package com.bea.common.security.internal.service;

import com.bea.common.engine.ServiceConfigurationException;
import com.bea.common.engine.ServiceInitializationException;
import com.bea.common.engine.ServiceLifecycleSpi;
import com.bea.common.engine.Services;
import com.bea.common.logger.service.LoggerService;
import com.bea.common.logger.spi.LoggerSpi;
import com.bea.common.security.internal.utils.Delegator;
import com.bea.common.security.saml.utils.SAMLProfile;
import com.bea.common.security.service.AuditService;
import com.bea.common.security.service.PrincipalValidationService;
import com.bea.common.security.servicecfg.PrincipalValidationServiceConfig;
import com.bea.common.security.spi.PrincipalValidationProvider;
import com.bea.common.security.spi.PrincipalValidatorWrapper;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import weblogic.security.spi.AuditAtnEventV2;
import weblogic.security.spi.AuditSeverity;
import weblogic.security.spi.PrincipalValidator;

/* loaded from: input_file:com/bea/common/security/internal/service/PrincipalValidationServiceImpl.class */
public class PrincipalValidationServiceImpl implements ServiceLifecycleSpi, PrincipalValidationService {
    private static final String CSS_PV_IMPL = "com.bea.common.security.provider.PrincipalValidatorImpl";
    private static final String WLS_PV_IMPL = "weblogic.security.provider.PrincipalValidatorImpl";
    private static final String CHECK_WLS_DUPLICATE_PV_IMPL_PROP = "com.bea.common.security.CheckWLSDuplicatePVImpl";
    private LoggerSpi logger;
    private AuditService auditService;
    private PrincipalValidator[] principalValidators;
    private boolean checkWLSDuplicatePVImpl = true;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/bea/common/security/internal/service/PrincipalValidationServiceImpl$SignPrincipalAction.class */
    public static class SignPrincipalAction implements PrivilegedAction {
        private Principal principal;
        private PrincipalValidator validator;

        public SignPrincipalAction(PrincipalValidator principalValidator, Principal principal) {
            this.validator = principalValidator;
            this.principal = principal;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            return this.validator.sign(this.principal) ? Boolean.TRUE : Boolean.FALSE;
        }
    }

    @Override // com.bea.common.engine.ServiceLifecycleSpi
    public Object init(Object obj, Services services) throws ServiceInitializationException {
        this.logger = ((LoggerService) services.getService(LoggerService.SERVICE_NAME)).getLogger("com.bea.common.security.service.PrincipalValidationService");
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        String str = getClass().getName() + ".init";
        if (isDebugEnabled) {
            this.logger.debug(str);
        }
        this.checkWLSDuplicatePVImpl = Boolean.valueOf(System.getProperty(CHECK_WLS_DUPLICATE_PV_IMPL_PROP, "true")).booleanValue();
        if (obj == null || !(obj instanceof PrincipalValidationServiceConfig)) {
            throw new ServiceConfigurationException(ServiceLogger.getExpectedConfigurationNotSupplied(str, "PrincipalValidationServiceConfig"));
        }
        PrincipalValidationServiceConfig principalValidationServiceConfig = (PrincipalValidationServiceConfig) obj;
        String auditServiceName = principalValidationServiceConfig.getAuditServiceName();
        this.auditService = (AuditService) services.getService(auditServiceName);
        if (isDebugEnabled) {
            this.logger.debug(str + " got AuditService " + auditServiceName);
        }
        String[] principalValidationProviderNames = principalValidationServiceConfig.getPrincipalValidationProviderNames();
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < principalValidationProviderNames.length; i++) {
            PrincipalValidationProvider principalValidationProvider = (PrincipalValidationProvider) services.getService(principalValidationProviderNames[i]);
            if (isDebugEnabled) {
                this.logger.debug(str + " got PrincipalValidationProvider " + principalValidationProviderNames[i]);
            }
            addPrincipalValidator(principalValidationProvider, arrayList);
        }
        this.principalValidators = (PrincipalValidator[]) arrayList.toArray(new PrincipalValidator[arrayList.size()]);
        if (this.principalValidators.length < 1) {
            throw new ServiceConfigurationException(ServiceLogger.getNoObjectsFound(str, "PrincipalValidator"));
        }
        if (isDebugEnabled) {
            this.logger.debug(str + " got " + this.principalValidators.length + " PrincipalValidationProviders");
        }
        return Delegator.getProxy(PrincipalValidationService.class, this);
    }

