package weblogic.security.service;

import com.bea.common.classloader.service.ClassLoaderService;
import com.bea.common.engine.ServiceEngine;
import com.bea.common.engine.ServiceEngineConfig;
import com.bea.common.engine.ServiceEngineConfigFactory;
import com.bea.common.engine.ServiceInitializationException;
import com.bea.common.engine.ServiceNotFoundException;
import com.bea.common.engine.Services;
import com.bea.common.logger.service.LoggerService;
import com.bea.common.security.internal.utils.Delegator;
import com.bea.common.security.jdkutils.ServletAccess;
import com.bea.common.security.jdkutils.ServletInfoV2Spi;
import com.bea.common.security.legacy.AuthenticationServicesConfigHelper;
import com.bea.common.security.legacy.AuthorizationServicesConfigHelper;
import com.bea.common.security.legacy.CertPathServicesConfigHelper;
import com.bea.common.security.legacy.ConfigHelperFactory;
import com.bea.common.security.legacy.CredentialMappingServicesConfigHelper;
import com.bea.common.security.legacy.IdentityServicesConfigHelper;
import com.bea.common.security.legacy.LegacyDomainInfo;
import com.bea.common.security.legacy.LoginSessionServiceConfigHelper;
import com.bea.common.security.legacy.SAML2SingleSignOnServicesConfigHelper;
import com.bea.common.security.legacy.SAMLSingleSignOnServiceConfigHelper;
import com.bea.common.security.legacy.SecurityProviderClassLoaderService;
import com.bea.common.security.legacy.SecurityProviderConfigHelper;
import com.bea.common.security.legacy.SecurityTokenServicesConfigHelper;
import com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi;
import com.bea.common.security.saml2.SingleSignOnServicesConfigSpi;
import com.bea.common.security.service.AuthorizationService;
import com.bea.common.security.service.BulkAuthorizationService;
import com.bea.common.security.service.CertPathBuilderService;
import com.bea.common.security.service.CertPathValidatorService;
import com.bea.common.security.service.IdentityAssertionService;
import com.bea.common.security.service.IdentityService;
import com.bea.common.security.service.JAASAuthenticationService;
import com.bea.common.security.service.LoginSession;
import com.bea.common.security.service.LoginSessionListener;
import com.bea.common.security.service.LoginSessionService;
import com.bea.common.security.service.NegotiateIdentityAsserterService;
import com.bea.common.security.service.PolicyDeploymentService;
import com.bea.common.security.service.RoleDeploymentService;
import com.bea.common.security.service.SAML2Service;
import com.bea.common.security.service.SAMLSingleSignOnService;
import com.bea.common.security.utils.LegacyEncryptorKey;
import com.bea.common.security.utils.ProviderMBeanInvocationHandler;
import com.bea.common.security.utils.SAML2ClassLoader;
import com.bea.common.security.utils.ThreadClassLoaderContextInvocationHandler;
import com.bea.security.css.CSS;
import com.bea.security.css.CSSConfig;
import com.bea.security.css.CSSConfigurationException;
import com.bea.security.css.CSSDelegate;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.security.AccessController;
import java.security.KeyException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import weblogic.management.configuration.DomainMBean;
import weblogic.management.configuration.FederationServicesMBean;
import weblogic.management.configuration.SecurityConfigurationMBean;
import weblogic.management.configuration.ServerMBean;
import weblogic.management.provider.ManagementService;
import weblogic.management.provider.RuntimeAccess;
import weblogic.management.security.ProviderMBean;
import weblogic.management.security.RealmMBean;
import weblogic.management.security.audit.AuditorMBean;
import weblogic.management.security.authentication.AuthenticationProviderMBean;
import weblogic.management.security.authentication.AuthenticatorMBean;
import weblogic.management.security.authentication.IdentityAsserterMBean;
import weblogic.management.security.authorization.AdjudicatorMBean;
import weblogic.management.security.authorization.AuthorizerMBean;
import weblogic.management.security.authorization.RoleMapperMBean;
import weblogic.management.security.credentials.CredentialMapperMBean;
import weblogic.management.security.pk.CertPathBuilderMBean;
import weblogic.management.security.pk.CertPathProviderMBean;
import weblogic.management.security.pk.CertPathValidatorMBean;
import weblogic.security.SecurityLogger;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.internal.WLSAuthenticationServicesConfigHelper;
import weblogic.security.service.internal.WLSIdentityServiceImpl;
import weblogic.security.service.internal.WLSInternalServicesConfigHelper;
import weblogic.security.service.internal.WLSMiscellaneousServicesConfigHelper;
import weblogic.security.shared.LoggerWrapper;
import weblogic.security.utils.AdminServerListener;
import weblogic.servlet.security.ServletAuthentication;

/* loaded from: input_file:weblogic/security/service/CSSWLSDelegateImpl.class */
public class CSSWLSDelegateImpl implements CSSDelegate {
    static final String SERVLET_AUTHENTICATION_FILTER_SERVICE = "ServletAuthenticationFilterService";
    static final String WSPASSWORD_DIGEST_SERVICE = "WSPasswordDigestService";
    static final String USER_LOCKOUT_ADMINISTRATION_SERVICE = "UserLockoutAdministrationService";
    static final String USER_LOCKOUT_COORDINATION_SERVICE = "UserLockoutCoordinationService";
    static final String APPLICATION_VERSIONING_SERVICE = "ApplicationVersioningService";
    private static final String CSS_LIFECYCLE_IMPL_LOADER_NAME = "cssImplLoaderName";
    private static final String WLS_LIFECYCLE_IMPL_LOADER_NAME = "wlsImplLoaderName";
    private static final String SAML2_LOADER_NAME = "SAML2ClassLoader";
    private static final String SAML2_CM_NAME = "com.bea.security.saml2.providers.SAML2CredentialMapperProviderImpl";
    private static final String SAML2_IA_NAME = "com.bea.security.saml2.providers.SAML2IdentityAsserterProviderImpl";
    private static final String SAML2_CM_WRAPPER = "com.bea.security.saml2.cssservice.SAML2CredentialMapperWrapper";
    private static final String SAML2_IA_WRAPPER = "com.bea.security.saml2.cssservice.SAML2IdentityAsserterWrapper";
    static CSSWLSDelegateImpl instance;
    private RealmMBean originalRealmMBean;
    private static final AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static LoggerWrapper debugLogger = LoggerWrapper.getInstance("SecurityRealm");
    private static ClassLoader saml2ClassLoader = null;
    static boolean canShutdown = false;
    ServiceEngine serviceEngine = null;
    Services services = null;
    private Map<String, String> serviceNameMap = new HashMap();
    private Map<String, Object> servicesCache = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/security/service/CSSWLSDelegateImpl$ClassLoaderServiceImpl.class */
    public static class ClassLoaderServiceImpl implements ClassLoaderService {
        private ClassLoaderServiceImpl() {
        }

