package weblogic.security;

import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.lang.reflect.InvocationTargetException;
import java.security.AccessController;
import java.util.HashSet;
import java.util.Iterator;
import javax.inject.Inject;
import javax.inject.Named;
import javax.security.auth.message.config.AuthConfigFactory;
import org.glassfish.hk2.runlevel.RunLevel;
import org.jvnet.hk2.annotations.Optional;
import org.jvnet.hk2.annotations.Service;
import weblogic.descriptor.BeanUpdateEvent;
import weblogic.descriptor.DescriptorBean;
import weblogic.descriptor.DescriptorUpdateEvent;
import weblogic.descriptor.DescriptorUpdateFailedException;
import weblogic.descriptor.DescriptorUpdateListener;
import weblogic.descriptor.DescriptorUpdateRejectedException;
import weblogic.ldap.EmbeddedLDAP;
import weblogic.management.DomainDir;
import weblogic.management.ManagementException;
import weblogic.management.configuration.ConfigurationError;
import weblogic.management.configuration.SecurityConfigurationMBean;
import weblogic.management.provider.ManagementService;
import weblogic.management.security.ProviderMBean;
import weblogic.management.security.RDBMSSecurityStoreMBean;
import weblogic.management.security.RealmMBean;
import weblogic.management.security.authentication.UserLockoutManagerMBean;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.jaspic.AuthConfigFactoryImpl;
import weblogic.security.jaspic.RegStoreFileParser;
import weblogic.security.net.ConnectionFilter;
import weblogic.security.net.ConnectionFilterRulesListener;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.service.SecurityServiceRuntimeException;
import weblogic.security.shared.LoggerWrapper;
import weblogic.server.AbstractServerService;
import weblogic.server.ServerService;
import weblogic.server.ServiceFailureException;
import weblogic.utils.NestedRuntimeException;
import weblogic.utils.annotation.Secure;

@Service
@Named
@RunLevel(10)
@Secure
/* loaded from: input_file:weblogic/security/PreSecurityService.class */
public class PreSecurityService extends AbstractServerService implements PropertyChangeListener, DescriptorUpdateListener {
    private static final String DEFAULT_REALM = "weblogic.security.acl.internal.FileRealm";
    private static final String WLREALMNAME = "weblogic";

    @Inject
    @Named("X509CertRegisterService")
    private ServerService dependencyOnX509CertRegisterService;

    @Inject
    @Named(EmbeddedLDAP.EMBEDDED_LDAP)
    private ServerService dependencyOnEmbeddedLDAP;

    @Inject
    @Optional
    @Named("JpsDefaultService")
    private ServerService dependencyOnOPSS;
    private SecurityConfigurationMBean newMbean = null;
    private SecurityServiceManager secmgr;
    private static PreSecurityService singleton;
    private static final AuthenticatedSubject KERNELID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static LoggerWrapper log = LoggerWrapper.getInstance("SecurityService");
    public static boolean isPerfDebug = false;

    public PreSecurityService() {
        setSingleton(this);
        if (log.isDebugEnabled()) {
            log.debug("PreSecurityService init");
        }
    }

    private static void setSingleton(PreSecurityService preSecurityService) {
        singleton = preSecurityService;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PreSecurityService getSingleton() {
        return singleton;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityConfigurationMBean getSecurityConfigurationMBean(AuthenticatedSubject authenticatedSubject) {
        SecurityServiceManager.checkKernelIdentity(authenticatedSubject);
        return this.newMbean;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityServiceManager getSecurityServiceManager(AuthenticatedSubject authenticatedSubject) {
        SecurityServiceManager.checkKernelIdentity(authenticatedSubject);
        return this.secmgr;
    }

