package weblogic.connector.security;

import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.login.LoginException;
import weblogic.connector.common.Debug;
import weblogic.security.SimpleCallbackHandler;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.SecurityManager;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.service.SupplementalPolicyObject;

/* loaded from: input_file:weblogic/connector/security/WLSSecurityHelper.class */
public class WLSSecurityHelper implements SecurityHelper {
    @Override // weblogic.connector.security.SecurityHelper
    public AuthenticatedSubject getCurrentSubject(AuthenticatedSubject authenticatedSubject) {
        return SecurityServiceManager.getCurrentSubject(authenticatedSubject);
    }

    @Override // weblogic.connector.security.SecurityHelper
    public void pushSubject(AuthenticatedSubject authenticatedSubject, AuthenticatedSubject authenticatedSubject2) {
        SecurityManager.pushSubject(authenticatedSubject, authenticatedSubject2);
    }

    @Override // weblogic.connector.security.SecurityHelper
    public void popSubject(AuthenticatedSubject authenticatedSubject) {
        SecurityManager.popSubject(authenticatedSubject);
    }

    @Override // weblogic.connector.security.SecurityHelper
    public AuthenticatedSubject getAuthenticatedSubject(final String str, AuthenticatedSubject authenticatedSubject) throws LoginException {
        final PrincipalAuthenticator principalAuthenticator = getPrincipalAuthenticator(authenticatedSubject);
        try {
            AuthenticatedSubject authenticatedSubject2 = (AuthenticatedSubject) AccessController.doPrivileged(new PrivilegedExceptionAction<AuthenticatedSubject>() { // from class: weblogic.connector.security.WLSSecurityHelper.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public AuthenticatedSubject run() throws Exception {
                    return principalAuthenticator.impersonateIdentity(str);
                }
            });
            if (Debug.isWorkEnabled()) {
                Debug.work("get AuthenticatedSubject ok for " + str + " to subject " + authenticatedSubject2);
            }
            return authenticatedSubject2;
        } catch (PrivilegedActionException e) {
            LoginException loginException = new LoginException("Failed to get AuthenticatedSubject for " + str);
            loginException.initCause(e);
            throw loginException;
        }
    }

    @Override // weblogic.connector.security.SecurityHelper
    public AuthenticatedSubject getAnonymousSubject() {
        return SubjectUtils.getAnonymousSubject();
    }

    @Override // weblogic.connector.security.SecurityHelper
    public boolean isUserAnAdministrator(AuthenticatedSubject authenticatedSubject) {
        return SubjectUtils.isUserAnAdministrator(authenticatedSubject);
    }

    @Override // weblogic.connector.security.SecurityHelper
    public boolean isUserAnonymous(AuthenticatedSubject authenticatedSubject) {
        return SubjectUtils.isUserAnonymous(authenticatedSubject);
    }

    @Override // weblogic.connector.security.SecurityHelper
    public boolean isKernelIdentity(AuthenticatedSubject authenticatedSubject) {
        return SecurityServiceManager.isKernelIdentity(authenticatedSubject);
    }

    @Override // weblogic.connector.security.SecurityHelper
    public boolean isAdminPrivilegeEscalation(AuthenticatedSubject authenticatedSubject, AuthenticatedSubject authenticatedSubject2) {
        return SubjectUtils.isAdminPrivilegeEscalation(authenticatedSubject, authenticatedSubject2);
    }

    @Override // weblogic.connector.security.SecurityHelper
    public AuthenticatedSubject authenticate(String str, char[] cArr, AuthenticatedSubject authenticatedSubject) {
        final SimpleCallbackHandler simpleCallbackHandler = new SimpleCallbackHandler(str, new String(cArr));
        final PrincipalAuthenticator principalAuthenticator = getPrincipalAuthenticator(authenticatedSubject);
        try {
            AuthenticatedSubject authenticatedSubject2 = (AuthenticatedSubject) AccessController.doPrivileged(new PrivilegedExceptionAction<AuthenticatedSubject>() { // from class: weblogic.connector.security.WLSSecurityHelper.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public AuthenticatedSubject run() throws Exception {
                    return principalAuthenticator.authenticate(simpleCallbackHandler);
                }
            });
            if (Debug.isWorkEnabled()) {
                Debug.work("authenticate ok for username " + str + " to subject " + authenticatedSubject2);
            }
            return authenticatedSubject2;
        } catch (Throwable th) {
            if (!Debug.isWorkEnabled()) {
                return null;
            }
            Debug.work("validation failed for username " + str, th);
            return null;
        }
    }

    @Override // weblogic.connector.security.SecurityHelper
    public Object runAs(AuthenticatedSubject authenticatedSubject, AuthenticatedSubject authenticatedSubject2, PrivilegedAction<?> privilegedAction) {
        return SecurityServiceManager.runAs(authenticatedSubject, authenticatedSubject2, privilegedAction);
    }

    @Override // weblogic.connector.security.SecurityHelper
    public Object runAs(AuthenticatedSubject authenticatedSubject, AuthenticatedSubject authenticatedSubject2, PrivilegedExceptionAction<?> privilegedExceptionAction) throws PrivilegedActionException {
        return SecurityServiceManager.runAs(authenticatedSubject, authenticatedSubject2, privilegedExceptionAction);
    }

    @Override // weblogic.connector.security.SecurityHelper
    public void setPoliciesFromGrantStatement(AuthenticatedSubject authenticatedSubject, URL url, String str) {
        SupplementalPolicyObject.setPoliciesFromGrantStatement(authenticatedSubject, url, str, "CONNECTOR");
    }

    @Override // weblogic.connector.security.SecurityHelper
    public void removePolicies(AuthenticatedSubject authenticatedSubject, URL url) {
        SupplementalPolicyObject.removePolicies(authenticatedSubject, url);
    }

    private PrincipalAuthenticator getPrincipalAuthenticator(AuthenticatedSubject authenticatedSubject) {
        return (PrincipalAuthenticator) SecurityServiceManager.getSecurityService(authenticatedSubject, SecurityServiceManager.defaultRealmName, SecurityService.ServiceType.AUTHENTICATION);
    }
}
