package weblogic.servlet.security;

import com.bea.httppubsub.bayeux.BayeuxConstants;
import java.security.AccessController;
import java.security.Principal;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.servlet.Filter;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import weblogic.management.DeploymentException;
import weblogic.management.configuration.AppDeploymentMBean;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.jacc.PolicyContextHandlerData;
import weblogic.security.service.AuthorizationManager;
import weblogic.security.service.AuthorizationManagerDeployHandle;
import weblogic.security.service.DeployHandleCreationException;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.ResourceCreationException;
import weblogic.security.service.ResourceRemovalException;
import weblogic.security.service.RoleCreationException;
import weblogic.security.service.RoleManager;
import weblogic.security.service.RoleManagerDeployHandle;
import weblogic.security.service.RoleRemovalException;
import weblogic.security.service.SecurityApplicationInfo;
import weblogic.security.service.SecurityApplicationInfoImpl;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.service.URLResource;
import weblogic.security.spi.ApplicationInfo;
import weblogic.security.utils.ResourceIDDContextWrapper;
import weblogic.servlet.provider.WlsSubjectHandle;
import weblogic.servlet.security.css.CSSServletCallbackHandler;
import weblogic.servlet.security.internal.ServletCallbackHandler;
import weblogic.servlet.security.internal.ServletSecurityServices;
import weblogic.servlet.security.internal.WebAppContextHandler;
import weblogic.servlet.security.internal.WebAppContextHandlerData;
import weblogic.servlet.spi.SubjectHandle;

/* loaded from: input_file:weblogic/servlet/security/CSSServletSecurityServices.class */
public class CSSServletSecurityServices implements ServletSecurityServices {
    private static final AuthenticatedSubject KERNEL_ID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());

    /* loaded from: input_file:weblogic/servlet/security/CSSServletSecurityServices$CSSApplicationServices.class */
    public class CSSApplicationServices implements ServletSecurityServices.ApplicationServices {
        private PrincipalAuthenticator pa;
        private AuthorizationManager authManager;
        private RoleManager roleManager;
        private RoleManagerDeployHandle roleMgrHandle;
        private AuthorizationManagerDeployHandle authMgrHandle;
        private SecurityApplicationInfo secureAppInfo;
        private String realmName;

        private CSSApplicationServices(String str, AppDeploymentMBean appDeploymentMBean, String str2) {
            this.realmName = str;
            this.secureAppInfo = new SecurityApplicationInfoImpl(appDeploymentMBean, ApplicationInfo.ComponentType.WEBAPP, str2);
            this.pa = (PrincipalAuthenticator) getService(str, SecurityService.ServiceType.AUTHENTICATION);
            this.authManager = (AuthorizationManager) getService(str, SecurityService.ServiceType.AUTHORIZE);
            this.roleManager = (RoleManager) getService(str, SecurityService.ServiceType.ROLE);
        }

