package weblogic.security.acl.internal;

import java.io.IOException;
import java.io.InputStream;
import java.rmi.RemoteException;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.Certificate;
import javax.security.auth.login.LoginException;
import org.jvnet.hk2.annotations.Service;
import weblogic.common.internal.PeerInfo;
import weblogic.common.internal.PeerInfoable;
import weblogic.core.base.api.FastThreadLocalMarker;
import weblogic.jndi.WLContext;
import weblogic.kernel.AuditableThreadLocal;
import weblogic.kernel.AuditableThreadLocalFactory;
import weblogic.kernel.KernelTypeService;
import weblogic.kernel.ThreadLocalInitialValue;
import weblogic.protocol.Protocol;
import weblogic.rjvm.LocalRJVM;
import weblogic.rjvm.RJVM;
import weblogic.rjvm.RJVMManager;
import weblogic.security.SimpleCallbackHandler;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.DefaultUserInfoImpl;
import weblogic.security.acl.SecurityService;
import weblogic.security.acl.SecurityServiceGenerator;
import weblogic.security.acl.UserInfo;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityManager;
import weblogic.security.service.SecurityServiceManager;
import weblogic.utils.LocatorUtilities;

@Service
/* loaded from: input_file:weblogic/security/acl/internal/Security.class */
public final class Security implements FastThreadLocalMarker {
    private static final String NON_PARTITION_ID = "DOMAIN";
    private static boolean enableDefaultUserProperty;
    private static final AuditableThreadLocal threadSSLClientInfo = AuditableThreadLocalFactory.createThreadLocal(new ThreadLocalInitialValue(true));
    private static AuthenticatedSubject kernelID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());

    public static void init() {
    }

    private static AuthenticatedUser authenticateLocally(UserInfo userInfo) throws SecurityException {
        AuthenticatedSubject authenticatedSubject = null;
        PrincipalAuthenticator principalAuthenticator = SecurityServiceManager.getPrincipalAuthenticator(kernelID, SecurityServiceManager.getContextSensitiveRealmName());
        try {
            if (userInfo instanceof DefaultUserInfoImpl) {
                DefaultUserInfoImpl defaultUserInfoImpl = (DefaultUserInfoImpl) userInfo;
                authenticatedSubject = principalAuthenticator.authenticate(new SimpleCallbackHandler(defaultUserInfoImpl.getName(), defaultUserInfoImpl.getPassword()), null);
            }
            return authenticatedSubject;
        } catch (LoginException e) {
            throw new SecurityException(e.getMessage());
        }
    }

    public static AuthenticatedUser authenticate(UserInfo userInfo, RJVM rjvm, Protocol protocol, String str) throws RemoteException, SecurityException {
        return authenticate(userInfo, rjvm, protocol, str, 0L, false, null);
    }

    public static AuthenticatedUser authenticate(UserInfo userInfo, RJVM rjvm, Protocol protocol, String str, long j, boolean z, String str2) throws RemoteException, SecurityException {
        String str3 = null;
        if (str2 == null) {
            str3 = "DOMAIN";
        }
        return authenticate(userInfo, rjvm, protocol, str, j, z, str3, str2);
    }

    public static AuthenticatedUser authenticate(final UserInfo userInfo, RJVM rjvm, Protocol protocol, String str, long j, boolean z, String str2, String str3) throws RemoteException, SecurityException {
        AuthenticatedUser authenticate;
        if (rjvm.getID().isLocal()) {
            return authenticateLocally(userInfo);
        }
        RJVM findOrCreate = RJVMManager.getRJVMManager().findOrCreate(rjvm.getID());
        SecurityServiceGenerator securityServiceGenerator = (SecurityServiceGenerator) LocatorUtilities.getService(SecurityServiceGenerator.class);
        if (isRMIBootstrapPossible(findOrCreate)) {
            final SecurityService createRMIBootService = securityServiceGenerator.createRMIBootService(findOrCreate, str, (int) j, str2, str3);
            try {
                authenticate = (AuthenticatedUser) SecurityManager.runAs(kernelID, SubjectUtils.getAnonymousSubject(), new PrivilegedExceptionAction() { // from class: weblogic.security.acl.internal.Security.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws RemoteException {
                        return SecurityService.this.authenticate(userInfo);
                    }
                });
            } catch (PrivilegedActionException e) {
                RemoteException exception = e.getException();
                if (exception.getCause() instanceof SecurityException) {
                    throw ((SecurityException) exception.getCause());
                }
                throw exception;
            }
        } else {
            authenticate = securityServiceGenerator.createBootService(findOrCreate, protocol, str2).authenticate(userInfo);
        }
        if (!((KernelTypeService) LocatorUtilities.getService(KernelTypeService.class)).isServer()) {
            AuthenticatedSubject aSFromAU = authenticate == null ? null : SecurityServiceManager.getASFromAU(authenticate);
            if (z || enableDefaultUserProperty) {
                SecurityManager.setDefaultUser(aSFromAU);
            }
        }
        return authenticate;
    }