    @Override // weblogic.server.AbstractServerService, weblogic.server.ServerService
    public void start() throws ServiceFailureException {
        if (log.isDebugEnabled()) {
            log.debug("starting PreSecurityService");
        }
        long j = 0;
        if (isPerfDebug) {
            dbgPsr("PreSecurityService start");
            j = System.currentTimeMillis();
        }
        try {
            initializeMBean();
            initializeConnectionFilter();
            initializeJASPICFactory();
            try {
                new SecurityRuntime(this.newMbean);
                this.secmgr = new SecurityServiceManager(KERNELID);
                this.secmgr.preInitialize(KERNELID);
                if (isPerfDebug) {
                    dbgPsr("PreSecurityService start = " + (System.currentTimeMillis() - j));
                }
                if (log.isDebugEnabled()) {
                    log.debug("finished starting PreSecurityService");
                }
            } catch (ManagementException e) {
                SecurityLogger.logErrorCreatingSecurityRuntime(e);
                throw new ServiceFailureException(e);
            }
        } catch (SecurityServiceRuntimeException e2) {
            throw new ServiceFailureException(e2);
        } catch (RuntimeException e3) {
            throw e3;
        } catch (Exception e4) {
            SecurityLogger.logStackTrace(e4);
            throw new ServiceFailureException(e4);
        }
    }

    @Override // weblogic.server.AbstractServerService, weblogic.server.ServerService
    public void stop() throws ServiceFailureException {
        if (log.isDebugEnabled()) {
            log.debug("PreSecurityService stop");
        }
    }

    @Override // weblogic.server.AbstractServerService, weblogic.server.ServerService
    public void halt() throws ServiceFailureException {
        if (log.isDebugEnabled()) {
            log.debug("PreSecurityService halt");
        }
    }

    private void initializeMBean() {
        this.newMbean = ManagementService.getRuntimeAccess(KERNELID).getDomain().getSecurityConfiguration();
        if (this.newMbean.getSalt() == null) {
            throw new ConfigurationError(SecurityLogger.getSaltNotSet());
        }
        this.newMbean.addPropertyChangeListener(this);
        this.newMbean.getDescriptor().addUpdateListener(this);
    }

    private void setConnectionLoggerEnabled() {
        SecurityService.setConnectionLoggerEnabled(this.newMbean.getConnectionLoggerEnabled());
    }

    private void setCompatibilityConnectionFiltersEnabled() {
        SecurityService.setCompatibilityConnectionFiltersEnabled(this.newMbean.getCompatibilityConnectionFiltersEnabled());
    }

    private synchronized void setConnectionFilterRules() {
        String[] connectionFilterRules = this.newMbean.getConnectionFilterRules();
        try {
            Class<?> cls = Class.forName(SecurityService.getFilterClass());
            if (ConnectionFilterRulesListener.class.isAssignableFrom(cls)) {
                try {
                    cls.getMethod("setRules", String[].class).invoke(SecurityService.getConnectionFilter(), connectionFilterRules);
                } catch (InvocationTargetException e) {
                    Throwable targetException = e.getTargetException();
                    if (targetException.toString().startsWith("java.text.ParseException")) {
                        SecurityLogger.logBootFilterCritical(targetException.getMessage());
                    }
                    throw e;
                }
            }
        } catch (Throwable th) {
            SecurityLogger.logStackTrace(th);
            throw new NestedRuntimeException(SecurityLogger.getProblemWithConnFilterRules(), th);
        }
    }

    private void initializeConnectionFilter() {
        setConnectionFilter();
        setConnectionLoggerEnabled();
        setCompatibilityConnectionFiltersEnabled();
    }

    private synchronized void setConnectionFilter() {
        String connectionFilter = this.newMbean.getConnectionFilter();
        SecurityService.setFilterClass(connectionFilter);
        if (connectionFilter == null) {
            SecurityService.setEnableConnectionFilter(false);
            SecurityService.setConnectionFilter(null);
            return;
        }
        try {
            SecurityService.setConnectionFilter((ConnectionFilter) Class.forName(connectionFilter).newInstance());
            SecurityService.setEnableConnectionFilter(true);
            setConnectionFilterRules();
        } catch (Exception e) {
            SecurityLogger.logStackTrace(e);
            throw new NestedRuntimeException(SecurityLogger.getProblemWithConnFilter(), e);
        }
    }

    private void initializeJASPICFactory() {
        if (AuthConfigFactory.getFactory() == null) {
            AuthConfigFactory.setFactory(new AuthConfigFactoryImpl(new RegStoreFileParser(DomainDir.getSecurityDir(), "auth.conf", false)));
        }
    }