        private SecurityService getService(String str, SecurityService.ServiceType serviceType) {
            return SecurityServiceManager.getSecurityService(CSSServletSecurityServices.KERNEL_ID, str, serviceType);
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public int getRoleMappingBehavior() {
            return SecurityServiceManager.getRoleMappingBehavior(this.realmName, this.secureAppInfo);
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public String getSecurityModelType() {
            return this.secureAppInfo.getSecurityDDModel();
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public boolean isFullDelegation() {
            return SecurityServiceManager.isFullAuthorizationDelegationRequired(this.realmName, this.secureAppInfo);
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public void destroyServletAuthenticationFilters(Filter[] filterArr) {
            this.pa.destroyServletAuthenticationFilters(filterArr);
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public Filter[] getServletAuthenticationFilters(ServletContext servletContext) throws DeploymentException {
            try {
                return this.pa.getServletAuthenticationFilters(servletContext);
            } catch (ServletException e) {
                throw new DeploymentException(e);
            }
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public Map getAssertionsEncodingMap() {
            return this.pa.getAssertionsEncodingMap();
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public Map[] getAssertionsEncodingPrecedence() {
            return this.pa.getAssertionsEncodingPrecedence();
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public boolean doesTokenTypeRequireBase64Decoding(String str) {
            return this.pa.doesTokenTypeRequireBase64Decoding(str);
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public boolean doesTokenRequireBase64Decoding(Object obj) {
            return this.pa.doesTokenRequireBase64Decoding(obj);
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public void startDeployment() throws DeploymentException {
            try {
                this.authMgrHandle = this.authManager.startDeployPolicies(this.secureAppInfo);
                this.roleMgrHandle = this.roleManager.startDeployRoles(this.secureAppInfo);
            } catch (DeployHandleCreationException e) {
                throw new DeploymentException(e);
            }
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public void endRoleAndPolicyDeployments() throws DeploymentException {
            try {
                this.authManager.endDeployPolicies(this.authMgrHandle);
                this.roleManager.endDeployRoles(this.roleMgrHandle);
            } catch (ResourceCreationException e) {
                throw new DeploymentException(e);
            } catch (RoleCreationException e2) {
                throw new DeploymentException(e2);
            }
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public void deployRole(String str, String[] strArr, String str2, String str3) throws DeploymentException {
            try {
                this.roleManager.deployRole(this.roleMgrHandle, new URLResource(str2, str3, SecurityServiceManager.getEnforceStrictURLPattern() ? "/" : BayeuxConstants.SINGLE_WILD, (String) null, (String) null), str, strArr);
            } catch (RoleCreationException e) {
                throw new DeploymentException(e);
            }
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public void undeployAllPolicies() throws DeploymentException {
            if (this.authMgrHandle == null) {
                return;
            }
            try {
                this.authManager.undeployAllPolicies(this.authMgrHandle);
            } catch (ResourceRemovalException e) {
                throw new DeploymentException(e);
            }
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public void undeployAllRoles() throws DeploymentException {
            if (this.roleMgrHandle == null) {
                return;
            }
            try {
                this.roleManager.undeployAllRoles(this.roleMgrHandle);
            } catch (RoleRemovalException e) {
                throw new DeploymentException(e);
            }
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public boolean isSubjectInRole(String str, SubjectHandle subjectHandle, String str2, String str3, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            URLResource uRLResource = new URLResource(str2, str3, SecurityServiceManager.getEnforceStrictURLPattern() ? "/" : BayeuxConstants.SINGLE_WILD, (String) null, (String) null);
            AuthenticatedSubject authSubject = CSSServletSecurityServices.toAuthSubject(subjectHandle);
            Map roles = this.roleManager.getRoles(authSubject, uRLResource, new ResourceIDDContextWrapper(new WebAppContextHandler(httpServletRequest, httpServletResponse)));
            return roles != null && SecurityServiceManager.isUserInRole(authSubject, str, roles);
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public boolean hasPermission(String str, String str2, String str3, String str4, SubjectHandle subjectHandle, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            return this.authManager.isAccessAllowed(CSSServletSecurityServices.toAuthSubject(subjectHandle), new URLResource(str3, str4, str2, str, (String) null), new ResourceIDDContextWrapper(new WebAppContextHandler(httpServletRequest, httpServletResponse)));
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public void deployUncheckedPolicy(String str, String str2, String str3, String str4) throws DeploymentException {
            try {
                this.authManager.deployUncheckedPolicy(this.authMgrHandle, new URLResource(str3, str4, str, str2, (String) null));
            } catch (ResourceCreationException e) {
                throw new DeploymentException(e);
            }
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public void deployExcludedPolicy(String str, String str2, String str3, String str4) throws DeploymentException {
            try {
                this.authManager.deployExcludedPolicy(this.authMgrHandle, new URLResource(str3, str4, str, str2, (String) null));
            } catch (ResourceCreationException e) {
                throw new DeploymentException(e);
            }
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public void deployPolicy(String str, String str2, String[] strArr, String str3, String str4) throws DeploymentException {
            try {
                this.authManager.deployPolicy(this.authMgrHandle, new URLResource(str3, str4, str, str2, (String) null), strArr);
            } catch (ResourceCreationException e) {
                throw new DeploymentException(e);
            }
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public SubjectHandle assertIdentity(String str, Object obj, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws LoginException {
            return new WlsSubjectHandle(this.pa.assertIdentity(str, obj, new WebAppContextHandler(httpServletRequest, httpServletResponse)));
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public SubjectHandle authenticate(CallbackHandler callbackHandler, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws LoginException {
            return new WlsSubjectHandle(this.pa.authenticate(callbackHandler, new WebAppContextHandler(httpServletRequest, httpServletResponse)));
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public SubjectHandle authenticate(CallbackHandler callbackHandler) throws LoginException {
            return new WlsSubjectHandle(this.pa.authenticate(callbackHandler));
        }

