package weblogic.security.service;

import com.bea.common.security.jdkutils.JAASConfiguration;
import com.bea.common.security.service.ChallengeIdentityAssertionService;
import com.bea.common.security.service.IdentityAssertionService;
import com.bea.common.security.service.IdentityImpersonationService;
import com.bea.common.security.service.JAASAuthenticationService;
import com.bea.common.security.service.PrincipalValidationService;
import com.bea.security.css.CSS;
import java.io.IOException;
import java.io.Serializable;
import java.security.AccessController;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginException;
import javax.servlet.Filter;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import weblogic.management.security.ProviderMBean;
import weblogic.management.security.RealmMBean;
import weblogic.management.security.authentication.IdentityAsserterMBean;
import weblogic.management.security.authentication.UserLockoutManagerMBean;
import weblogic.rmi.spi.HostID;
import weblogic.security.SecurityLogger;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.internal.SecurityMessage;
import weblogic.security.service.internal.ServletAuthenticationFilterService;
import weblogic.security.service.internal.UserLockoutAdministrationService;
import weblogic.security.service.internal.UserLockoutCoordinationService;
import weblogic.security.service.internal.WLSIdentityImpl;
import weblogic.security.service.internal.WSPasswordDigestService;
import weblogic.security.shared.LoggerWrapper;
import weblogic.security.spi.AuthenticationProviderV2;
import weblogic.security.spi.ChallengeIdentityAsserterV2;
import weblogic.security.spi.DigestNotAvailableException;
import weblogic.security.spi.IdentityAsserterV2;
import weblogic.security.spi.IdentityAssertionException;

/* loaded from: input_file:weblogic/security/service/PrincipalAuthenticator.class */
public class PrincipalAuthenticator implements SecurityService {
    protected static final String assertionTag = "$$ASSERTION$$";
    private UserLockoutManager userLockoutManager;
    private static final String SUN_CONFIG_FILE = "com.sun.security.auth.login.ConfigFile";
    private static final String IBM_CONFIG_FILE = "com.ibm.security.auth.login.ConfigFile";
    private static final String AUTH_CONFIG_FILE = "weblogic.security.authentication.Configuration";
    private static final AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static LoggerWrapper log = LoggerWrapper.getInstance("SecurityAtn");
    private PrincipalValidationService pvalService = null;
    private JAASAuthenticationService jaasAtnService = null;
    private IdentityAssertionService iaService = null;
    private ChallengeIdentityAssertionService chIAService = null;
    private IdentityImpersonationService imService = null;
    private ServletAuthenticationFilterService filtService = null;
    private WSPasswordDigestService digService = null;
    private UserLockoutAdministrationService ulaService = null;
    private UserLockoutCoordinationService ulcService = null;
    private HashMap assertionEncodingMap = new HashMap();

    /* loaded from: input_file:weblogic/security/service/PrincipalAuthenticator$CommonChallengeContextImpl.class */
    private final class CommonChallengeContextImpl implements ChallengeContext, Serializable {
        private ChallengeIdentityAssertionService.ChallengeContext commonContext;

        private CommonChallengeContextImpl(ChallengeIdentityAssertionService.ChallengeContext challengeContext) {
            this.commonContext = challengeContext;
        }

        @Override // weblogic.security.service.ChallengeContext
        public boolean hasChallengeIdentityCompleted() {
            return this.commonContext.hasChallengeIdentityCompleted();
        }

        @Override // weblogic.security.service.ChallengeContext
        public AuthenticatedSubject getAuthenticatedSubject() {
            WLSIdentityImpl wLSIdentityImpl = (WLSIdentityImpl) this.commonContext.getIdentity();
            if (wLSIdentityImpl == null) {
                return null;
            }
            return wLSIdentityImpl.getAuthenticatedSubject();
        }

        @Override // weblogic.security.service.ChallengeContext
        public Object getChallengeToken() {
            return this.commonContext.getChallengeToken();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void continueChallengeIdentity(String str, Object obj, ContextHandler contextHandler) throws LoginException {
            this.commonContext.continueChallengeIdentity(str, obj, contextHandler);
        }
    }

    private void assertNotUsingCommon() {
        throw new AssertionError("This code should never be called when using common security");
    }

