package weblogic.management.internal;

import java.beans.MethodDescriptor;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.beans.PropertyDescriptor;
import java.security.AccessController;
import java.util.Iterator;
import java.util.StringTokenizer;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.MalformedObjectNameException;
import javax.management.ObjectName;
import weblogic.diagnostics.debug.DebugLogger;
import weblogic.management.WebLogicObjectName;
import weblogic.management.configuration.DomainMBean;
import weblogic.management.mbeanservers.edit.Change;
import weblogic.management.provider.ManagementService;
import weblogic.management.scripting.utils.ScriptCommands;
import weblogic.security.Security;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.Auditor;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.spi.AuditSeverity;
import weblogic.utils.StringUtils;

/* loaded from: input_file:weblogic/management/internal/ConfigurationAuditor.class */
public class ConfigurationAuditor implements PropertyChangeListener {
    private static ConfigurationAuditor instance;
    private Auditor auditor = null;
    private boolean oldChangeLoggingAttr = Boolean.getBoolean("weblogic.AdministrationMBeanAuditingEnabled");
    private boolean newChangeLoggingAttr = false;
    private boolean changeLoggingEnabled = false;
    private boolean changeAuditingEnabled = false;
    private WebLogicObjectName domainName;
    private static final String OLD_AUDIT_ENABLED_ATTRIBUTE = "AdministrationMBeanAuditingEnabled";
    private static final String NEW_AUDIT_ENABLED_ATTRIBUTE = "ConfigurationAuditType";
    private static final String ARRAY_DELIMITOR_FOR_PARAMS_STRING = "; ";
    private static final String PARAMS_TOKENIZER_STRING = ";";
    private static DebugLogger debugLogger = DebugLogger.getDebugLogger("DebugConfigurationEdit");
    private static boolean instantiated = false;
    private static boolean initialized = false;
    private static AuthenticatedSubject KERNEL_ID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static String domain = ManagementService.getRuntimeAccess(KERNEL_ID).getDomainName();

    private ConfigurationAuditor() {
    }

    @Override // java.beans.PropertyChangeListener
    public void propertyChange(PropertyChangeEvent propertyChangeEvent) {
        if (!propertyChangeEvent.getPropertyName().equals(NEW_AUDIT_ENABLED_ATTRIBUTE)) {
            if (propertyChangeEvent.getPropertyName().equals(OLD_AUDIT_ENABLED_ATTRIBUTE)) {
                if (debugLogger.isDebugEnabled()) {
                    debugLogger.debug("Property change for AdministrationMBeanAuditingEnabled");
                }
                this.oldChangeLoggingAttr = ((Boolean) propertyChangeEvent.getNewValue()).booleanValue();
                setLoggingEnabled(this.newChangeLoggingAttr || this.oldChangeLoggingAttr);
                logStatus(true);
                return;
            }
            return;
        }
        if (debugLogger.isDebugEnabled()) {
            debugLogger.debug("Property change for ConfigurationAuditType");
        }
        String str = (String) propertyChangeEvent.getNewValue();
        boolean z = this.changeAuditingEnabled;
        setConfiguredAuditing(str);
        if (z && !this.changeAuditingEnabled) {
            auditModify(this.domainName.toString(), propertyChangeEvent.getPropertyName(), propertyChangeEvent.getOldValue(), str, null);
        }
        logStatus(true);
    }

    void setLoggingEnabled(boolean z) {
        this.changeLoggingEnabled = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void intialize(DomainMBean domainMBean) {
        if (initialized) {
            throw new AssertionError("The auditor can only be initialized once");
        }
        if (ManagementService.getRuntimeAccess(KERNEL_ID).isAdminServer()) {
            initialized = true;
            this.domainName = domainMBean.getObjectName();
            this.oldChangeLoggingAttr = this.oldChangeLoggingAttr || domainMBean.isAdministrationMBeanAuditingEnabled();
            setConfiguredAuditing(domainMBean.getConfigurationAuditType());
            logStatus(false);
            this.auditor = (Auditor) SecurityServiceManager.getSecurityService(KERNEL_ID, SecurityServiceManager.defaultRealmName, SecurityService.ServiceType.AUDIT);
            domainMBean.addPropertyChangeListener(this);
        }
    }

    public static final ConfigurationAuditor getInstance() {
        if (!instantiated) {
            synchronized (ConfigurationAuditor.class) {
                if (!instantiated) {
                    instance = new ConfigurationAuditor();
                }
                instantiated = true;
            }
        }
        return instance;
    }

