package weblogic.management.mbeanservers.internal;

import java.beans.BeanDescriptor;
import java.beans.BeanInfo;
import java.beans.MethodDescriptor;
import java.beans.PropertyDescriptor;
import java.io.IOException;
import java.security.AccessController;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.TimeZone;
import javax.management.Attribute;
import javax.management.AttributeList;
import javax.management.AttributeNotFoundException;
import javax.management.InstanceAlreadyExistsException;
import javax.management.InstanceNotFoundException;
import javax.management.InvalidAttributeValueException;
import javax.management.MBeanException;
import javax.management.MBeanRegistrationException;
import javax.management.NotCompliantMBeanException;
import javax.management.ObjectInstance;
import javax.management.ObjectName;
import javax.management.ReflectionException;
import weblogic.common.internal.VersionInfo;
import weblogic.diagnostics.debug.DebugLogger;
import weblogic.ejb.container.cmp11.rdbms.RDBMSUtils;
import weblogic.management.NoAccessRuntimeException;
import weblogic.management.WebLogicObjectName;
import weblogic.management.commo.StandardInterface;
import weblogic.management.internal.ConfigurationAuditor;
import weblogic.management.internal.SecurityHelper;
import weblogic.management.j2ee.internal.Types;
import weblogic.management.jmx.JMXLogger;
import weblogic.management.jmx.mbeanserver.WLSMBeanServer;
import weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase;
import weblogic.management.jmx.modelmbean.WLSModelMBean;
import weblogic.management.provider.ManagementService;
import weblogic.management.provider.beaninfo.BeanInfoAccess;
import weblogic.management.scripting.utils.ScriptCommands;
import weblogic.management.security.RealmMBean;
import weblogic.management.security.audit.AuditorMBean;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.AuthorizationManager;
import weblogic.security.service.ConsumptionException;
import weblogic.security.service.JMXPolicyConsumer;
import weblogic.security.service.JMXPolicyHandler;
import weblogic.security.service.JMXResource;
import weblogic.security.service.MBeanResource;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;

/* loaded from: input_file:weblogic/management/mbeanservers/internal/SecurityInterceptor.class */
public class SecurityInterceptor extends WLSMBeanServerInterceptorBase {
    WLSMBeanServer wlsMBeanServer;
    private boolean useSecurityFramework;
    private boolean auditorsConfigured;
    private AuthorizationManager authorizer;
    private JMXPolicyConsumer policyConsumer;
    static boolean registeredPolicies;
    private static DebugLogger debug = DebugLogger.getDebugLogger("DebugJMXCore");
    private static Map securityInterceptors = Collections.synchronizedMap(new HashMap());
    private static final String[] APP_SCOPED_TYPES = {Types.WLS_APPLICATION_TYPE, "JDBCSystemResource", "JMSSystemResource", "WLDFSystemResource", "CustomResource"};
    private static AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static String BEA_DOMAIN = "com.bea";

    public SecurityInterceptor(WLSMBeanServer wLSMBeanServer) {
        this(wLSMBeanServer, null);
    }

    public SecurityInterceptor(WLSMBeanServer wLSMBeanServer, String str) {
        this.wlsMBeanServer = wLSMBeanServer;
        RealmMBean defaultRealm = ManagementService.getRuntimeAccess(kernelId).getDomain().getSecurityConfiguration().getDefaultRealm();
        this.useSecurityFramework = defaultRealm.isDelegateMBeanAuthorization();
        AuditorMBean[] auditors = defaultRealm.getAuditors();
        if (this.useSecurityFramework && auditors != null && auditors.length > 0) {
            this.auditorsConfigured = true;
        }
        this.authorizer = (AuthorizationManager) SecurityServiceManager.getSecurityService(kernelId, SecurityServiceManager.defaultRealmName, SecurityService.ServiceType.AUTHORIZE);
        this.policyConsumer = SecurityServiceManager.getJMXPolicyConsumer(kernelId);
        if (str != null) {
            securityInterceptors.put(str, this);
        }
    }

    @Override // weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase
    public ObjectInstance createMBean(String str, ObjectName objectName) throws ReflectionException, InstanceAlreadyExistsException, MBeanRegistrationException, MBeanException, NotCompliantMBeanException, IOException {
        try {
            checkForBEADomain(objectName);
            checkCreateSecurity(str, objectName);
            ObjectInstance createMBean = super.createMBean(str, objectName);
            ConfigurationAuditor.getInstance().create(objectName, null);
            return createMBean;
        } catch (MBeanException e) {
            ConfigurationAuditor.getInstance().create(objectName, e);
            throw e;
        } catch (NoAccessRuntimeException e2) {
            ConfigurationAuditor.getInstance().create(objectName, e2);
            throw e2;
        } catch (MBeanRegistrationException e3) {
            ConfigurationAuditor.getInstance().create(objectName, e3);
            throw e3;
        } catch (InstanceAlreadyExistsException e4) {
            ConfigurationAuditor.getInstance().create(objectName, e4);
            throw e4;
        } catch (NotCompliantMBeanException e5) {
            ConfigurationAuditor.getInstance().create(objectName, e5);
            throw e5;
        } catch (ReflectionException e6) {
            ConfigurationAuditor.getInstance().create(objectName, e6);
            throw e6;
        } catch (IOException e7) {
            ConfigurationAuditor.getInstance().create(objectName, e7);
            throw e7;
        }
    }

