package weblogic.t3.srvr;

import java.io.IOException;
import java.rmi.RemoteException;
import java.rmi.UnmarshalException;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import javax.security.auth.login.LoginException;
import weblogic.common.T3Exception;
import weblogic.common.internal.BootServices;
import weblogic.common.internal.PeerInfo;
import weblogic.common.internal.T3ClientParams;
import weblogic.management.provider.ManagementService;
import weblogic.protocol.ServerChannel;
import weblogic.protocol.configuration.ChannelHelper;
import weblogic.rjvm.MsgAbbrevJVMConnection;
import weblogic.rjvm.RJVMManager;
import weblogic.rjvm.RemoteInvokable;
import weblogic.rjvm.RemoteRequest;
import weblogic.rjvm.ReplyStream;
import weblogic.security.SimpleCallbackHandler;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.DefaultUserInfoImpl;
import weblogic.security.acl.UserInfo;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.acl.internal.AuthenticatedUser;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.utils.AssertionError;
import weblogic.utils.Debug;
import weblogic.work.WorkAdapter;
import weblogic.work.WorkManager;
import weblogic.work.WorkManagerFactory;

/* loaded from: input_file:weblogic/t3/srvr/BootServicesImpl.class */
public final class BootServicesImpl implements BootServices, RemoteInvokable {
    private static final AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private byte qos;
    private int port;
    private ServerChannel channel;
    private static final String OLDBOOTSTRAPREQUEST_QUEUE = "wl_oldBootStrap";
    private WorkManager workMgr;
    private X509Certificate[] peerCertChain = null;
    private String realmName = SecurityServiceManager.defaultRealmName;
    private PrincipalAuthenticator pa = (PrincipalAuthenticator) SecurityServiceManager.getSecurityService(kernelId, this.realmName, SecurityService.ServiceType.AUTHENTICATION);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/t3/srvr/BootServicesImpl$BootServicesAuthenticateRequest.class */
    public static class BootServicesAuthenticateRequest extends WorkAdapter {
        BootServicesImpl bootServicesImpl;
        RemoteRequest remoteRequest;
        UserInfo userInfo;
        PeerInfo peerInfo;

        public BootServicesAuthenticateRequest(BootServicesImpl bootServicesImpl, RemoteRequest remoteRequest, UserInfo userInfo, PeerInfo peerInfo) {
            this.bootServicesImpl = bootServicesImpl;
            this.remoteRequest = remoteRequest;
            this.userInfo = userInfo;
            this.peerInfo = peerInfo;
        }

        @Override // java.lang.Runnable
        public void run() {
            boolean z;
            Error error;
            try {
                AuthenticatedUser authenticate = this.bootServicesImpl.authenticate(this.userInfo, this.peerInfo);
                ReplyStream responseStream = this.remoteRequest.getResponseStream();
                responseStream.writeObject(authenticate);
                responseStream.send();
            } finally {
                if (z) {
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/t3/srvr/BootServicesImpl$BootServicesClientContextRequest.class */
    public static class BootServicesClientContextRequest extends WorkAdapter {
        BootServicesImpl bootServicesImpl;
        RemoteRequest remoteRequest;
        String workSpace;
        UserInfo userInfo;
        int idleCallbackID;
        byte qos;

        public BootServicesClientContextRequest(BootServicesImpl bootServicesImpl, RemoteRequest remoteRequest, String str, UserInfo userInfo, int i, byte b) {
            this.bootServicesImpl = bootServicesImpl;
            this.remoteRequest = remoteRequest;
            this.workSpace = str;
            this.userInfo = userInfo;
            this.idleCallbackID = i;
            this.qos = b;
        }

        @Override // java.lang.Runnable
        public void run() {
            boolean z;
            Error error;
            try {
                final AuthenticatedUser authenticate = this.bootServicesImpl.authenticate(this.userInfo, this.remoteRequest.getPeerInfo());
                SecurityServiceManager.runAs(BootServicesImpl.kernelId, SecurityServiceManager.getASFromAU(authenticate), new PrivilegedExceptionAction() { // from class: weblogic.t3.srvr.BootServicesImpl.BootServicesClientContextRequest.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws IOException {
                        try {
                            BootServicesClientContextRequest.this.bootServicesImpl.checkServerLock(authenticate);
                            T3ClientParams params = ClientContext.getClientContext(BootServicesClientContextRequest.this.remoteRequest.getOrigin(), BootServicesClientContextRequest.this.workSpace, authenticate, BootServicesClientContextRequest.this.idleCallbackID, BootServicesClientContextRequest.this.qos).getParams();
                            ReplyStream responseStream = BootServicesClientContextRequest.this.remoteRequest.getResponseStream();
                            responseStream.writeObjectWL(params);
                            responseStream.send();
                            return null;
                        } catch (T3Exception e) {
                            throw new RemoteException("Failed to create client context", e);
                        }
                    }
                });
            } finally {
                if (z) {
                }
            }
        }
    }