    public void create(ObjectName objectName, Exception exc) {
        if (isAuditable(objectName)) {
            if (debugLogger.isDebugEnabled()) {
                debugLogger.debug("Config auditor create - object name " + objectName);
            }
            if (this.changeLoggingEnabled) {
                if (exc == null) {
                    ConfigAuditorLogger.logInfoAuditCreateSuccess(getSubjectUser(), objectName.toString());
                } else {
                    ConfigAuditorLogger.logInfoAuditCreateFailure(getSubjectUser(), objectName.toString(), exc);
                }
            }
            if (this.changeAuditingEnabled) {
                auditCreate(objectName.toString(), exc);
            }
        }
    }

    public void remove(ObjectName objectName, Exception exc) {
        if (isAuditable(objectName)) {
            if (debugLogger.isDebugEnabled()) {
                debugLogger.debug("Config auditor remove - object name " + objectName);
            }
            if (this.changeLoggingEnabled) {
                if (exc == null) {
                    ConfigAuditorLogger.logInfoAuditRemoveSuccess(getSubjectUser(), objectName.toString());
                } else {
                    ConfigAuditorLogger.logInfoAuditRemoveFailure(getSubjectUser(), objectName.toString(), exc);
                }
            }
            if (this.changeAuditingEnabled) {
                auditDelete(objectName.toString(), exc);
            }
        }
    }

    public void modify(ObjectName objectName, Object obj, Attribute attribute, PropertyDescriptor propertyDescriptor, Exception exc) {
        if (isAuditable(objectName)) {
            auditJMXAttribute(objectName, obj, attribute, propertyDescriptor, exc);
        }
    }

    public void modify(ObjectName objectName, AttributeList attributeList, AttributeList attributeList2, PropertyDescriptor[] propertyDescriptorArr, Exception exc) {
        if (isAuditable(objectName)) {
            Iterator it = attributeList2.iterator();
            Iterator it2 = attributeList.iterator();
            int i = 0;
            while (it.hasNext()) {
                auditJMXAttribute(objectName, (Attribute) it2.next(), (Attribute) it.next(), propertyDescriptorArr[i], exc);
                i++;
            }
        }
    }

    private void auditJMXAttribute(ObjectName objectName, Object obj, Attribute attribute, PropertyDescriptor propertyDescriptor, Exception exc) {
        String convertParamsToHumanReadableString;
        String convertParamsToHumanReadableString2;
        String name = attribute.getName();
        if (isProtectedAttribute(objectName, name, propertyDescriptor)) {
            convertParamsToHumanReadableString = "****";
            convertParamsToHumanReadableString2 = "****";
        } else {
            convertParamsToHumanReadableString = convertParamsToHumanReadableString(attribute);
            convertParamsToHumanReadableString2 = convertParamsToHumanReadableString(obj);
        }
        if (debugLogger.isDebugEnabled()) {
            debugLogger.debug("Config auditor modify - object name " + objectName + " old " + convertParamsToHumanReadableString2 + " new " + convertParamsToHumanReadableString);
        }
        if (this.changeLoggingEnabled) {
            if (exc == null) {
                ConfigAuditorLogger.logInfoAuditModifySuccess(getSubjectUser(), objectName.toString(), name, convertParamsToHumanReadableString2, convertParamsToHumanReadableString);
            } else {
                ConfigAuditorLogger.logInfoAuditModifyFailure(getSubjectUser(), objectName.toString(), name, convertParamsToHumanReadableString2, convertParamsToHumanReadableString, exc);
            }
        }
        if (this.changeAuditingEnabled) {
            auditModify(objectName.toString(), name, convertParamsToHumanReadableString2, convertParamsToHumanReadableString, exc);
        }
    }

