package weblogic.diagnostics.utils;

import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.Map;
import weblogic.deploy.service.CallbackHandler;
import weblogic.management.ManagementLogger;
import weblogic.management.NoAccessRuntimeException;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.AdminResource;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.RoleManager;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.utils.ResourceIDDContextWrapper;

/* loaded from: input_file:weblogic/diagnostics/utils/SecurityHelper.class */
public class SecurityHelper {
    private static RoleManager roleManager;
    private static final AuthenticatedSubject KERNEL_ID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static AdminResource adminMBeanResource = new AdminResource(CallbackHandler.CONFIGURATION, null, null);
    static final String ADMIN_ROLENAME = "Admin";
    static final String OPERATOR_ROLENAME = "Operator";
    static final String DEPLOYER_ROLENAME = "Deployer";
    static final String[] ALL_ADMIN_ROLES = {ADMIN_ROLENAME, OPERATOR_ROLENAME, DEPLOYER_ROLENAME};

    private SecurityHelper() {
    }

    public static void checkForAdminRole() {
        checkForRole(ADMIN_ROLENAME);
    }

    public static void checkAnyAdminRole() {
        checkForAnyRole(ALL_ADMIN_ROLES);
    }

    public static void checkKernelAccess() {
        AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(KERNEL_ID);
        if (!SecurityServiceManager.isKernelIdentity(currentSubject)) {
            throw new NoAccessRuntimeException(ManagementLogger.logNoAccessForSubjectRoleLoggable(currentSubject.toString(), null).getMessage());
        }
    }

    public static void checkForRole(String str) {
        checkForAnyRole(new String[]{str});
    }

    public static void checkForAnyRole(final String[] strArr) {
        AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(KERNEL_ID);
        if (SecurityServiceManager.isKernelIdentity(currentSubject)) {
            return;
        }
        final AuthenticatedSubject seal = SecurityServiceManager.seal(KERNEL_ID, currentSubject);
        if (!((Boolean) SecurityServiceManager.runAs(KERNEL_ID, KERNEL_ID, new PrivilegedAction<Boolean>() { // from class: weblogic.diagnostics.utils.SecurityHelper.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Boolean run() {
                return SecurityHelper.isAllowedRole(strArr, SecurityHelper.access$100().getRoles(AuthenticatedSubject.this, SecurityHelper.adminMBeanResource, new ResourceIDDContextWrapper()));
            }
        })).booleanValue()) {
            throw new NoAccessRuntimeException(ManagementLogger.logNoAccessForSubjectRoleLoggable(seal.toString(), Arrays.toString(strArr)).getMessage());
        }
    }

    private static RoleManager getRoleManager() {
        if (roleManager != null) {
            return roleManager;
        }
        RoleManager roleManager2 = (RoleManager) SecurityServiceManager.getSecurityService(KERNEL_ID, SecurityServiceManager.defaultRealmName, SecurityService.ServiceType.ROLE);
        roleManager = roleManager2;
        return roleManager2;
    }

    static Boolean isAllowedRole(String[] strArr, Map<?, ?> map) {
        if (map != null) {
            if (map.get(ADMIN_ROLENAME) != null) {
                return Boolean.TRUE;
            }
            for (String str : strArr) {
                if (map.get(str) != null) {
                    return Boolean.TRUE;
                }
            }
        }
        return Boolean.FALSE;
    }

    static /* synthetic */ RoleManager access$100() {
        return getRoleManager();
    }
}
