package weblogic.iiop;

import java.security.AccessController;
import java.util.ArrayList;
import weblogic.iiop.ior.ASContextSec;
import weblogic.iiop.ior.CompoundSecMech;
import weblogic.iiop.ior.CompoundSecMechList;
import weblogic.iiop.ior.RequirementType;
import weblogic.iiop.ior.SASContextSec;
import weblogic.iiop.ior.TLSSecTransComponent;
import weblogic.iiop.protocol.ListenPoint;
import weblogic.kernel.Kernel;
import weblogic.protocol.ServerChannel;
import weblogic.protocol.ServerIdentity;
import weblogic.rmi.facades.RmiSecurityFacade;
import weblogic.rmi.internal.RuntimeDescriptor;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;

/* loaded from: input_file:weblogic/iiop/CompoundSecMechListBuilder.class */
public class CompoundSecMechListBuilder {
    private static final AuthenticatedSubject KERNEL_ID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());

    public static CompoundSecMechList createCompoundSecMechList(String str, ServerIdentity serverIdentity, RuntimeDescriptor runtimeDescriptor) {
        return new CompoundSecMechList(useStatefulAuthentication(runtimeDescriptor), createCompSecMechs(str, serverIdentity, runtimeDescriptor));
    }

    private static boolean useStatefulAuthentication(RuntimeDescriptor runtimeDescriptor) {
        return runtimeDescriptor != null ? runtimeDescriptor.getStatefulAuthentication() : useStatefulAuthenticationForIiop();
    }

    private static boolean useStatefulAuthenticationForIiop() {
        return Kernel.getConfig().getIIOP().getUseStatefulAuthentication();
    }

    private static CompoundSecMech[] createCompSecMechs(String str, ServerIdentity serverIdentity, RuntimeDescriptor runtimeDescriptor) {
        ArrayList arrayList = new ArrayList();
        if (!isPlainPortDisabled(runtimeDescriptor)) {
            arrayList.add(createPlainPortSecurityMechanism(runtimeDescriptor));
        }
        if (isSslEnabled(runtimeDescriptor)) {
            arrayList.add(createSslSecurityMechanism(str, serverIdentity, runtimeDescriptor));
        }
        return (CompoundSecMech[]) arrayList.toArray(new CompoundSecMech[arrayList.size()]);
    }

    private static boolean isPlainPortDisabled(RuntimeDescriptor runtimeDescriptor) {
        return runtimeDescriptor != null && "required".equals(runtimeDescriptor.getIntegrity());
    }

    private static boolean isSslEnabled(RuntimeDescriptor runtimeDescriptor) {
        return !sslDisabledForInstance(runtimeDescriptor) && IiopConfigurationFacade.isSslChannelEnabled();
    }

    private static boolean sslDisabledForInstance(RuntimeDescriptor runtimeDescriptor) {
        return runtimeDescriptor != null && "none".equals(runtimeDescriptor.getIntegrity());
    }

    private static CompoundSecMech createSslSecurityMechanism(String str, ServerIdentity serverIdentity, RuntimeDescriptor runtimeDescriptor) {
        CompoundSecMech createPlainPortSecurityMechanism = createPlainPortSecurityMechanism(runtimeDescriptor);
        createPlainPortSecurityMechanism.addTransportMech(createTLSSecTransComponent(str, serverIdentity, runtimeDescriptor), isPlainPortDisabled(runtimeDescriptor));
        return createPlainPortSecurityMechanism;
    }

    private static CompoundSecMech createPlainPortSecurityMechanism(RuntimeDescriptor runtimeDescriptor) {
        return new CompoundSecMech(createASContextSec(getAuthenticationRequirement(runtimeDescriptor)), createSASContextSec(getIdentityAssertionRequirement(runtimeDescriptor)));
    }

    private static RequirementType getAuthenticationRequirement(RuntimeDescriptor runtimeDescriptor) {
        String clientAuthenticationSetting = getClientAuthenticationSetting(runtimeDescriptor);
        return "none".equals(clientAuthenticationSetting) ? RequirementType.NONE : "required".equals(clientAuthenticationSetting) ? RequirementType.REQUIRED : RequirementType.SUPPORTED;
    }

    private static String getClientAuthenticationSetting(RuntimeDescriptor runtimeDescriptor) {
        if (runtimeDescriptor == null) {
            return null;
        }
        return runtimeDescriptor.getClientAuthentication();
    }