    public void invoke(ObjectName objectName, MethodDescriptor methodDescriptor, String str, Object[] objArr, Exception exc) {
        if (isAuditable(objectName)) {
            if (debugLogger.isDebugEnabled()) {
                debugLogger.debug("Config auditor invoke - object name " + objectName + " action " + str);
            }
            if (isFilteredMethod(str)) {
                return;
            }
            if (str.startsWith("createMBean") || str.startsWith("registerMBean")) {
                create(objectName, exc);
                return;
            }
            if (str.startsWith("create") && objArr != null && objArr.length == 1) {
                try {
                    create(getObjectNameFromAction(str, objArr[0]), exc);
                    return;
                } catch (MalformedObjectNameException e) {
                }
            }
            if (str.startsWith("unregisterMBean")) {
                remove(objectName, exc);
                return;
            }
            if (str.startsWith(Change.DESTROY) && objArr != null && objArr.length == 1 && (objArr[0] instanceof ObjectName)) {
                remove((ObjectName) objArr[0], exc);
                return;
            }
            String str2 = null;
            if (methodDescriptor != null) {
                str2 = (String) methodDescriptor.getValue("wls:auditProtectedArgs");
            }
            if (this.changeLoggingEnabled || this.changeAuditingEnabled) {
                String convertParamsToHumanReadableString = convertParamsToHumanReadableString(objArr);
                if (str2 != null) {
                    convertParamsToHumanReadableString = replaceClearTextPasswords(convertParamsToHumanReadableString, str2);
                }
                if (this.changeLoggingEnabled) {
                    if (exc == null) {
                        ConfigAuditorLogger.logInfoAuditInvokeSuccess(getSubjectUser(), objectName.toString(), str, convertParamsToHumanReadableString);
                    } else {
                        ConfigAuditorLogger.logInfoAuditInvokeFailure(getSubjectUser(), objectName.toString(), str, convertParamsToHumanReadableString, exc);
                    }
                }
                if (this.changeAuditingEnabled) {
                    auditInvoke(objectName.toString(), str, convertParamsToHumanReadableString, exc);
                }
            }
        }
    }

    private boolean isProtectedAttribute(ObjectName objectName, String str, PropertyDescriptor propertyDescriptor) {
        return SecurityHelper.isProtectedAttribute(objectName, str, propertyDescriptor);
    }

    private String convertParamsToHumanReadableString(Object obj) {
        if (obj == null) {
            return "";
        }
        if (obj instanceof Attribute) {
            Attribute attribute = (Attribute) obj;
            attribute.getName();
            obj = attribute.getValue();
            if (obj == null) {
                return "";
            }
        }
        if (!obj.getClass().isArray()) {
            return obj.toString();
        }
        StringBuffer stringBuffer = new StringBuffer();
        Object[] objArr = (Object[]) obj;
        int length = objArr.length;
        for (int i = 0; i < length; i++) {
            if (objArr[i] != null) {
                stringBuffer.append(objArr[i].toString());
            }
            if (i < length - 1) {
                stringBuffer.append(ARRAY_DELIMITOR_FOR_PARAMS_STRING);
            }
        }
        return stringBuffer.toString();
    }

    private String replaceClearTextPasswords(String str, String str2) {
        StringBuffer stringBuffer = new StringBuffer();
        String[] split = StringUtils.split(str2, ',');
        if (split == null || split.length == 0) {
            return str;
        }
        int[] iArr = new int[split.length];
        for (int i = 0; i < split.length; i++) {
            try {
                iArr[i] = Integer.parseInt(split[i].trim());
            } catch (NumberFormatException e) {
                ConfigAuditorLogger.logInvalidNumberReplacingClearText(split[i].trim(), e);
            }
        }
        StringTokenizer stringTokenizer = new StringTokenizer(str, ";");
        int i2 = 1;
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            int i3 = 0;
            while (true) {
                if (i3 >= iArr.length) {
                    break;
                }
                if (iArr[i3] == i2) {
                    nextToken = " ****";
                    break;
                }
                i3++;
            }
            stringBuffer.append(nextToken);
            if (stringTokenizer.hasMoreElements()) {
                stringBuffer.append(";");
            }
            i2++;
        }
        return stringBuffer.toString();
    }

    public boolean isAuditable(ObjectName objectName) {
        return private_isAuditable(objectName);
    }

    private boolean private_isAuditable(ObjectName objectName) {
        if (!initialized) {
            return false;
        }
        if (this.changeLoggingEnabled || this.changeAuditingEnabled) {
            return objectName.getKeyProperty("Type") == null || objectName.getKeyProperty("Location") == null;
        }
        return false;
    }

    private boolean isFilteredMethod(String str) {
        return str.startsWith(ScriptCommands.LOOKUP) || str.startsWith("find") || str.startsWith(ScriptCommands.GET_MBEAN) || str.startsWith("getXml") || str.equals("preDeregister") || str.equals("userExists") || str.equals("groupExists") || str.equals("advance") || str.equals("haveCurrent") || str.equals("close") || str.equals("saveDomain") || str.endsWith("DescriptorValue");
    }

    private void logStatus(boolean z) {
        if (this.changeLoggingEnabled || this.changeAuditingEnabled) {
            ConfigAuditorLogger.logInfoConfigurationAuditingEnabled(getSubjectUser());
        } else if (z) {
            ConfigAuditorLogger.logInfoConfigurationAuditingDisabled(getSubjectUser());
        }
    }

