package weblogic.security.service;

import com.bea.common.engine.ServiceInitializationException;
import com.bea.common.engine.ServiceNotFoundException;
import com.bea.common.security.service.AuditService;
import com.bea.common.security.service.SAML2Service;
import com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler;
import com.bea.security.css.CSS;
import java.lang.reflect.Proxy;
import java.security.AccessController;
import java.security.Policy;
import java.security.PrivilegedAction;
import java.security.Security;
import java.util.HashMap;
import javax.security.auth.login.LoginException;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContextException;
import weblogic.logging.Loggable;
import weblogic.management.configuration.AppDeploymentMBean;
import weblogic.management.provider.ManagementService;
import weblogic.management.security.DeploymentModel;
import weblogic.management.security.ProviderMBean;
import weblogic.management.security.RealmMBean;
import weblogic.management.security.authentication.AuthenticationProviderMBean;
import weblogic.management.security.authorization.AdjudicatorMBean;
import weblogic.management.security.authorization.AuthorizerMBean;
import weblogic.management.security.authorization.RoleMapperMBean;
import weblogic.management.security.credentials.CredentialMapperMBean;
import weblogic.management.security.pk.CertPathProviderMBean;
import weblogic.management.security.pk.KeyStoreMBean;
import weblogic.management.utils.ErrorCollectionException;
import weblogic.security.SecurityInitializationException;
import weblogic.security.SecurityLogger;
import weblogic.security.SimpleCallbackHandler;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.internal.AuditorServiceImpl;
import weblogic.security.internal.BootProperties;
import weblogic.security.internal.ConsoleServerConfig;
import weblogic.security.internal.ForceDDOnly;
import weblogic.security.internal.SecurityServicesImpl;
import weblogic.security.jacc.RoleMapperFactory;
import weblogic.security.jacc.simpleprovider.PolicyConfigurationFactoryImpl;
import weblogic.security.jacc.simpleprovider.RoleMapperFactoryImpl;
import weblogic.security.service.SecurityService;
import weblogic.security.service.internal.ApplicationVersioningService;
import weblogic.security.shared.LoggerWrapper;
import weblogic.security.spi.ApplicationInfo;
import weblogic.security.spi.AuditSeverity;
import weblogic.security.spi.SecurityProvider;
import weblogic.security.utils.CertPathTrustManagerUtils;
import weblogic.security.utils.KeyStoreConstants;

/* loaded from: input_file:weblogic/security/service/CommonSecurityServiceManagerDelegateImpl.class */
public class CommonSecurityServiceManagerDelegateImpl implements SecurityServiceManagerDelegate {
    private static final String AUDITOR_SERVICE = "realmAuditorSerice";
    private static final String SECURITY_SERVICES = "realmSecurityServices";
    private static RealmMBean realmMbean;
    private static final String JACC_POLICY_PROVIDER = "javax.security.jacc.policy.provider";
    private static final String JACC_POLICYCONFIGURATIONFACTORY_PROVIDER = "javax.security.jacc.PolicyConfigurationFactory.provider";
    private static final String ROLEMAPPERFACTORY_PROVIDER = "weblogic.security.jacc.RoleMapperFactory.provider";
    private static boolean opssLoadDebug;
    private static final String JPS_CFG_FILE_PROP = "oracle.security.jps.config";
    private static final String ORA_DOMAIN_CFG_DIR = "oracle.domain.config.dir";
    private static final AuthenticatedSubject kernelId;
    private static final String JAVA_SECURITY_MANAGER = "java.security.manager";
    private static final String JAVA_SECURITY_MANAGER_CLASS = "java.lang.SecurityManager";
    private static final String JAVA_SECURITY_POLICY = "java.security.policy";
    private static final String DEFAULT_JACC_SECURITY_POLICY_CONFIGURATION_FACTORY_PROVIDER_CLASSNAME = "weblogic.security.jacc.simpleprovider.PolicyConfigurationFactoryImpl";
    private static final String DEFAULT_JACC_SECURITY_POLICY_PROVIDER_CLASSNAME = "weblogic.security.jacc.simpleprovider.SimpleJACCPolicy";
    private static final String DEFAULT_ROLEMAPPERFACTORY_PROVIDER_CLASSNAME = "weblogic.security.jacc.simpleprovider.RoleMapperFactoryImpl";
    private static final Object[] ORDERED_MANAGER_KEY_LIST;
    private static boolean cacheFullDelegateAuthorization;
    private static final String FULL_DELEGATE_AUTHORIZATION = "weblogic.security.fullyDelegateAuthorization";
    private static final boolean FULL_DELEGATE_PROPERTY_ON_CMDLINE;
    private static final boolean FULL_DELEGATE_OVERRIDE_VALUE;
    private static ApplicationVersioningService appVerService;
    private static HashMap realmsHashMap = null;
    private static boolean initialized = false;
    private static String defaultConfiguredRealmName = null;
    public static boolean JACC_POLICY_LOADED = false;
    private static LoggerWrapper jaccDebugLogger = LoggerWrapper.getInstance("SecurityJACC");
    private static LoggerWrapper debugLogger = LoggerWrapper.getInstance("SecurityRealm");
    public static String OPSS_POLICY_PROVIDER = "oracle.security.jps.internal.policystore.JavaPolicyProvider";
    public static boolean OPSS_POLICY_LOADED = false;
    private static String OPSS_LOAD_LOG = "DebugOPSSPolicyLoading";
    CSS css = null;
    private boolean consoleFullDelegation = false;

