package weblogic.cluster.replication;

import java.io.IOException;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.rmi.RemoteException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.naming.NamingException;
import weblogic.cluster.ClusterLogger;
import weblogic.jndi.Environment;
import weblogic.rmi.extensions.PortableRemoteObject;
import weblogic.rmi.extensions.server.RemoteDomainSecurityHelper;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityManager;
import weblogic.security.service.SecurityServiceManager;

/* loaded from: input_file:weblogic/cluster/replication/SecureReplicationInvocationHandler.class */
public class SecureReplicationInvocationHandler implements InvocationHandler {
    private static final Class[] interfaces = {ReplicationServicesInternal.class};
    private static final AuthenticatedSubject KERNEL_ID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private final ReplicationServicesInternal delegate;
    private final boolean useSecuredChannel;
    private final String url;
    private AuthenticatedSubject cachedSubject;

    /* loaded from: input_file:weblogic/cluster/replication/SecureReplicationInvocationHandler$ReplicationServicesInvocationAction.class */
    public class ReplicationServicesInvocationAction implements PrivilegedAction {
        private Object targetObject;
        private Method targetMethod;
        private Object[] targetArgs;
        private Throwable exception = null;

        public ReplicationServicesInvocationAction(Object obj, Method method, Object[] objArr) {
            this.targetObject = obj;
            this.targetMethod = method;
            this.targetArgs = objArr;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            try {
                return this.targetMethod.invoke(this.targetObject, this.targetArgs);
            } catch (Throwable th) {
                this.exception = th;
                return null;
            }
        }

        public Throwable getInvocationException() {
            return this.exception;
        }
    }

    public static ReplicationServicesInternal lookupService(final String str, final String str2, final int i, final Class cls, boolean z) throws NamingException {
        try {
            return makeSecureService((ReplicationServicesInternal) SecurityManager.runAs(KERNEL_ID, getSubjectForReplicationCalls(str, z), new PrivilegedExceptionAction() { // from class: weblogic.cluster.replication.SecureReplicationInvocationHandler.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    Environment environment = new Environment();
                    environment.setProviderUrl(str);
                    environment.setProviderChannel(str2);
                    if (i >= 0) {
                        environment.setRequestTimeout(i);
                    }
                    return (ReplicationServicesInternal) PortableRemoteObject.narrow(environment.getInitialReference(cls), ReplicationServicesInternal.class);
                }
            }), z, str);
        } catch (PrivilegedActionException e) {
            NamingException namingException = new NamingException(e.getMessage());
            namingException.setRootCause(e.getCause());
            throw namingException;
        }
    }

    public static void checkPriviledges(AuthenticatedSubject authenticatedSubject, boolean z) throws SecurityException {
        if (z) {
            checkPriviledgesForSecuredChannel(authenticatedSubject);
        } else {
            checkPriviledgesForUnsecuredChannel(authenticatedSubject);
        }
    }

    private static ReplicationServicesInternal makeSecureService(ReplicationServicesInternal replicationServicesInternal, boolean z, String str) {
        return (ReplicationServicesInternal) Proxy.newProxyInstance(replicationServicesInternal.getClass().getClassLoader(), interfaces, new SecureReplicationInvocationHandler(replicationServicesInternal, z, str));
    }

    private static AuthenticatedSubject getSubjectForReplicationCalls(String str, boolean z) {
        try {
            AuthenticatedSubject subject = RemoteDomainSecurityHelper.getSubject(str);
            if (subject != null) {
                return subject;
            }
        } catch (IOException e) {
        }
        return z ? KERNEL_ID : getCurrentSubject();
    }

    private AuthenticatedSubject getSubjectForReplicationCalls() {
        AuthenticatedSubject authenticatedSubject = this.cachedSubject;
        if (authenticatedSubject == null) {
            try {
                authenticatedSubject = RemoteDomainSecurityHelper.getSubject(this.url);
            } catch (IOException e) {
            }
            if (authenticatedSubject != null) {
                this.cachedSubject = authenticatedSubject;
            }
        }
        return authenticatedSubject != null ? authenticatedSubject : this.useSecuredChannel ? KERNEL_ID : getCurrentSubject();
    }

    private static AuthenticatedSubject getCurrentSubject() {
        AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(KERNEL_ID);
        return SubjectUtils.isUserAnAdministrator(currentSubject) ? SubjectUtils.getAnonymousSubject() : currentSubject;
    }

    private static void checkPriviledgesForSecuredChannel(AuthenticatedSubject authenticatedSubject) throws SecurityException {
        if (SubjectUtils.isUserAnAdministrator(authenticatedSubject)) {
            return;
        }
        ClusterLogger.logWrongPriviledgesForReplicationCalls("users with Admin priviledges", "secured");
        throw new SecurityException("Insufficient priviledges for doing replication.");
    }

    private static void checkPriviledgesForUnsecuredChannel(AuthenticatedSubject authenticatedSubject) throws SecurityException {
        if (SubjectUtils.isUserAnAdministrator(authenticatedSubject)) {
            ClusterLogger.logWrongPriviledgesForReplicationCalls("users without Admin priviledges", "unsecured");
            throw new SecurityException("Insufficient priviledges for doing replication.");
        }
    }

    private SecureReplicationInvocationHandler(ReplicationServicesInternal replicationServicesInternal, boolean z, String str) {
        this.delegate = replicationServicesInternal;
        this.useSecuredChannel = z;
        this.url = str;
    }

    @Override // java.lang.reflect.InvocationHandler
    public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
        ReplicationServicesInvocationAction replicationServicesInvocationAction = new ReplicationServicesInvocationAction(this.delegate, method, objArr);
        try {
            Object runAs = SecurityServiceManager.runAs(KERNEL_ID, getSubjectForReplicationCalls(), replicationServicesInvocationAction);
            if (replicationServicesInvocationAction.getInvocationException() != null) {
                throw replicationServicesInvocationAction.getInvocationException();
            }
            return runAs;
        } catch (InvocationTargetException e) {
            if (e.getCause() != null) {
                throw e.getCause();
            }
            throw new RemoteException(e.getMessage());
        }
    }
}
