package weblogic.diagnostics.snmp.agent.monfox;

import java.security.AccessController;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.concurrent.ConcurrentHashMap;
import javax.resource.spi.security.PasswordCredential;
import monfox.toolkit.snmp.engine.SnmpEngineID;
import monfox.toolkit.snmp.v3.usm.ext.UsmUserSecurityExtension;
import weblogic.diagnostics.debug.DebugLogger;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.ContextHandler;
import weblogic.security.service.CredentialManager;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.RemoteResource;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.timers.Timer;
import weblogic.timers.TimerListener;
import weblogic.timers.TimerManagerFactory;

/* loaded from: input_file:weblogic/diagnostics/snmp/agent/monfox/WLSSecurityExtension.class */
public class WLSSecurityExtension implements UsmUserSecurityExtension, TimerListener {
    private static final DebugLogger DEBUG_LOGGER = DebugLogger.getDebugLogger("DebugSNMPAgent");
    private static final AuthenticatedSubject KERNEL_ID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static final long DEFAULT_CACHE_FLUSH_PERIOD = 300000;
    private static WLSSecurityExtension SINGLETON;
    private Timer cacheFlushTimer;
    private long cacheFlushPeriod;
    private SnmpResource authResource = SnmpResource.getAuthenticationResource();
    private SnmpResource privResource = SnmpResource.getPrivacyResource();
    private RemoteResource testResource = new RemoteResource(null, null, null, null, "SNMP_AUTH");
    private ConcurrentHashMap userInfos = new ConcurrentHashMap();
    private int securityLevel = 0;
    private int authProtocol = 0;
    private int privProtocol = 3;
    private CredentialManager credentialManager = (CredentialManager) SecurityServiceManager.getSecurityService(KERNEL_ID, SecurityServiceManager.getDefaultRealmName(), SecurityService.ServiceType.CREDENTIALMANAGER);

    public static synchronized WLSSecurityExtension getInstance() {
        if (SINGLETON == null) {
            SINGLETON = new WLSSecurityExtension();
        }
        return SINGLETON;
    }

    private WLSSecurityExtension() {
        setLocalizedKeyCacheInvalidationInterval(300000L);
    }

    private byte[] getPwd(String str, boolean z) {
        Object[] credentials = this.credentialManager.getCredentials(KERNEL_ID, str, z ? this.authResource : this.privResource, (ContextHandler) null, "weblogic.UserPassword");
        int length = credentials != null ? credentials.length : 0;
        for (int i = 0; i < length; i++) {
            if (credentials[i] instanceof PasswordCredential) {
                return new String(((PasswordCredential) credentials[i]).getPassword()).getBytes();
            }
        }
        return null;
    }

    private boolean isValidUserInfo(WLSUserInfo wLSUserInfo) {
        return getMonfoxSecurityLevel() == wLSUserInfo.getSecLevel() && getMonfoxAuthProtocol() == wLSUserInfo.getAuthProtocol() && getMonfoxPrivProtocol() == wLSUserInfo.getPrivProtocol();
    }

    private WLSUserInfo getCachedUserInfo(String str, SnmpEngineID snmpEngineID) {
        HashMap hashMap;
        WLSUserInfo wLSUserInfo = null;
        synchronized (this.userInfos) {
            if (this.userInfos.containsKey(str) && (hashMap = (HashMap) this.userInfos.get(str)) != null && hashMap.containsKey(snmpEngineID)) {
                if (DEBUG_LOGGER.isDebugEnabled()) {
                    DEBUG_LOGGER.debug("Found cached UserInfo for user " + str + ", engineID: " + snmpEngineID);
                }
                wLSUserInfo = (WLSUserInfo) hashMap.get(snmpEngineID);
                if (!isValidUserInfo(wLSUserInfo)) {
                    if (DEBUG_LOGGER.isDebugEnabled()) {
                        DEBUG_LOGGER.debug("Cached UserInfo for user " + str + ", engineID " + snmpEngineID + " is invalid, removing from cache");
                    }
                    hashMap.remove(snmpEngineID);
                    if (hashMap.size() == 0) {
                        this.userInfos.remove(str);
                    }
                    wLSUserInfo = null;
                }
            }
        }
        return wLSUserInfo;
    }