    @Override // weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase
    public ObjectInstance createMBean(String str, ObjectName objectName, ObjectName objectName2) throws ReflectionException, InstanceAlreadyExistsException, MBeanRegistrationException, MBeanException, NotCompliantMBeanException, InstanceNotFoundException, IOException {
        try {
            checkForBEADomain(objectName);
            checkCreateSecurity(str, objectName, objectName2);
            ObjectInstance createMBean = super.createMBean(str, objectName, objectName2);
            ConfigurationAuditor.getInstance().create(objectName, null);
            return createMBean;
        } catch (MBeanRegistrationException e) {
            ConfigurationAuditor.getInstance().create(objectName, e);
            throw e;
        } catch (InstanceNotFoundException e2) {
            ConfigurationAuditor.getInstance().create(objectName, e2);
            throw e2;
        } catch (IOException e3) {
            ConfigurationAuditor.getInstance().create(objectName, e3);
            throw e3;
        } catch (NoAccessRuntimeException e4) {
            ConfigurationAuditor.getInstance().create(objectName, e4);
            throw e4;
        } catch (NotCompliantMBeanException e5) {
            ConfigurationAuditor.getInstance().create(objectName, e5);
            throw e5;
        } catch (ReflectionException e6) {
            ConfigurationAuditor.getInstance().create(objectName, e6);
            throw e6;
        } catch (MBeanException e7) {
            ConfigurationAuditor.getInstance().create(objectName, e7);
            throw e7;
        } catch (InstanceAlreadyExistsException e8) {
            ConfigurationAuditor.getInstance().create(objectName, e8);
            throw e8;
        }
    }

    @Override // weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase
    public ObjectInstance createMBean(String str, ObjectName objectName, Object[] objArr, String[] strArr) throws ReflectionException, InstanceAlreadyExistsException, MBeanRegistrationException, MBeanException, NotCompliantMBeanException, IOException {
        try {
            checkForBEADomain(objectName);
            checkCreateSecurity(str, objectName, objArr, strArr);
            ObjectInstance createMBean = super.createMBean(str, objectName, objArr, strArr);
            ConfigurationAuditor.getInstance().create(objectName, null);
            return createMBean;
        } catch (NotCompliantMBeanException e) {
            ConfigurationAuditor.getInstance().create(objectName, e);
            throw e;
        } catch (ReflectionException e2) {
            ConfigurationAuditor.getInstance().create(objectName, e2);
            throw e2;
        } catch (MBeanException e3) {
            ConfigurationAuditor.getInstance().create(objectName, e3);
            throw e3;
        } catch (IOException e4) {
            ConfigurationAuditor.getInstance().create(objectName, e4);
            throw e4;
        } catch (MBeanRegistrationException e5) {
            ConfigurationAuditor.getInstance().create(objectName, e5);
            throw e5;
        } catch (InstanceAlreadyExistsException e6) {
            ConfigurationAuditor.getInstance().create(objectName, e6);
            throw e6;
        } catch (NoAccessRuntimeException e7) {
            ConfigurationAuditor.getInstance().create(objectName, e7);
            throw e7;
        }
    }

    @Override // weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase
    public ObjectInstance createMBean(String str, ObjectName objectName, ObjectName objectName2, Object[] objArr, String[] strArr) throws ReflectionException, InstanceAlreadyExistsException, MBeanRegistrationException, MBeanException, NotCompliantMBeanException, InstanceNotFoundException, IOException {
        try {
            checkForBEADomain(objectName);
            checkCreateSecurity(str, objectName, objectName2, objArr, strArr);
            ObjectInstance createMBean = super.createMBean(str, objectName, objectName2, objArr, strArr);
            ConfigurationAuditor.getInstance().create(objectName, null);
            return createMBean;
        } catch (IOException e) {
            ConfigurationAuditor.getInstance().create(objectName, e);
            throw e;
        } catch (NotCompliantMBeanException e2) {
            ConfigurationAuditor.getInstance().create(objectName, e2);
            throw e2;
        } catch (ReflectionException e3) {
            ConfigurationAuditor.getInstance().create(objectName, e3);
            throw e3;
        } catch (MBeanException e4) {
            ConfigurationAuditor.getInstance().create(objectName, e4);
            throw e4;
        } catch (InstanceAlreadyExistsException e5) {
            ConfigurationAuditor.getInstance().create(objectName, e5);
            throw e5;
        } catch (MBeanRegistrationException e6) {
            ConfigurationAuditor.getInstance().create(objectName, e6);
            throw e6;
        } catch (InstanceNotFoundException e7) {
            ConfigurationAuditor.getInstance().create(objectName, e7);
            throw e7;
        } catch (NoAccessRuntimeException e8) {
            ConfigurationAuditor.getInstance().create(objectName, e8);
            throw e8;
        }
    }

    @Override // weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase
    public Object getAttribute(ObjectName objectName, String str) throws MBeanException, AttributeNotFoundException, InstanceNotFoundException, ReflectionException, IOException {
        checkGetSecurity(objectName, str);
        return super.getAttribute(objectName, str);
    }

    @Override // weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase
    public AttributeList getAttributes(ObjectName objectName, String[] strArr) throws InstanceNotFoundException, ReflectionException, IOException {
        checkGetSecurity(objectName, strArr);
        return super.getAttributes(objectName, strArr);
    }

    @Override // weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase
    public void unregisterMBean(ObjectName objectName) throws InstanceNotFoundException, MBeanRegistrationException, IOException {
        try {
            if (isWLSMBean(objectName)) {
                throw new NoAccessRuntimeException(JMXLogger.logWLSMBeanUnregisterFailedLoggable(objectName.getCanonicalName()).getMessage());
            }
            checkUnregisterSecurity(objectName);
            super.unregisterMBean(objectName);
            ConfigurationAuditor.getInstance().remove(objectName, null);
        } catch (IOException e) {
            ConfigurationAuditor.getInstance().remove(objectName, e);
            throw e;
        } catch (InstanceNotFoundException e2) {
            ConfigurationAuditor.getInstance().remove(objectName, e2);
            throw e2;
        } catch (NoAccessRuntimeException e3) {
            ConfigurationAuditor.getInstance().remove(objectName, e3);
            throw e3;
        } catch (MBeanRegistrationException e4) {
            ConfigurationAuditor.getInstance().remove(objectName, e4);
            throw e4;
        }
    }