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public boolean isSecurityServiceInitialized() {
        return initialized;
    }

    private static boolean isRequiredSecurityService(SecurityService.ServiceType serviceType) {
        return serviceType == SecurityService.ServiceType.AUTHORIZE || serviceType == SecurityService.ServiceType.AUTHENTICATION || serviceType == SecurityService.ServiceType.ROLE;
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public SecurityService getSecurityService(AuthenticatedSubject authenticatedSubject, String str, SecurityService.ServiceType serviceType) throws InvalidParameterException, NotYetInitializedException {
        if (!initialized) {
            throw new NotYetInitializedException(SecurityLogger.getSecServiceMgrNotYetInit());
        }
        SecurityManager.checkKernelIdentity(authenticatedSubject);
        SecurityService securityServiceInternal = getSecurityServiceInternal(str, serviceType);
        if (securityServiceInternal == null && isRequiredSecurityService(serviceType)) {
            throw new NotYetInitializedException(SecurityLogger.getSecServiceNotYetInit("" + serviceType));
        }
        return securityServiceInternal;
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public SecurityService getSecurityServiceInternal(String str, SecurityService.ServiceType serviceType) throws InvalidParameterException {
        if (null == str) {
            throw new InvalidParameterException(SecurityLogger.getMustSpecifyRealm());
        }
        if (null == serviceType) {
            throw new InvalidParameterException(SecurityLogger.getMustSpecifySecServiceType());
        }
        String str2 = defaultConfiguredRealmName;
        if (!str.equals(SecurityServiceManager.defaultRealmName)) {
            str2 = str;
        }
        HashMap hashMap = (HashMap) realmsHashMap.get(str2);
        if (hashMap == null) {
            throw new InvalidParameterException(SecurityLogger.getRealmDoesNotExist(str2));
        }
        return (SecurityService) hashMap.get(serviceType);
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public SecurityProvider createSecurityProvider(ProviderMBean providerMBean, Auditor auditor) {
        String providerClassName = providerMBean.getProviderClassName();
        try {
            try {
                try {
                    SecurityProvider securityProvider = (SecurityProvider) Class.forName(providerClassName, true, providerMBean.getClass().getClassLoader()).newInstance();
                    securityProvider.initialize(providerMBean, (SecurityServicesImpl) ((HashMap) realmsHashMap.get(providerMBean.getRealm().getName())).get(SECURITY_SERVICES));
                    return securityProvider;
                } catch (IllegalAccessException e) {
                    throw new ProviderException(SecurityLogger.getSecProvErrorCreationExc(providerClassName), e);
                }
            } catch (InstantiationException e2) {
                throw new ProviderException(SecurityLogger.getSecProvErrorCreationExc(providerClassName), e2);
            }
        } catch (ClassNotFoundException e3) {
            throw new ProviderException(SecurityLogger.getSecProvErrorNotFound(providerClassName), e3);
        }
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public boolean doesRealmExist(String str) throws InvalidParameterException, NotYetInitializedException {
        if (initialized) {
            return doesRealmExistInternal(str);
        }
        throw new NotYetInitializedException(SecurityLogger.getSecServiceMgrNotYetInit());
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public boolean doesRealmExistInternal(String str) throws InvalidParameterException, NotYetInitializedException {
        if (null == str) {
            throw new InvalidParameterException(SecurityLogger.getMustSpecifyRealm());
        }
        return realmsHashMap.containsKey(str);
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public boolean isFullAuthorizationDelegationRequired(String str, SecurityApplicationInfo securityApplicationInfo) {
        String applicationIdentifier;
        if (ForceDDOnly.isForceDDOnly()) {
            return false;
        }
        if (this.consoleFullDelegation && securityApplicationInfo != null && (applicationIdentifier = securityApplicationInfo.getApplicationIdentifier()) != null && applicationIdentifier.startsWith(ConsoleServerConfig.CONSOLE_APP_NAME) && DeploymentModel.DD_ONLY.equals(securityApplicationInfo.getSecurityDDModel())) {
            return true;
        }
        if (securityApplicationInfo != null) {
            String securityDDModel = securityApplicationInfo.getSecurityDDModel();
            if (!DeploymentModel.ADVANCED.equals(securityDDModel)) {
                boolean z = false;
                if (DeploymentModel.CUSTOM_ROLES_POLICIES.equals(securityDDModel)) {
                    z = true;
                }
                if (debugLogger.isDebugEnabled()) {
                    debugLogger.debug("isFullAuthorizationDelegationRequired: returning " + z);
                }
                return z;
            }
        }
        if (debugLogger.isDebugEnabled()) {
            debugLogger.debug("isFullAuthorizationDelegationRequired: returning realm setting");
        }
        return FULL_DELEGATE_PROPERTY_ON_CMDLINE ? FULL_DELEGATE_OVERRIDE_VALUE : cacheFullDelegateAuthorization;
    }

    private RealmMBean getDefaultRealm() {
        RealmMBean defaultRealm = ManagementService.getRuntimeAccess(kernelId).getDomain().getSecurityConfiguration().getDefaultRealm();
        if (defaultRealm != null) {
            return defaultRealm;
        }
        throw new SecurityServiceRuntimeException(SecurityLogger.getInvSecConfigNoDefaultRealm());
    }