        @Override // com.bea.common.classloader.service.ClassLoaderService
        public ClassLoader getClassLoader(String str) {
            if (!CSSWLSDelegateImpl.CSS_LIFECYCLE_IMPL_LOADER_NAME.equals(str) && !CSSWLSDelegateImpl.WLS_LIFECYCLE_IMPL_LOADER_NAME.equals(str)) {
                if (CSSWLSDelegateImpl.SAML2_LOADER_NAME.equals(str)) {
                    return CSSWLSDelegateImpl.getSAML2ClassLoader();
                }
                throw new AssertionError("Unknown class loader name : " + str);
            }
            return getClass().getClassLoader();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/security/service/CSSWLSDelegateImpl$LegacyDomainInfoImpl.class */
    public static class LegacyDomainInfoImpl implements LegacyDomainInfo {
        private LegacyEncryptorKey key;
        private String domainName;
        private boolean inProductionMode;
        private String domainDir;
        private boolean webAppFilesCaseInsensitive;
        private String serverName;
        private byte[] domainSecret;
        private byte[] domainSecretKey;
        private byte[] domainSecretAESKey;
        private byte[] domainSecretKeySalt;
        private char[] domainSecretKeyPW = {'0', 'x', 'c', 'c', 'b', '9', '7', '5', '5', '8', '9', '4', '0', 'b', '8', '2', '6', '3', '7', 'c', '8', 'b', 'e', 'c', '3', 'c', '7', '7', '0', 'f', '8', '6', 'f', 'a', '3', 'a', '3', '9', '1', 'a', '5', '6'};
        private int domainSecretKeyVersion = 1;
        private RealmMBean realmMBean;

        LegacyDomainInfoImpl(RuntimeAccess runtimeAccess, RealmMBean realmMBean) {
            this.realmMBean = realmMBean;
            DomainMBean domain = runtimeAccess.getDomain();
            this.domainName = domain.getName();
            this.inProductionMode = domain.isProductionModeEnabled();
            this.domainDir = domain.getRootDirectory();
            this.webAppFilesCaseInsensitive = SecurityServiceManager.areWebAppFilesCaseInsensitive();
            this.serverName = runtimeAccess.getServer().getName();
            SecurityConfigurationMBean securityConfiguration = domain.getSecurityConfiguration();
            this.domainSecret = securityConfiguration.getCredential().getBytes();
            this.domainSecretKey = securityConfiguration.getEncryptedSecretKey();
            this.domainSecretAESKey = securityConfiguration.getEncryptedAESSecretKey();
            this.domainSecretKeySalt = securityConfiguration.getSalt();
            Object obj = null;
            try {
                obj = Class.forName("weblogic.security.internal.encryption.JSafeEncryptionServiceImpl").getMethod("getNonFIPS140Ctx", (Class[]) null).invoke(null, (Object[]) null);
            } catch (Exception e) {
            } catch (LinkageError e2) {
            }
            try {
                this.key = new LegacyEncryptorKey(this.domainSecretKeyPW, this.domainSecretKeySalt, this.domainSecretKey, this.domainSecretAESKey, obj);
            } catch (KeyException e3) {
                SecurityLogger.logStackTrace(e3);
                throw new AssertionError("Failed to setup LegacyEncryptor: " + e3.getMessage());
            }
        }

        @Override // com.bea.common.security.legacy.LegacyDomainInfo
        public LegacyEncryptorKey getLegacyEncryptorKey() {
            return this.key;
        }

        @Override // com.bea.common.security.legacy.LegacyDomainInfo
        public String getDomainName() {
            return this.domainName;
        }

        @Override // com.bea.common.security.legacy.LegacyDomainInfo
        public boolean getProductionModeEnabled() {
            return this.inProductionMode;
        }

        @Override // com.bea.common.security.legacy.LegacyDomainInfo
        public String getRootDirectory() {
            return this.domainDir;
        }

        @Override // com.bea.common.security.legacy.LegacyDomainInfo
        public boolean getWebAppFilesCaseInsensitive() {
            return this.webAppFilesCaseInsensitive;
        }

        @Override // com.bea.common.security.legacy.LegacyDomainInfo
        public String getServerName() {
            return this.serverName;
        }

        @Override // com.bea.common.security.legacy.LegacyDomainInfo
        public byte[] getDomainCredential() {
            return this.domainSecret;
        }

        @Override // com.bea.common.security.legacy.LegacyDomainInfo
        public boolean getManagementModificationsSupported() {
            return !needAdminServer() || AdminServerListener.isAdminServerAvailable();
        }

        private boolean needAdminServer() {
            return this.realmMBean.getRDBMSSecurityStore() == null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/security/service/CSSWLSDelegateImpl$SecurityProviderClassLoaderServiceImpl.class */
    public static class SecurityProviderClassLoaderServiceImpl implements SecurityProviderClassLoaderService {
        private SecurityProviderClassLoaderServiceImpl() {
        }