    @Override // weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase
    public void setAttribute(ObjectName objectName, Attribute attribute) throws InstanceNotFoundException, AttributeNotFoundException, InvalidAttributeValueException, MBeanException, ReflectionException, IOException {
        Object obj = null;
        PropertyDescriptor propertyDescriptor = null;
        try {
            if (ConfigurationAuditor.getInstance().isAuditable(objectName) || this.auditorsConfigured) {
                propertyDescriptor = getPropertyDescriptor(objectName, attribute.getName());
                obj = super.getAttribute(objectName, attribute.getName());
            }
        } catch (Exception e) {
            System.out.println("Exception caught while performing getAttribute for setAttribute " + e);
        }
        try {
            checkSetSecurity(objectName, attribute, obj);
            super.setAttribute(objectName, attribute);
            ConfigurationAuditor.getInstance().modify(objectName, obj, attribute, propertyDescriptor, (Exception) null);
        } catch (NoAccessRuntimeException e2) {
            ConfigurationAuditor.getInstance().modify(objectName, obj, attribute, propertyDescriptor, e2);
            throw e2;
        } catch (ReflectionException e3) {
            ConfigurationAuditor.getInstance().modify(objectName, obj, attribute, propertyDescriptor, e3);
            throw e3;
        } catch (MBeanException e4) {
            ConfigurationAuditor.getInstance().modify(objectName, obj, attribute, propertyDescriptor, e4);
            throw e4;
        } catch (InvalidAttributeValueException e5) {
            ConfigurationAuditor.getInstance().modify(objectName, obj, attribute, propertyDescriptor, e5);
            throw e5;
        } catch (AttributeNotFoundException e6) {
            ConfigurationAuditor.getInstance().modify(objectName, obj, attribute, propertyDescriptor, e6);
            throw e6;
        } catch (IOException e7) {
            ConfigurationAuditor.getInstance().modify(objectName, obj, attribute, propertyDescriptor, e7);
            throw e7;
        } catch (InstanceNotFoundException e8) {
            ConfigurationAuditor.getInstance().modify(objectName, obj, attribute, propertyDescriptor, e8);
            throw e8;
        }
    }

    @Override // weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase
    public AttributeList setAttributes(ObjectName objectName, AttributeList attributeList) throws InstanceNotFoundException, ReflectionException, IOException {
        AttributeList attributeList2 = null;
        PropertyDescriptor[] propertyDescriptorArr = null;
        if (ConfigurationAuditor.getInstance().isAuditable(objectName) || this.auditorsConfigured) {
            try {
                Iterator it = attributeList.iterator();
                propertyDescriptorArr = new PropertyDescriptor[attributeList.size()];
                String[] strArr = new String[attributeList.size()];
                for (int i = 0; i < attributeList.size(); i++) {
                    Object next = it.next();
                    if (!(next instanceof Attribute)) {
                        throw new RuntimeException("AttributeList must contain instances of Attribute");
                    }
                    Attribute attribute = (Attribute) next;
                    strArr[i] = new String(attribute.getName());
                    propertyDescriptorArr[i] = getPropertyDescriptor(objectName, attribute.getName());
                }
                attributeList2 = super.getAttributes(objectName, strArr);
            } catch (Exception e) {
            }
        }
        try {
            checkSetSecurity(objectName, attributeList);
            AttributeList attributes = super.setAttributes(objectName, attributeList);
            ConfigurationAuditor.getInstance().modify(objectName, attributeList2, attributeList, propertyDescriptorArr, (Exception) null);
            return attributes;
        } catch (IOException e2) {
            ConfigurationAuditor.getInstance().modify(objectName, attributeList2, attributeList, propertyDescriptorArr, e2);
            throw e2;
        } catch (NoAccessRuntimeException e3) {
            ConfigurationAuditor.getInstance().modify(objectName, attributeList2, attributeList, propertyDescriptorArr, e3);
            throw e3;
        } catch (ReflectionException e4) {
            ConfigurationAuditor.getInstance().modify(objectName, attributeList2, attributeList, propertyDescriptorArr, e4);
            throw e4;
        } catch (InstanceNotFoundException e5) {
            ConfigurationAuditor.getInstance().modify(objectName, attributeList2, attributeList, propertyDescriptorArr, e5);
            throw e5;
        }
    }

    @Override // weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase
    public Object invoke(ObjectName objectName, String str, Object[] objArr, String[] strArr) throws InstanceNotFoundException, MBeanException, ReflectionException, IOException {
        MethodDescriptor methodDescriptor = getMethodDescriptor(objectName, str, strArr);
        try {
            checkInvokeSecurity(objectName, str, objArr, strArr, methodDescriptor);
            Object invoke = super.invoke(objectName, str, objArr, strArr);
            ConfigurationAuditor.getInstance().invoke(objectName, methodDescriptor, str, objArr, null);
            return invoke;
        } catch (ReflectionException e) {
            ConfigurationAuditor.getInstance().invoke(objectName, methodDescriptor, str, objArr, e);
            throw e;
        } catch (MBeanException e2) {
            ConfigurationAuditor.getInstance().invoke(objectName, methodDescriptor, str, objArr, e2);
            throw e2;
        } catch (IOException e3) {
            ConfigurationAuditor.getInstance().invoke(objectName, methodDescriptor, str, objArr, e3);
            throw e3;
        } catch (NoAccessRuntimeException e4) {
            ConfigurationAuditor.getInstance().invoke(objectName, methodDescriptor, str, objArr, e4);
            throw e4;
        } catch (InstanceNotFoundException e5) {
            ConfigurationAuditor.getInstance().invoke(objectName, methodDescriptor, str, objArr, e5);
            throw e5;
        }
    }