    private void initializeRealm(RealmMBean realmMBean, HashMap hashMap) throws SecurityServiceException {
        String name = realmMBean.getName();
        try {
            realmMBean.validate();
            InitializeServiceEngine(realmMBean);
            AuditorServiceImpl auditorServiceImpl = null;
            try {
                AuditService auditService = (AuditService) this.css.getService(CSS.AUDIT_SERVICE);
                if (auditService.isAuditEnabled()) {
                    Auditor auditor = new Auditor(auditService);
                    hashMap.put(SecurityService.ServiceType.AUDIT, auditor);
                    auditorServiceImpl = new AuditorServiceImpl(auditor);
                    hashMap.put(AUDITOR_SERVICE, auditorServiceImpl);
                }
                appVerService = (ApplicationVersioningService) this.css.getService("ApplicationVersioningService");
            } catch (ServiceNotFoundException e) {
            } catch (ServiceInitializationException e2) {
                throw new SecurityServiceException(e2);
            }
            hashMap.put(SECURITY_SERVICES, new SecurityServicesImpl(auditorServiceImpl, name));
            CredentialManager doCredentials = doCredentials(name, realmMBean);
            if (doCredentials != null) {
                hashMap.put(SecurityService.ServiceType.CREDENTIALMANAGER, doCredentials);
            }
            SecurityService doBulkRole = doBulkRole(name, realmMBean);
            if (doBulkRole != null) {
                hashMap.put(SecurityService.ServiceType.BULKROLE, doBulkRole);
            }
            SecurityService doBulkATZ = doBulkATZ(name, realmMBean);
            if (doBulkATZ != null) {
                hashMap.put(SecurityService.ServiceType.BULKAUTHORIZE, doBulkATZ);
            }
            RoleManager doRole = doRole(name, realmMBean);
            if (doRole != null) {
                hashMap.put(SecurityService.ServiceType.ROLE, doRole);
            }
            AuthorizationManager doATZ = doATZ(name, realmMBean);
            if (doATZ != null) {
                hashMap.put(SecurityService.ServiceType.AUTHORIZE, doATZ);
            }
            PrincipalAuthenticator doATN = doATN(name, realmMBean);
            if (doATN != null) {
                hashMap.put(SecurityService.ServiceType.AUTHENTICATION, doATN);
            }
            CertPathManager doCertPath = doCertPath(name, realmMBean);
            if (doCertPath != null) {
                hashMap.put(SecurityService.ServiceType.CERTPATH, doCertPath);
            }
            SecurityTokenServiceManager doSTS = doSTS(realmMBean);
            if (doSTS != null) {
                hashMap.put(SecurityService.ServiceType.STSMANAGER, doSTS);
            }
            KeyManager doKeyStore = doKeyStore(name, realmMBean);
            if (doKeyStore != null) {
                hashMap.put(SecurityService.ServiceType.KEYMANAGER, doKeyStore);
            }
            try {
                SAML2Service sAML2Service = (SAML2Service) this.css.getService(CSS.SAML2_SSO_SERVICE);
                if (sAML2Service != null) {
                    hashMap.put(SecurityService.ServiceType.SAML2_SSO, new SAML2ServiceWrapper((SAML2Service) Proxy.newProxyInstance(CSSWLSDelegateImpl.getSAML2ClassLoader(), sAML2Service.getClass().getInterfaces(), new ThreadClassLoaderContextInvocationHandler(CSSWLSDelegateImpl.getSAML2ClassLoader(), sAML2Service))));
                }
            } catch (ServiceNotFoundException e3) {
            } catch (ServiceInitializationException e4) {
            }
            if (hashMap.size() == 0) {
                realmsHashMap.remove(name);
                throw new SecurityServiceException(SecurityLogger.getFailedToInitRealm(name));
            }
        } catch (ErrorCollectionException e5) {
            throw new SecurityServiceRuntimeException(SecurityLogger.getSecRealmInvConfig(name), e5);
        }
    }

    private CredentialManager doCredentials(String str, RealmMBean realmMBean) {
        CredentialManager credentialManager = null;
        CredentialMapperMBean[] credentialMappers = realmMBean.getCredentialMappers();
        if (null != credentialMappers && 0 != credentialMappers.length) {
            credentialManager = new CredentialManager(str, credentialMappers);
        }
        return credentialManager;
    }

    private RoleManager doRole(String str, RealmMBean realmMBean) {
        RoleMapperMBean[] roleMappers = realmMBean.getRoleMappers();
        if (null == roleMappers || 0 == roleMappers.length) {
            throw new SecurityServiceRuntimeException(SecurityLogger.getNeedToConfigureOneRoleMapper());
        }
        return new RoleManager(str, roleMappers);
    }

    private SecurityService doBulkRole(String str, RealmMBean realmMBean) {
        RoleMapperMBean[] roleMappers = realmMBean.getRoleMappers();
        if (null == roleMappers || 0 == roleMappers.length) {
            throw new SecurityServiceRuntimeException(SecurityLogger.getNeedToConfigureOneRoleMapper());
        }
        BulkRoleManager bulkRoleManager = new BulkRoleManager();
        bulkRoleManager.initialize(str, roleMappers);
        return bulkRoleManager;
    }

    private AuthorizationManager doATZ(String str, RealmMBean realmMBean) {
        ProviderMBean[] providerMBeanArr;
        AuthorizerMBean[] authorizers = realmMBean.getAuthorizers();
        if (null == authorizers || 0 == authorizers.length) {
            throw new InvalidParameterException(SecurityLogger.getNeedToConfigureOneAtzMBean());
        }
        AdjudicatorMBean adjudicator = realmMBean.getAdjudicator();
        if (adjudicator != null) {
            providerMBeanArr = new ProviderMBean[authorizers.length + 1];
            System.arraycopy(authorizers, 0, providerMBeanArr, 0, authorizers.length);
            providerMBeanArr[authorizers.length] = adjudicator;
        } else {
            providerMBeanArr = new ProviderMBean[authorizers.length];
            System.arraycopy(authorizers, 0, providerMBeanArr, 0, authorizers.length);
        }
        return new AuthorizationManager(str, providerMBeanArr);
    }

    private SecurityService doBulkATZ(String str, RealmMBean realmMBean) {
        ProviderMBean[] providerMBeanArr;
        AuthorizerMBean[] authorizers = realmMBean.getAuthorizers();
        if (null == authorizers || 0 == authorizers.length) {
            throw new InvalidParameterException(SecurityLogger.getNeedToConfigureOneAtzMBean());
        }
        AdjudicatorMBean adjudicator = realmMBean.getAdjudicator();
        if (adjudicator != null) {
            providerMBeanArr = new ProviderMBean[authorizers.length + 1];
            System.arraycopy(authorizers, 0, providerMBeanArr, 0, authorizers.length);
            providerMBeanArr[authorizers.length] = adjudicator;
        } else {
            providerMBeanArr = new ProviderMBean[authorizers.length];
            System.arraycopy(authorizers, 0, providerMBeanArr, 0, authorizers.length);
        }
        BulkAuthorizationManager bulkAuthorizationManager = new BulkAuthorizationManager();
        bulkAuthorizationManager.initialize(str, providerMBeanArr);
        return bulkAuthorizationManager;
    }

    private PrincipalAuthenticator doATN(String str, RealmMBean realmMBean) {
        AuthenticationProviderMBean[] authenticationProviders = realmMBean.getAuthenticationProviders();
        if ((null == authenticationProviders || 0 == authenticationProviders.length) && debugLogger.isDebugEnabled()) {
            debugLogger.debug("Warning, PrincipalAuthenticator for realm " + str + " initializing without configuration");
        }
        return new PrincipalAuthenticator(str, authenticationProviders);
    }

