package weblogic.ejb.container.deployer;

import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import weblogic.application.ApplicationContextInternal;
import weblogic.application.SecurityRole;
import weblogic.diagnostics.debug.DebugLogger;
import weblogic.ejb.container.EJBDebugService;
import weblogic.ejb.container.EJBLogger;
import weblogic.ejb.container.compliance.EJBComplianceTextFormatter;
import weblogic.ejb.container.interfaces.BeanInfo;
import weblogic.ejb.container.interfaces.DeploymentInfo;
import weblogic.ejb.container.interfaces.ISecurityHelper;
import weblogic.ejb.container.interfaces.NoSuchRoleException;
import weblogic.ejb.container.interfaces.SecurityRoleMapping;
import weblogic.ejb.container.interfaces.SecurityRoleReference;
import weblogic.ejb.container.internal.MethodDescriptor;
import weblogic.ejb.container.internal.SecurityHelper;
import weblogic.ejb.spi.WLDeploymentException;
import weblogic.ejb20.interfaces.PrincipalNotFoundException;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.SecurityApplicationInfoImpl;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.spi.ApplicationInfo;
import weblogic.t3.srvr.ServerRuntime;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:weblogic/ejb/container/deployer/RuntimeHelper.class */
public final class RuntimeHelper {
    private static final DebugLogger debugLogger = EJBDebugService.securityLogger;
    private final SecurityHelper helper;
    private final DeploymentInfo di;
    private final int roleMappingBehavior;
    private final ApplicationContextInternal appCtx;
    private Map<String, AuthenticatedSubject> principal2Subject;

    /* JADX INFO: Access modifiers changed from: package-private */
    public RuntimeHelper(DeploymentInfo deploymentInfo, ApplicationContextInternal applicationContextInternal, AuthenticatedSubject authenticatedSubject) {
        this.di = deploymentInfo;
        this.appCtx = applicationContextInternal;
        SecurityApplicationInfoImpl securityApplicationInfoImpl = new SecurityApplicationInfoImpl(applicationContextInternal.getAppDeploymentMBean(), ApplicationInfo.ComponentType.EJB, this.di.getModuleId());
        this.helper = SecurityHelper.newInstanceFor(this.di, authenticatedSubject);
        this.helper.setupApplicationInfo(applicationContextInternal, securityApplicationInfoImpl);
        this.roleMappingBehavior = SecurityServiceManager.getRoleMappingBehavior(this.di.getSecurityRealmName(), securityApplicationInfoImpl);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ISecurityHelper getSecurityHelper() {
        return this.helper;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticatedSubject getRunAsSubject(String str) throws PrincipalNotFoundException {
        if (str == null) {
            return null;
        }
        if (this.principal2Subject == null) {
            this.principal2Subject = new HashMap();
        }
        AuthenticatedSubject authenticatedSubject = this.principal2Subject.get(str);
        if (authenticatedSubject == null) {
            authenticatedSubject = this.helper.getSubjectForPrincipal(str);
            this.principal2Subject.put(str, authenticatedSubject);
        }
        return authenticatedSubject;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkRunAsPrivileges(BeanInfo beanInfo) throws WLDeploymentException {
        AuthenticatedSubject deploymentInitiator = this.appCtx.getDeploymentInitiator();
        if (SubjectUtils.isUserAnAdministrator(deploymentInitiator)) {
            return;
        }
        if (ServerRuntime.theOne().getStateVal() == 1 && SubjectUtils.isUserAnonymous(deploymentInitiator)) {
            return;
        }
        checkRunAsPrivilege(deploymentInitiator, beanInfo.getRunAsPrincipalName(), "run", beanInfo);
        checkRunAsPrivilege(deploymentInitiator, beanInfo.getCreateAsPrincipalName(), "create", beanInfo);
        checkRunAsPrivilege(deploymentInitiator, beanInfo.getRemoveAsPrincipalName(), "remove", beanInfo);
        checkRunAsPrivilege(deploymentInitiator, beanInfo.getPassivateAsPrincipalName(), "passivate", beanInfo);
    }