        @Override // com.bea.common.security.legacy.SecurityProviderClassLoaderService
        public ClassLoader getClassLoader(ProviderMBean providerMBean) {
            return (CSSWLSDelegateImpl.SAML2_CM_NAME.equals(providerMBean.getProviderClassName()) || CSSWLSDelegateImpl.SAML2_IA_NAME.equals(providerMBean.getProviderClassName()) || CSSWLSDelegateImpl.SAML2_CM_WRAPPER.equals(providerMBean.getProviderClassName()) || CSSWLSDelegateImpl.SAML2_IA_WRAPPER.equals(providerMBean.getProviderClassName())) ? CSSWLSDelegateImpl.getSAML2ClassLoader() : providerMBean.getClass().getClassLoader();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/security/service/CSSWLSDelegateImpl$WLSServletInfo.class */
    public static class WLSServletInfo implements ServletInfoV2Spi {
        private LoggerService loggerService;
        private NegotiateIdentityAsserterService negotiateService;
        private SAMLSingleSignOnService samlSSOService;
        private SAML2Service saml2Service;
        private LoginSessionService loginSessionService;
        private IdentityService identityService;

        public WLSServletInfo(Services services, RealmMBean realmMBean, ConfigHelperFactory configHelperFactory) throws ServiceInitializationException {
            String identityServiceName;
            String loginSessionServiceName;
            String singleSignOnServicesName;
            this.loggerService = null;
            this.negotiateService = null;
            this.samlSSOService = null;
            this.identityService = null;
            try {
                this.loggerService = (LoggerService) services.getService(LoggerService.SERVICE_NAME);
            } catch (ServiceNotFoundException e) {
            }
            try {
                this.negotiateService = (NegotiateIdentityAsserterService) services.getService(configHelperFactory.getAuthenticationServicesConfigHelper(realmMBean).getNegotiateIdentityAsserterServiceName());
            } catch (ServiceNotFoundException e2) {
            }
            try {
                SAMLSingleSignOnServiceConfigHelper sAMLSingleSignOnServiceConfigHelper = configHelperFactory.getSAMLSingleSignOnServiceConfigHelper(realmMBean);
                if (sAMLSingleSignOnServiceConfigHelper != null) {
                    this.samlSSOService = (SAMLSingleSignOnService) services.getService(sAMLSingleSignOnServiceConfigHelper.getSAMLSingleSignOnServiceName());
                }
            } catch (ServiceNotFoundException e3) {
            }
            try {
                SAML2SingleSignOnServicesConfigHelper sAML2SingleSignOnServicesConfigHelper = configHelperFactory.getSAML2SingleSignOnServicesConfigHelper(realmMBean);
                if (sAML2SingleSignOnServicesConfigHelper != null && (singleSignOnServicesName = sAML2SingleSignOnServicesConfigHelper.getSingleSignOnServicesName()) != null) {
                    this.saml2Service = (SAML2Service) services.getService(singleSignOnServicesName);
                    if (this.saml2Service != null) {
                        this.saml2Service = (SAML2Service) Proxy.newProxyInstance(CSSWLSDelegateImpl.getSAML2ClassLoader(), this.saml2Service.getClass().getInterfaces(), new ThreadClassLoaderContextInvocationHandler(CSSWLSDelegateImpl.getSAML2ClassLoader(), this.saml2Service));
                    }
                }
            } catch (ServiceNotFoundException e4) {
            } catch (ServiceInitializationException e5) {
                CSSWLSDelegateImpl.debugLogger.debug("Unable to get SAML2Service - SAML2Service Unavailable");
                throw e5;
            }
            try {
                LoginSessionServiceConfigHelper loginSessionServiceConfigHelper = configHelperFactory.getLoginSessionServiceConfigHelper(realmMBean);
                if (loginSessionServiceConfigHelper != null && (loginSessionServiceName = loginSessionServiceConfigHelper.getLoginSessionServiceName(realmMBean)) != null) {
                    this.loginSessionService = (LoginSessionService) services.getService(loginSessionServiceName);
                }
            } catch (ServiceNotFoundException e6) {
            }
            try {
                IdentityServicesConfigHelper identityServicesConfigHelper = configHelperFactory.getIdentityServicesConfigHelper(realmMBean);
                if (identityServicesConfigHelper != null && (identityServiceName = identityServicesConfigHelper.getIdentityServiceName()) != null) {
                    this.identityService = (IdentityService) services.getService(identityServiceName);
                }
            } catch (ServiceNotFoundException e7) {
            }
        }

        @Override // com.bea.common.security.jdkutils.ServletInfoSpi
        public Object getLogger(String str) {
            if (this.loggerService != null) {
                return this.loggerService.getLogger(str);
            }
            return null;
        }

        @Override // com.bea.common.security.jdkutils.ServletInfoSpi
        public Object getNegotiateFilterService() {
            return this.negotiateService;
        }

        @Override // com.bea.common.security.jdkutils.ServletInfoSpi
        public Object getSAMLServletFilterService() {
            return this.samlSSOService;
        }

        @Override // com.bea.common.security.jdkutils.ServletInfoV2Spi
        public Object getSAML2ServletFilterService() {
            return this.saml2Service;
        }

        @Override // com.bea.common.security.jdkutils.ServletInfoV2Spi
        public Object getIdentityService() {
            return this.identityService;
        }

        @Override // com.bea.common.security.jdkutils.ServletInfoV2Spi
        public Object getLoginSessionService() {
            return this.loginSessionService;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/security/service/CSSWLSDelegateImpl$WLSServletSessionListener.class */
    public static class WLSServletSessionListener implements LoginSessionListener {
        @Override // com.bea.common.security.service.LoginSessionListener
        public boolean sessionCreated(LoginSession loginSession, Object obj) {
            if (!(obj instanceof HttpServletRequest)) {
                return false;
            }
            ServletAuthentication.runAs(loginSession.getIdentity().getSubject(), (HttpServletRequest) obj);
            return true;
        }

        @Override // com.bea.common.security.service.LoginSessionListener
        public void sessionTerminated(LoginSession loginSession, int i) {
        }
    }

    public CSSWLSDelegateImpl() {
        if (instance != null) {
            assertNotUsingCommon();
        }
        instance = this;
    }