    private CertPathManager doCertPath(String str, RealmMBean realmMBean) {
        CertPathProviderMBean[] certPathProviders = realmMBean.getCertPathProviders();
        CertPathProviderMBean[] certPathProviderMBeanArr = new CertPathProviderMBean[certPathProviders.length + 1];
        certPathProviderMBeanArr[0] = realmMBean.getCertPathBuilder();
        for (int i = 0; i < certPathProviders.length; i++) {
            certPathProviderMBeanArr[i + 1] = certPathProviders[i];
        }
        return new CertPathManager(str, certPathProviderMBeanArr);
    }

    private SecurityTokenServiceManager doSTS(RealmMBean realmMBean) {
        SecurityTokenServiceManager securityTokenServiceManager = null;
        if (null != realmMBean) {
            securityTokenServiceManager = new SecurityTokenServiceManager(realmMBean);
        }
        return securityTokenServiceManager;
    }

    private KeyManager doKeyStore(String str, RealmMBean realmMBean) {
        String property;
        KeyManager keyManager = null;
        if (realmMBean != null) {
            KeyStoreMBean[] keyStores = realmMBean.getKeyStores();
            if (null == keyStores || 0 == keyStores.length) {
                return new KeyManager(str, null);
            }
            keyManager = new KeyManager(str, keyStores);
            for (int i = 0; i < keyStores.length; i++) {
                if (null != keyStores) {
                    try {
                        if (keyStores.length > 0 && ((property = Security.getProperty("Alg.Alias.KeyStore." + keyStores[i].getType())) == null || !property.equals(str + ".KeyStore." + keyStores[i].getType()))) {
                            Security.setProperty("Alg.Alias.KeyStore." + keyStores[i].getType(), str + ".KeyStore." + keyStores[i].getType());
                        }
                    } catch (SecurityException e) {
                        throw new SecurityServiceRuntimeException(SecurityLogger.getCanNotConfigureKeyStoreProviders(e.getMessage()));
                    }
                }
            }
        }
        return keyManager;
    }

    private void loadRealm(String str) throws SecurityServiceException {
        if (realmsHashMap.containsKey(str)) {
            return;
        }
        RealmMBean lookupRealm = ManagementService.getRuntimeAccess(kernelId).getDomain().getSecurityConfiguration().lookupRealm(str);
        if (realmMbean == null) {
            throw new SecurityServiceException(SecurityLogger.getInvalidRealmName(str));
        }
        HashMap hashMap = new HashMap();
        realmsHashMap.put(str, hashMap);
        initializeRealm(lookupRealm, hashMap);
        cacheFullDelegateAuthorization = lookupRealm.isFullyDelegateAuthorization();
    }

    private void initializeRealms() {
        realmsHashMap = new HashMap();
        realmMbean = getDefaultRealm();
        if (realmMbean == null) {
            throw new SecurityServiceRuntimeException(SecurityLogger.getNoRealmMBeanUnableToInit());
        }
        defaultConfiguredRealmName = realmMbean.getName();
        try {
            loadRealm(defaultConfiguredRealmName);
            initialized = true;
        } catch (SecurityServiceException e) {
            SecurityLogger.logLoadRealmFailed(defaultConfiguredRealmName, e);
            if (debugLogger.isDebugEnabled()) {
                debugLogger.debug("Failed to initialize default security realm: " + defaultConfiguredRealmName);
            }
        }
    }

