package weblogic.ejb.container.internal;

import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import weblogic.application.ApplicationContextInternal;
import weblogic.application.SecurityRole;
import weblogic.diagnostics.debug.DebugLogger;
import weblogic.ejb.container.EJBDebugService;
import weblogic.ejb.container.EJBLogger;
import weblogic.ejb.container.compliance.EJBComplianceTextFormatter;
import weblogic.ejb.container.interfaces.BeanInfo;
import weblogic.ejb.container.interfaces.DeploymentInfo;
import weblogic.ejb.container.interfaces.NoSuchRoleException;
import weblogic.ejb.container.interfaces.SecurityRoleMapping;
import weblogic.ejb.container.interfaces.WLEnterpriseBean;
import weblogic.ejb.spi.WLDeploymentException;
import weblogic.ejb20.interfaces.PrincipalNotFoundException;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.SecurityApplicationInfo;
import weblogic.security.service.SecurityApplicationInfoImpl;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.spi.ApplicationInfo;

/* loaded from: input_file:weblogic/ejb/container/internal/RuntimeHelper.class */
public final class RuntimeHelper {
    private static final DebugLogger debugLogger = EJBDebugService.securityLogger;
    private SecurityHelper helper;
    private Map principal2Subject;
    private DeploymentInfo deploymentInfo;
    private int roleMappingBehavior;
    private SecurityApplicationInfo securityAppInfo;
    private ApplicationContextInternal appContext;

    public RuntimeHelper(DeploymentInfo deploymentInfo, ApplicationContextInternal applicationContextInternal) throws WLDeploymentException {
        this.deploymentInfo = deploymentInfo;
        this.appContext = applicationContextInternal;
        this.securityAppInfo = new SecurityApplicationInfoImpl(this.appContext.getAppDeploymentMBean(), ApplicationInfo.ComponentType.EJB, this.deploymentInfo.getEJBComponentName());
        this.helper = new SecurityHelper(this.deploymentInfo.getSecurityRealmName(), this.deploymentInfo.getJACCPolicyConfig(), this.deploymentInfo.getJACCPolicyContextId(), this.deploymentInfo.getJACCCodeSource(), this.deploymentInfo.getJACCRoleMapper());
        this.helper.setupApplicationInfo(this.appContext, this.deploymentInfo, this.securityAppInfo);
        this.roleMappingBehavior = SecurityServiceManager.getRoleMappingBehavior(this.deploymentInfo.getSecurityRealmName(), this.securityAppInfo);
    }

    public boolean fullyDelegateSecurityCheck(String str) {
        return this.helper.fullyDelegateSecurityCheck(str);
    }

    public void setRunAsSubject(MethodDescriptor methodDescriptor, String str) throws PrincipalNotFoundException {
        if (str != null) {
            if (this.principal2Subject == null) {
                this.principal2Subject = new HashMap();
            }
            AuthenticatedSubject authenticatedSubject = (AuthenticatedSubject) this.principal2Subject.get(str);
            if (authenticatedSubject == null) {
                authenticatedSubject = this.helper.getSubjectForPrincipal(str);
                this.principal2Subject.put(str, authenticatedSubject);
            }
            methodDescriptor.setRunAsSubject(authenticatedSubject);
        }
    }

    public void checkRunAsPrivileges(BeanInfo beanInfo) throws WLDeploymentException {
        AuthenticatedSubject deploymentInitiator = this.appContext.getDeploymentInitiator();
        if (SubjectUtils.isUserAnAdministrator(deploymentInitiator)) {
            return;
        }
        if (this.appContext.isStaticDeploymentOperation() && SubjectUtils.isUserAnonymous(deploymentInitiator)) {
            return;
        }
        checkRunAsPrivilege(beanInfo.getRunAsPrincipalName(), "run", beanInfo);
        checkRunAsPrivilege(beanInfo.getCreateAsPrincipalName(), "create", beanInfo);
        checkRunAsPrivilege(beanInfo.getRemoveAsPrincipalName(), "remove", beanInfo);
        checkRunAsPrivilege(beanInfo.getPassivateAsPrincipalName(), "passivate", beanInfo);
    }

    private void checkRunAsPrivilege(String str, String str2, BeanInfo beanInfo) throws WLDeploymentException {
        if (str != null) {
            try {
                AuthenticatedSubject subjectForPrincipal = this.helper.getSubjectForPrincipal(str);
                if (subjectForPrincipal == null || !SubjectUtils.isUserAnAdministrator(subjectForPrincipal)) {
                } else {
                    throw new WLDeploymentException(EJBLogger.logAttemptToBumpUpPrivilegesWithRunAsLoggable(beanInfo.getDisplayName(), str2).getMessage());
                }
            } catch (PrincipalNotFoundException e) {
                throw new WLDeploymentException(EJBLogger.logRunAsPrincipalNotFoundLoggable(beanInfo.getDisplayName(), str2, str).getMessage());
            }
        }
    }

    public void registerRoleRefs(String str, Map map) throws WLDeploymentException {
        this.helper.registerRoleRefs(str, map);
    }