    @Override // com.bea.security.css.CSSDelegate
    public Object getService(String str) throws ServiceInitializationException, ServiceNotFoundException {
        if (this.services == null) {
            throw new IllegalStateException(SecurityLogger.getSecurityServicesUnavailable());
        }
        Object obj = this.servicesCache.get(str);
        if (obj != null) {
            return obj;
        }
        Object service = this.services.getService(getServiceLongName(str));
        LoggerService loggerService = (LoggerService) this.services.getService(LoggerService.SERVICE_NAME);
        Object wLSRoleDeploymentServiceWrapper = CSS.ROLE_DEPLOYMENT_SERVICE.equals(str) ? new WLSRoleDeploymentServiceWrapper((RoleDeploymentService) service, loggerService, this.originalRealmMBean) : CSS.POLICY_DEPLOYMENT_SERVICE.equals(str) ? new WLSPolicyDeploymentServiceWrapper((PolicyDeploymentService) service, loggerService, this.originalRealmMBean) : CSS.BULK_AUTHORIZATION_SERVICE.equals(str) ? new WLSBulkAuthorizationServiceWrapper((BulkAuthorizationService) service, loggerService) : CSS.CERT_PATH_BUILDER_SERVICE.equals(str) ? new WLSCertPathBuilderServiceWrapper((CertPathBuilderService) service, loggerService) : CSS.CERT_PATH_VALIDATOR_SERVICE.equals(str) ? new WLSCertPathValidatorServiceWrapper((CertPathValidatorService) service, loggerService) : CSS.AUTHORIZATION_SERVICE.equals(str) ? new WLSAuthorizationServiceWrapper((AuthorizationService) service, loggerService) : CSS.IDENTITY_ASSERTION_SERVICE.equals(str) ? new WLSIdentityAssertionServiceWrapper((IdentityAssertionService) service, loggerService) : CSS.JAAS_AUTHENTICATION_SERVICE.equals(str) ? new WLSJAASAuthenticationServiceWrapper((JAASAuthenticationService) service, loggerService) : service;
        this.servicesCache.put(str, wLSRoleDeploymentServiceWrapper);
        return wLSRoleDeploymentServiceWrapper;
    }

    @Override // com.bea.security.css.CSSDelegate
    public String getServiceLoggingName(String str) throws ServiceNotFoundException {
        if (this.services == null) {
            throw new IllegalStateException(SecurityLogger.getSecurityServicesUnavailable());
        }
        return this.services.getServiceLoggingName(getServiceLongName(str));
    }

    @Override // com.bea.security.css.CSSDelegate
    public Object getServiceManagementObject(String str) throws ServiceInitializationException, ServiceNotFoundException {
        if (this.services == null) {
            throw new IllegalStateException(SecurityLogger.getSecurityServicesUnavailable());
        }
        return this.services.getServiceManagementObject(getServiceLongName(str));
    }

    @Override // com.bea.security.css.CSSDelegate
    public void initialize(CSSConfig cSSConfig, ClassLoader classLoader, IdentityService identityService, LoggerService loggerService) throws CSSConfigurationException {
        assertNotUsingCommon();
    }

    @Override // com.bea.security.css.CSSDelegate
    public void shutdown() {
        if (!canShutdown) {
            assertNotUsingCommon();
            return;
        }
        this.servicesCache = null;
        this.services = null;
        if (this.serviceEngine != null) {
            this.serviceEngine.shutdown();
        }
        this.serviceEngine = null;
        canShutdown = false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void initialize(RealmMBean realmMBean) throws SecurityServiceException {
        if (instance == null) {
            throw new IllegalStateException(SecurityLogger.getSecurityServicesUnavailable());
        }
        instance.initializeServiceEngine(realmMBean);
    }

    private static void assertNotUsingCommon() {
        throw new AssertionError("This code should not be called when using common security under WLS");
    }

    private String getServiceLongName(String str) {
        String str2;
        if (str == null || (str2 = this.serviceNameMap.get(str)) == null) {
            debugLogger.debug("getServiceLongName: No mapping found for '" + str + "'");
            return str;
        }
        debugLogger.debug("getServiceLongName: Mapped '" + str + "' to '" + str2 + "'");
        return str2;
    }