    private void doBootAuthorization() {
        boolean z = Boolean.getBoolean(SecurityServiceManager.STORE_BOOT_IDENTITY);
        boolean z2 = Boolean.getBoolean(SecurityServiceManager.REMOVE_BOOT_IDENTITY);
        boolean z3 = Boolean.getBoolean("weblogic.system.NodeManagerBoot");
        if (z3) {
            z2 = true;
        }
        PrincipalAuthenticator principalAuthenticator = (PrincipalAuthenticator) getSecurityServiceInternal(SecurityServiceManager.defaultRealmName, SecurityService.ServiceType.AUTHENTICATION);
        AuthorizationManager authorizationManager = (AuthorizationManager) getSecurityServiceInternal(SecurityServiceManager.defaultRealmName, SecurityService.ServiceType.AUTHORIZE);
        if (principalAuthenticator == null || authorizationManager == null) {
            throw new SecurityServiceRuntimeException(SecurityLogger.getSecurityServicesUnavailable());
        }
        String timestamp1 = ManagementService.getPropertyService(kernelId).getTimestamp1();
        try {
            AuthenticatedSubject authenticate = principalAuthenticator.authenticate(new SimpleCallbackHandler(timestamp1, ManagementService.getPropertyService(kernelId).getTimestamp2()), null);
            if (!z) {
                BootProperties.save();
            } else if (!z2) {
                BootProperties.output(ManagementService.getRuntimeAccess(kernelId).getDomain().getSecurityConfiguration(), System.getProperty("weblogic.system.BootIdentityFile"), ManagementService.getPropertyService(kernelId).getTimestamp1(), ManagementService.getPropertyService(kernelId).getTimestamp2(), System.getProperty(KeyStoreConstants.TRUST_KEYSTORE_PROP), System.getProperty(KeyStoreConstants.CUSTOM_TRUST_KEYSTORE_FILENAME_PROP), System.getProperty(KeyStoreConstants.CUSTOM_TRUST_KEYSTORE_TYPE_PROP), System.getProperty(KeyStoreConstants.CUSTOM_TRUST_KEYSTORE_PASSPHRASE_PROP), System.getProperty(KeyStoreConstants.JAVA_STANDARD_TRUST_KEYSTORE_PASSPHRASE_PROP));
            }
            BootProperties.unload(z2);
            if ((ManagementService.getRuntimeAccess(kernelId).isAdminServer() || !ManagementService.getRuntimeAccess(kernelId).isAdminServerAvailable()) && !authorizationManager.isAccessAllowed(authenticate, new ServerResource(null, ManagementService.getRuntimeAccess(kernelId).getServerName(), "boot"), null)) {
                Loggable logUserNotPermittedToBootLoggable = SecurityLogger.logUserNotPermittedToBootLoggable(SubjectUtils.getUsername(authenticate));
                logUserNotPermittedToBootLoggable.log();
                throw new SecurityInitializationException(logUserNotPermittedToBootLoggable.getMessageText());
            }
        } catch (LoginException e) {
            String property = System.getProperty("weblogic.management.startmode");
            if (property != null && property.compareTo("WinSvc") == 0) {
                Loggable logErrorBadPasswordRegisteredLoggable = SecurityLogger.logErrorBadPasswordRegisteredLoggable(timestamp1);
                logErrorBadPasswordRegisteredLoggable.log();
                throw new SecurityInitializationException(logErrorBadPasswordRegisteredLoggable.getMessageText(), e);
            }
            if (BootProperties.getBootProperties() == null && !z3) {
                Loggable logAuthDeniedForUserLoggable = SecurityLogger.logAuthDeniedForUserLoggable(timestamp1);
                logAuthDeniedForUserLoggable.log();
                throw new SecurityInitializationException(logAuthDeniedForUserLoggable.getMessageText(), e);
            }
            BootProperties.unload(z2);
            Loggable logBootIdentityNotValidLoggable = SecurityLogger.logBootIdentityNotValidLoggable();
            logBootIdentityNotValidLoggable.log();
            throw new SecurityInitializationException(logBootIdentityNotValidLoggable.getMessageText(), e);
        }
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public void initialize(AuthenticatedSubject authenticatedSubject) {
        setJAASConfiguration();
        loadOPSSPolicy();
        checkJACCCmdlineForConsistency();
        initJACCSecurity();
        if (null != realmsHashMap) {
            throw new SecurityServiceRuntimeException(SecurityLogger.getCanOnlyInitSecServiceOnce());
        }
        initializeRealms();
        if (defaultConfiguredRealmName != null) {
            SecurityLogger.logInitializingUsingRealm(defaultConfiguredRealmName);
        } else {
            SecurityLogger.logInitializingUsingRealm("null");
        }
        this.consoleFullDelegation = ManagementService.getRuntimeAccess(kernelId).getDomain().getSecurityConfiguration().isConsoleFullDelegationEnabled();
        CertPathTrustManagerUtils.start();
        doBootAuthorization();
        if (System.getSecurityManager() != null) {
            SecurityLogger.logInitializingUsingJavaSecurityManager();
            new WLSPolicy().init();
        }
        if (isJACCEnabled()) {
            SecurityLogger.logInitializingUsingJACC();
        }
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public void shutdown() {
        if (initialized) {
            Object[] array = realmsHashMap.keySet().toArray();
            for (int i = 0; i < array.length; i++) {
                shutdownRealm((String) array[i], (HashMap) realmsHashMap.get(array[i]));
                realmsHashMap.remove(array[i]);
            }
            CSSWLSDelegateImpl.canShutdown = true;
            this.css.shutdown();
            CSSWLSDelegateImpl.instance = null;
            this.css = null;
        }
    }

    private void shutdownRealm(String str, HashMap hashMap) {
        if (null == str || null == hashMap) {
            throw new SecurityServiceRuntimeException("Security Realm is in illegal state, failed to shutdown the security realm!");
        }
        SecurityLogger.logShutdownSecurityRealm(str);
        if (debugLogger.isDebugEnabled()) {
            debugLogger.debug("Security Service is shutting down security realm " + str);
        }
        Auditor auditor = (Auditor) hashMap.get(ORDERED_MANAGER_KEY_LIST[0]);
        for (int length = ORDERED_MANAGER_KEY_LIST.length - 1; length > 0; length--) {
            SecurityService securityService = (SecurityService) hashMap.get(ORDERED_MANAGER_KEY_LIST[length]);
            if (securityService != null) {
                shutdownSecurityService(str, ORDERED_MANAGER_KEY_LIST[length].toString(), securityService, auditor);
                hashMap.remove(ORDERED_MANAGER_KEY_LIST[length]);
            }
        }
        if (auditor != null) {
            shutdownSecurityService(str, ORDERED_MANAGER_KEY_LIST[0].toString(), auditor, auditor);
        }
    }

    private void shutdownSecurityService(String str, String str2, SecurityService securityService, Auditor auditor) {
        boolean z = true;
        if (SecurityService.ServiceType.AUDIT.toString().equals(str2)) {
            z = false;
        }
        try {
            securityService.shutdown();
            String str3 = "Security Service " + str2 + " is shutdown in security realm " + str;
            if (z && auditor != null) {
                auditor.writeEvent(new AuditSecurityManagementEventImpl(AuditSeverity.SUCCESS, str2, str3, null));
            }
            if (debugLogger.isDebugEnabled()) {
                debugLogger.debug(str3);
            }
        } catch (RuntimeException e) {
            String str4 = "Security Service " + str2 + " failed to shutdown in security realm " + str;
            if (z && auditor != null) {
                auditor.writeEvent(new AuditSecurityManagementEventImpl(AuditSeverity.FAILURE, str2, str4, e));
            }
            if (debugLogger.isDebugEnabled()) {
                debugLogger.debug(str4, e);
            }
        }
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public String getDefaultRealmName() {
        return defaultConfiguredRealmName;
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public void applicationDeleted(AppDeploymentMBean appDeploymentMBean) {
        if (appDeploymentMBean == null) {
            return;
        }
        RoleManager roleManager = (RoleManager) getSecurityServiceInternal(SecurityServiceManager.defaultRealmName, SecurityService.ServiceType.ROLE);
        AuthorizationManager authorizationManager = (AuthorizationManager) getSecurityServiceInternal(SecurityServiceManager.defaultRealmName, SecurityService.ServiceType.AUTHORIZE);
        SecurityApplicationInfoImpl securityApplicationInfoImpl = new SecurityApplicationInfoImpl(appDeploymentMBean, ApplicationInfo.ComponentType.APPLICATION, null);
        try {
            roleManager.deleteApplicationRoles(securityApplicationInfoImpl);
        } catch (Exception e) {
        }
        try {
            authorizationManager.deleteApplicationPolicies(securityApplicationInfoImpl);
        } catch (Exception e2) {
        }
        if (appDeploymentMBean.getVersionIdentifier() != null) {
            try {
                appVerService.deleteApplicationVersion(appDeploymentMBean.getApplicationIdentifier());
            } catch (Exception e3) {
            }
        } else {
            try {
                appVerService.deleteApplication(appDeploymentMBean.getApplicationName());
            } catch (Exception e4) {
            }
        }
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public void applicationDeployBegun(AppDeploymentMBean appDeploymentMBean, String[] strArr) {
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public void applicationDeployEnded(AppDeploymentMBean appDeploymentMBean, String[] strArr) {
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public boolean isApplicationVersioningSupported(String str) {
        return appVerService.isApplicationVersioningSupported();
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public void applicationVersionCreated(AppDeploymentMBean appDeploymentMBean, AppDeploymentMBean appDeploymentMBean2) {
        if (appDeploymentMBean == null) {
            return;
        }
        String applicationIdentifier = appDeploymentMBean.getApplicationIdentifier();
        String str = null;
        if (appDeploymentMBean2 != null) {
            str = appDeploymentMBean2.getApplicationIdentifier();
        }
        try {
            appVerService.createApplicationVersion(applicationIdentifier, str);
        } catch (Exception e) {
            throw new SecurityServiceRuntimeException(e);
        }
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public void initJava2Security() {
        if (System.getSecurityManager() == null) {
            return;
        }
        SecurityServiceManager.setJava2SecurityMode(true);
    }