        @Override // weblogic.servlet.security.internal.ServletSecurityServices.ApplicationServices
        public SubjectHandle impersonateIdentity(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws LoginException {
            return new WlsSubjectHandle(this.pa.impersonateIdentity(str, new WebAppContextHandler(httpServletRequest, httpServletResponse)));
        }
    }

    @Override // weblogic.servlet.security.internal.ServletSecurityServices
    public ServletSecurityServices.ApplicationServices createApplicationSecurity(String str, AppDeploymentMBean appDeploymentMBean, String str2) {
        SecurityServiceManager.checkKernelPermission();
        return new CSSApplicationServices(str, appDeploymentMBean, str2);
    }

    @Override // weblogic.servlet.security.internal.ServletSecurityServices
    public String getDefaultRealmName() {
        return SecurityServiceManager.getDefaultRealmName();
    }

    @Override // weblogic.servlet.security.internal.ServletSecurityServices
    public boolean isCompatibilitySecMode(int i) {
        return i == 0;
    }

    @Override // weblogic.servlet.security.internal.ServletSecurityServices
    public boolean isApplicationSecMode(int i) {
        return i == 1;
    }

    @Override // weblogic.servlet.security.internal.ServletSecurityServices
    public boolean isExternallyDefinedSecMode(int i) {
        return i == 2;
    }

    @Override // weblogic.servlet.security.internal.ServletSecurityServices
    public boolean isJACCEnabled() {
        return SecurityServiceManager.isJACCEnabled();
    }

    @Override // weblogic.servlet.security.internal.ServletSecurityServices
    public void addToPrivateCredentials(SubjectHandle subjectHandle, Object obj) {
        addToPrivateCredentials(toAuthSubject(subjectHandle), obj);
    }

    private static void addToPrivateCredentials(AuthenticatedSubject authenticatedSubject, Object obj) {
        SecurityServiceManager.checkKernelPermission();
        authenticatedSubject.getPrivateCredentials(KERNEL_ID).add(obj);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static AuthenticatedSubject toAuthSubject(SubjectHandle subjectHandle) {
        return ((WlsSubjectHandle) subjectHandle).getAuthSubject();
    }

    @Override // weblogic.servlet.security.internal.ServletSecurityServices
    public Subject toSubject(SubjectHandle subjectHandle) {
        return toAuthSubject(subjectHandle).getSubject();
    }

    @Override // weblogic.servlet.security.internal.ServletSecurityServices
    public SubjectHandle toSubjectHandle(Subject subject) {
        return new WlsSubjectHandle(AuthenticatedSubject.getFromSubject(subject));
    }

    @Override // weblogic.servlet.security.internal.ServletSecurityServices
    public ServletCallbackHandler createCallbackHandler(String str, Object obj, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return new CSSServletCallbackHandler(str, obj, httpServletRequest, httpServletResponse);
    }

    @Override // weblogic.servlet.security.internal.ServletSecurityServices
    public PolicyContextHandlerData createContextHandlerData(HttpServletRequest httpServletRequest) {
        return new WebAppContextHandlerData(httpServletRequest);
    }

    @Override // weblogic.servlet.security.internal.ServletSecurityServices
    public Principal[] getPrincipals(SubjectHandle subjectHandle) {
        Principal[] principalArr;
        if (subjectHandle == null) {
            return new Principal[0];
        }
        AuthenticatedSubject authSubject = ((WlsSubjectHandle) subjectHandle).getAuthSubject();
        if (authSubject != null) {
            principalArr = new Principal[authSubject.getPrincipals().size()];
            authSubject.getPrincipals().toArray(principalArr);
        } else {
            principalArr = new Principal[0];
        }
        return principalArr;
    }
}