    private void initializeServiceEngine(RealmMBean realmMBean) throws SecurityServiceException {
        try {
            this.originalRealmMBean = realmMBean;
            RealmMBean wrapRealmMBean = wrapRealmMBean(realmMBean);
            ServiceEngineConfig serviceEngineConfigFactory = ServiceEngineConfigFactory.getInstance(getClass().getClassLoader());
            serviceEngineConfigFactory.addEnvironmentManagedServiceConfig(LoggerService.SERVICE_NAME, new CommonSecurityLoggerServiceImpl(), true);
            serviceEngineConfigFactory.addEnvironmentManagedServiceConfig(ClassLoaderService.SERVICE_NAME, new ClassLoaderServiceImpl(), false);
            serviceEngineConfigFactory.addEnvironmentManagedServiceConfig(SecurityProviderClassLoaderService.SERVICE_NAME, new SecurityProviderClassLoaderServiceImpl(), false);
            ClassLoader classLoader = getClass().getClassLoader();
            LegacyDomainInfoImpl legacyDomainInfoImpl = new LegacyDomainInfoImpl(ManagementService.getRuntimeAccess(kernelId), wrapRealmMBean);
            LegacyWebAppFilesCaseInsensitiveManager.setWebAppFilesCaseInsensitive(legacyDomainInfoImpl.getWebAppFilesCaseInsensitive());
            LegacyEnforceStrictURLPatternManager.setEnforceStrictURLPattern(SecurityServiceManager.getEnforceStrictURLPattern());
            ConfigHelperFactory configHelperFactory = ConfigHelperFactory.getInstance(classLoader, wrapRealmMBean, legacyDomainInfoImpl);
            configAuditServices(configHelperFactory, wrapRealmMBean, serviceEngineConfigFactory);
            configCredentialMappingServices(configHelperFactory, wrapRealmMBean, serviceEngineConfigFactory);
            configCertPathServices(configHelperFactory, wrapRealmMBean, serviceEngineConfigFactory);
            configAuthorizationServices(configHelperFactory, wrapRealmMBean, serviceEngineConfigFactory);
            configAuthenticationServices(configHelperFactory, wrapRealmMBean, serviceEngineConfigFactory, classLoader);
            WLSIdentityServiceImpl configInternalServices = configInternalServices(configHelperFactory, wrapRealmMBean, serviceEngineConfigFactory, classLoader);
            configSAMLSingleSignOnService(configHelperFactory, wrapRealmMBean, serviceEngineConfigFactory);
            String configSAML2Services = configSAML2Services(configHelperFactory, wrapRealmMBean, serviceEngineConfigFactory);
            addproviderstoNameMap(configHelperFactory, wrapRealmMBean);
            this.serviceEngine = serviceEngineConfigFactory.startEngine();
            this.services = this.serviceEngine.getServices();
            configInternalServices.initialize(configHelperFactory.getAuditServicesConfigHelper(wrapRealmMBean).getAuditServiceName(), configHelperFactory.getAuthenticationServicesConfigHelper(wrapRealmMBean).getPrincipalValidationServiceName(), this.services);
            try {
                ServletAccess.getInstance().registerServletInfo(wrapRealmMBean.getName(), new WLSServletInfo(this.services, wrapRealmMBean, configHelperFactory));
            } catch (ServiceInitializationException e) {
                SecurityLogger.logStackTrace(e);
            }
            if (configSAML2Services != null) {
                LoginSessionService loginSessionService = (LoginSessionService) this.services.getService(configSAML2Services);
                if (loginSessionService != null) {
                    loginSessionService.addListener(new WLSServletSessionListener());
                    debugLogger.debug("Registered WLSServletSessionListener()");
                } else {
                    debugLogger.debug("Unable to get LoginSessionService - WLSServletSessionListener not registered");
                }
            } else {
                debugLogger.debug("No loginSessionServiceName - WLSServletSessionListener not registered");
            }
            if (debugLogger.isDebugEnabled()) {
                debugLogger.debug("Calling SAML2ServletConfigHelper.setStaticServletInfoKey() with key '" + wrapRealmMBean.getName() + "'");
            }
            try {
                Class.forName("com.bea.security.saml2.servlet.SAML2ServletConfigHelper", true, getSAML2ClassLoader()).getMethod("setStaticServletInfoKey", String.class).invoke(null, wrapRealmMBean.getName());
            } catch (InvocationTargetException e2) {
                throw e2.getCause();
            }
        } catch (Throwable th) {
            SecurityLogger.logStackTrace(th);
            throw new SecurityServiceException(th);
        }
    }

    private void configAuditServices(ConfigHelperFactory configHelperFactory, RealmMBean realmMBean, ServiceEngineConfig serviceEngineConfig) {
        configHelperFactory.getAuditServicesConfigHelper(realmMBean).addToConfig(serviceEngineConfig, CSS_LIFECYCLE_IMPL_LOADER_NAME);
        this.serviceNameMap.put(CSS.AUDIT_SERVICE, configHelperFactory.getAuditServicesConfigHelper(realmMBean).getAuditServiceName());
    }

    private void configCertPathServices(ConfigHelperFactory configHelperFactory, RealmMBean realmMBean, ServiceEngineConfig serviceEngineConfig) {
        CertPathProviderMBean[] certPathProviders = realmMBean.getCertPathProviders();
        if (certPathProviders == null || certPathProviders.length <= 0) {
            return;
        }
        configHelperFactory.getCertPathServicesConfigHelper(realmMBean);
        CertPathServicesConfigHelper certPathServicesConfigHelper = configHelperFactory.getCertPathServicesConfigHelper(realmMBean);
        certPathServicesConfigHelper.addToConfig(serviceEngineConfig, CSS_LIFECYCLE_IMPL_LOADER_NAME);
        this.serviceNameMap.put(CSS.CERT_PATH_BUILDER_SERVICE, certPathServicesConfigHelper.getCertPathBuilderServiceName());
        this.serviceNameMap.put(CSS.CERT_PATH_VALIDATOR_SERVICE, certPathServicesConfigHelper.getCertPathValidatorServiceName());
    }

    private void configCredentialMappingServices(ConfigHelperFactory configHelperFactory, RealmMBean realmMBean, ServiceEngineConfig serviceEngineConfig) {
        CredentialMapperMBean[] credentialMappers = realmMBean.getCredentialMappers();
        if (credentialMappers == null || credentialMappers.length <= 0) {
            return;
        }
        CredentialMappingServicesConfigHelper credentialMappingServicesConfigHelper = configHelperFactory.getCredentialMappingServicesConfigHelper(realmMBean);
        credentialMappingServicesConfigHelper.addToConfig(serviceEngineConfig, CSS_LIFECYCLE_IMPL_LOADER_NAME);
        this.serviceNameMap.put(CSS.CREDENTIAL_MAPPING_SERVICE, credentialMappingServicesConfigHelper.getCredentialMappingServiceName());
        SecurityTokenServicesConfigHelper securityTokenServicesConfigHelper = configHelperFactory.getSecurityTokenServicesConfigHelper(realmMBean);
        securityTokenServicesConfigHelper.addToConfig(serviceEngineConfig, CSS_LIFECYCLE_IMPL_LOADER_NAME);
        this.serviceNameMap.put(CSS.SECURITY_TOKEN_SERVICE, securityTokenServicesConfigHelper.getSecurityTokenServiceName());
    }