    private static void loadOPSSPolicy() {
        if (OPSS_POLICY_LOADED) {
            if (opssLoadDebug) {
                System.out.println("SecurityServiceManagerDelegateImpl:loadOPSSPolicy no policy loaded because it has been previously loaded.");
                return;
            }
            return;
        }
        try {
            Class<?> cls = Class.forName(OPSS_POLICY_PROVIDER, true, Thread.currentThread().getContextClassLoader());
            if (System.getProperty(JPS_CFG_FILE_PROP) == null) {
                if (System.getProperty(ORA_DOMAIN_CFG_DIR) == null) {
                    SecurityLogger.logServerStartWithoutLoadingJPSPolicyProvider(JPS_CFG_FILE_PROP, ORA_DOMAIN_CFG_DIR);
                    return;
                }
                SecurityLogger.logOPSSPolicyNoCfgFileWarning(JPS_CFG_FILE_PROP);
            }
            Policy policy = (Policy) cls.newInstance();
            if (System.getProperty(JACC_POLICY_PROVIDER) != null) {
                if (opssLoadDebug) {
                    System.out.println("Conflict between JACC Policy and OPSS Policy provider");
                }
                Loggable policyLoadJACCConflictMessageLoggable = SecurityLogger.getPolicyLoadJACCConflictMessageLoggable(OPSS_POLICY_PROVIDER);
                policyLoadJACCConflictMessageLoggable.log();
                throw new SecurityInitializationException(policyLoadJACCConflictMessageLoggable.getMessageText(), new Exception("Conflict between JACC Policy provider and OPSS Policy provider"));
            }
            if (OPSS_POLICY_PROVIDER.equals(Policy.getPolicy().getClass().getCanonicalName())) {
                if (opssLoadDebug) {
                    System.out.println("SecurityServiceManagerDelegateImpl:loadOPSSPolicy - no policy resetting because it has been loaded statically.");
                }
                SecurityLogger.logOPSSPolicyAlreadyLoadedWarning(OPSS_POLICY_PROVIDER);
            } else {
                AccessController.doPrivileged(new SetPolicyAction(policy));
                if (opssLoadDebug) {
                    System.out.println("Success in loading policy of " + Policy.getPolicy().getClass().getCanonicalName());
                }
                SecurityLogger.logOPSSPolicyLoadSuccess(Policy.getPolicy().getClass().getCanonicalName());
            }
        } catch (ClassNotFoundException e) {
            if (opssLoadDebug) {
                System.out.println("Class oracle.security.jps.internal.policystore.JavaPolicyProvider is not found, and will not be loaded.");
            }
        } catch (IllegalAccessException e2) {
            if (opssLoadDebug) {
                System.out.println("Problem in constructing " + OPSS_POLICY_PROVIDER);
            }
            Loggable policyLoadIllegalAccessMessageLoggable = SecurityLogger.getPolicyLoadIllegalAccessMessageLoggable(OPSS_POLICY_PROVIDER);
            policyLoadIllegalAccessMessageLoggable.log();
            throw new SecurityInitializationException(policyLoadIllegalAccessMessageLoggable.getMessageText(), e2);
        } catch (InstantiationException e3) {
            if (opssLoadDebug) {
                System.out.println("Problem in instantiating " + OPSS_POLICY_PROVIDER);
            }
            Loggable policyInstantiationErrorMessageLoggable = SecurityLogger.getPolicyInstantiationErrorMessageLoggable(OPSS_POLICY_PROVIDER);
            policyInstantiationErrorMessageLoggable.log();
            throw new SecurityInitializationException(policyInstantiationErrorMessageLoggable.getMessageText(), e3);
        } catch (Throwable th) {
            if (opssLoadDebug) {
                System.out.println("Problem in loading OPSS security provider: " + th.getMessage());
            }
            Loggable loadPolicyProviderErrorMessageLoggable = SecurityLogger.getLoadPolicyProviderErrorMessageLoggable(OPSS_POLICY_PROVIDER, th.getMessage());
            loadPolicyProviderErrorMessageLoggable.log();
            throw new SecurityInitializationException(loadPolicyProviderErrorMessageLoggable.getMessageText(), th);
        }
    }

    public void initJACCSecurity() {
        checkJACCCmdlineForConsistency();
        if (System.getProperty(JACC_POLICY_PROVIDER) != null && !isJACCEnabled()) {
            loadJACCPolicy();
        }
        if (System.getProperty(JACC_POLICYCONFIGURATIONFACTORY_PROVIDER) != null) {
            checkJACCConfiguration();
        }
    }