    public static boolean isGetAccessAllowed(String str, ObjectName objectName, String str2) throws AttributeNotFoundException, InstanceNotFoundException {
        SecurityInterceptor securityInterceptor = (SecurityInterceptor) securityInterceptors.get(str);
        if (securityInterceptor == null) {
            throw new InstanceNotFoundException("MBeanServer " + str + "does not exist");
        }
        try {
            securityInterceptor.checkGetSecurity(objectName, str2);
            return true;
        } catch (NoAccessRuntimeException e) {
            return false;
        }
    }

    private void checkCreateSecurity(String str, ObjectName objectName) {
        initDefaultPolicies();
        if (objectName == null) {
            return;
        }
        if (this.useSecurityFramework) {
            isAccessAllowed(objectName, "create", null);
        } else if (isWLSMBean(objectName) || !isCommoMBean(objectName)) {
            SecurityHelper.isAccessAllowed(objectName, MBeanResource.ActionType.REGISTER, null, "createMBean", getBeanDescriptor(objectName));
        } else {
            SecurityHelper.isAccessAllowedCommo(objectName, MBeanResource.ActionType.REGISTER, null, "createMBean", getBeanDescriptor(objectName));
        }
    }

    private void checkCreateSecurity(String str, ObjectName objectName, ObjectName objectName2) {
        initDefaultPolicies();
        if (objectName == null) {
            return;
        }
        if (this.useSecurityFramework) {
            isAccessAllowed(objectName, "create", null);
        } else if (isWLSMBean(objectName) || !isCommoMBean(objectName)) {
            SecurityHelper.isAccessAllowed(objectName, MBeanResource.ActionType.REGISTER, null, "createMBean", getBeanDescriptor(objectName));
        } else {
            SecurityHelper.isAccessAllowedCommo(objectName, MBeanResource.ActionType.REGISTER, null, "createMBean", getBeanDescriptor(objectName));
        }
    }

    private void checkCreateSecurity(String str, ObjectName objectName, Object[] objArr, String[] strArr) {
        initDefaultPolicies();
        if (this.useSecurityFramework) {
            isAccessAllowed(objectName, "create", null);
        } else if (isWLSMBean(objectName) || !isCommoMBean(objectName)) {
            SecurityHelper.isAccessAllowed(objectName, MBeanResource.ActionType.REGISTER, null, "createMBean", getBeanDescriptor(objectName));
        } else {
            SecurityHelper.isAccessAllowedCommo(objectName, MBeanResource.ActionType.REGISTER, null, "createMBean", getBeanDescriptor(objectName));
        }
    }

    private void checkCreateSecurity(String str, ObjectName objectName, ObjectName objectName2, Object[] objArr, String[] strArr) {
        initDefaultPolicies();
        if (this.useSecurityFramework) {
            isAccessAllowed(objectName, "create", null);
        } else if (isWLSMBean(objectName) || !isCommoMBean(objectName)) {
            SecurityHelper.isAccessAllowed(objectName, MBeanResource.ActionType.REGISTER, null, "createMBean", getBeanDescriptor(objectName));
        } else {
            SecurityHelper.isAccessAllowedCommo(objectName, MBeanResource.ActionType.REGISTER, null, "createMBean", getBeanDescriptor(objectName));
        }
    }

    private void checkGetSecurity(ObjectName objectName, String str) throws AttributeNotFoundException {
        initDefaultPolicies();
        PropertyDescriptor propertyDescriptor = getPropertyDescriptor(objectName, str);
        Boolean bool = null;
        Boolean bool2 = null;
        if (propertyDescriptor != null) {
            bool = (Boolean) propertyDescriptor.getValue("encrypted");
            bool2 = (Boolean) propertyDescriptor.getValue("sensitive");
        }
        if (bool != null && bool.booleanValue() && !str.endsWith("Encrypted")) {
            String property = System.getProperty("weblogic.management.clearTextCredentialAccessEnabled");
            if (!((property == null || property.length() <= 0) ? ManagementService.getRuntimeAccess(kernelId).getDomain().getSecurityConfiguration().isClearTextCredentialAccessEnabled() : Boolean.parseBoolean(property))) {
                throw new NoAccessRuntimeException("Access to sensitive attribute in clear text is not allowed due to the setting of ClearTextCredentialAccessEnabled attribute in SecurityConfigurationMBean. Attr: " + str + ", MBean name: " + objectName);
            }
        }
        if (!this.useSecurityFramework) {
            if (isWLSMBean(objectName) || !isCommoMBean(objectName)) {
                SecurityHelper.isAccessAllowed(objectName, MBeanResource.ActionType.READ, str, "getAttribute", getBeanDescriptor(objectName), getPropertyDescriptor(objectName, str));
                return;
            } else {
                SecurityHelper.isAccessAllowedCommo(objectName, MBeanResource.ActionType.READ, str, "getAttribute", getBeanDescriptor(objectName), getPropertyDescriptor(objectName, str));
                return;
            }
        }
        String str2 = "get";
        if ((bool != null && bool.booleanValue()) || (bool2 != null && bool2.booleanValue())) {
            str2 = JMXResource.GET_ENCRYPTED;
        }
        isAccessAllowed(objectName, str2, str);
    }