    @Override // java.beans.PropertyChangeListener
    public synchronized void propertyChange(PropertyChangeEvent propertyChangeEvent) {
        if (log.isDebugEnabled()) {
            log.debug("propertyChange, event= " + propertyChangeEvent);
        }
        String propertyName = propertyChangeEvent.getPropertyName();
        if (propertyName.equalsIgnoreCase("ConnectionFilter")) {
            setConnectionFilter();
        }
        if (propertyName.equalsIgnoreCase("ConnectionFilterRules") && SecurityService.getConnectionFilterEnabled()) {
            setConnectionFilterRules();
        }
        if (propertyName.equalsIgnoreCase("ConnectionLoggerEnabled")) {
            setConnectionLoggerEnabled();
        }
        if (propertyName.equalsIgnoreCase("CompatibilityConnectionFiltersEnabled")) {
            setCompatibilityConnectionFiltersEnabled();
        }
    }

    @Override // weblogic.descriptor.DescriptorUpdateListener
    public void prepareUpdate(DescriptorUpdateEvent descriptorUpdateEvent) throws DescriptorUpdateRejectedException {
    }

    @Override // weblogic.descriptor.DescriptorUpdateListener
    public synchronized void activateUpdate(DescriptorUpdateEvent descriptorUpdateEvent) throws DescriptorUpdateFailedException {
        HashSet hashSet = new HashSet();
        for (BeanUpdateEvent beanUpdateEvent : descriptorUpdateEvent.getDiff()) {
            DescriptorBean proposedBean = beanUpdateEvent.getProposedBean();
            if (proposedBean instanceof SecurityConfigurationMBean) {
                if (log.isDebugEnabled()) {
                    log.debug("handling security config changes");
                }
                for (BeanUpdateEvent.PropertyUpdate propertyUpdate : beanUpdateEvent.getUpdateList()) {
                    if ("Realms".equals(propertyUpdate.getPropertyName())) {
                        if (propertyUpdate.getUpdateType() == 2) {
                            if (ManagementService.getRuntimeAccess(KERNELID).isAdminServer()) {
                                SecurityServiceManager.initializeRealm(KERNELID, ((RealmMBean) propertyUpdate.getAddedObject()).getName());
                            }
                        } else if (propertyUpdate.getUpdateType() == 3) {
                            this.secmgr.shutdownRealm(KERNELID, ((RealmMBean) propertyUpdate.getRemovedObject()).getName());
                        }
                    }
                }
            } else if ((proposedBean instanceof RealmMBean) || (proposedBean instanceof UserLockoutManagerMBean) || (proposedBean instanceof RDBMSSecurityStoreMBean) || (proposedBean instanceof ProviderMBean)) {
                RealmMBean realmForBean = getRealmForBean(proposedBean);
                if (realmForBean != null && realmForBean.isAutoRestartOnNonDynamicChanges()) {
                    boolean z = false;
                    for (BeanUpdateEvent.PropertyUpdate propertyUpdate2 : beanUpdateEvent.getUpdateList()) {
                        propertyUpdate2.getPropertyName();
                        if (!propertyUpdate2.isDynamic()) {
                            z = true;
                        }
                    }
                    if (z) {
                        hashSet.add(realmForBean.getName());
                    }
                } else if (log.isDebugEnabled()) {
                    log.debug("Realm restart is not enabled so realm or provider changes may require a restart of the server.");
                }
            }
        }
        if (hashSet.isEmpty()) {
            return;
        }
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            this.secmgr.restartRealm(KERNELID, (String) it.next());
        }
    }

    @Override // weblogic.descriptor.DescriptorUpdateListener
    public void rollbackUpdate(DescriptorUpdateEvent descriptorUpdateEvent) {
    }

    public static final void dbgPsr(String str) {
        System.out.println(str);
    }

    private RealmMBean getRealmForBean(DescriptorBean descriptorBean) {
        RealmMBean realmMBean = null;
        DescriptorBean descriptorBean2 = descriptorBean;
        while (true) {
            DescriptorBean descriptorBean3 = descriptorBean2;
            if (descriptorBean3 == null || realmMBean != null) {
                break;
            }
            if (descriptorBean3 instanceof RealmMBean) {
                realmMBean = (RealmMBean) descriptorBean3;
            }
            descriptorBean2 = descriptorBean3.getParentBean();
        }
        return realmMBean;
    }
}