    private static boolean isRMIBootstrapPossible(RJVM rjvm) {
        if (!(rjvm instanceof PeerInfoable)) {
            return false;
        }
        PeerInfo peerInfo = ((PeerInfoable) rjvm).getPeerInfo();
        if (LocalRJVM.getLocalRJVM().getPeerInfo().equals(peerInfo)) {
            return true;
        }
        if (peerInfo == null) {
            return false;
        }
        int major = peerInfo.getMajor();
        int minor = peerInfo.getMinor();
        int servicePack = peerInfo.getServicePack();
        return major > 8 || (major == 6 && minor == 1 && servicePack >= 5) || ((major == 7 && minor == 0 && servicePack >= 3) || (major == 8 && minor == 1 && servicePack >= 1));
    }

    @Deprecated
    public static SSLClientInfoService getThreadSSLClientInfo() {
        SSLClientInfoService sSLClientInfoService;
        Object obj = threadSSLClientInfo.get();
        if (obj == null || !(obj instanceof SSLClientInfoService)) {
            sSLClientInfoService = (SSLClientInfoService) LocatorUtilities.getService(SSLClientInfoService.class);
            threadSSLClientInfo.set(sSLClientInfoService);
        } else {
            sSLClientInfoService = (SSLClientInfoService) obj;
        }
        return sSLClientInfoService;
    }

    public static void setThreadSSLClientInfo(SSLClientInfoService sSLClientInfoService) {
        threadSSLClientInfo.set(sSLClientInfoService);
    }

    @Deprecated
    public static final void setSSLRootCAFingerprints(String str) {
        getThreadSSLClientInfo().setRootCAfingerprints(str);
    }

    @Deprecated
    public static final void setSSLRootCAFingerprints(byte[][] bArr) {
        getThreadSSLClientInfo().setRootCAfingerprints(bArr);
    }

    @Deprecated
    public static final byte[][] getSSLRootCAFingerprints() {
        return getThreadSSLClientInfo().getRootCAfingerprints();
    }

    @Deprecated
    public static final void setSSLServerName(String str) {
        getThreadSSLClientInfo().setExpectedName(str);
    }

    @Deprecated
    public static final String getSSLServerName() {
        return getThreadSSLClientInfo().getExpectedName();
    }

    @Deprecated
    public static final Object getSSLClientCertificate() throws IOException {
        return getThreadSSLClientInfo().getSSLClientCertificate();
    }

    @Deprecated
    public static final void setSSLClientCertificate(InputStream[] inputStreamArr) {
        getThreadSSLClientInfo().setSSLClientCertificate(inputStreamArr);
    }

    @Deprecated
    public static final void setSSLClientKeyPassword(String str) {
        getThreadSSLClientInfo().setSSLClientKeyPassword(str);
    }

    @Deprecated
    public static final String getSSLClientKeyPassword() {
        return getThreadSSLClientInfo().getSSLClientKeyPassword();
    }

    @Deprecated
    public static final void loadLocalIdentity(Certificate[] certificateArr, PrivateKey privateKey) {
        getThreadSSLClientInfo().loadLocalIdentity(certificateArr, privateKey);
    }

    public static final boolean isClientCertAvailable() {
        return getThreadSSLClientInfo().isClientCertAvailable();
    }

    @Override // weblogic.core.base.api.FastThreadLocalMarker
    public String getFastThreadLocalClassName() {
        return getClass().getCanonicalName();
    }

    static {
        enableDefaultUserProperty = false;
        if (((KernelTypeService) LocatorUtilities.getService(KernelTypeService.class)).isServer() || ((KernelTypeService) LocatorUtilities.getService(KernelTypeService.class)).isApplet() || System.getProperty(WLContext.ENABLE_DEFAULT_USER) == null) {
            return;
        }
        enableDefaultUserProperty = true;
    }
}