    private void checkGetSecurity(ObjectName objectName, String[] strArr) {
        initDefaultPolicies();
        if (this.useSecurityFramework) {
            for (int i = 0; strArr != null && i < strArr.length; i++) {
                try {
                    checkGetSecurity(objectName, strArr[i]);
                } catch (AttributeNotFoundException e) {
                }
            }
            return;
        }
        if (isWLSMBean(objectName) || !isCommoMBean(objectName)) {
            for (int i2 = 0; strArr != null && i2 < strArr.length; i2++) {
                try {
                    SecurityHelper.isAccessAllowed(objectName, MBeanResource.ActionType.READ, strArr[i2], "getAttributes", getBeanDescriptor(objectName), getPropertyDescriptor(objectName, strArr[i2]));
                } catch (AttributeNotFoundException e2) {
                }
            }
            return;
        }
        for (int i3 = 0; strArr != null && i3 < strArr.length; i3++) {
            try {
                SecurityHelper.isAccessAllowedCommo(objectName, MBeanResource.ActionType.READ, strArr[i3], "getAttributes", getBeanDescriptor(objectName), getPropertyDescriptor(objectName, strArr[i3]));
            } catch (AttributeNotFoundException e3) {
            }
        }
    }

    private void checkUnregisterSecurity(ObjectName objectName) {
        initDefaultPolicies();
        if (this.useSecurityFramework) {
            isAccessAllowed(objectName, JMXResource.UNREGISTER, null);
        } else if (isWLSMBean(objectName) || !isCommoMBean(objectName)) {
            SecurityHelper.isAccessAllowed(objectName, MBeanResource.ActionType.UNREGISTER, null, "unregisterMBean", getBeanDescriptor(objectName));
        } else {
            SecurityHelper.isAccessAllowedCommo(objectName, MBeanResource.ActionType.UNREGISTER, null, "unregisterMBean", getBeanDescriptor(objectName));
        }
    }

    private void checkSetSecurity(ObjectName objectName, Attribute attribute, Object obj) throws AttributeNotFoundException {
        initDefaultPolicies();
        String name = attribute.getName();
        if (!this.useSecurityFramework) {
            if (isWLSMBean(objectName) || !isCommoMBean(objectName)) {
                SecurityHelper.isAccessAllowed(objectName, MBeanResource.ActionType.WRITE, name, "setAttribute", getBeanDescriptor(objectName), getPropertyDescriptor(objectName, name));
                return;
            } else {
                SecurityHelper.isAccessAllowedCommo(objectName, MBeanResource.ActionType.WRITE, name, "setAttribute", getBeanDescriptor(objectName), getPropertyDescriptor(objectName, name));
                return;
            }
        }
        PropertyDescriptor propertyDescriptor = getPropertyDescriptor(objectName, name);
        String str = "set";
        Boolean bool = null;
        Boolean bool2 = null;
        Object[] objArr = {attribute.getValue()};
        String[] strArr = {"java.lang.Object"};
        String str2 = null;
        if (propertyDescriptor != null) {
            bool = (Boolean) propertyDescriptor.getValue("encrypted");
            bool2 = (Boolean) propertyDescriptor.getValue("sensitive");
            strArr[0] = propertyDescriptor.getPropertyType().getName();
        }
        if ((bool != null && bool.booleanValue()) || (bool2 != null && bool2.booleanValue())) {
            str = "setEncrypted";
            str2 = "1";
        }
        isAccessAllowedInvoke(objectName, str, name, objArr, strArr, str2, obj);
    }

    private void checkSetSecurity(ObjectName objectName, AttributeList attributeList) {
        Object next;
        initDefaultPolicies();
        boolean z = true;
        if (isWLSMBean(objectName) || !isCommoMBean(objectName)) {
            z = false;
        }
        synchronized (attributeList) {
            Iterator it = attributeList.iterator();
            while (it.hasNext()) {
                try {
                    next = it.next();
                } catch (NoAccessRuntimeException e) {
                    it.remove();
                } catch (AttributeNotFoundException e2) {
                    it.remove();
                }
                if (!(next instanceof Attribute)) {
                    throw new RuntimeException("AttributeList must contain instances of Attribute");
                    break;
                }
                Attribute attribute = (Attribute) next;
                if (this.useSecurityFramework) {
                    PropertyDescriptor propertyDescriptor = getPropertyDescriptor(objectName, attribute.getName());
                    String str = "set";
                    Boolean bool = null;
                    Boolean bool2 = null;
                    if (propertyDescriptor != null) {
                        bool = (Boolean) propertyDescriptor.getValue("encrypted");
                        bool2 = (Boolean) propertyDescriptor.getValue("sensitive");
                    }
                    if ((bool != null && bool.booleanValue()) || (bool2 != null && bool2.booleanValue())) {
                        str = "setEncrypted";
                    }
                    isAccessAllowed(objectName, str, attribute.getName());
                } else if (z) {
                    SecurityHelper.isAccessAllowedCommo(objectName, MBeanResource.ActionType.WRITE, attribute.getName(), "setAttributes", getBeanDescriptor(objectName), getPropertyDescriptor(objectName, attribute.getName()));
                } else {
                    SecurityHelper.isAccessAllowed(objectName, MBeanResource.ActionType.WRITE, attribute.getName(), "setAttributes", getBeanDescriptor(objectName), getPropertyDescriptor(objectName, attribute.getName()));
                }
            }
        }
    }

