package weblogic.iiop.csi;

import java.security.AccessController;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import weblogic.corba.cos.security.GSSUtil;
import weblogic.iiop.Connection;
import weblogic.iiop.contexts.EstablishContext;
import weblogic.iiop.contexts.SASServiceContext;
import weblogic.iiop.contexts.ServiceContext;
import weblogic.iiop.contexts.VendorInfoSecurity;
import weblogic.iiop.ior.CompoundSecMechList;
import weblogic.kernel.Kernel;
import weblogic.rmi.client.facades.RmiClientSecurityFacade;
import weblogic.security.acl.UserInfo;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.auth.login.PasswordCredential;
import weblogic.security.service.PrivilegedActions;

/* loaded from: input_file:weblogic/iiop/csi/ClientSecurity.class */
public class ClientSecurity {
    private static final AuthenticatedSubject KERNEL_ID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private Connection connection;
    private long nextClientContextId = 0;
    private final Map<Long, Key> statefulClientContextIdTable = new HashMap();
    private final Map<Key, ClientSecurityContext> statefulClientContextTable = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/iiop/csi/ClientSecurity$Key.class */
    public static class Key {
        private static final byte[] EMPTY_TARGET = new byte[0];
        private AuthenticatedSubject subject;
        private byte[] target;

        /* JADX INFO: Access modifiers changed from: private */
        public static Key create(CompoundSecMechList compoundSecMechList, AuthenticatedSubject authenticatedSubject) {
            return new Key(authenticatedSubject, compoundSecMechList == null ? EMPTY_TARGET : compoundSecMechList.getGSSUPTarget());
        }

        private Key(AuthenticatedSubject authenticatedSubject, byte[] bArr) {
            this.subject = authenticatedSubject;
            this.target = bArr;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            Key key = (Key) obj;
            return this.subject.equals(key.subject) && Arrays.equals(this.target, key.target);
        }

        public int hashCode() {
            return (31 * this.subject.hashCode()) + Arrays.hashCode(this.target);
        }
    }

    public ClientSecurity(Connection connection) {
        this.connection = connection;
    }

    public void handleSASReply(SASServiceContext sASServiceContext) {
        if (sASServiceContext.shouldEstablishContext()) {
            establishSASClientContext(sASServiceContext.getClientContextId());
        } else if (sASServiceContext.shouldDiscardContext()) {
            removeSASClientContext(sASServiceContext.getClientContextId());
        }
    }

    public ServiceContext getServiceContext(AuthenticatedSubject authenticatedSubject, CompoundSecMechList compoundSecMechList) {
        ClientSecurityContext clientContext = getClientContext(compoundSecMechList, authenticatedSubject);
        if (useExistingContext(clientContext, compoundSecMechList, authenticatedSubject)) {
            return clientContext.getServiceContext();
        }
        if (supportsCSIv2(compoundSecMechList) && canSendViaCSIv2(authenticatedSubject)) {
            return createCSIv2Context(compoundSecMechList, authenticatedSubject);
        }
        if (Kernel.isServer()) {
            return createWlsProprietaryContext(authenticatedSubject);
        }
        return null;
    }

    private boolean useExistingContext(ClientSecurityContext clientSecurityContext, CompoundSecMechList compoundSecMechList, AuthenticatedSubject authenticatedSubject) {
        return !needToCreateNewContext(clientSecurityContext, compoundSecMechList, authenticatedSubject);
    }

    private boolean needToCreateNewContext(ClientSecurityContext clientSecurityContext, CompoundSecMechList compoundSecMechList, AuthenticatedSubject authenticatedSubject) {
        return clientSecurityContext == null || newCredentialsAvailable(clientSecurityContext, authenticatedSubject) || canReplaceProprietaryCredentials(clientSecurityContext, compoundSecMechList);
    }

    private long getClientContextId(CompoundSecMechList compoundSecMechList) {
        if (compoundSecMechList.isGSSUPTargetStateful()) {
            return getNextClientContextId();
        }
        return 0L;
    }

    private String getTargetName(CompoundSecMechList compoundSecMechList) {
        if (compoundSecMechList.hasGSSUP()) {
            return GSSUtil.extractGSSUPGSSNTExportedName(compoundSecMechList.getGSSUPTarget());
        }
        return null;
    }