    private void configAuthenticationServices(ConfigHelperFactory configHelperFactory, RealmMBean realmMBean, ServiceEngineConfig serviceEngineConfig, ClassLoader classLoader) {
        AuthenticationServicesConfigHelper authenticationServicesConfigHelper = configHelperFactory.getAuthenticationServicesConfigHelper(realmMBean);
        WLSAuthenticationServicesConfigHelper.addToConfig(serviceEngineConfig, classLoader, CSS_LIFECYCLE_IMPL_LOADER_NAME, WLS_LIFECYCLE_IMPL_LOADER_NAME, realmMBean, authenticationServicesConfigHelper);
        this.serviceNameMap.put(CSS.CHALLENGE_IDENTITY_ASSERTION_SERVICE, authenticationServicesConfigHelper.getChallengeIdentityAssertionServiceName());
        this.serviceNameMap.put(CSS.IDENTITY_ASSERTION_SERVICE, authenticationServicesConfigHelper.getIdentityAssertionServiceName());
        this.serviceNameMap.put(CSS.JAAS_AUTHENTICATION_SERVICE, authenticationServicesConfigHelper.getJAASAuthenticationServiceName());
        this.serviceNameMap.put(CSS.IMPERSONATION_SERVICE, authenticationServicesConfigHelper.getIdentityImpersonationServiceName());
        this.serviceNameMap.put(CSS.SPNEGO_SSO_SERVICE, authenticationServicesConfigHelper.getNegotiateIdentityAsserterServiceName());
        this.serviceNameMap.put(CSS.PRINCIPAL_VALIDATION_SERVICE, authenticationServicesConfigHelper.getPrincipalValidationServiceName());
        this.serviceNameMap.put(SERVLET_AUTHENTICATION_FILTER_SERVICE, WLSAuthenticationServicesConfigHelper.getServletAuthenticationFilterServiceName(realmMBean));
        this.serviceNameMap.put(WSPASSWORD_DIGEST_SERVICE, WLSAuthenticationServicesConfigHelper.getWSPasswordDigestServiceName(realmMBean));
        this.serviceNameMap.put(USER_LOCKOUT_ADMINISTRATION_SERVICE, WLSAuthenticationServicesConfigHelper.getUserLockoutAdministrationServiceName(realmMBean));
        this.serviceNameMap.put(USER_LOCKOUT_COORDINATION_SERVICE, WLSAuthenticationServicesConfigHelper.getUserLockoutCoordinationServiceName(realmMBean));
    }

    private void configAuthorizationServices(ConfigHelperFactory configHelperFactory, RealmMBean realmMBean, ServiceEngineConfig serviceEngineConfig) {
        AuthorizerMBean[] authorizers = realmMBean.getAuthorizers();
        RoleMapperMBean[] roleMappers = realmMBean.getRoleMappers();
        AdjudicatorMBean adjudicator = realmMBean.getAdjudicator();
        if ((authorizers == null || authorizers.length <= 0) && ((roleMappers == null || roleMappers.length <= 0) && adjudicator == null)) {
            return;
        }
        AuthorizationServicesConfigHelper authorizationServicesConfigHelper = configHelperFactory.getAuthorizationServicesConfigHelper(realmMBean);
        authorizationServicesConfigHelper.addToConfig(serviceEngineConfig, CSS_LIFECYCLE_IMPL_LOADER_NAME);
        this.serviceNameMap.put(CSS.AUTHORIZATION_SERVICE, authorizationServicesConfigHelper.getAuthorizationServiceName());
        this.serviceNameMap.put(CSS.ROLE_MAPPING_SERVICE, authorizationServicesConfigHelper.getRoleMappingServiceName());
        this.serviceNameMap.put(CSS.IS_PROTECTED_SERVICE, authorizationServicesConfigHelper.getIsProtectedResourceServiceName());
        this.serviceNameMap.put(CSS.BULK_AUTHORIZATION_SERVICE, authorizationServicesConfigHelper.getBulkAuthorizationServiceName());
        this.serviceNameMap.put(CSS.BULK_ROLE_MAPPING_SERVICE, authorizationServicesConfigHelper.getBulkRoleMappingServiceName());
        this.serviceNameMap.put(CSS.POLICY_CONSUMER_SERVICE, authorizationServicesConfigHelper.getPolicyConsumerServiceName());
        this.serviceNameMap.put(CSS.ROLE_CONSUMER_SERVICE, authorizationServicesConfigHelper.getRoleConsumerServiceName());
        this.serviceNameMap.put(CSS.POLICY_DEPLOYMENT_SERVICE, authorizationServicesConfigHelper.getPolicyDeploymentServiceName());
        this.serviceNameMap.put(CSS.ROLE_DEPLOYMENT_SERVICE, authorizationServicesConfigHelper.getRoleDeploymentServiceName());
    }

    private WLSIdentityServiceImpl configInternalServices(ConfigHelperFactory configHelperFactory, RealmMBean realmMBean, ServiceEngineConfig serviceEngineConfig, ClassLoader classLoader) throws Exception {
        WLSIdentityServiceImpl wLSIdentityServiceImpl = new WLSIdentityServiceImpl();
        WLSMiscellaneousServicesConfigHelper.addToConfig(serviceEngineConfig, classLoader, WLS_LIFECYCLE_IMPL_LOADER_NAME, realmMBean, wLSIdentityServiceImpl);
        this.serviceNameMap.put(CSS.IDENTITY_SERVICE, configHelperFactory.getIdentityServicesConfigHelper(realmMBean).getIdentityServiceName());
        this.serviceNameMap.put(APPLICATION_VERSIONING_SERVICE, WLSMiscellaneousServicesConfigHelper.getApplicationVersioningServiceName(realmMBean));
        WLSInternalServicesConfigHelper.addToConfig(serviceEngineConfig, classLoader, CSS_LIFECYCLE_IMPL_LOADER_NAME, WLS_LIFECYCLE_IMPL_LOADER_NAME, realmMBean, kernelId);
        return wLSIdentityServiceImpl;
    }

