package weblogic.security.service;

import java.security.AccessController;
import java.util.ArrayList;
import weblogic.management.configuration.SecurityConfigurationMBean;
import weblogic.management.provider.ManagementService;
import weblogic.management.security.ProviderMBean;
import weblogic.management.security.RealmMBean;
import weblogic.management.security.authentication.AuthenticationProviderMBean;
import weblogic.management.security.authentication.AuthenticatorMBean;
import weblogic.management.security.authentication.GroupReaderMBean;
import weblogic.management.security.authentication.UserReaderMBean;
import weblogic.management.security.authorization.RoleListerMBean;
import weblogic.management.security.authorization.RoleMapperMBean;
import weblogic.security.SecurityLogger;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.spi.Resource;

/* loaded from: input_file:weblogic/security/service/DeploymentUtils.class */
public class DeploymentUtils implements DeploymentValidator {
    private boolean supportsUserExists = false;
    private boolean supportsGroupExists = false;
    private boolean supportsRoleExists = false;
    private boolean allSupportUserExists = true;
    private boolean allSupportGroupExists = true;
    private boolean allSupportRoleExists = true;
    private UserReaderMBean[] userReaderMBeans;
    private GroupReaderMBean[] groupReaderMBeans;
    private RoleListerMBean[] roleListerMBeans;
    private static final AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());

    public DeploymentUtils(String str, AuthenticatedSubject authenticatedSubject) {
        SecurityServiceManager.checkKernelIdentity(authenticatedSubject);
        initialize(str);
    }

    @Override // weblogic.security.service.DeploymentValidator
    public DeploymentValidationResult doesPrincipalExist(String str) {
        if (!this.supportsUserExists && !this.supportsGroupExists) {
            return DeploymentValidationResult.UNKNOWN;
        }
        DeploymentValidationResult doesUserExist = doesUserExist(str);
        return doesUserExist == DeploymentValidationResult.EXISTS ? doesUserExist : doesGroupExist(str);
    }

    @Override // weblogic.security.service.DeploymentValidator
    public DeploymentValidationResult doesRoleExist(String str, Resource resource) {
        if (!this.supportsRoleExists) {
            return DeploymentValidationResult.UNKNOWN;
        }
        String str2 = null;
        if (resource != null) {
            str2 = resource.toString();
        }
        return doesRoleExist(str, str2);
    }

    public DeploymentValidationResult doesUserExist(String str) {
        if (!this.supportsUserExists) {
            return DeploymentValidationResult.UNKNOWN;
        }
        for (int i = 0; i < this.userReaderMBeans.length; i++) {
            try {
                if (this.userReaderMBeans[i].userExists(str)) {
                    return DeploymentValidationResult.EXISTS;
                }
            } catch (Exception e) {
                logDeploymentValidationProblem("userExists() - " + e.toString());
                return DeploymentValidationResult.UNKNOWN;
            }
        }
        return !this.allSupportUserExists ? DeploymentValidationResult.UNKNOWN : DeploymentValidationResult.NOT_EXISTS;
    }

    public DeploymentValidationResult doesGroupExist(String str) {
        if (!this.supportsGroupExists) {
            return DeploymentValidationResult.UNKNOWN;
        }
        for (int i = 0; i < this.groupReaderMBeans.length; i++) {
            try {
                if (this.groupReaderMBeans[i].groupExists(str)) {
                    return DeploymentValidationResult.EXISTS;
                }
            } catch (Exception e) {
                logDeploymentValidationProblem("groupExists() - " + e.toString());
                return DeploymentValidationResult.UNKNOWN;
            }
        }
        return !this.allSupportGroupExists ? DeploymentValidationResult.UNKNOWN : DeploymentValidationResult.NOT_EXISTS;
    }

    public DeploymentValidationResult doesRoleExist(String str, String str2) {
        if (!this.supportsRoleExists) {
            return DeploymentValidationResult.UNKNOWN;
        }
        for (int i = 0; i < this.roleListerMBeans.length; i++) {
            try {
                if (this.roleListerMBeans[i].getRoleScopedByResource(str2, str) != null) {
                    return DeploymentValidationResult.EXISTS;
                }
            } catch (Exception e) {
                logDeploymentValidationProblem("getRoleScopedByResource() - " + e.toString());
                return DeploymentValidationResult.UNKNOWN;
            }
        }
        return !this.allSupportRoleExists ? DeploymentValidationResult.UNKNOWN : DeploymentValidationResult.NOT_EXISTS;
    }