    @Override // weblogic.security.service.SecurityService
    public void initialize(String str, ProviderMBean[] providerMBeanArr) {
        UserLockoutManagerMBean userLockoutManager;
        if (providerMBeanArr == null || providerMBeanArr.length == 0) {
            throw new SecurityServiceRuntimeException(SecurityLogger.getNoAuthMBeansInvConfig());
        }
        RealmMBean realm = providerMBeanArr[0].getRealm();
        if (log.isDebugEnabled()) {
            log.debug("PrincipalAuthenticator will use common security for ATN");
        }
        try {
            String property = System.getProperty("java.security.auth.login.config");
            if (property != null && log.isDebugEnabled()) {
                log.debug("Registering JAAS configs java.security.auth.login.config: " + property);
            }
            Configuration loadConfFileForJVM = loadConfFileForJVM(SUN_CONFIG_FILE);
            if (loadConfFileForJVM != null) {
                JAASConfiguration.registerConfiguration(loadConfFileForJVM);
            }
            CSS css = SecurityServiceManager.getCSS(kernelId);
            this.jaasAtnService = (JAASAuthenticationService) css.getService(CSS.JAAS_AUTHENTICATION_SERVICE);
            this.iaService = (IdentityAssertionService) css.getService(CSS.IDENTITY_ASSERTION_SERVICE);
            this.chIAService = (ChallengeIdentityAssertionService) css.getService(CSS.CHALLENGE_IDENTITY_ASSERTION_SERVICE);
            this.imService = (IdentityImpersonationService) css.getService(CSS.IMPERSONATION_SERVICE);
            this.pvalService = (PrincipalValidationService) css.getService(CSS.PRINCIPAL_VALIDATION_SERVICE);
            this.filtService = (ServletAuthenticationFilterService) css.getService("ServletAuthenticationFilterService");
            this.digService = (WSPasswordDigestService) css.getService("WSPasswordDigestService");
            this.ulaService = (UserLockoutAdministrationService) css.getService("UserLockoutAdministrationService");
            this.ulcService = (UserLockoutCoordinationService) css.getService("UserLockoutCoordinationService");
            calculateLegacyAssertionEncodingMap(providerMBeanArr);
            if (realm == null || (userLockoutManager = realm.getUserLockoutManager()) == null) {
                return;
            }
            this.userLockoutManager = new UserLockoutManager();
            this.userLockoutManager.init(userLockoutManager);
        } catch (Exception e) {
            if (log.isDebugEnabled()) {
                SecurityLogger.logStackTrace(e);
            }
            SecurityServiceRuntimeException securityServiceRuntimeException = new SecurityServiceRuntimeException(SecurityLogger.getExceptionObtainingService("Common JAASAuthenticationService", e.toString()));
            securityServiceRuntimeException.initCause(e);
            throw securityServiceRuntimeException;
        }
    }

    private Configuration loadConfFileForJVM(String str) {
        Configuration configuration = null;
        try {
            configuration = (Configuration) getClass().getClassLoader().loadClass(str).newInstance();
        } catch (ClassNotFoundException e) {
            if (str.equals(SUN_CONFIG_FILE)) {
                return loadConfFileForJVM(IBM_CONFIG_FILE);
            }
            if (str.equals(IBM_CONFIG_FILE)) {
                str = System.getProperty(AUTH_CONFIG_FILE);
                if (str != null && str.length() >= 0) {
                    return loadConfFileForJVM(str);
                }
            }
            if (log.isDebugEnabled()) {
                log.debug("Failed to load SUN, IBM or custom JAAS file..  " + str);
            }
            SecurityLogger.logWarningFailedToLoadJAASConfiguration();
        } catch (IllegalAccessException e2) {
            if (log.isDebugEnabled()) {
                log.debug("Reflection issue, check message for details: " + e2.getMessage());
            }
        } catch (IllegalArgumentException e3) {
            if (log.isDebugEnabled()) {
                log.debug("Failed to load configuration: " + e3.getMessage());
                log.debug("Setting JAAS config file " + str);
            }
            JAASConfiguration.setJAASConfigFile(str);
        } catch (InstantiationException e4) {
            if (log.isDebugEnabled()) {
                log.debug("Reflection issue, check message for details: " + e4.getMessage());
            }
        } catch (SecurityException e5) {
            if (e5.getCause() instanceof IOException) {
                if (log.isDebugEnabled()) {
                    log.debug("Setting JAAS config file: " + str);
                }
                JAASConfiguration.setJAASConfigFile(str);
            } else if (log.isDebugEnabled()) {
                log.debug("Failed to load configuration: " + e5.getMessage());
            }
        }
        return configuration;
    }