    private static RequirementType getIdentityAssertionRequirement(RuntimeDescriptor runtimeDescriptor) {
        return "none".equals(getIdentityAssertionSetting(runtimeDescriptor)) ? RequirementType.NONE : RequirementType.SUPPORTED;
    }

    private static String getIdentityAssertionSetting(RuntimeDescriptor runtimeDescriptor) {
        if (runtimeDescriptor == null) {
            return null;
        }
        return runtimeDescriptor.getIdentityAssertion();
    }

    static ASContextSec createASContextSec(RequirementType requirementType) {
        return new ASContextSec(requirementType, RmiSecurityFacade.getSecurityRealmName(KERNEL_ID));
    }

    static SASContextSec createSASContextSec(RequirementType requirementType) {
        return new SASContextSec(requirementType, getSupportedIdentityTypes());
    }

    private static int getSupportedIdentityTypes() {
        int i = 0;
        PrincipalAuthenticator principalAuthenticator = RmiSecurityFacade.getPrincipalAuthenticator(KERNEL_ID, RmiSecurityFacade.getDefaultRealm());
        if (principalAuthenticator.isTokenTypeSupported("CSI.ITTAnonymous")) {
            i = 0 | 1;
        }
        if (principalAuthenticator.isTokenTypeSupported("CSI.PrincipalName")) {
            i |= 2;
        }
        if (principalAuthenticator.isTokenTypeSupported("CSI.X509CertChain")) {
            i |= 4;
        }
        if (principalAuthenticator.isTokenTypeSupported("CSI.DistinguishedName")) {
            i |= 8;
        }
        return i;
    }

    static TLSSecTransComponent createTLSSecTransComponent(String str, ServerIdentity serverIdentity, RuntimeDescriptor runtimeDescriptor) {
        return new TLSSecTransComponent(createTLSListenPoint(str, IiopConfigurationFacade.getLocalServerChannel(ProtocolHandlerIIOPS.PROTOCOL_IIOPS)), serverIdentity, getCertificateAuthenticationType(runtimeDescriptor, IiopConfigurationFacade.getLocalServerChannel(ProtocolHandlerIIOPS.PROTOCOL_IIOPS)), isConfidentialityRequired(runtimeDescriptor), getCipherSuiteNames());
    }

    private static String[] getCipherSuiteNames() {
        ServerChannel localServerChannel = IiopConfigurationFacade.getLocalServerChannel(ProtocolHandlerIIOPS.PROTOCOL_IIOPS);
        return localServerChannel != null ? localServerChannel.getCiphersuites() : IiopConfigurationFacade.getCipherSuites();
    }

    private static boolean isConfidentialityRequired(RuntimeDescriptor runtimeDescriptor) {
        return runtimeDescriptor != null && "required".equals(runtimeDescriptor.getConfidentiality());
    }

    private static RequirementType getCertificateAuthenticationType(RuntimeDescriptor runtimeDescriptor, ServerChannel serverChannel) {
        RequirementType requirementType = RequirementType.NONE;
        if (serverChannel == null ? IiopConfigurationFacade.isClientCertificateEnforced() : serverChannel.isClientCertificateEnforced()) {
            requirementType = RequirementType.REQUIRED;
        }
        if (runtimeDescriptor != null) {
            String clientCertAuthentication = runtimeDescriptor.getClientCertAuthentication();
            if ("supported".equals(clientCertAuthentication)) {
                requirementType = RequirementType.SUPPORTED;
            } else if ("required".equals(clientCertAuthentication)) {
                requirementType = RequirementType.REQUIRED;
            }
        }
        return requirementType;
    }

    private static ListenPoint createTLSListenPoint(String str, ServerChannel serverChannel) {
        return str == null ? createListenPoint(serverChannel.getPublicAddress(), serverChannel.getPublicPort()) : serverChannel == null ? createListenPoint(str, IiopConfigurationFacade.getSslListenPort()) : createListenPoint(str, serverChannel.getPublicPort());
    }

    private static ListenPoint createListenPoint(String str, int i) {
        return new ListenPoint(str, i);
    }

    static CompoundSecMech createCompoundSecMech(boolean z, String str, ServerIdentity serverIdentity, RuntimeDescriptor runtimeDescriptor) {
        CompoundSecMech createPlainPortSecurityMechanism = createPlainPortSecurityMechanism(runtimeDescriptor);
        if (z) {
            createPlainPortSecurityMechanism.addTransportMech(createTLSSecTransComponent(str, serverIdentity, runtimeDescriptor), isPlainPortDisabled(runtimeDescriptor));
        }
        return createPlainPortSecurityMechanism;
    }
}