    private void checkInvokeSecurity(ObjectName objectName, String str, Object[] objArr, String[] strArr, MethodDescriptor methodDescriptor) {
        initDefaultPolicies();
        Object lookupObject = this.wlsMBeanServer.lookupObject(objectName);
        String str2 = null;
        if (lookupObject != null && (lookupObject instanceof WLSModelMBean)) {
            str2 = ((WLSModelMBean) lookupObject).getRole(str, objArr, strArr);
        } else if (methodDescriptor != null) {
            str2 = (String) methodDescriptor.getValue("role");
        }
        if (str2 == null || !str2.equals(RDBMSUtils.FINDER)) {
            if (this.useSecurityFramework) {
                String str3 = null;
                if (methodDescriptor != null) {
                    str3 = (String) methodDescriptor.getValue("wls:auditProtectedArgs");
                }
                isAccessAllowedInvoke(objectName, "invoke", str, objArr, strArr, str3, null);
                return;
            }
            if (isWLSMBean(objectName) || !isCommoMBean(objectName)) {
                SecurityHelper.isAccessAllowed(objectName, MBeanResource.ActionType.EXECUTE, str, "invoke", getBeanDescriptor(objectName), methodDescriptor);
                return;
            } else {
                SecurityHelper.isAccessAllowedCommo(objectName, MBeanResource.ActionType.EXECUTE, str, "invoke", getBeanDescriptor(objectName), methodDescriptor);
                return;
            }
        }
        if (this.useSecurityFramework) {
            String str4 = null;
            if (methodDescriptor != null) {
                str4 = (String) methodDescriptor.getValue("wls:auditProtectedArgs");
            }
            isAccessAllowedInvoke(objectName, "find", str, objArr, strArr, str4, null);
            return;
        }
        if (isWLSMBean(objectName) || !isCommoMBean(objectName)) {
            SecurityHelper.isAccessAllowed(objectName, MBeanResource.ActionType.FIND, str, "invoke", getBeanDescriptor(objectName), methodDescriptor);
        } else {
            SecurityHelper.isAccessAllowedCommo(objectName, MBeanResource.ActionType.FIND, str, "invoke", getBeanDescriptor(objectName), methodDescriptor);
        }
    }

    private boolean isCommoMBean(ObjectName objectName) {
        Object lookupObject = this.wlsMBeanServer.lookupObject(objectName);
        if (lookupObject == null || !(lookupObject instanceof WLSModelMBean)) {
            return false;
        }
        return StandardInterface.class.isAssignableFrom(((WLSModelMBean) lookupObject).getManagedResourceClass());
    }

    private boolean isWLSMBean(ObjectName objectName) {
        if (objectName == null) {
            return false;
        }
        return (objectName instanceof WebLogicObjectName) || WLSObjectNameManager.isBEADomain(objectName.getDomain());
    }

    private BeanDescriptor getBeanDescriptor(ObjectName objectName) {
        BeanInfo beanInfo;
        if (objectName == null) {
            return null;
        }
        Object lookupObject = this.wlsMBeanServer.lookupObject(objectName);
        if (lookupObject != null && (lookupObject instanceof WLSModelMBean) && (beanInfo = ((WLSModelMBean) lookupObject).getBeanInfo()) != null) {
            return beanInfo.getBeanDescriptor();
        }
        String keyProperty = objectName.getKeyProperty("Type");
        if (keyProperty != null) {
            return SecurityHelper.getBeanDescriptor(keyProperty);
        }
        return null;
    }

    private PropertyDescriptor getPropertyDescriptor(ObjectName objectName, String str) throws AttributeNotFoundException {
        if (objectName == null) {
            return null;
        }
        Object lookupObject = this.wlsMBeanServer.lookupObject(objectName);
        if (lookupObject != null && (lookupObject instanceof WLSModelMBean)) {
            return ((WLSModelMBean) lookupObject).getPropertyDescriptorForAttribute(str);
        }
        String keyProperty = objectName.getKeyProperty("Type");
        if (keyProperty != null) {
            return SecurityHelper.getPropertyDescriptor(keyProperty, str);
        }
        return null;
    }

    private MethodDescriptor getMethodDescriptor(ObjectName objectName, String str, String[] strArr) {
        Object lookupObject = this.wlsMBeanServer.lookupObject(objectName);
        if (lookupObject != null && (lookupObject instanceof WLSModelMBean)) {
            return ((WLSModelMBean) lookupObject).getMethodDescriptor(str, strArr);
        }
        String keyProperty = objectName.getKeyProperty("Type");
        if (keyProperty != null) {
            return SecurityHelper.getMethodDescriptor(keyProperty, str);
        }
        return null;
    }

    private void initDefaultPolicies() {
        if (registeredPolicies) {
            return;
        }
        try {
            registerDefaultPolicies();
        } catch (ConsumptionException e) {
            throw new RuntimeException(e);
        }
    }