    private static void matchJACCWLSClasses(String str, String str2, String str3, ErrorCollectionException errorCollectionException) {
        boolean z = false;
        if (str != null) {
            z = str.equals(DEFAULT_JACC_SECURITY_POLICY_CONFIGURATION_FACTORY_PROVIDER_CLASSNAME);
        }
        boolean z2 = false;
        if (str2 != null) {
            z2 = str2.equals(DEFAULT_JACC_SECURITY_POLICY_PROVIDER_CLASSNAME);
        }
        boolean z3 = false;
        if (str3 != null) {
            z3 = str3.equals(DEFAULT_ROLEMAPPERFACTORY_PROVIDER_CLASSNAME);
        }
        if (z || z2) {
            if (z && z2 && z3) {
                return;
            }
            addError(errorCollectionException, SecurityLogger.getJACCWebLogicClassesMustMatch());
        }
    }

    private static void addError(ErrorCollectionException errorCollectionException, String str) {
        errorCollectionException.add(new Exception(str));
    }

    private static void loadJACCPolicy() {
        if (JACC_POLICY_LOADED) {
            if (jaccDebugLogger.isDebugEnabled()) {
                jaccDebugLogger.debug("SecurityServiceManagerDelegateImpl:loadJACCPolicy no policy loaded because it has been previously loaded.");
                return;
            }
            return;
        }
        String property = System.getProperty(JACC_POLICY_PROVIDER);
        if (property == null) {
            if (jaccDebugLogger.isDebugEnabled()) {
                jaccDebugLogger.debug("SecurityServiceManagerDelegateImpl:loadJACCPolicy no policy loaded because javax.security.jacc.policy.provider was not specified.");
                return;
            }
            return;
        }
        try {
            Object newInstance = Class.forName(property).newInstance();
            if (!(newInstance instanceof Policy)) {
                Loggable logNotAPolicyObjectLoggable = SecurityLogger.logNotAPolicyObjectLoggable(property);
                logNotAPolicyObjectLoggable.log();
                throw new SecurityInitializationException(logNotAPolicyObjectLoggable.getMessageText());
            }
            Policy policy = (Policy) newInstance;
            Policy.setPolicy(policy);
            policy.refresh();
            JACC_POLICY_LOADED = true;
            SecurityLogger.logJACCPolicyLoadedLoggable(property).log();
        } catch (ClassNotFoundException e) {
            Loggable logJACCPolicyProviderClassNotFoundLoggable = SecurityLogger.logJACCPolicyProviderClassNotFoundLoggable(property, e);
            logJACCPolicyProviderClassNotFoundLoggable.log();
            throw new SecurityInitializationException(logJACCPolicyProviderClassNotFoundLoggable.getMessageText());
        } catch (IllegalAccessException e2) {
            Loggable logIllegalAccessLoggable = SecurityLogger.logIllegalAccessLoggable(property, e2);
            logIllegalAccessLoggable.log();
            throw new SecurityInitializationException(logIllegalAccessLoggable.getMessageText());
        } catch (InstantiationException e3) {
            Loggable logInstantiationExceptionLoggable = SecurityLogger.logInstantiationExceptionLoggable(property, e3);
            logInstantiationExceptionLoggable.log();
            throw new SecurityInitializationException(logInstantiationExceptionLoggable.getMessageText());
        }
    }

    private static void checkJACCConfiguration() {
        try {
            PolicyConfigurationFactory policyConfigurationFactory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
            if (policyConfigurationFactory == null || !(policyConfigurationFactory instanceof PolicyConfigurationFactory)) {
                Loggable logPolicyConfigurationFactoryProblemLoggable = SecurityLogger.logPolicyConfigurationFactoryProblemLoggable();
                logPolicyConfigurationFactoryProblemLoggable.log();
                throw new SecurityInitializationException(logPolicyConfigurationFactoryProblemLoggable.getMessageText());
            }
            SecurityLogger.logJACCPolicyConfigurationFactoryLoadedLoggable(policyConfigurationFactory.getClass().getName()).log();
            if ((policyConfigurationFactory instanceof PolicyConfigurationFactoryImpl) && jaccDebugLogger.isDebugEnabled()) {
                jaccDebugLogger.debug("SecurityServiceManagerDelegateImpl:checkJACCConfiguration. We found a weblogic.security.jacc.simpleprovider.PolicyConfigurationImpl and loaded it.");
            }
            try {
                RoleMapperFactory roleMapperFactory = RoleMapperFactory.getRoleMapperFactory();
                if (roleMapperFactory == null || !(roleMapperFactory instanceof RoleMapperFactory)) {
                    Loggable logRoleMapperFactoryProblemLoggable = SecurityLogger.logRoleMapperFactoryProblemLoggable();
                    logRoleMapperFactoryProblemLoggable.log();
                    throw new SecurityInitializationException(logRoleMapperFactoryProblemLoggable.getMessageText());
                }
                SecurityLogger.logJACCRoleMapperFactoryLoadedLoggable(roleMapperFactory.getClass().getName()).log();
                if ((roleMapperFactory instanceof RoleMapperFactoryImpl) && jaccDebugLogger.isDebugEnabled()) {
                    jaccDebugLogger.debug("SecurityServiceManagerDelegateImpl:checkJACCConfiguration. We found a weblogic.security.jacc.simpleprovider.RoleMapperFactoryImpl and loaded it.");
                }
            } catch (ClassNotFoundException e) {
                String property = System.getProperty("weblogic.security.jacc.RoleMapperFactory.provider");
                Loggable logJACCRoleMapperFactoryProviderClassNotFoundLoggable = SecurityLogger.logJACCRoleMapperFactoryProviderClassNotFoundLoggable(property == null ? "null" : property, e);
                logJACCRoleMapperFactoryProviderClassNotFoundLoggable.log();
                throw new SecurityInitializationException(logJACCRoleMapperFactoryProviderClassNotFoundLoggable.getMessageText());
            } catch (PolicyContextException e2) {
                Loggable logPolicyContextExceptionLoggable = SecurityLogger.logPolicyContextExceptionLoggable(e2);
                logPolicyContextExceptionLoggable.log();
                throw new SecurityInitializationException(logPolicyContextExceptionLoggable.getMessageText());
            }
        } catch (ClassNotFoundException e3) {
            String property2 = System.getProperty(JACC_POLICYCONFIGURATIONFACTORY_PROVIDER);
            Loggable logJACCPolicyConfigurationFactoryProviderClassNotFoundLoggable = SecurityLogger.logJACCPolicyConfigurationFactoryProviderClassNotFoundLoggable(property2 == null ? "null" : property2, e3);
            logJACCPolicyConfigurationFactoryProviderClassNotFoundLoggable.log();
            throw new SecurityInitializationException(logJACCPolicyConfigurationFactoryProviderClassNotFoundLoggable.getMessageText());
        } catch (PolicyContextException e4) {
            Loggable logPolicyContextExceptionLoggable2 = SecurityLogger.logPolicyContextExceptionLoggable(e4);
            logPolicyContextExceptionLoggable2.log();
            throw new SecurityInitializationException(logPolicyContextExceptionLoggable2.getMessageText());
        }
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public boolean isJACCEnabled() {
        return JACC_POLICY_LOADED;
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public DeploymentValidator getDeploymentValidator(AuthenticatedSubject authenticatedSubject, String str, SecurityApplicationInfo securityApplicationInfo) {
        return !securityApplicationInfo.isValidateDDSecurityData() ? new DeploymentValidatorUnknownImpl() : new DeploymentUtils(str, authenticatedSubject);
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public int getRoleMappingBehavior(String str, SecurityApplicationInfo securityApplicationInfo) {
        int i = 1;
        if (securityApplicationInfo != null) {
            String securityDDModel = securityApplicationInfo.getSecurityDDModel();
            if (!DeploymentModel.ADVANCED.equals(securityDDModel)) {
                if (DeploymentModel.CUSTOM_ROLES.equals(securityDDModel) || DeploymentModel.CUSTOM_ROLES_POLICIES.equals(securityDDModel)) {
                    i = 2;
                }
                if (debugLogger.isDebugEnabled()) {
                    debugLogger.debug("getRoleMappingBehavior: returning " + i);
                }
                return i;
            }
        }
        if (debugLogger.isDebugEnabled()) {
            debugLogger.debug("getRoleMappingBehavior: using realm setting");
        }
        if (realmMbean != null && !realmMbean.isCombinedRoleMappingEnabled()) {
            i = 0;
        }
        if (debugLogger.isDebugEnabled()) {
            debugLogger.debug("getRoleMappingBehavior: returning " + i);
        }
        return i;
    }

