {
        return LocalRJVM.getLocalRJVM().getSecureRandom();
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public PrincipalAuthenticator getSecurityService(String str) {
        SecurityServiceManager.checkKernelPermission();
        return (PrincipalAuthenticator) SecurityServiceManager.getSecurityService(KERNEL_ID, str, SecurityService.ServiceType.AUTHENTICATION);
    }

    public boolean isJaccEnabled() {
        return SecurityServiceManager.isJACCEnabled();
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public Object runAs(SubjectHandle subjectHandle, PrivilegedAction privilegedAction, AuthenticatedSubject authenticatedSubject) {
        return SecurityServiceManager.runAs(authenticatedSubject, subjectHandle == null ? authenticatedSubject : toAuthSubject(subjectHandle), privilegedAction);
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public Object runAs(AuthenticatedSubject authenticatedSubject, PrivilegedAction privilegedAction, AuthenticatedSubject authenticatedSubject2) {
        return SecurityServiceManager.runAs(authenticatedSubject2, authenticatedSubject, privilegedAction);
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public Object runAs(SubjectHandle subjectHandle, PrivilegedExceptionAction privilegedExceptionAction, AuthenticatedSubject authenticatedSubject) throws PrivilegedActionException {
        return SecurityServiceManager.runAs(authenticatedSubject, subjectHandle == null ? authenticatedSubject : toAuthSubject(subjectHandle), privilegedExceptionAction);
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public Object runAs(AuthenticatedSubject authenticatedSubject, PrivilegedExceptionAction privilegedExceptionAction, AuthenticatedSubject authenticatedSubject2) throws PrivilegedActionException {
        return SecurityServiceManager.runAs(authenticatedSubject2, authenticatedSubject, privilegedExceptionAction);
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public Object runAsForUserCode(AuthenticatedSubject authenticatedSubject, PrivilegedAction privilegedAction, AuthenticatedSubject authenticatedSubject2) {
        return SecurityServiceManager.runAsForUserCode(authenticatedSubject2, authenticatedSubject, privilegedAction);
    }

    public boolean isKernelIdentity(SubjectHandle subjectHandle) {
        return SecurityServiceManager.isKernelIdentity(toAuthSubject(subjectHandle));
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public SubjectHandle getCurrentSubject() {
        SecurityServiceManager.checkKernelPermission();
        return toSubjectHandle(SecurityServiceManager.getCurrentSubject(KERNEL_ID));
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public boolean areWebAppFilesCaseInsensitive() {
        return SecurityServiceManager.areWebAppFilesCaseInsensitive();
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public String getDefaultRealmName() {
        return SecurityServiceManager.getDefaultRealmName();
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public boolean isSamlApp(String str) {
        return str.equals("/samlits_ba") || str.equals("/samlits_cc") || str.equals("/samlacs") || str.equals("/samlars") || str.equals("/saml2");
    }

    public static final ContextHandler getContextHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return new WebAppContextHandler(httpServletRequest, httpServletResponse);
    }

    public static SubjectHandle toSubjectHandle(AuthenticatedSubject authenticatedSubject) {
        return new WlsSubjectHandle(authenticatedSubject);
    }

    public static SubjectHandle toSubjectHandle(AuthenticatedSubject authenticatedSubject, Map<String, Serializable> map) {
        return new WlsSubjectHandle(authenticatedSubject, map);
    }

    public static AuthenticatedSubject toAuthSubject(SubjectHandle subjectHandle) {
        if (subjectHandle == null) {
            return null;
        }
        return ((WlsSubjectHandle) subjectHandle).getAuthSubject();
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public void initializeJACC() throws DeploymentException {
        CommonPolicyContextHandler commonPolicyContextHandler = new CommonPolicyContextHandler();
        String[] keys = WebAppContextHandlerData.getKeys();
        DelegatingPolicyContextHandler delegatingPolicyContextHandler = new DelegatingPolicyContextHandler(keys);
        try {
            PolicyContext.registerHandler(CommonPolicyContextHandler.SUBJECT_KEY, commonPolicyContextHandler, true);
            for (String str : keys) {
                PolicyContext.registerHandler(str, delegatingPolicyContextHandler, true);
            }
        } catch (PolicyContextException e) {
            throw new DeploymentException(e);
        }
    }

    @Override // weblogic.servlet.spi.SecurityProvider
    public Object[] getSSLAttributes(SSLSocket sSLSocket) {
        Object[] objArr = new Object[4];
        SSLSession session = sSLSocket.getSession();
        objArr[0] = session;
        String cipherSuite = session.getCipherSuite();
        objArr[1] = cipherSuite;
        int keySize = SSLCipherUtility.getKeySize(cipherSuite);
        if (keySize >= 0) {
            objArr[2] = new Integer(keySize);
        } else if (SSLSetup.isDebugEnabled()) {
            SSLSetup.debug(1, "SSLCipherUtility.getKeySize returned " + keySize + " for cipher suite \"" + cipherSuite + "\".");
        }
        try {
            Certificate[] peerCertificates = session.getPeerCertificates();
            if (peerCertificates != null) {
                objArr[3] = SSLCertUtility.toJavaX5092(peerCertificates);
            }
        } catch (IOException e) {
            SSLSetup.info("Warning: Problem processing peer certificates. Please run with debug mode turned ON at warning level for more details.");
            if (SSLSetup.isDebugEnabled()) {
                SSLSetup.debug(2, e, "Exception processing peer certificates: " + e.getMessage());
            }
        }
        return objArr;
    }
}
