package weblogic.management.mbeanservers.internal;

import java.io.IOException;
import java.security.AccessController;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import weblogic.management.context.JMXContext;
import weblogic.management.context.JMXContextHelper;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;

/* loaded from: input_file:weblogic/management/mbeanservers/internal/JMXAuthenticator.class */
public class JMXAuthenticator implements javax.management.remote.JMXAuthenticator {
    private PrincipalAuthenticator authenticator = SecurityServiceManager.getPrincipalAuthenticator(kernelId, SecurityServiceManager.defaultRealmName);
    private static final AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());

    /* loaded from: input_file:weblogic/management/mbeanservers/internal/JMXAuthenticator$JMXCallbackHandler.class */
    private class JMXCallbackHandler implements CallbackHandler {
        String userName;
        String password;

        protected JMXCallbackHandler(String[] strArr) {
            this.userName = strArr[0];
            this.password = strArr[1];
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (int i = 0; i < callbackArr.length; i++) {
                Callback callback = callbackArr[i];
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(this.userName);
                } else {
                    if (!(callback instanceof PasswordCallback)) {
                        throw new UnsupportedCallbackException(callbackArr[i], "Unrecognized Callback");
                    }
                    ((PasswordCallback) callback).setPassword(this.password.toCharArray());
                }
            }
        }
    }

    public Subject authenticate(Object obj) {
        JMXContext jMXContext;
        Subject subject;
        try {
            if (obj == null) {
                AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(kernelId);
                return (System.getSecurityManager() == null || !SecurityServiceManager.isKernelIdentity(currentSubject) || (jMXContext = JMXContextHelper.getJMXContext(false)) == null || (subject = jMXContext.getSubject()) == null || !SecurityServiceManager.isKernelIdentity(SecurityServiceManager.getASFromWire(AuthenticatedSubject.getFromSubject(subject)))) ? AuthenticatedSubject.ANON.getSubject() : currentSubject.getSubject();
            }
            if (!(obj instanceof String[])) {
                throw new SecurityException("Invalid JMX credential type passed to JMX connector: " + obj.getClass().getName());
            }
            String[] strArr = (String[]) obj;
            if (strArr.length < 2 || strArr[0] == null || strArr[1] == null) {
                throw new SecurityException("Invalid JMX credential, empty username and/or password");
            }
            AuthenticatedSubject authenticate = this.authenticator.authenticate(new JMXCallbackHandler((String[]) obj));
            AuthenticatedSubject currentSubject2 = SecurityServiceManager.getCurrentSubject(kernelId);
            return (currentSubject2.equals(authenticate) && currentSubject2.getQOS() == authenticate.getQOS()) ? currentSubject2.getSubject() : authenticate.getSubject();
        } catch (LoginException e) {
            throw new SecurityException(e);
        }
    }
}
