package weblogic.management.utils;

import java.io.UnsupportedEncodingException;
import java.net.URLConnection;
import java.security.AccessController;
import javax.mail.internet.MimeUtility;
import javax.servlet.http.HttpServletRequest;
import weblogic.management.provider.ManagementService;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.utils.RequestSigner;
import weblogic.security.utils.SignedRequestInfo;

/* loaded from: input_file:weblogic/management/utils/ConnectionSigner.class */
public class ConnectionSigner {
    public static final String REQUEST_NONCE = "wls_nonce";
    public static final String REQUEST_TIMESTAMP = "wls_timestamp";
    public static final String REQUEST_CLIENT_SERVER_NAME = "wls_server_name";
    public static final String REQUEST_SIGNATURE = "wls_signature";
    private static AuthenticatedSubject KERNEL_ID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());

    public static void signConnection(URLConnection uRLConnection, AuthenticatedSubject authenticatedSubject, String str) {
        SecurityServiceManager.checkKernelIdentity(authenticatedSubject);
        SignedRequestInfo signRequest = RequestSigner.getInstance().signRequest(authenticatedSubject, str);
        uRLConnection.setRequestProperty(REQUEST_NONCE, signRequest.getNonce());
        uRLConnection.setRequestProperty(REQUEST_TIMESTAMP, signRequest.getTimeStamp());
        uRLConnection.setRequestProperty(REQUEST_CLIENT_SERVER_NAME, mimeEncode(signRequest.getClientServerName()));
        uRLConnection.setRequestProperty(REQUEST_SIGNATURE, signRequest.getSignature());
    }

    public static void signConnection(URLConnection uRLConnection, AuthenticatedSubject authenticatedSubject) {
        signConnection(uRLConnection, authenticatedSubject, ManagementService.getRuntimeAccess(KERNEL_ID).getAdminServerName());
    }

    public static boolean authenticate(String str, String str2, String str3, String str4) {
        return RequestSigner.getInstance().verify(new SignedRequestInfo(str4, str2, str3, ManagementService.getRuntimeAccess(KERNEL_ID).getServerName(), str), false);
    }

    public static boolean isConnectionSigned(HttpServletRequest httpServletRequest, boolean z) {
        String header;
        try {
            String header2 = httpServletRequest.getHeader(REQUEST_NONCE);
            if (header2 == null || (header = httpServletRequest.getHeader(REQUEST_SIGNATURE)) == null) {
                return false;
            }
            return RequestSigner.getInstance().verify(new SignedRequestInfo(header, httpServletRequest.getHeader(REQUEST_TIMESTAMP), mimeDecode(httpServletRequest.getHeader(REQUEST_CLIENT_SERVER_NAME)), ManagementService.getRuntimeAccess(KERNEL_ID).getServerName(), header2), z);
        } catch (Exception e) {
            return false;
        }
    }

    private static String mimeDecode(String str) {
        String str2;
        try {
            str2 = MimeUtility.decodeText(str);
        } catch (UnsupportedEncodingException e) {
            str2 = str;
        }
        return str2;
    }

    private static String mimeEncode(String str) {
        String str2;
        try {
            str2 = MimeUtility.encodeText(str, "UTF-8", null);
        } catch (UnsupportedEncodingException e) {
            str2 = str;
        }
        return str2;
    }
}