    private String getSubjectUser() {
        String username = SubjectUtils.getUsername(Security.getCurrentSubject());
        if (username == null) {
            username = new String("<UNKNOWN>");
        }
        return username;
    }

    private void auditCreate(String str, Exception exc) {
        AuditCreateConfigurationEventImpl auditCreateConfigurationEventImpl;
        if (this.auditor != null) {
            if (exc == null) {
                auditCreateConfigurationEventImpl = new AuditCreateConfigurationEventImpl(AuditSeverity.SUCCESS, SecurityServiceManager.getCurrentSubject(KERNEL_ID), str);
            } else {
                auditCreateConfigurationEventImpl = new AuditCreateConfigurationEventImpl(AuditSeverity.FAILURE, SecurityServiceManager.getCurrentSubject(KERNEL_ID), str);
                auditCreateConfigurationEventImpl.setFailureException(exc);
            }
            this.auditor.writeEvent(auditCreateConfigurationEventImpl);
        }
    }

    private void auditDelete(String str, Exception exc) {
        AuditDeleteConfigurationEventImpl auditDeleteConfigurationEventImpl;
        if (this.auditor != null) {
            if (exc == null) {
                auditDeleteConfigurationEventImpl = new AuditDeleteConfigurationEventImpl(AuditSeverity.SUCCESS, SecurityServiceManager.getCurrentSubject(KERNEL_ID), str);
            } else {
                auditDeleteConfigurationEventImpl = new AuditDeleteConfigurationEventImpl(AuditSeverity.FAILURE, SecurityServiceManager.getCurrentSubject(KERNEL_ID), str);
                auditDeleteConfigurationEventImpl.setFailureException(exc);
            }
            this.auditor.writeEvent(auditDeleteConfigurationEventImpl);
        }
    }

    private void auditInvoke(String str, String str2, String str3, Exception exc) {
        AuditInvokeConfigurationEventImpl auditInvokeConfigurationEventImpl;
        if (this.auditor != null) {
            if (exc == null) {
                auditInvokeConfigurationEventImpl = new AuditInvokeConfigurationEventImpl(AuditSeverity.SUCCESS, SecurityServiceManager.getCurrentSubject(KERNEL_ID), str, str2, str3);
            } else {
                auditInvokeConfigurationEventImpl = new AuditInvokeConfigurationEventImpl(AuditSeverity.FAILURE, SecurityServiceManager.getCurrentSubject(KERNEL_ID), str, str2, str3);
                auditInvokeConfigurationEventImpl.setFailureException(exc);
            }
            this.auditor.writeEvent(auditInvokeConfigurationEventImpl);
        }
    }

    private void auditModify(String str, String str2, Object obj, Object obj2, Exception exc) {
        AuditSetAttributeConfigurationEventImpl auditSetAttributeConfigurationEventImpl;
        if (this.auditor != null) {
            if (exc == null) {
                auditSetAttributeConfigurationEventImpl = new AuditSetAttributeConfigurationEventImpl(AuditSeverity.SUCCESS, SecurityServiceManager.getCurrentSubject(KERNEL_ID), str, str2, obj, obj2);
            } else {
                auditSetAttributeConfigurationEventImpl = new AuditSetAttributeConfigurationEventImpl(AuditSeverity.FAILURE, SecurityServiceManager.getCurrentSubject(KERNEL_ID), str, str2, obj, obj2);
                auditSetAttributeConfigurationEventImpl.setFailureException(exc);
            }
            this.auditor.writeEvent(auditSetAttributeConfigurationEventImpl);
        }
    }

    private void setConfiguredAuditing(String str) {
        if (str.equalsIgnoreCase(DomainMBean.CONFIG_CHANGE_AUDIT)) {
            this.changeAuditingEnabled = true;
            this.newChangeLoggingAttr = false;
        } else if (str.equalsIgnoreCase(DomainMBean.CONFIG_CHANGE_LOG_AND_AUDIT)) {
            this.changeAuditingEnabled = true;
            this.newChangeLoggingAttr = true;
        } else if (str.equalsIgnoreCase(DomainMBean.CONFIG_CHANGE_LOG)) {
            this.changeAuditingEnabled = false;
            this.newChangeLoggingAttr = true;
        } else {
            this.changeAuditingEnabled = false;
            this.newChangeLoggingAttr = false;
        }
        setLoggingEnabled(this.newChangeLoggingAttr || this.oldChangeLoggingAttr);
    }

    private ObjectName getObjectNameFromAction(String str, Object obj) throws MalformedObjectNameException {
        return new ObjectName(domain + ":Name=" + obj.toString() + ",Type=" + str.substring(6));
    }
}