    public boolean processUncheckedExcludedMethod(MethodDescriptor methodDescriptor) throws WLDeploymentException {
        return this.helper.processUncheckedExcludedMethod(methodDescriptor);
    }

    public void deployRoles(DeploymentInfo deploymentInfo, SecurityRoleMapping securityRoleMapping) throws Exception {
        this.helper.deployRoles(deploymentInfo, securityRoleMapping, this.appContext, this.roleMappingBehavior);
    }

    public void unDeployRoles(DeploymentInfo deploymentInfo, SecurityRoleMapping securityRoleMapping) {
        this.helper.unDeployRoles(deploymentInfo, securityRoleMapping);
    }

    public void activate() {
        this.helper.activate();
    }

    public void deactivate() {
        this.helper.deactivate();
    }

    public boolean isUserPrincipal(String str) {
        if (str == null) {
            return false;
        }
        try {
            return this.helper.getSubjectForPrincipal(str) != null;
        } catch (PrincipalNotFoundException e) {
            return false;
        }
    }

    public static void registerSupplementalPolicyObject(String[] strArr, String str) {
        SecurityHelper.registerSupplementalPolicyObject(strArr, str);
    }

    public static void removeSupplementalPolicyObject(String[] strArr) {
        SecurityHelper.removeSupplementalPolicyObject(strArr);
    }

    public static String getDefaultRealmName() {
        return SecurityHelper.getDefaultRealmName();
    }

    public static String getCurrent() {
        return SecurityHelper.getCurrentPrincipal().getName();
    }

    public void deployAllPolicies() throws Exception {
        this.helper.deployAllPolicies();
    }

    public String getRunAsPrincipalFromRoleMapping(String str, String str2, SecurityRoleMapping securityRoleMapping) throws WLDeploymentException {
        if (debugLogger.isDebugEnabled()) {
            debug("attempting to get the run-as principal for run-as role " + str2 + " from a security-role assignment for the role.");
        }
        String str3 = null;
        switch (this.roleMappingBehavior) {
            case 0:
                try {
                    Iterator it = securityRoleMapping.getSecurityRolePrincipalNames(str2).iterator();
                    while (true) {
                        if (it.hasNext()) {
                            str3 = (String) it.next();
                            if (isUserPrincipal(str3)) {
                                EJBLogger.logRunAsPrincipalChosenFromSecurityRoleAssignment(str, str2, str3);
                            } else {
                                str3 = null;
                            }
                        }
                    }
                    if (str3 == null) {
                        throw new WLDeploymentException(new EJBComplianceTextFormatter().COULD_NOT_DETERMINE_RUN_AS_PRINCIPAL_FROM_ROLE_ASSIGNMENT(str, str2));
                    }
                    return str3;
                } catch (NoSuchRoleException e) {
                    throw new AssertionError("Expected role in mapping");
                }
            case 1:
            case 2:
                try {
                    Collection securityRolePrincipalNames = securityRoleMapping.getSecurityRolePrincipalNames(str2);
                    if (!securityRolePrincipalNames.isEmpty()) {
                        String str4 = (String) securityRolePrincipalNames.iterator().next();
                        EJBLogger.logRunAsPrincipalChosenFromSecurityRoleAssignment(str, str2, str4);
                        return str4;
                    }
                    String[] strArr = null;
                    SecurityRole securityRole = this.appContext.getSecurityRole(str2);
                    if (securityRole != null) {
                        strArr = securityRole.getPrincipalNames();
                    }
                    if (strArr != null && strArr.length > 0) {
                        String str5 = strArr[0];
                        EJBLogger.logRunAsPrincipalChosenFromSecurityRoleAssignment(str, str2, str5);
                        return str5;
                    }
                    if (this.roleMappingBehavior == 1) {
                        throw new WLDeploymentException(new EJBComplianceTextFormatter().COULD_NOT_DETERMINE_RUN_AS_PRINCIPAL_FROM_ROLE_ASSIGNMENT(str, str2));
                    }
                    if (debugLogger.isDebugEnabled()) {
                        debug("setting run-as principal equal to the role name for run-as role " + str2);
                    }
                    return str2;
                } catch (NoSuchRoleException e2) {
                    throw new AssertionError("Expected role in mapping");
                }
            default:
                throw new AssertionError("Unexpected role mapping behavior: " + this.roleMappingBehavior);
        }
    }

    public static Object getCurrentNew() {
        return SecurityHelper.getCurrentSubject();
    }

    private static void debug(String str) {
        debugLogger.debug("[RuntimeHelper] " + str);
    }

    public static int getCurrentState(Object obj) {
        int i = 0;
        if (obj != null) {
            i = ((WLEnterpriseBean) obj).__WL_getMethodState();
        } else {
            Object methodInvocationState = AllowedMethodsHelper.getMethodInvocationState();
            if (methodInvocationState != null) {
                i = ((Integer) methodInvocationState).intValue();
            }
        }
        return i;
    }
}
