package com.bea.common.security.internal.service;

import com.bea.common.engine.ServiceConfigurationException;
import com.bea.common.engine.ServiceInitializationException;
import com.bea.common.engine.ServiceLifecycleSpi;
import com.bea.common.engine.Services;
import com.bea.common.logger.service.LoggerService;
import com.bea.common.logger.spi.LoggerSpi;
import com.bea.common.security.ApiLogger;
import com.bea.common.security.internal.utils.CallbackUtils;
import com.bea.common.security.internal.utils.Delegator;
import com.bea.common.security.service.AuditService;
import com.bea.common.security.service.Identity;
import com.bea.common.security.service.IdentityAssertionCallbackService;
import com.bea.common.security.service.IdentityCacheService;
import com.bea.common.security.service.IdentityService;
import com.bea.common.security.service.JAASIdentityAssertionConfigurationService;
import com.bea.common.security.service.JAASLoginService;
import com.bea.common.security.servicecfg.IdentityAssertionCallbackServiceConfig;
import com.bea.common.security.utils.UsernameUtils;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import weblogic.security.auth.callback.IdentityDomainNames;
import weblogic.security.service.ContextHandler;
import weblogic.security.spi.AuditAtnEventV2;
import weblogic.security.spi.AuditSeverity;

/* loaded from: input_file:com/bea/common/security/internal/service/IdentityAssertionCallbackServiceImpl.class */
public class IdentityAssertionCallbackServiceImpl implements ServiceLifecycleSpi, IdentityAssertionCallbackService {
    private LoggerSpi logger;
    private AuditService auditService;
    private IdentityCacheService identityCacheService;
    private IdentityService identityService;
    private JAASIdentityAssertionConfigurationService jaasIdentityAssertionConfigurationService;
    private JAASLoginService jaasLoginService;

    @Override // com.bea.common.engine.ServiceLifecycleSpi
    public Object init(Object obj, Services services) throws ServiceInitializationException {
        this.logger = ((LoggerService) services.getService(LoggerService.SERVICE_NAME)).getLogger("com.bea.common.security.service.IdentityAssertionCallbackService");
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        String str = getClass().getName() + ".init";
        if (isDebugEnabled) {
            this.logger.debug(str);
        }
        if (obj == null || !(obj instanceof IdentityAssertionCallbackServiceConfig)) {
            throw new ServiceConfigurationException(ServiceLogger.getExpectedConfigurationNotSupplied(str, "IdentityAssertionCallbackServiceConfig"));
        }
        IdentityAssertionCallbackServiceConfig identityAssertionCallbackServiceConfig = (IdentityAssertionCallbackServiceConfig) obj;
        String auditServiceName = identityAssertionCallbackServiceConfig.getAuditServiceName();
        this.auditService = (AuditService) services.getService(auditServiceName);
        if (isDebugEnabled) {
            this.logger.debug(str + " got AuditService " + auditServiceName);
        }
        String identityCacheServiceName = identityAssertionCallbackServiceConfig.getIdentityCacheServiceName();
        this.identityCacheService = (IdentityCacheService) services.getService(identityCacheServiceName);
        if (isDebugEnabled) {
            this.logger.debug(str + " got IdentityCacheService " + identityCacheServiceName);
        }
        String identityServiceName = identityAssertionCallbackServiceConfig.getIdentityServiceName();
        this.identityService = (IdentityService) services.getService(identityServiceName);
        if (isDebugEnabled) {
            this.logger.debug(str + " got IdentityService " + identityServiceName);
        }
        String jAASIdentityAssertionConfigurationServiceName = identityAssertionCallbackServiceConfig.getJAASIdentityAssertionConfigurationServiceName();
        this.jaasIdentityAssertionConfigurationService = (JAASIdentityAssertionConfigurationService) services.getService(jAASIdentityAssertionConfigurationServiceName);
        if (isDebugEnabled) {
            this.logger.debug(str + " got JAASIdentityAssertionConfigurationService " + jAASIdentityAssertionConfigurationServiceName);
        }
        String jAASLoginServiceName = identityAssertionCallbackServiceConfig.getJAASLoginServiceName();
        this.jaasLoginService = (JAASLoginService) services.getService(jAASLoginServiceName);
        if (isDebugEnabled) {
            this.logger.debug(str + " got JAASLoginService " + jAASLoginServiceName);
        }
        return Delegator.getProxy(IdentityAssertionCallbackService.class, this);
    }