    private WLSUserInfo addUserInfoToCache(String str, SnmpEngineID snmpEngineID) {
        HashMap hashMap;
        try {
            WLSUserInfo createUserInfo = createUserInfo(str, snmpEngineID);
            synchronized (this.userInfos) {
                if (this.userInfos.containsKey(str)) {
                    hashMap = (HashMap) this.userInfos.get(str);
                } else {
                    hashMap = new HashMap();
                    this.userInfos.put(str, hashMap);
                }
                hashMap.put(snmpEngineID, createUserInfo);
            }
            return createUserInfo;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public UsmUserSecurityExtension.UserInfo getUserInfo(String str, SnmpEngineID snmpEngineID) {
        WLSUserInfo cachedUserInfo = getCachedUserInfo(str, snmpEngineID);
        if (cachedUserInfo == null) {
            cachedUserInfo = addUserInfoToCache(str, snmpEngineID);
        }
        if (DEBUG_LOGGER.isDebugEnabled()) {
            DEBUG_LOGGER.debug("Returning UserInfo for " + str + ", engineID + " + snmpEngineID.toString() + ", nonExistentUser=" + cachedUserInfo.isNonExistentUser());
        }
        if (cachedUserInfo.isNonExistentUser()) {
            cachedUserInfo = null;
        }
        return cachedUserInfo;
    }

    private WLSUserInfo createUserInfo(String str, SnmpEngineID snmpEngineID) throws NoSuchAlgorithmException {
        if (DEBUG_LOGGER.isDebugEnabled()) {
            DEBUG_LOGGER.debug("Creating UserInfo for " + str);
        }
        byte[] pwd = getPwd(str, true);
        byte[] pwd2 = getPwd(str, false);
        WLSUserInfo wLSUserInfo = new WLSUserInfo(snmpEngineID, str, getMonfoxSecurityLevel(), getMonfoxAuthProtocol(), getMonfoxPrivProtocol(), pwd, pwd2, pwd == null);
        clearBuffer(pwd);
        clearBuffer(pwd2);
        return wLSUserInfo;
    }

    private void clearBuffer(byte[] bArr) {
        int length = bArr != null ? bArr.length : 0;
        for (int i = 0; i < length; i++) {
            bArr[i] = 0;
        }
    }

    int getAuthProtocol() {
        return this.authProtocol;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAuthProtocol(int i) {
        this.authProtocol = i;
    }

    int getPrivProtocol() {
        return this.privProtocol;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setPrivProtocol(int i) {
        this.privProtocol = i;
    }

    int getSecurityLevel() {
        return this.securityLevel;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSecurityLevel(int i) {
        this.securityLevel = i;
    }

    private int getMonfoxSecurityLevel() {
        return SecurityUtil.convertSNMPAgentToolkitSecurityLevel(this.securityLevel);
    }

    private int getMonfoxAuthProtocol() {
        switch (this.authProtocol) {
            case 0:
                return 0;
            case 1:
                return 1;
            default:
                throw new IllegalArgumentException();
        }
    }

    private int getMonfoxPrivProtocol() {
        switch (this.privProtocol) {
            case 2:
                return 2;
            case 3:
                return 4;
            default:
                throw new IllegalArgumentException();
        }
    }

    public synchronized void setLocalizedKeyCacheInvalidationInterval(long j) {
        if (DEBUG_LOGGER.isDebugEnabled()) {
            DEBUG_LOGGER.debug("WLSSecurityExtension: Setting userInfo cache flush period = " + j);
        }
        if (j <= 0) {
            return;
        }
        if (this.cacheFlushTimer != null) {
            this.cacheFlushTimer.cancel();
        }
        this.cacheFlushTimer = TimerManagerFactory.getTimerManagerFactory().getDefaultTimerManager().scheduleAtFixedRate(this, 0L, j);
        this.cacheFlushPeriod = j;
    }

    public long getLocalizedKeyCacheInvalidationInterval() {
        return this.cacheFlushPeriod;
    }

    @Override // weblogic.timers.TimerListener
    public void timerExpired(Timer timer) {
        clearUserInfos();
    }

    public void clearUserInfos() {
        if (DEBUG_LOGGER.isDebugEnabled()) {
            DEBUG_LOGGER.debug("WLSSecurityExtension: Flushing user info cache");
        }
        this.userInfos.clear();
    }

    public void invalidateLocalizedKeyCache(String str) {
        if (DEBUG_LOGGER.isDebugEnabled()) {
            DEBUG_LOGGER.debug("WLSSecurityExtension: Flushing user info cache for " + str);
        }
        synchronized (this.userInfos) {
            this.userInfos.remove(str);
        }
    }
}
