package weblogic.entitlement.rules;

import javax.security.auth.Subject;
import weblogic.security.SecurityLogger;
import weblogic.security.providers.authorization.IllegalPredicateArgumentException;
import weblogic.security.providers.authorization.PredicateArgument;
import weblogic.security.service.ContextHandler;
import weblogic.security.shared.LoggerWrapper;
import weblogic.security.spi.Resource;
import weblogic.security.utils.ESubjectImpl;
import weblogic.xml.process.FunctionRef;

/* loaded from: input_file:weblogic/entitlement/rules/SignaturePredicate.class */
public class SignaturePredicate extends BasePredicate {
    public static final String GROUP_TYPE = "group";
    public static final String USERNAME_TYPE = "user";
    private static final String VERSION = "1.0";
    private static final PredicateArgument[] arguments = {new StringPredicateArgument("SignaturePredicateSignerTypeArgumentName", "SignaturePredicateSignerTypeArgumentDescription", null), new StringPredicateArgument("SignaturePredicateSignedElementArgumentName", "SignaturePredicateSignedElementArgumentDescription", null), new StringPredicateArgument("SignaturePredicateSignerNameArgumentName", "SignaturePredicateSignerNameArgumentDescription", null)};
    private static LoggerWrapper log = LoggerWrapper.getInstance("SecurityPredicate");
    private String signerType;
    private String signerName;
    private String signerElement;

    public SignaturePredicate() {
        super("SignaturePredicateName", "SignaturePredicateDescription");
        this.signerType = GROUP_TYPE;
        this.signerName = null;
        this.signerElement = null;
    }

    @Override // weblogic.entitlement.rules.BasePredicate, weblogic.security.providers.authorization.Predicate
    public void init(String[] strArr) throws IllegalPredicateArgumentException {
        if (strArr == null || strArr.length != 3) {
            throw new IllegalPredicateArgumentException(SecurityLogger.getThreeArgumentsRequired());
        }
        String str = strArr[0];
        if ("user".equalsIgnoreCase(str)) {
            this.signerType = "user";
        } else {
            if (!GROUP_TYPE.equalsIgnoreCase(str)) {
                throw new IllegalPredicateArgumentException(SecurityLogger.getTypeMustValueIs(GROUP_TYPE, "user", str));
            }
            this.signerType = GROUP_TYPE;
        }
        if (strArr[1] == null) {
            throw new IllegalPredicateArgumentException(SecurityLogger.getSignatureTypeCanNotBeNull());
        }
        this.signerElement = "Integrity{" + strArr[1] + FunctionRef.FUNCTION_CLOSE_BRACE;
        if (strArr[2] == null) {
            throw new IllegalPredicateArgumentException(SecurityLogger.getSignedByCanNotBeNull());
        }
        this.signerName = strArr[2];
        if (log.isDebugEnabled()) {
            log.debug("SignaturePredicate.init: signerType=" + this.signerType + ", signerName=" + this.signerName + ", signerElement=" + this.signerElement);
        }
    }

    @Override // weblogic.security.providers.authorization.Predicate
    public boolean evaluate(Subject subject, Resource resource, ContextHandler contextHandler) {
        if (log.isDebugEnabled()) {
            log.debug("SignaturePredicate.evaluate: matching " + this.signerType + " " + this.signerName);
        }
        if (contextHandler == null) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("SignaturePredicate.evaluate: context is null, returning false");
            return false;
        }
        Subject subject2 = (Subject) contextHandler.getValue(this.signerElement);
        if (subject2 == null) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("SignaturePredicate.evaluate: no signer, returning false");
            return false;
        }
        ESubjectImpl eSubjectImpl = new ESubjectImpl(subject2);
        boolean isUser = this.signerType == "user" ? eSubjectImpl.isUser(this.signerName) : eSubjectImpl.isMemberOf(this.signerName);
        if (log.isDebugEnabled()) {
            log.debug("SignaturePredicate.evaluate: returning " + isUser);
        }
        return isUser;
    }

    @Override // weblogic.entitlement.rules.BasePredicate, weblogic.security.providers.authorization.Predicate
    public boolean isSupportedResource(String str) {
        return str.startsWith("type=<webservices>");
    }

    @Override // weblogic.security.providers.authorization.Predicate
    public String getVersion() {
        return "1.0";
    }

    @Override // weblogic.entitlement.rules.BasePredicate, weblogic.security.providers.authorization.Predicate
    public int getArgumentCount() {
        return arguments.length;
    }

    @Override // weblogic.entitlement.rules.BasePredicate, weblogic.security.providers.authorization.Predicate
    public PredicateArgument getArgument(int i) {
        return arguments[i];
    }
}