    private synchronized void registerDefaultPolicies() throws ConsumptionException {
        registeredPolicies = true;
        if (this.useSecurityFramework) {
            Calendar calendar = Calendar.getInstance();
            calendar.clear();
            calendar.set(ScriptCommands.NM_KILL_INT, 7, 11, 0, 0, 0);
            String formatTimestamp = formatTimestamp("" + calendar.getTime().getTime());
            String releaseVersion = VersionInfo.theOne().getReleaseVersion();
            long j = 0;
            if (debug.isDebugEnabled()) {
                debug.debug("Start registration of default JMX Resource policies.");
                j = System.currentTimeMillis();
            }
            JMXPolicyHandler jMXPolicyHandler = this.policyConsumer.getJMXPolicyHandler("WLSDefaultJMXResourcePolicies", releaseVersion, formatTimestamp);
            if (jMXPolicyHandler != null) {
                setUncheckedPolicy(jMXPolicyHandler, new JMXResource("get", null, null, null));
                setUncheckedPolicy(jMXPolicyHandler, new JMXResource("find", null, null, null));
                setPolicy(jMXPolicyHandler, new JMXResource(null, null, null, null), new String[0], null);
                jMXPolicyHandler.done();
            }
            BeanInfoAccess beanInfoAccess = ManagementService.getBeanInfoAccess();
            String[] beanInfoFactoryNames = beanInfoAccess.getBeanInfoFactoryNames();
            for (int i = 0; beanInfoFactoryNames != null && i < beanInfoFactoryNames.length; i++) {
                String str = beanInfoFactoryNames[i];
                String[] interfacesWithRoleInfo = beanInfoAccess.getInterfacesWithRoleInfo(str);
                if (interfacesWithRoleInfo != null && interfacesWithRoleInfo.length != 0) {
                    JMXPolicyHandler jMXPolicyHandler2 = this.policyConsumer.getJMXPolicyHandler(str, releaseVersion, formatTimestamp(beanInfoAccess.getRoleInfoImplementationFactoryTimestamp(str)));
                    if (jMXPolicyHandler2 != null) {
                        for (int i2 = 0; i2 < interfacesWithRoleInfo.length; i2++) {
                            BeanInfo beanInfoForInterface = beanInfoAccess.getBeanInfoForInterface(interfacesWithRoleInfo[i2], true, releaseVersion);
                            if (beanInfoForInterface != null) {
                                BeanDescriptor beanDescriptor = beanInfoForInterface.getBeanDescriptor();
                                Boolean bool = (Boolean) beanDescriptor.getValue("rolePermitAll");
                                if (bool != null && bool.booleanValue()) {
                                    setUncheckedPolicy(jMXPolicyHandler2, new JMXResource("set", null, interfacesWithRoleInfo[i2], null));
                                    setUncheckedPolicy(jMXPolicyHandler2, new JMXResource("invoke", null, interfacesWithRoleInfo[i2], null));
                                    setUncheckedPolicy(jMXPolicyHandler2, new JMXResource("create", null, interfacesWithRoleInfo[i2], null));
                                    setUncheckedPolicy(jMXPolicyHandler2, new JMXResource(JMXResource.UNREGISTER, null, interfacesWithRoleInfo[i2], null));
                                }
                                String[] strArr = (String[]) beanDescriptor.getValue("rolesAllowed");
                                if (strArr != null) {
                                    setPolicy(jMXPolicyHandler2, new JMXResource("set", null, interfacesWithRoleInfo[i2], null), strArr, null);
                                    setPolicy(jMXPolicyHandler2, new JMXResource("invoke", null, interfacesWithRoleInfo[i2], null), strArr, null);
                                    setPolicy(jMXPolicyHandler2, new JMXResource("create", null, interfacesWithRoleInfo[i2], null), strArr, null);
                                    setPolicy(jMXPolicyHandler2, new JMXResource(JMXResource.UNREGISTER, null, interfacesWithRoleInfo[i2], null), strArr, null);
                                }
                                MethodDescriptor[] methodDescriptors = beanInfoForInterface.getMethodDescriptors();
                                for (int i3 = 0; methodDescriptors != null && i3 < methodDescriptors.length; i3++) {
                                    MethodDescriptor methodDescriptor = methodDescriptors[i3];
                                    Boolean bool2 = (Boolean) methodDescriptor.getValue("rolePermitAll");
                                    if (bool2 != null && bool2.booleanValue()) {
                                        setUncheckedPolicy(jMXPolicyHandler2, new JMXResource("invoke", null, interfacesWithRoleInfo[i2], methodDescriptor.getName()));
                                    }
                                    String[] strArr2 = (String[]) methodDescriptor.getValue("rolesAllowed");
                                    if (strArr2 != null) {
                                        setPolicy(jMXPolicyHandler2, new JMXResource("invoke", null, interfacesWithRoleInfo[i2], methodDescriptor.getName()), strArr, strArr2);
                                    }
                                }
                                PropertyDescriptor[] propertyDescriptors = beanInfoForInterface.getPropertyDescriptors();
                                for (int i4 = 0; propertyDescriptors != null && i4 < propertyDescriptors.length; i4++) {
                                    PropertyDescriptor propertyDescriptor = propertyDescriptors[i4];
                                    String str2 = "get";
                                    String str3 = "set";
                                    Boolean bool3 = (Boolean) propertyDescriptor.getValue("encrypted");
                                    Boolean bool4 = (Boolean) propertyDescriptor.getValue("sensitive");
                                    if ((bool3 != null && bool3.booleanValue()) || (bool4 != null && bool4.booleanValue())) {
                                        str2 = JMXResource.GET_ENCRYPTED;
                                        str3 = "setEncrypted";
                                    }
                                    Boolean bool5 = (Boolean) propertyDescriptor.getValue("rolePermitAllGet");
                                    if (bool5 != null && bool5.booleanValue()) {
                                        setUncheckedPolicy(jMXPolicyHandler2, new JMXResource(str2, null, interfacesWithRoleInfo[i2], propertyDescriptor.getName()));
                                    }
                                    String[] strArr3 = (String[]) propertyDescriptor.getValue("rolesAllowedGet");
                                    if (strArr3 != null) {
                                        setPolicy(jMXPolicyHandler2, new JMXResource(str2, null, interfacesWithRoleInfo[i2], propertyDescriptor.getName()), strArr, strArr3);
                                    }
                                    Boolean bool6 = (Boolean) propertyDescriptor.getValue("rolePermitAllSet");
                                    if (bool6 != null && bool6.booleanValue()) {
                                        setUncheckedPolicy(jMXPolicyHandler2, new JMXResource(str3, null, interfacesWithRoleInfo[i2], propertyDescriptor.getName()));
                                    }
                                    String[] strArr4 = (String[]) propertyDescriptor.getValue("rolesAllowedSet");
                                    if (strArr4 != null) {
                                        setPolicy(jMXPolicyHandler2, new JMXResource(str3, null, interfacesWithRoleInfo[i2], propertyDescriptor.getName()), strArr, strArr4);
                                    }
                                }
                            } else if (debug.isDebugEnabled()) {
                                debug.debug("Beaninfo for interface is null - interface is " + interfacesWithRoleInfo[i2]);
                            }
                        }
                        jMXPolicyHandler2.done();
                    }
                }
            }
            if (debug.isDebugEnabled()) {
                debug.debug("End registration of default JMX Resource policies. Elasped time is " + (System.currentTimeMillis() - j));
            }
        }
    }

