package weblogic.common.internal;

import java.rmi.RemoteException;
import java.security.AccessController;
import java.security.cert.X509Certificate;
import javax.security.auth.login.LoginException;
import weblogic.invocation.ComponentInvocationContextManager;
import weblogic.protocol.ChannelHelperBase;
import weblogic.protocol.ServerChannel;
import weblogic.rmi.spi.InboundRequest;
import weblogic.security.SimpleCallbackHandler;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.DefaultUserInfoImpl;
import weblogic.security.acl.SecurityService;
import weblogic.security.acl.UserInfo;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.acl.internal.AuthenticatedUser;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.utils.Debug;

/* loaded from: input_file:weblogic/common/internal/RMIBootServiceImpl.class */
public final class RMIBootServiceImpl implements SecurityService {
    private static boolean turnOffIA;
    private static boolean propogatePE;
    private static final AuthenticatedSubject kernelId;

    @Override // weblogic.security.acl.SecurityService
    public AuthenticatedUser authenticate(UserInfo userInfo) throws RemoteException {
        throw new AssertionError("authenticate()");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v59, types: [weblogic.security.acl.internal.AuthenticatedUser] */
    public AuthenticatedUser authenticate(UserInfo userInfo, InboundRequest inboundRequest) throws RemoteException {
        AuthenticatedSubject authenticatedSubject;
        Debug.assertion(inboundRequest != null, "Request cannot be null");
        if (inboundRequest == null) {
            throw new RemoteException("Request cannot be null");
        }
        ServerChannel serverChannel = inboundRequest.getServerChannel();
        AuthenticatedSubject authenticatedSubject2 = null;
        X509Certificate[] certificateChain = inboundRequest.getCertificateChain();
        if (userInfo instanceof AuthenticatedUser) {
            authenticatedSubject = (AuthenticatedUser) userInfo;
        } else {
            String realmName = SecurityServiceManager.getRealmName(ComponentInvocationContextManager.getInstance().getCurrentComponentInvocationContext().getPartitionName());
            if (realmName == null) {
                realmName = SecurityServiceManager.defaultRealmName;
            }
            PrincipalAuthenticator principalAuthenticator = (PrincipalAuthenticator) SecurityServiceManager.getSecurityService(kernelId, realmName, SecurityService.ServiceType.AUTHENTICATION);
            Debug.assertion(principalAuthenticator != null, "Security system not initialized");
            if (turnOffIA && certificateChain != null) {
                return SecurityServiceManager.getCurrentSubject(kernelId);
            }
            if (certificateChain != null) {
                try {
                    authenticatedSubject2 = principalAuthenticator.assertIdentity("X.509", certificateChain, inboundRequest.getContextHandler());
                } catch (LoginException e) {
                }
            }
            if (authenticatedSubject2 == null) {
                if (!(userInfo instanceof DefaultUserInfoImpl)) {
                    SecurityException securityException = new SecurityException("Received bad UserInfo: " + userInfo.getClass().getName());
                    throw new RemoteException(securityException.getMessage(), securityException);
                }
                DefaultUserInfoImpl defaultUserInfoImpl = (DefaultUserInfoImpl) userInfo;
                String name = defaultUserInfoImpl.getName();
                String password = defaultUserInfoImpl.getPassword();
                if (name == null || name.length() == 0) {
                    return SubjectUtils.getAnonymousSubject();
                }
                try {
                    authenticatedSubject2 = principalAuthenticator.authenticate(new SimpleCallbackHandler(name, password), inboundRequest.getContextHandler());
                } catch (LoginException e2) {
                    SecurityException securityException2 = new SecurityException("User failed to be authenticated.");
                    throw new RemoteException(securityException2.getMessage(), securityException2);
                }
            }
            checkAdminPort(authenticatedSubject2, ChannelHelperBase.isAdminChannel(serverChannel));
            authenticatedSubject = authenticatedSubject2;
        }
        setQOS(authenticatedSubject, serverChannel);
        return authenticatedSubject;
    }

    private void checkAdminPort(AuthenticatedSubject authenticatedSubject, boolean z) throws RemoteException {
        if (ChannelHelperBase.isLocalAdminChannelEnabled() && SubjectUtils.isUserAnAdministrator(authenticatedSubject) && !z) {
            SecurityException securityException = new SecurityException("User '" + authenticatedSubject + "' has administration role. All tasks by administrators must go through an Administration Port.");
            throw new RemoteException(securityException.getMessage(), securityException);
        }
    }

    private static void setQOS(AuthenticatedUser authenticatedUser, ServerChannel serverChannel) {
        if (ChannelHelperBase.isLocalAdminChannelEnabled() && (authenticatedUser instanceof AuthenticatedSubject) && SubjectUtils.isUserAnAdministrator((AuthenticatedSubject) authenticatedUser) && ChannelHelperBase.isAdminChannel(serverChannel)) {
            authenticatedUser.setQOS((byte) 103);
        } else {
            authenticatedUser.setQOS(serverChannel.getProtocol().getQOS());
        }
    }

    static {
        try {
            turnOffIA = Boolean.getBoolean("weblogic.security.disableIdentityAssertion");
            propogatePE = Boolean.getBoolean("weblogic.security.propogateProviderException");
        } catch (SecurityException e) {
        }
        kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    }
}