    @Override // weblogic.security.service.SecurityService
    public void start() {
    }

    @Override // weblogic.security.service.SecurityService
    public void suspend() {
    }

    @Override // weblogic.security.service.SecurityService
    public void shutdown() {
        this.pvalService = null;
        this.jaasAtnService = null;
        this.iaService = null;
        this.chIAService = null;
        this.imService = null;
        this.filtService = null;
        this.digService = null;
        this.ulcService = null;
        this.ulaService = null;
    }

    public PrincipalAuthenticator() {
    }

    public PrincipalAuthenticator(String str, ProviderMBean[] providerMBeanArr) {
        initialize(str, providerMBeanArr);
    }

    public AuthenticatedSubject authenticate(CallbackHandler callbackHandler, ContextHandler contextHandler) throws LoginException {
        if (callbackHandler == null) {
            throw new LoginException(SecurityLogger.getNoCallbackHandlerSuppliedPA());
        }
        if (log.isDebugEnabled()) {
            log.debug("PrincipalAuthenticator.authenticate");
        }
        if (log.isDebugEnabled()) {
            log.debug("PrincipalAuthenticator.authenticate will use common security service");
        }
        return IdentityUtility.identityToAuthenticatedSubject(this.jaasAtnService.authenticate(callbackHandler, contextHandler));
    }

    public AuthenticatedSubject authenticate(CallbackHandler callbackHandler) throws LoginException {
        return authenticate(callbackHandler, null);
    }

    public Map getAssertionsEncodingMap() {
        return this.assertionEncodingMap;
    }

    public boolean doesTokenTypeRequireBase64Decoding(String str) {
        Boolean bool = (Boolean) this.assertionEncodingMap.get(str);
        if (bool == null) {
            throw new IllegalArgumentException(SecurityLogger.getUnknownTokenType(str));
        }
        return bool.booleanValue();
    }

    public boolean doesTokenRequireBase64Decoding(Object obj) {
        return ((Boolean) obj).booleanValue();
    }

    public AuthenticatedSubject assertIdentity(String str, Object obj) throws LoginException {
        return assertIdentity(str, obj, null);
    }

    public AuthenticatedSubject assertIdentity(String str, Object obj, ContextHandler contextHandler) throws LoginException {
        if (log.isDebugEnabled()) {
            log.debug("PrincipalAuthenticator.assertIdentity - Token Type: " + str);
        }
        if (str == null) {
            throw new LoginException(SecurityLogger.getNullTokenTypeParam());
        }
        if (obj == null) {
            throw new LoginException(SecurityLogger.getNullTokenParam());
        }
        if (log.isDebugEnabled()) {
            log.debug("PrincipalAuthenticator.assertIdentity using common security");
        }
        return IdentityUtility.identityToAuthenticatedSubject(this.iaService.assertIdentity(str, obj, contextHandler));
    }

    public boolean isTokenTypeSupported(String str) {
        if (str == null) {
            return false;
        }
        if (log.isDebugEnabled()) {
            log.debug("PrincipalAuthenticator.isTokenSupported using common security");
        }
        return this.iaService.isTokenTypeSupported(str);
    }

    public AuthenticatedSubject impersonateIdentity(String str) throws LoginException {
        return impersonateIdentity(str, null);
    }

    public AuthenticatedSubject impersonateIdentity(String str, ContextHandler contextHandler) throws LoginException {
        if (log.isDebugEnabled()) {
            log.debug("PrincipalAuthenticator.impersonateIdentity using common security");
        }
        return IdentityUtility.identityToAuthenticatedSubject(this.imService.impersonateIdentity(str, contextHandler));
    }

    public boolean validateIdentity(AuthenticatedSubject authenticatedSubject) {
        if (authenticatedSubject == null) {
            return false;
        }
        if (log.isDebugEnabled()) {
            log.debug("PrincipalAuthenticator.validateIdentity");
        }
        if (log.isDebugEnabled()) {
            log.debug("PrincipalAuthenticator.validateIdentity will use common security service");
        }
        return this.pvalService.validate(authenticatedSubject.getSubject().getPrincipals());
    }

    public Object getChallengeToken(String str, ContextHandler contextHandler) throws IdentityAssertionException {
        if (log.isDebugEnabled()) {
            log.debug("PrincipalAuthenticator.getChallengeToken will use common security service");
        }
        return this.chIAService.getChallengeToken(str, contextHandler);
    }