    private PasswordCredential getPasswordCredential(AuthenticatedSubject authenticatedSubject) {
        if (authenticatedSubject == null || RmiClientSecurityFacade.isSubjectAnonymous(authenticatedSubject)) {
            return null;
        }
        PasswordCredential passwordCredential = null;
        Iterator it = authenticatedSubject.getPrivateCredentials(KERNEL_ID, PasswordCredential.class).iterator();
        if (it.hasNext()) {
            passwordCredential = (PasswordCredential) it.next();
        }
        if (Kernel.isServer() && authenticatedSubject.getPrincipals(UserInfo.class).size() <= 0) {
            return getMappedCredential(authenticatedSubject, passwordCredential);
        }
        return passwordCredential;
    }

    protected PasswordCredential getMappedCredential(AuthenticatedSubject authenticatedSubject, PasswordCredential passwordCredential) {
        return passwordCredential;
    }

    private boolean newCredentialsAvailable(ClientSecurityContext clientSecurityContext, AuthenticatedSubject authenticatedSubject) {
        return isProprietarySecuritySupported() && clientSecurityContext.needCredentials() && hasPassword(authenticatedSubject);
    }

    private static boolean canReplaceProprietaryCredentials(ClientSecurityContext clientSecurityContext, CompoundSecMechList compoundSecMechList) {
        return supportsCSIv2(compoundSecMechList) && (clientSecurityContext.getServiceContext() instanceof VendorInfoSecurity);
    }

    private static boolean supportsCSIv2(CompoundSecMechList compoundSecMechList) {
        return compoundSecMechList != null && compoundSecMechList.useSAS();
    }

    private boolean canSendViaCSIv2(AuthenticatedSubject authenticatedSubject) {
        return RmiClientSecurityFacade.isSubjectAnonymous(authenticatedSubject) || hasPassword(authenticatedSubject) || !isProprietarySecuritySupported();
    }

    private static boolean hasPassword(AuthenticatedSubject authenticatedSubject) {
        return !authenticatedSubject.getPrivateCredentials(KERNEL_ID, PasswordCredential.class).isEmpty();
    }

    public boolean mayIgnoreCredentials(AuthenticatedSubject authenticatedSubject) {
        return isPeerWls() && RmiClientSecurityFacade.isSubjectAnonymous(authenticatedSubject);
    }

    private synchronized ServiceContext createWlsProprietaryContext(AuthenticatedSubject authenticatedSubject) {
        ClientSecurityContext createWlsProprietaryContext = ClientSecurityContext.createWlsProprietaryContext(authenticatedSubject);
        putClientContext(null, authenticatedSubject, createWlsProprietaryContext);
        return createWlsProprietaryContext.getServiceContext();
    }

    public boolean isProprietarySecuritySupported() {
        return isPeerWls() && Kernel.isServer();
    }

    private boolean isPeerWls() {
        return this.connection.getPeerInfo() != null;
    }

    public synchronized ServiceContext createCSIv2Context(CompoundSecMechList compoundSecMechList, AuthenticatedSubject authenticatedSubject) {
        ClientSecurityContext clientContext = getClientContext(compoundSecMechList, authenticatedSubject);
        if (clientContext == null || ((clientContext.needCredentials() && hasPassword(authenticatedSubject)) || (clientContext.getServiceContext() instanceof VendorInfoSecurity))) {
            clientContext = ClientSecurityContext.createClientContext(createSASServiceContext(compoundSecMechList, authenticatedSubject));
            clientContext.setNeedCredentials((RmiClientSecurityFacade.isSubjectAnonymous(authenticatedSubject) || hasPassword(authenticatedSubject)) ? false : true);
            putClientContext(compoundSecMechList, authenticatedSubject, clientContext);
        }
        return clientContext.getServiceContext();
    }

    private synchronized ClientSecurityContext getClientContext(CompoundSecMechList compoundSecMechList, AuthenticatedSubject authenticatedSubject) {
        return this.statefulClientContextTable.get(Key.create(compoundSecMechList, authenticatedSubject));
    }

    private void putClientContext(CompoundSecMechList compoundSecMechList, AuthenticatedSubject authenticatedSubject, ClientSecurityContext clientSecurityContext) {
        Key create = Key.create(compoundSecMechList, authenticatedSubject);
        this.statefulClientContextTable.put(create, clientSecurityContext);
        if (compoundSecMechList != null) {
            this.statefulClientContextIdTable.put(Long.valueOf(clientSecurityContext.getClientContextId()), create);
        }
    }

