package weblogic.security.service;

import java.security.AccessControlException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Random;
import javax.security.auth.Subject;
import weblogic.kernel.AuditableThread;
import weblogic.kernel.KernelStatus;
import weblogic.security.SecurityLogger;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.principal.WLSKernelIdentity;
import weblogic.security.subject.AbstractSubject;
import weblogic.security.subject.DelegatingSubjectStack;
import weblogic.security.subject.SubjectManager;
import weblogic.utils.collections.ArraySet;

/* loaded from: input_file:weblogic/security/service/SubjectManagerImpl.class */
public class SubjectManagerImpl extends SubjectManager {
    private static AbstractSubject kernelIdentity = initializeKernelID();
    static WLSKernelIdentity kernelPrincipal = null;
    private static boolean usingJava2Security = false;
    private static boolean java2SecurityModeSet = false;
    private static AbstractSubject defaultUser;
    private static final boolean isTracing = false;
    private DelegatingSubjectStack stack = new DelegatingSubjectStack();

    @Override // weblogic.security.subject.SubjectStack
    public AbstractSubject getCurrentSubject(AbstractSubject abstractSubject) {
        AbstractSubject currentSubject = this.stack.getCurrentSubject(abstractSubject);
        if (currentSubject == null) {
            currentSubject = (KernelStatus.isServer() && (Thread.currentThread() instanceof AuditableThread)) ? abstractSubject : (defaultUser == null || KernelStatus.isServer()) ? AuthenticatedSubject.ANON : defaultUser;
        }
        return currentSubject;
    }

    @Override // weblogic.security.subject.SubjectStack
    public AbstractSubject getCurrentSubject(AbstractSubject abstractSubject, AuditableThread auditableThread) {
        AbstractSubject currentSubject = this.stack.getCurrentSubject(abstractSubject, auditableThread);
        if (currentSubject == null) {
            currentSubject = KernelStatus.isServer() ? abstractSubject : AuthenticatedSubject.ANON;
        }
        return currentSubject;
    }

    @Override // weblogic.security.subject.SubjectStack
    public void pushSubject(AbstractSubject abstractSubject, AbstractSubject abstractSubject2) {
        this.stack.pushSubject(abstractSubject, abstractSubject2);
    }

    @Override // weblogic.security.subject.SubjectStack
    public void popSubject(AbstractSubject abstractSubject) {
        this.stack.popSubject(abstractSubject);
    }

    @Override // weblogic.security.subject.SubjectStack
    public int getSize() {
        return this.stack.getSize();
    }

    @Override // weblogic.security.subject.SubjectManager
    protected AbstractSubject getKernelIdentity() {
        checkKernelPermission();
        return kernelIdentity;
    }

    @Override // weblogic.security.subject.SubjectManager
    protected AbstractSubject createAbstractSubject(Subject subject) {
        return new AuthenticatedSubject(subject);
    }

    @Override // weblogic.security.subject.SubjectManager
    public void checkKernelPermission() {
        if (usingJava2Security) {
            try {
                AccessController.checkPermission(KERNEL_PERM);
            } catch (AccessControlException e) {
                AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: weblogic.security.service.SubjectManagerImpl.1
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        SecurityLogger.logKernelPermissionFailure(e);
                        return null;
                    }
                });
                throw e;
            }
        }
    }

    @Override // weblogic.security.subject.SubjectManager
    public void checkKernelIdentity(AbstractSubject abstractSubject) {
        if (isKernelIdentity(abstractSubject)) {
        } else {
            throw new NotAuthorizedRuntimeException(SecurityLogger.getSubjectIsNotTheKernelIdentity(abstractSubject == null ? "<null>" : abstractSubject.toString()));
        }
    }

    @Override // weblogic.security.subject.SubjectManager
    public boolean isKernelIdentity(AbstractSubject abstractSubject) {
        return abstractSubject == kernelIdentity;
    }

    public static void setJava2SecurityMode(boolean z) {
        if (java2SecurityModeSet) {
            throw new IllegalStateException(SecurityLogger.getCanNotCallSetJava2SecurityMoreThanOnce());
        }
        java2SecurityModeSet = true;
        usingJava2Security = z;
    }

    public static void setDefaultUser(AbstractSubject abstractSubject) {
        if (defaultUser == null) {
            defaultUser = abstractSubject;
        }
    }

    public static AbstractSubject getDefaultUser() {
        return defaultUser == null ? AuthenticatedSubject.ANON : defaultUser;
    }

    public static void resetDefaultUser() {
        defaultUser = null;
    }

    protected static AbstractSubject initializeKernelID() {
        WLSKernelIdentity wLSKernelIdentity = new WLSKernelIdentity(Integer.toString(new Random().nextInt()));
        ArraySet arraySet = new ArraySet();
        arraySet.add(wLSKernelIdentity);
        kernelPrincipal = wLSKernelIdentity;
        return new AuthenticatedSubject(true, arraySet);
    }

    public static synchronized boolean ensureInitialized() {
        if (subjectManagerInstalled()) {
            return true;
        }
        setSubjectManager(new SubjectManagerImpl());
        return false;
    }

    @Override // weblogic.security.subject.SubjectManager
    public String getSubjectName(AbstractSubject abstractSubject) {
        return abstractSubject instanceof AuthenticatedSubject ? SubjectUtils.getUsername((AuthenticatedSubject) abstractSubject) : super.getSubjectName(abstractSubject);
    }

    @Override // weblogic.security.subject.SubjectManager
    public AbstractSubject getAnonymousSubject() {
        return AuthenticatedSubject.ANON;
    }
}