    private void isAccessAllowed(ObjectName objectName, String str, String str2) throws NoAccessRuntimeException {
        if (isWLSMBean(objectName) || isCommoMBean(objectName) || objectName == null || objectName.getKeyProperty("Type") != null) {
            String beanType = getBeanType(objectName);
            JMXResource jMXResource = new JMXResource(str, getAppName(objectName), beanType, str2);
            AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(kernelId);
            if (!this.authorizer.isAccessAllowed(currentSubject, jMXResource, new JMXContextHandler(objectName))) {
                throw new NoAccessRuntimeException("Access not allowed for subject: " + currentSubject + ", on Resource " + beanType + " Operation: " + str + " , Target: " + str2);
            }
        }
    }

    private void isAccessAllowedInvoke(ObjectName objectName, String str, String str2, Object[] objArr, String[] strArr, String str3, Object obj) throws NoAccessRuntimeException {
        if (isWLSMBean(objectName) || isCommoMBean(objectName) || objectName == null || objectName.getKeyProperty("Type") != null) {
            String beanType = getBeanType(objectName);
            JMXResource jMXResource = new JMXResource(str, getAppName(objectName), beanType, str2);
            AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(kernelId);
            if (!this.authorizer.isAccessAllowed(currentSubject, jMXResource, new JMXContextHandler(objectName, objArr, strArr, str3, obj))) {
                throw new NoAccessRuntimeException("Access not allowed for subject: " + currentSubject + ", on Resource " + beanType + " Operation: " + str + " , Target: " + str2);
            }
        }
    }

    private String getBeanType(ObjectName objectName) {
        BeanInfo beanInfo;
        BeanDescriptor beanDescriptor;
        if (objectName == null) {
            return null;
        }
        Object lookupObject = this.wlsMBeanServer.lookupObject(objectName);
        if (lookupObject != null && (lookupObject instanceof WLSModelMBean) && (beanInfo = ((WLSModelMBean) lookupObject).getBeanInfo()) != null && (beanDescriptor = beanInfo.getBeanDescriptor()) != null) {
            return (String) beanDescriptor.getValue("interfaceclassname");
        }
        String keyProperty = objectName.getKeyProperty("Type");
        if (keyProperty != null) {
            String str = keyProperty.endsWith("Runtime") ? "weblogic.management.runtime." + keyProperty + "MBean" : "weblogic.management.configuration." + keyProperty + "MBean";
            try {
                Class.forName(str);
                return str;
            } catch (Exception e) {
            }
        }
        return keyProperty;
    }

    private String getAppName(ObjectName objectName) {
        if (objectName == null) {
            return null;
        }
        for (int i = 0; i < APP_SCOPED_TYPES.length; i++) {
            String keyProperty = objectName.getKeyProperty(APP_SCOPED_TYPES[i]);
            if (keyProperty != null) {
                return keyProperty;
            }
            if (APP_SCOPED_TYPES[i].equals(objectName.getKeyProperty("Type"))) {
                return objectName.getKeyProperty("Name");
            }
        }
        String keyProperty2 = objectName.getKeyProperty("Path");
        if (keyProperty2 == null) {
            return null;
        }
        int indexOf = keyProperty2.indexOf("[");
        int indexOf2 = keyProperty2.indexOf("]");
        return (indexOf == -1 || indexOf2 == -1 || indexOf >= indexOf2) ? objectName.getKeyProperty("Name") : keyProperty2.substring(indexOf + 1, indexOf2);
    }

    private void setUncheckedPolicy(JMXPolicyHandler jMXPolicyHandler, JMXResource jMXResource) throws ConsumptionException {
        if (debug.isDebugEnabled()) {
            debug.debug("Register unchecked policy " + jMXResource);
        }
        jMXPolicyHandler.setUncheckedPolicy(jMXResource);
    }

    private void setPolicy(JMXPolicyHandler jMXPolicyHandler, JMXResource jMXResource, String[] strArr, String[] strArr2) throws ConsumptionException {
        int length = strArr == null ? 0 : strArr.length;
        int length2 = strArr2 == null ? 0 : strArr2.length;
        int i = length + length2;
        String[] strArr3 = new String[i + 1];
        for (int i2 = 0; i2 < length; i2++) {
            strArr3[i2] = strArr[i2];
        }
        for (int i3 = 0; i3 < length2; i3++) {
            strArr3[i3 + length] = strArr2[i3];
        }
        strArr3[i] = "Admin";
        if (debug.isDebugEnabled()) {
            String str = "";
            for (int i4 = 0; strArr3 != null && i4 < strArr3.length; i4++) {
                if (i4 > 0) {
                    str = str + ",";
                }
                str = str + strArr3[i4];
            }
            debug.debug("Register checked policy " + jMXResource + " roles " + str);
        }
        jMXPolicyHandler.setPolicy(jMXResource, strArr3);
    }

    private String formatTimestamp(String str) {
        Date date;
        try {
            date = new Date(new Long(str).longValue());
        } catch (NumberFormatException e) {
            date = new Date();
        }
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
        return simpleDateFormat.format(date);
    }

    private void checkForBEADomain(ObjectName objectName) {
        if (objectName != null && BEA_DOMAIN.equals(objectName.getDomain())) {
            throw new NoAccessRuntimeException(JMXLogger.logMBeanRegistrationFailedLoggable(objectName.getCanonicalName()).getMessage());
        }
    }
}