    public Object getChallengeToken(String str) throws IdentityAssertionException {
        return getChallengeToken(str, null);
    }

    public ChallengeContext assertChallengeIdentity(String str, Object obj, ContextHandler contextHandler) throws LoginException {
        if (log.isDebugEnabled()) {
            log.debug("PrincipalAuthenticator.assertChallengeIdentity - Token Type: " + str);
        }
        if (log.isDebugEnabled()) {
            log.debug("PrincipalAuthenticator.assertChallengeIdentity will use common security service");
        }
        return new CommonChallengeContextImpl(this.chIAService.assertChallengeIdentity(str, obj, contextHandler));
    }

    public void continueChallengeIdentity(ChallengeContext challengeContext, String str, Object obj, ContextHandler contextHandler) throws LoginException {
        if (log.isDebugEnabled()) {
            log.debug("PrincipalAuthenticator.continueChallengeIdentity - Token Type: " + str);
        }
        if (log.isDebugEnabled()) {
            log.debug("PrincipalAuthenticator.assertChallengeIdentity will use common security service");
        }
        if (!(challengeContext instanceof CommonChallengeContextImpl)) {
            throw new LoginException(SecurityLogger.getNotInstanceof("CommonChallengeContextImpl"));
        }
        ((CommonChallengeContextImpl) challengeContext).continueChallengeIdentity(str, obj, contextHandler);
    }

    public Filter[] getServletAuthenticationFilters(ServletContext servletContext) throws ServletException {
        if (log.isDebugEnabled()) {
            log.debug("Beginning getServletAuthenticationFilters.");
        }
        if (log.isDebugEnabled()) {
            log.debug("PrincipalAuthenticator.getServletAuthenticationFilters will use WLS-specific security service");
        }
        return this.filtService.getServletAuthenticationFilters(servletContext);
    }

    public void destroyServletAuthenticationFilters(Filter[] filterArr) {
        this.filtService.destroyServletAuthenticationFilters(filterArr);
    }

    public byte[] getPasswordDigest(String str, byte[] bArr, String str2) throws DigestNotAvailableException {
        if (log.isDebugEnabled()) {
            log.debug("PrincipalAuthenticator.getPasswordDigest will use WLS-specific security service");
        }
        return this.digService.getPasswordDigest(str, bArr, str2);
    }

    public byte[] getDerivedKey(String str, byte[] bArr, int i) throws DigestNotAvailableException {
        if (log.isDebugEnabled()) {
            log.debug("PrincipalAuthenticator.getDerivedKey will use WLS-specific security service");
        }
        return this.digService.getDerivedKey(str, bArr, i);
    }

    protected AuthenticationProviderV2[] getProviderList() {
        assertNotUsingCommon();
        return null;
    }

    public UserLockoutManager getUserLockoutManager() {
        return this.userLockoutManager;
    }

    public UserLockoutAdministrationService getUserLockoutAdministrationService() {
        return this.ulaService;
    }

    public void receiveSecurityMessageCommon(HostID hostID, SecurityMessage securityMessage) {
        this.ulcService.processSecurityMessage(securityMessage.nextSeqNo(), securityMessage.record());
    }

    private ChallengeIdentityAsserterV2 getChallengeIdentityAsserter(IdentityAsserterV2 identityAsserterV2) {
        assertNotUsingCommon();
        return null;
    }

    private void calculateLegacyAssertionEncodingMap(ProviderMBean[] providerMBeanArr) {
        for (int i = 0; i < providerMBeanArr.length; i++) {
            if (providerMBeanArr[i] instanceof IdentityAsserterMBean) {
                IdentityAsserterMBean identityAsserterMBean = (IdentityAsserterMBean) providerMBeanArr[i];
                String[] activeTypes = identityAsserterMBean.getActiveTypes();
                for (int i2 = 0; activeTypes != null && i2 < activeTypes.length; i2++) {
                    if (!this.assertionEncodingMap.containsKey(activeTypes[i2])) {
                        if (identityAsserterMBean.getBase64DecodingRequired()) {
                            this.assertionEncodingMap.put(activeTypes[i2], Boolean.TRUE);
                        } else {
                            this.assertionEncodingMap.put(activeTypes[i2], Boolean.FALSE);
                        }
                    }
                }
            }
        }
    }
}