    private void initialize(String str) {
        RealmMBean realm = getRealm(str);
        if (realm == null) {
            logDeploymentValidationProblem("No Realm Found");
            return;
        }
        AuthenticationProviderMBean[] authenticationProviders = realm.getAuthenticationProviders();
        if (authenticationProviders == null || authenticationProviders.length == 0) {
            logDeploymentValidationProblem("No Authentication Provider MBeans");
            return;
        }
        RoleMapperMBean[] roleMappers = realm.getRoleMappers();
        if (roleMappers == null || roleMappers.length == 0) {
            logDeploymentValidationProblem("No Role Mapping Provider MBeans");
            return;
        }
        ProviderMBean[] authenticators = getAuthenticators(authenticationProviders);
        if (authenticators == null || authenticators.length == 0) {
            logDeploymentValidationProblem("No Authenticator MBeans");
            return;
        }
        this.supportsUserExists = determineUserReader(authenticators);
        this.supportsGroupExists = determineGroupReader(authenticators);
        this.supportsRoleExists = determineRoleLister(roleMappers);
    }

    private RealmMBean getRealm(String str) {
        try {
            SecurityConfigurationMBean securityConfiguration = ManagementService.getRuntimeAccess(kernelId).getDomain().getSecurityConfiguration();
            return (str == null || str.length() == 0 || str.equals(SecurityServiceManager.getContextSensitiveRealmName())) ? securityConfiguration.getDefaultRealm() : securityConfiguration.lookupRealm(str);
        } catch (Exception e) {
            logDeploymentValidationProblem("Unable to obtain RealmMBean - " + e.toString());
            return null;
        }
    }

    private ProviderMBean[] getAuthenticators(ProviderMBean[] providerMBeanArr) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < providerMBeanArr.length; i++) {
            if (providerMBeanArr[i] instanceof AuthenticatorMBean) {
                arrayList.add(providerMBeanArr[i]);
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return (ProviderMBean[]) arrayList.toArray(new ProviderMBean[arrayList.size()]);
    }

    private boolean determineUserReader(ProviderMBean[] providerMBeanArr) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < providerMBeanArr.length; i++) {
            if (providerMBeanArr[i] instanceof UserReaderMBean) {
                arrayList.add(providerMBeanArr[i]);
            } else {
                this.allSupportUserExists = false;
            }
        }
        boolean z = !arrayList.isEmpty();
        if (z) {
            this.userReaderMBeans = (UserReaderMBean[]) arrayList.toArray(new UserReaderMBean[arrayList.size()]);
        }
        return z;
    }

    private boolean determineGroupReader(ProviderMBean[] providerMBeanArr) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < providerMBeanArr.length; i++) {
            if (providerMBeanArr[i] instanceof GroupReaderMBean) {
                arrayList.add(providerMBeanArr[i]);
            } else {
                this.allSupportGroupExists = false;
            }
        }
        boolean z = !arrayList.isEmpty();
        if (z) {
            this.groupReaderMBeans = (GroupReaderMBean[]) arrayList.toArray(new GroupReaderMBean[arrayList.size()]);
        }
        return z;
    }

    private boolean determineRoleLister(ProviderMBean[] providerMBeanArr) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < providerMBeanArr.length; i++) {
            if (providerMBeanArr[i] instanceof RoleListerMBean) {
                arrayList.add(providerMBeanArr[i]);
            } else {
                this.allSupportRoleExists = false;
            }
        }
        boolean z = !arrayList.isEmpty();
        if (z) {
            this.roleListerMBeans = (RoleListerMBean[]) arrayList.toArray(new RoleListerMBean[arrayList.size()]);
        }
        return z;
    }

    private void logDeploymentValidationProblem(String str) {
        SecurityLogger.logDeploymentValidationProblem(str);
    }
}