    private static void checkJACCCmdlineForConsistency() {
        ErrorCollectionException errorCollectionException = new ErrorCollectionException();
        java.lang.SecurityManager securityManager = System.getSecurityManager();
        String property = System.getProperty(JACC_POLICYCONFIGURATIONFACTORY_PROVIDER);
        if (property != null && securityManager == null) {
            addError(errorCollectionException, SecurityLogger.getJACCPropButNoSecurityManager(JACC_POLICYCONFIGURATIONFACTORY_PROVIDER));
        }
        String property2 = System.getProperty(JACC_POLICY_PROVIDER);
        if (property2 != null && securityManager == null) {
            throw new SecurityInitializationException(SecurityLogger.getJACCPropButNoSecurityManager(JACC_POLICY_PROVIDER));
        }
        String property3 = System.getProperty("weblogic.security.jacc.RoleMapperFactory.provider");
        if (property3 != null && securityManager == null) {
            throw new SecurityInitializationException(SecurityLogger.getJACCPropButNoSecurityManager("weblogic.security.jacc.RoleMapperFactory.provider"));
        }
        if (property != null && property2 != null && property3 == null) {
            throw new SecurityInitializationException(SecurityLogger.getJACCWebLogicRoleMapperFactoryNotSupplied());
        }
        matchJACCWLSClasses(property, property2, property3, errorCollectionException);
        if (!errorCollectionException.isEmpty()) {
            throw new SecurityInitializationException(SecurityLogger.getInconsistentSecurityConfiguration(), errorCollectionException);
        }
    }

    private void InitializeServiceEngine(RealmMBean realmMBean) throws SecurityServiceException {
        CSSWLSDelegateImpl.instance = null;
        this.css = CSS.getInstance();
        CSSWLSDelegateImpl.initialize(realmMBean);
    }

    @Override // weblogic.security.service.SecurityServiceManagerDelegate
    public CSS getCSS(AuthenticatedSubject authenticatedSubject) {
        SecurityManager.checkKernelIdentity(authenticatedSubject);
        return this.css;
    }

    private void setJAASConfiguration() {
        AccessController.doPrivileged(new PrivilegedAction() { // from class: weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                Security.setProperty("login.configuration.provider", "com.bea.common.security.jdkutils.JAASConfiguration");
                return null;
            }
        });
    }

    static {
        boolean z;
        opssLoadDebug = System.getProperty(OPSS_LOAD_LOG) != null;
        kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
        ORDERED_MANAGER_KEY_LIST = new Object[]{SecurityService.ServiceType.AUDIT, SecurityService.ServiceType.CREDENTIALMANAGER, SecurityService.ServiceType.BULKROLE, SecurityService.ServiceType.BULKAUTHORIZE, SecurityService.ServiceType.ROLE, SecurityService.ServiceType.AUTHORIZE, SecurityService.ServiceType.AUTHENTICATION, SecurityService.ServiceType.CERTPATH, SecurityService.ServiceType.KEYMANAGER, SecurityService.ServiceType.STSMANAGER, SecurityService.ServiceType.SAML2_SSO};
        cacheFullDelegateAuthorization = false;
        appVerService = null;
        String str = null;
        try {
            str = System.getProperty(FULL_DELEGATE_AUTHORIZATION);
            z = str != null;
        } catch (SecurityException e) {
            z = false;
        }
        FULL_DELEGATE_PROPERTY_ON_CMDLINE = z;
        FULL_DELEGATE_OVERRIDE_VALUE = new Boolean(str).booleanValue();
    }
}