    private void checkRunAsPrivilege(AuthenticatedSubject authenticatedSubject, String str, String str2, BeanInfo beanInfo) throws WLDeploymentException {
        if (str == null) {
            return;
        }
        try {
            AuthenticatedSubject subjectForPrincipal = this.helper.getSubjectForPrincipal(str);
            if (subjectForPrincipal == null || !SubjectUtils.isAdminPrivilegeEscalation(authenticatedSubject, subjectForPrincipal)) {
            } else {
                throw new WLDeploymentException(EJBLogger.logAttemptToBumpUpPrivilegesWithRunAsLoggable(beanInfo.getDisplayName(), str2).getMessageText());
            }
        } catch (PrincipalNotFoundException e) {
            throw new WLDeploymentException(EJBLogger.logRunAsPrincipalNotFoundLoggable(beanInfo.getDisplayName(), str2, str).getMessageText());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void registerRoleRefs(String str, Map<String, SecurityRoleReference> map) throws WLDeploymentException {
        this.helper.registerRoleRefs(str, map, this.di);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean processUncheckedExcludedMethod(MethodDescriptor methodDescriptor) throws WLDeploymentException {
        return this.helper.processUncheckedExcludedMethod(methodDescriptor);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deployRoles() throws WLDeploymentException {
        SecurityRoleMapping deploymentRoles = this.di.getDeploymentRoles();
        if (deploymentRoles.getSecurityRoleNames().isEmpty()) {
            return;
        }
        this.helper.deployRoles(this.di, deploymentRoles, this.appCtx, this.roleMappingBehavior);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void unDeployRoles() {
        if (this.di.getDeploymentRoles().getSecurityRoleNames().isEmpty()) {
            return;
        }
        this.helper.unDeployRoles(this.di);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void activate() {
        this.helper.activate();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deactivate() {
        this.helper.deactivate();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isUserPrincipal(String str) {
        if (str == null) {
            return false;
        }
        try {
            return this.helper.getSubjectForPrincipal(str) != null;
        } catch (PrincipalNotFoundException e) {
            if (!debugLogger.isDebugEnabled()) {
                return false;
            }
            debugLogger.debug("[RuntimeHelper] \"" + str + "\" is failed to be authenticated. ", e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deployAllPolicies() throws WLDeploymentException {
        this.helper.deployAllPolicies();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getRunAsPrincipalFromRoleMapping(String str, String str2, SecurityRoleMapping securityRoleMapping) throws WLDeploymentException {
        if (debugLogger.isDebugEnabled()) {
            debug("attempting to get the run-as principal for run-as role " + str2 + " from a security-role assignment for the role.");
        }
        String str3 = null;
        switch (this.roleMappingBehavior) {
            case 0:
                try {
                    Iterator<String> it = securityRoleMapping.getSecurityRolePrincipalNames(str2).iterator();
                    while (true) {
                        if (it.hasNext()) {
                            str3 = it.next();
                            if (isUserPrincipal(str3)) {
                                EJBLogger.logRunAsPrincipalChosenFromSecurityRoleAssignment(str, str2, str3);
                            } else {
                                str3 = null;
                            }
                        }
                    }
                    if (str3 == null) {
                        throw new WLDeploymentException(EJBComplianceTextFormatter.getInstance().COULD_NOT_DETERMINE_RUN_AS_PRINCIPAL_FROM_ROLE_ASSIGNMENT(str, str2));
                    }
                    return str3;
                } catch (NoSuchRoleException e) {
                    throw new AssertionError("Expected role in mapping");
                }
            case 1:
            case 2:
                try {
                    Collection<String> securityRolePrincipalNames = securityRoleMapping.getSecurityRolePrincipalNames(str2);
                    if (!securityRolePrincipalNames.isEmpty()) {
                        String next = securityRolePrincipalNames.iterator().next();
                        EJBLogger.logRunAsPrincipalChosenFromSecurityRoleAssignment(str, str2, next);
                        return next;
                    }
                    String[] strArr = null;
                    SecurityRole securityRole = this.appCtx.getSecurityRole(str2);
                    if (securityRole != null) {
                        strArr = securityRole.getPrincipalNames();
                    }
                    if (strArr != null && strArr.length > 0) {
                        String str4 = strArr[0];
                        EJBLogger.logRunAsPrincipalChosenFromSecurityRoleAssignment(str, str2, str4);
                        return str4;
                    }
                    if (this.roleMappingBehavior == 1) {
                        throw new WLDeploymentException(EJBComplianceTextFormatter.getInstance().COULD_NOT_DETERMINE_RUN_AS_PRINCIPAL_FROM_ROLE_ASSIGNMENT(str, str2));
                    }
                    if (debugLogger.isDebugEnabled()) {
                        debug("setting run-as principal equal to the role name for run-as role " + str2);
                    }
                    return str2;
                } catch (NoSuchRoleException e2) {
                    throw new AssertionError("Expected role in mapping");
                }
            default:
                throw new AssertionError("Unexpected role mapping behavior: " + this.roleMappingBehavior);
        }
    }

    private static void debug(String str) {
        debugLogger.debug("[RuntimeHelper] " + str);
    }
}