    @Override // com.bea.common.engine.ServiceLifecycleSpi
    public void shutdown() {
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        String str = isDebugEnabled ? getClass().getName() + ".shutdown" : null;
        if (isDebugEnabled) {
            this.logger.debug(str);
        }
    }

    @Override // com.bea.common.security.service.IdentityAssertionCallbackService
    public Identity assertIdentity(CallbackHandler callbackHandler, ContextHandler contextHandler) throws LoginException {
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        String str = isDebugEnabled ? getClass().getName() + ".assertIdentity" : null;
        if (isDebugEnabled) {
            this.logger.debug(str);
        }
        if (callbackHandler == null) {
            if (isDebugEnabled) {
                this.logger.debug(str + " received null callback handler");
            }
            Identity anonymousIdentity = this.identityService.getAnonymousIdentity();
            if (anonymousIdentity == null) {
                if (isDebugEnabled) {
                    this.logger.debug(str + " environment does not support anonymous, performing login");
                }
                throw new LoginException(ApiLogger.getNotSupportAnonymous());
            }
            if (this.auditService != null) {
                this.auditService.writeEvent(new AuditAtnEventImpl(AuditSeverity.SUCCESS, anonymousIdentity.getUsername(), contextHandler, AuditAtnEventV2.AtnEventTypeV2.ASSERTIDENTITY, null));
            }
            if (isDebugEnabled) {
                this.logger.debug(str + " returning anonymous");
            }
            return anonymousIdentity;
        }
        IdentityDomainNames user = CallbackUtils.getUser(callbackHandler, this.logger);
        boolean isVirtualUserAllowed = CallbackUtils.isVirtualUserAllowed(callbackHandler);
        Identity identity = null;
        if (!isVirtualUserAllowed) {
            identity = this.identityCacheService.getCachedIdentity(user, contextHandler);
        }
        if (identity != null) {
            if (isDebugEnabled) {
                this.logger.debug(str + " founded cached identity " + identity);
            }
            if (this.auditService != null) {
                this.auditService.writeEvent(new AuditAtnEventImpl(AuditSeverity.SUCCESS, UsernameUtils.formatUserName(identity.getUser()), contextHandler, AuditAtnEventV2.AtnEventTypeV2.ASSERTIDENTITY, null));
            }
            return identity;
        }
        if (isDebugEnabled) {
            this.logger.debug(str + " did not find a cached identity.");
        }
        try {
            Identity login = this.jaasLoginService.login(this.jaasIdentityAssertionConfigurationService.getJAASIdentityAssertionConfigurationName(), new CallbackHandlerWrapper(callbackHandler, contextHandler, this.logger), contextHandler);
            if (login != null) {
                if (this.auditService.isAuditEnabled()) {
                    this.auditService.writeEvent(new AuditAtnEventImpl(AuditSeverity.SUCCESS, UsernameUtils.formatUserName(login.getUser()), contextHandler, AuditAtnEventV2.AtnEventTypeV2.ASSERTIDENTITY, null));
                }
                if (!isVirtualUserAllowed) {
                    this.identityCacheService.cacheIdentity(login, contextHandler);
                }
            } else if (this.auditService.isAuditEnabled()) {
                this.auditService.writeEvent(new AuditAtnEventImpl(AuditSeverity.FAILURE, UsernameUtils.formatUserName(user), contextHandler, AuditAtnEventV2.AtnEventTypeV2.ASSERTIDENTITY, null));
            }
            return login;
        } catch (RuntimeException e) {
            if (this.auditService.isAuditEnabled()) {
                this.auditService.writeEvent(new AuditAtnEventImpl(AuditSeverity.FAILURE, UsernameUtils.formatUserName(user), contextHandler, AuditAtnEventV2.AtnEventTypeV2.ASSERTIDENTITY, e));
            }
            throw e;
        } catch (LoginException e2) {
            if (this.auditService.isAuditEnabled()) {
                this.auditService.writeEvent(new AuditAtnEventImpl(AuditSeverity.FAILURE, UsernameUtils.formatUserName(user), contextHandler, AuditAtnEventV2.AtnEventTypeV2.ASSERTIDENTITY, e2));
            }
            throw e2;
        }
    }
}