    @Override // com.bea.common.engine.ServiceLifecycleSpi
    public void shutdown() {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(getClass().getName() + ".shutdown");
        }
    }

    private void addPrincipalValidator(PrincipalValidationProvider principalValidationProvider, ArrayList arrayList) {
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        String str = isDebugEnabled ? getClass().getName() + ".addPrincipalValidator" : null;
        if (isDebugEnabled) {
            this.logger.debug(str);
        }
        PrincipalValidator principalValidator = principalValidationProvider.getPrincipalValidator();
        if (principalValidator == null) {
            if (isDebugEnabled) {
                this.logger.debug(str + " dropping PrincipalValidationProvider since it returned a null PrincipalValidator");
                return;
            }
            return;
        }
        PrincipalValidatorWrapper principalValidatorWrapper = (PrincipalValidatorWrapper) principalValidator;
        if (isDebugEnabled) {
            this.logger.debug(str + " got PrincipalValidator, type=" + principalValidatorWrapper.getPrincipalValidatorType() + ", basePrincipalType=" + principalValidator.getPrincipalBaseClass());
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            if (principalValidatorWrapper.getPrincipalValidatorType().equals(((PrincipalValidatorWrapper) it.next()).getPrincipalValidatorType())) {
                if (isDebugEnabled) {
                    this.logger.debug(str + " dropping PrincipalValidator since we already have one of its type");
                    return;
                }
                return;
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            PrincipalValidator principalValidator2 = (PrincipalValidator) it2.next();
            if (principalValidator.getPrincipalBaseClass().equals(principalValidator2.getPrincipalBaseClass())) {
                if (this.checkWLSDuplicatePVImpl) {
                    PrincipalValidatorWrapper principalValidatorWrapper2 = (PrincipalValidatorWrapper) principalValidator2;
                    String principalValidatorType = principalValidatorWrapper.getPrincipalValidatorType();
                    String principalValidatorType2 = principalValidatorWrapper2.getPrincipalValidatorType();
                    if ((principalValidatorType.equals(WLS_PV_IMPL) && principalValidatorType2.equals(CSS_PV_IMPL)) || (principalValidatorType2.equals(WLS_PV_IMPL) && principalValidatorType.equals(CSS_PV_IMPL))) {
                        if (isDebugEnabled) {
                            this.logger.debug(str + " dropping default PrincipalValidatorImpl since we already have it");
                            return;
                        }
                        return;
                    }
                }
                throw new SecurityException(ServiceLogger.getValidatorCollision(principalValidator.getClass().getName(), principalValidator2.getClass().getName()));
            }
        }
        if (isDebugEnabled) {
            this.logger.debug(str + " using PrincipalValidator");
        }
        arrayList.add(principalValidator);
    }

    @Override // com.bea.common.security.service.PrincipalValidationService
    public boolean validate(Set set) {
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        String str = null;
        if (isDebugEnabled) {
            str = getClass().getName() + ".validate(Principals)";
            this.logger.debug(str);
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            if (!validate((Principal) it.next())) {
                if (!this.auditService.isAuditEnabled()) {
                    return false;
                }
                this.auditService.writeEvent(new AuditAtnEventImpl(AuditSeverity.FAILURE, "", null, AuditAtnEventV2.AtnEventTypeV2.VALIDATEIDENTITY, null));
                return false;
            }
        }
        if (!isDebugEnabled) {
            return true;
        }
        this.logger.debug(str + " validated all principals");
        return true;
    }