    private BootServicesImpl() {
        Debug.assertion(this.pa != null, "Security system not initialized");
        this.workMgr = WorkManagerFactory.getInstance().findOrCreate(OLDBOOTSTRAPREQUEST_QUEUE, -1, 8);
    }

    public static void initialize() {
        RJVMManager.getLocalRJVM().getFinder().put(1, new BootServicesImpl());
    }

    public void setConnectionInfo(MsgAbbrevJVMConnection msgAbbrevJVMConnection) {
        this.qos = msgAbbrevJVMConnection.getQOS();
        this.port = msgAbbrevJVMConnection.getLocalPort();
        this.channel = msgAbbrevJVMConnection.getChannel();
        this.peerCertChain = msgAbbrevJVMConnection.getJavaCertChain();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v36, types: [weblogic.security.acl.internal.AuthenticatedUser] */
    public AuthenticatedUser authenticate(UserInfo userInfo, PeerInfo peerInfo) throws RemoteException {
        AuthenticatedSubject authenticatedSubject;
        AuthenticatedSubject authenticatedSubject2 = null;
        X509Certificate[] x509CertificateArr = this.peerCertChain;
        this.peerCertChain = null;
        if (userInfo instanceof AuthenticatedUser) {
            authenticatedSubject = (AuthenticatedUser) userInfo;
        } else {
            if (x509CertificateArr != null) {
                try {
                    authenticatedSubject2 = this.pa.assertIdentity("X.509", x509CertificateArr);
                } catch (LoginException e) {
                }
            }
            if (authenticatedSubject2 == null) {
                if (!(userInfo instanceof DefaultUserInfoImpl)) {
                    throw new SecurityException("Received bad UserInfo: " + userInfo.getClass().getName());
                }
                DefaultUserInfoImpl defaultUserInfoImpl = (DefaultUserInfoImpl) userInfo;
                String name = defaultUserInfoImpl.getName();
                String password = defaultUserInfoImpl.getPassword();
                if (name == null || name.length() == 0) {
                    authenticatedSubject2 = SubjectUtils.getAnonymousSubject();
                } else {
                    try {
                        authenticatedSubject2 = this.pa.authenticate(new SimpleCallbackHandler(name, password));
                    } catch (LoginException e2) {
                        throw new SecurityException(e2.getMessage());
                    }
                }
            }
            checkAdminPort(authenticatedSubject2, userInfo);
            authenticatedSubject = authenticatedSubject2;
        }
        authenticatedSubject.setQOS(this.qos);
        return authenticatedSubject;
    }

    private void checkAdminPort(AuthenticatedSubject authenticatedSubject, UserInfo userInfo) {
        if (ChannelHelper.isLocalAdminChannelEnabled() && SubjectUtils.isUserAnAdministrator(authenticatedSubject) && ManagementService.getRuntimeAccess(kernelId).getServer().getAdministrationPort() != this.port && !ChannelHelper.isAdminChannel(this.channel)) {
            throw new SecurityException("All administrative tasks must go through an Administration Port.");
        }
    }

    @Override // weblogic.common.internal.BootServices
    public T3ClientParams findOrCreateClientContext(String str, UserInfo userInfo, int i) throws RemoteException {
        throw new InternalError("should never be called");
    }

    @Override // weblogic.rjvm.RemoteInvokable
    public void invoke(RemoteRequest remoteRequest) throws RemoteException {
        try {
            byte readByte = remoteRequest.readByte();
            switch (readByte) {
                case 1:
                    authenticate(remoteRequest);
                    break;
                case 2:
                    findOrCreateClientContext(remoteRequest);
                    break;
                default:
                    throw new AssertionError("Unknown OPCODE: " + ((int) readByte));
            }
        } catch (IOException e) {
            throw new UnmarshalException("While providing boot service", e);
        } catch (ClassNotFoundException e2) {
            throw new UnmarshalException("While providing boot service", e2);
        } catch (RemoteException e3) {
            throw e3;
        }
    }

    private void authenticate(RemoteRequest remoteRequest) throws IOException, ClassNotFoundException {
        this.workMgr.schedule(new BootServicesAuthenticateRequest(this, remoteRequest, (UserInfo) remoteRequest.readObject(), remoteRequest.getPeerInfo()));
    }

    private void findOrCreateClientContext(RemoteRequest remoteRequest) throws IOException, ClassNotFoundException {
        this.workMgr.schedule(new BootServicesClientContextRequest(this, remoteRequest, remoteRequest.readString(), (UserInfo) remoteRequest.readObjectWL(), remoteRequest.readInt(), remoteRequest.readByte()));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void checkServerLock(AuthenticatedUser authenticatedUser) {
        if (SubjectUtils.isUserAnAdministrator((AuthenticatedSubject) authenticatedUser)) {
            return;
        }
        T3Srvr.getT3Srvr().getLockoutManager().checkServerLock();
    }

    public int hashCode() {
        return 1;
    }

    public boolean equals(Object obj) {
        return obj == this;
    }
}