    private String configSAML2Services(ConfigHelperFactory configHelperFactory, RealmMBean realmMBean, ServiceEngineConfig serviceEngineConfig) throws Throwable {
        String str = null;
        SingleSignOnServicesConfigSpi singleSignOnServicesConfigSpi = null;
        ServerMBean server = ManagementService.getRuntimeAccess(kernelId).getServer();
        if (server != null) {
            try {
                Method method = server.getClass().getMethod("getSingleSignOnServices", new Class[0]);
                if (method != null) {
                    singleSignOnServicesConfigSpi = (SingleSignOnServicesConfigSpi) method.invoke(server, new Object[0]);
                }
            } catch (IllegalAccessException e) {
            } catch (NoSuchMethodException e2) {
            } catch (InvocationTargetException e3) {
                throw e3.getCause();
            }
        }
        if (singleSignOnServicesConfigSpi != null && shouldConfigureSAML2Service(realmMBean)) {
            SAML2SingleSignOnServicesConfigHelper sAML2SingleSignOnServicesConfigHelper = configHelperFactory.getSAML2SingleSignOnServicesConfigHelper(realmMBean);
            sAML2SingleSignOnServicesConfigHelper.getSingleSignOnServicesCustomizer().setSingleSignOnServicesConfig(singleSignOnServicesConfigSpi);
            LoginSessionServiceConfigHelper loginSessionServiceConfigHelper = configHelperFactory.getLoginSessionServiceConfigHelper(realmMBean);
            str = loginSessionServiceConfigHelper.getLoginSessionServiceName(realmMBean);
            sAML2SingleSignOnServicesConfigHelper.addToConfig(serviceEngineConfig, SAML2_LOADER_NAME, loginSessionServiceConfigHelper);
            loginSessionServiceConfigHelper.addToConfig(serviceEngineConfig, CSS_LIFECYCLE_IMPL_LOADER_NAME, realmMBean);
            this.serviceNameMap.put(CSS.SAML2_SSO_SERVICE, sAML2SingleSignOnServicesConfigHelper.getSingleSignOnServicesName());
            this.serviceNameMap.put(CSS.LOGIN_SESSION_SERVICE, str);
        }
        return str;
    }

    private void configSAMLSingleSignOnService(ConfigHelperFactory configHelperFactory, RealmMBean realmMBean, ServiceEngineConfig serviceEngineConfig) throws InstantiationException, IllegalAccessException, ClassNotFoundException {
        if (shouldConfigureSAMLService(ManagementService.getRuntimeAccess(kernelId).getServer().getFederationServices(), realmMBean)) {
            SAMLSingleSignOnServiceConfigHelper sAMLSingleSignOnServiceConfigHelper = configHelperFactory.getSAMLSingleSignOnServiceConfigHelper(realmMBean);
            sAMLSingleSignOnServiceConfigHelper.getSAMLSingleSignOnServiceCustomizer().setSAMLSingleSignOnServiceConfigInfo((SAMLSingleSignOnServiceConfigInfoSpi) Delegator.getProxy(SAMLSingleSignOnServiceConfigInfoSpi.class, Class.forName("weblogic.security.internal.SAMLSingleSignOnServiceConfigInfoImpl").newInstance()));
            sAMLSingleSignOnServiceConfigHelper.addToConfig(serviceEngineConfig, CSS_LIFECYCLE_IMPL_LOADER_NAME);
            this.serviceNameMap.put(CSS.SAML_SSO_SERVICE, sAMLSingleSignOnServiceConfigHelper.getSAMLSingleSignOnServiceName());
        }
    }

    private void addproviderstoNameMap(ConfigHelperFactory configHelperFactory, RealmMBean realmMBean) {
        SecurityProviderConfigHelper securityProviderConfigHelper = configHelperFactory.getSecurityProviderConfigHelper();
        addProvidersToNameMap(securityProviderConfigHelper, this.serviceNameMap, CSS.AJUDICATOR_PROVIDER, AdjudicatorMBean.class, new ProviderMBean[]{realmMBean.getAdjudicator()});
        addProvidersToNameMap(securityProviderConfigHelper, this.serviceNameMap, CSS.AUDITOR_PROVIDER, AuditorMBean.class, realmMBean.getAuditors());
        addProvidersToNameMap(securityProviderConfigHelper, this.serviceNameMap, CSS.AUTHENTICATOR_PROVIDER, AuthenticatorMBean.class, realmMBean.getAuthenticationProviders());
        addProvidersToNameMap(securityProviderConfigHelper, this.serviceNameMap, CSS.IDENTITY_ASSERTER_PROVIDER, IdentityAsserterMBean.class, realmMBean.getAuthenticationProviders());
        addProvidersToNameMap(securityProviderConfigHelper, this.serviceNameMap, CSS.AUTHORIZER_PROVIDER, AuthorizerMBean.class, realmMBean.getAuthorizers());
        addProvidersToNameMap(securityProviderConfigHelper, this.serviceNameMap, CSS.ROLE_MAPPER_PROVIDER, RoleMapperMBean.class, realmMBean.getRoleMappers());
        addProvidersToNameMap(securityProviderConfigHelper, this.serviceNameMap, CSS.CREDENTIAL_MAPPER_PROVIDER, CredentialMapperMBean.class, realmMBean.getCredentialMappers());
        addProvidersToNameMap(securityProviderConfigHelper, this.serviceNameMap, CSS.CERT_PATH_BUILDER_PROVIDER, CertPathBuilderMBean.class, realmMBean.getCertPathProviders());
        addProvidersToNameMap(securityProviderConfigHelper, this.serviceNameMap, CSS.CERT_PATH_VALIDATOR_PROVIDER, CertPathValidatorMBean.class, realmMBean.getCertPathProviders());
    }

    private void addProvidersToNameMap(SecurityProviderConfigHelper securityProviderConfigHelper, Map map, String str, Class cls, ProviderMBean[] providerMBeanArr) {
        for (int i = 0; i < providerMBeanArr.length; i++) {
            if (providerMBeanArr[i] == null) {
                debugLogger.debug("addProvidersToNameMap: Saw null MBean in '" + str + "' ProviderMBean array");
            } else if (cls.isAssignableFrom(providerMBeanArr[i].getClass())) {
                debugLogger.debug("addProvidersToNameMap: Mapping provider shortname '" + str + providerMBeanArr[i].getName() + "' to longname '" + securityProviderConfigHelper.getServiceName(providerMBeanArr[i]) + "'");
                map.put(str + providerMBeanArr[i].getName(), securityProviderConfigHelper.getServiceName(providerMBeanArr[i]));
            } else {
                debugLogger.debug("addProvidersToNameMap: Provider '" + providerMBeanArr[i].getName() + "' is not assignable to " + cls.getName() + ", not mapping with prefix " + str);
            }
        }
    }