    @Override // com.bea.common.security.service.PrincipalValidationService
    public void sign(Set set) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(getClass().getName() + ".sign(Principals)");
        }
        Iterator it = set.iterator();
        while (it.hasNext()) {
            if (!sign((Principal) it.next())) {
                throw new IllegalArgumentException(ServiceLogger.getUnableToSignPricipal(getClass().getName() + ".sign(Principals)"));
            }
        }
    }

    private boolean validate(Principal principal) {
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        String str = getClass().getName() + ".validate(Principal)";
        if (isDebugEnabled) {
            this.logger.debug(str + " Principal=" + principal);
        }
        if (principal == null) {
            throw new IllegalArgumentException(ServiceLogger.getNullParameterSupplied(str));
        }
        if (isDebugEnabled) {
            this.logger.debug(str + " PrincipalClassName=" + principal.getClass().getName());
        }
        boolean z = false;
        boolean z2 = true;
        for (int i = 0; z2 && i < this.principalValidators.length; i++) {
            PrincipalValidator principalValidator = this.principalValidators[i];
            if (isDebugEnabled) {
                this.logger.debug(str + " trying PrincipalValidator for " + principalValidator.getPrincipalBaseClass());
            }
            if (principalValidator.getPrincipalBaseClass().isInstance(principal)) {
                if (isDebugEnabled) {
                    this.logger.debug(str + " PrincipalValidator handles this PrincipalClass");
                }
                z = true;
                try {
                    z2 = principalValidator.validate(principal);
                    if (isDebugEnabled) {
                        this.logger.debug(str + " PrincipalValidator said the principal is " + (z2 ? "valid" : SAMLProfile.CONF_INVALID));
                    }
                } catch (SecurityException e) {
                    z2 = false;
                    if (isDebugEnabled) {
                        this.logger.debug(str + " PrincipalValidator caught SecurityException", e);
                    }
                }
            } else if (isDebugEnabled) {
                this.logger.debug(str + " PrincipalValidator does not handle this PrincipalClass");
            }
        }
        if (isDebugEnabled) {
            this.logger.debug(str + (z ? " One or more" : " No") + " PrincipalValidators handled this PrincipalClass, returning " + (z && z2));
        }
        return z && z2;
    }

    private boolean sign(Principal principal) {
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        String str = getClass().getName() + ".sign(Principal)";
        if (isDebugEnabled) {
            this.logger.debug(str + " Principal=" + principal);
        }
        if (principal == null) {
            throw new IllegalArgumentException(ServiceLogger.getNullParameterSupplied(str));
        }
        if (isDebugEnabled) {
            this.logger.debug(str + " PrincipalClassName=" + principal.getClass().getName());
        }
        boolean z = false;
        for (int i = 0; i < this.principalValidators.length; i++) {
            PrincipalValidator principalValidator = this.principalValidators[i];
            if (isDebugEnabled) {
                this.logger.debug(str + " trying PrincipalValidator for " + principalValidator.getPrincipalBaseClass());
            }
            if (principalValidator.getPrincipalBaseClass().isInstance(principal)) {
                if (isDebugEnabled) {
                    this.logger.debug(str + " PrincipalValidator handles this PrincipalClass");
                }
                z = ((Boolean) AccessController.doPrivileged(new SignPrincipalAction(principalValidator, principal))).booleanValue();
                if (isDebugEnabled) {
                    this.logger.debug(str + " PrincipalValidator " + (!z ? "did not sign the principal, returning false" : "signed the principal"));
                }
                if (!z) {
                    return false;
                }
            }
        }
        if (isDebugEnabled) {
            if (z) {
                this.logger.debug(str + " All required PrincipalValidators signed this PrincipalClass, returning true");
            } else {
                this.logger.debug(str + " No PrincipalValidator handled this PrincipalClass, returning false");
            }
        }
        return z;
    }
}