    private SASServiceContext createSASServiceContext(CompoundSecMechList compoundSecMechList, AuthenticatedSubject authenticatedSubject) {
        return new SASServiceContext(createEstablishContext(compoundSecMechList, authenticatedSubject));
    }

    private EstablishContext createEstablishContext(CompoundSecMechList compoundSecMechList, AuthenticatedSubject authenticatedSubject) {
        PasswordCredential passwordCredential = getPasswordCredential(authenticatedSubject);
        long clientContextId = getClientContextId(compoundSecMechList);
        return (!compoundSecMechList.hasGSSUP() || passwordCredential == null) ? !compoundSecMechList.hasGSSUPIdentity() ? EstablishContext.createWithAbsentIdentity(clientContextId) : (RmiClientSecurityFacade.isSubjectAnonymous(authenticatedSubject) || RmiClientSecurityFacade.isKernelIdentity(authenticatedSubject)) ? EstablishContext.createForAnonymousIdentity(clientContextId) : EstablishContext.createForPrincipalIdentity(clientContextId, RmiClientSecurityFacade.getUsername(authenticatedSubject), getTargetName(compoundSecMechList)) : EstablishContext.createForUserPassword(clientContextId, passwordCredential, getTargetName(compoundSecMechList));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Connection getConnection() {
        return this.connection;
    }

    /*  JADX ERROR: Failed to decode insn: 0x0007: MOVE_MULTI, method: weblogic.iiop.csi.ClientSecurity.getNextClientContextId():long
        java.lang.ArrayIndexOutOfBoundsException: arraycopy: source index -1 out of bounds for object array[6]
        	at java.base/java.lang.System.arraycopy(Native Method)
        	at jadx.plugins.input.java.data.code.StackState.insert(StackState.java:49)
        	at jadx.plugins.input.java.data.code.CodeDecodeState.insert(CodeDecodeState.java:118)
        	at jadx.plugins.input.java.data.code.JavaInsnsRegister.dup2x1(JavaInsnsRegister.java:313)
        	at jadx.plugins.input.java.data.code.JavaInsnData.decode(JavaInsnData.java:46)
        	at jadx.core.dex.instructions.InsnDecoder.lambda$process$0(InsnDecoder.java:54)
        	at jadx.plugins.input.java.data.code.JavaCodeReader.visitInstructions(JavaCodeReader.java:81)
        	at jadx.core.dex.instructions.InsnDecoder.process(InsnDecoder.java:50)
        	at jadx.core.dex.nodes.MethodNode.load(MethodNode.java:156)
        	at jadx.core.dex.nodes.ClassNode.load(ClassNode.java:443)
        	at jadx.core.ProcessClass.process(ProcessClass.java:70)
        	at jadx.core.ProcessClass.generateCode(ProcessClass.java:110)
        	at jadx.core.dex.nodes.ClassNode.generateClassCode(ClassNode.java:400)
        	at jadx.core.dex.nodes.ClassNode.decompile(ClassNode.java:388)
        	at jadx.core.dex.nodes.ClassNode.getCode(ClassNode.java:338)
        */
    synchronized long getNextClientContextId() {
        /*
            r6 = this;
            r0 = r6
            r1 = r0
            long r1 = r1.nextClientContextId
            r2 = 1
            long r1 = r1 + r2
            // decode failed: arraycopy: source index -1 out of bounds for object array[6]
            r0.nextClientContextId = r1
            return r-1
        */
        throw new UnsupportedOperationException("Method not decompiled: weblogic.iiop.csi.ClientSecurity.getNextClientContextId():long");
    }

    public synchronized void removeSASClientContext(long j) {
        Key remove = this.statefulClientContextIdTable.remove(Long.valueOf(j));
        if (remove != null) {
            this.statefulClientContextTable.remove(remove);
        }
    }

    public synchronized void establishSASClientContext(long j) {
        ClientSecurityContext clientSecurityContext = this.statefulClientContextTable.get(this.statefulClientContextIdTable.get(Long.valueOf(j)));
        if (clientSecurityContext != null) {
            clientSecurityContext.contextEstablished();
        }
    }
}