    private RealmMBean wrapRealmMBean(final RealmMBean realmMBean) {
        return (RealmMBean) Proxy.newProxyInstance(CommonSecurityServiceManagerDelegateImpl.class.getClassLoader(), realmMBean.getClass().getInterfaces(), new InvocationHandler() { // from class: weblogic.security.service.CSSWLSDelegateImpl.1
            @Override // java.lang.reflect.InvocationHandler
            public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
                try {
                    if ("getAuthenticationProviders".equals(method.getName())) {
                        AuthenticationProviderMBean[] authenticationProviderMBeanArr = (AuthenticationProviderMBean[]) method.invoke(realmMBean, objArr);
                        AuthenticationProviderMBean[] authenticationProviderMBeanArr2 = null;
                        if (authenticationProviderMBeanArr != null) {
                            authenticationProviderMBeanArr2 = new AuthenticationProviderMBean[authenticationProviderMBeanArr.length];
                            for (int i = 0; i < authenticationProviderMBeanArr.length; i++) {
                                authenticationProviderMBeanArr2[i] = (AuthenticationProviderMBean) CSSWLSDelegateImpl.this.wrapProviderMBean(authenticationProviderMBeanArr[i]);
                            }
                        }
                        return authenticationProviderMBeanArr2;
                    }
                    if (!"getCredentialMappers".equals(method.getName())) {
                        return method.invoke(realmMBean, objArr);
                    }
                    CredentialMapperMBean[] credentialMapperMBeanArr = (CredentialMapperMBean[]) method.invoke(realmMBean, objArr);
                    CredentialMapperMBean[] credentialMapperMBeanArr2 = null;
                    if (credentialMapperMBeanArr != null) {
                        credentialMapperMBeanArr2 = new CredentialMapperMBean[credentialMapperMBeanArr.length];
                        for (int i2 = 0; i2 < credentialMapperMBeanArr.length; i2++) {
                            credentialMapperMBeanArr2[i2] = (CredentialMapperMBean) CSSWLSDelegateImpl.this.wrapProviderMBean(credentialMapperMBeanArr[i2]);
                        }
                    }
                    return credentialMapperMBeanArr2;
                } catch (InvocationTargetException e) {
                    throw e.getCause();
                }
            }
        });
    }

    private boolean shouldConfigureSAMLService(FederationServicesMBean federationServicesMBean, RealmMBean realmMBean) {
        boolean z = false;
        boolean z2 = false;
        AuthenticationProviderMBean[] authenticationProviders = realmMBean.getAuthenticationProviders();
        for (int i = 0; authenticationProviders != null && i < authenticationProviders.length; i++) {
            if ("weblogic.security.providers.saml.SAMLIdentityAsserterMBeanImpl".equals(authenticationProviders[i].getClass().getName())) {
                z = true;
            } else if ("weblogic.security.providers.saml.SAMLIdentityAsserterV2MBeanImpl".equals(authenticationProviders[i].getClass().getName())) {
                z2 = true;
            }
        }
        CredentialMapperMBean[] credentialMappers = realmMBean.getCredentialMappers();
        for (int i2 = 0; credentialMappers != null && i2 < credentialMappers.length; i2++) {
            if ("weblogic.security.providers.saml.SAMLCredentialMapperMBeanImpl".equals(credentialMappers[i2].getClass().getName())) {
                z = true;
            } else if ("weblogic.security.providers.saml.SAMLCredentialMapperV2MBeanImpl".equals(credentialMappers[i2].getClass().getName())) {
                z2 = true;
            }
        }
        if (!z && !z2) {
            return false;
        }
        if (z && z2) {
            return false;
        }
        if (!z2) {
            return true;
        }
        String[] intersiteTransferURIs = federationServicesMBean.getIntersiteTransferURIs();
        if (intersiteTransferURIs != null && intersiteTransferURIs.length > 0) {
            return true;
        }
        String[] assertionConsumerURIs = federationServicesMBean.getAssertionConsumerURIs();
        return assertionConsumerURIs != null && assertionConsumerURIs.length > 0;
    }

    private boolean shouldConfigureSAML2Service(RealmMBean realmMBean) {
        AuthenticationProviderMBean[] authenticationProviders = realmMBean.getAuthenticationProviders();
        for (int i = 0; authenticationProviders != null && i < authenticationProviders.length; i++) {
            if (SAML2_IA_WRAPPER.equals(authenticationProviders[i].getProviderClassName())) {
                return true;
            }
        }
        CredentialMapperMBean[] credentialMappers = realmMBean.getCredentialMappers();
        for (int i2 = 0; credentialMappers != null && i2 < credentialMappers.length; i2++) {
            if (SAML2_CM_WRAPPER.equals(credentialMappers[i2].getProviderClassName())) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ProviderMBean wrapProviderMBean(ProviderMBean providerMBean) {
        return SAML2_CM_NAME.equals(providerMBean.getProviderClassName()) ? (ProviderMBean) Proxy.newProxyInstance(getSAML2ClassLoader(), providerMBean.getClass().getInterfaces(), new ProviderMBeanInvocationHandler(providerMBean, SAML2_CM_WRAPPER, getSAML2ClassLoader())) : SAML2_IA_NAME.equals(providerMBean.getProviderClassName()) ? (ProviderMBean) Proxy.newProxyInstance(getSAML2ClassLoader(), providerMBean.getClass().getInterfaces(), new ProviderMBeanInvocationHandler(providerMBean, SAML2_IA_WRAPPER, getSAML2ClassLoader())) : providerMBean;
    }

    public static ClassLoader getSAML2ClassLoader() {
        ClassLoader classLoader;
        ClassLoader classLoader2 = CommonSecurityServiceManagerDelegateImpl.class.getClassLoader();
        synchronized (CommonSecurityServiceManagerDelegateImpl.class) {
            if (saml2ClassLoader == null) {
                try {
                    saml2ClassLoader = new SAML2ClassLoader(classLoader2, true);
                } catch (Exception e) {
                    throw new IllegalStateException(e);
                }
            }
            classLoader = saml2ClassLoader;
        }
        return classLoader;
    }
}
