package weblogic.jms.common;

import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Hashtable;
import javax.naming.NamingException;
import javax.security.auth.login.LoginException;
import weblogic.management.ManagementException;
import weblogic.security.SimpleCallbackHandler;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.AuthorizationManager;
import weblogic.security.service.JMSResource;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.subject.AbstractSubject;
import weblogic.security.subject.SubjectManager;

/* loaded from: input_file:weblogic/jms/common/JMSSecurityHelper.class */
public class JMSSecurityHelper {
    private static final AuthenticatedSubject KERNEL_ID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static final AbstractSubject anonymous = SubjectManager.getSubjectManager().getAnonymousSubject();
    private PrincipalAuthenticator pa;
    private AuthorizationManager am;
    private static JMSSecurityHelper securityHelper;
    private static Hashtable destinationMap;

    public JMSSecurityHelper() throws ManagementException {
        if (JMSDebug.JMSConfig.isDebugEnabled()) {
            JMSDebug.JMSConfig.debug("Initializing JMS Security Helper");
        }
        this.pa = (PrincipalAuthenticator) SecurityServiceManager.getSecurityService(KERNEL_ID, SecurityServiceManager.defaultRealmName, SecurityService.ServiceType.AUTHENTICATION);
        this.am = (AuthorizationManager) SecurityServiceManager.getSecurityService(KERNEL_ID, SecurityServiceManager.defaultRealmName, SecurityService.ServiceType.AUTHORIZE);
        if (this.pa == null || this.am == null) {
            throw new RuntimeException("Security Services Unavailable");
        }
    }

    public static synchronized JMSSecurityHelper getSecurityHelper() throws ManagementException {
        if (securityHelper == null) {
            securityHelper = new JMSSecurityHelper();
        }
        return securityHelper;
    }

    public static JMSSecurityHelper getJMSSecurityHelper() {
        return securityHelper;
    }

    public void mapDestinationName(String str, String str2) {
        if (destinationMap == null) {
            destinationMap = new Hashtable();
        }
        destinationMap.put(str, str2);
    }

    public void unmapDestinationName(String str) {
        if (destinationMap == null) {
            return;
        }
        destinationMap.remove(str);
    }

    public PrincipalAuthenticator getPrincipalAuthenticator() {
        return this.pa;
    }

    public AuthorizationManager getAuthorizationManager() {
        return this.am;
    }

    public static boolean authenticate(String str, String str2) {
        try {
            return getJMSSecurityHelper().getPrincipalAuthenticator().authenticate(new SimpleCallbackHandler(str, str2)) != null;
        } catch (LoginException e) {
            return false;
        }
    }

    public static void checkPermission(JMSResource jMSResource) throws JMSSecurityException {
        checkPermission(jMSResource, SecurityServiceManager.getCurrentSubject(KERNEL_ID));
    }

    public static AuthenticatedSubject getCurrentSubject() {
        return SecurityServiceManager.getCurrentSubject(KERNEL_ID);
    }

    public static void checkPermission(JMSResource jMSResource, AuthenticatedSubject authenticatedSubject) throws JMSSecurityException {
        if (jMSResource == null) {
            return;
        }
        if (JMSDebug.JMSConfig.isDebugEnabled()) {
            JMSDebug.JMSConfig.debug("Creating JMS resource for " + jMSResource.getActionName() + " with   applicationName = " + jMSResource.getApplicationName() + ", moduleName = " + jMSResource.getModule() + " and resource name = " + jMSResource.getResourceName() + " and type = " + jMSResource.getDestinationType());
        }
        if (!getJMSSecurityHelper().getAuthorizationManager().isAccessAllowed(authenticatedSubject, jMSResource, null)) {
            throw new JMSSecurityException("Access denied to resource: " + jMSResource);
        }
    }

    public static String getSimpleAuthenticatedName() {
        return SubjectUtils.getUsername(getCurrentSubject().getSubject());
    }

    public static AuthenticatedSubject authenticatedSubject(String str, String str2) throws LoginException {
        return getJMSSecurityHelper().getPrincipalAuthenticator().authenticate(new SimpleCallbackHandler(str, str2));
    }

    public static final Object doAsJNDIOperation(AbstractSubject abstractSubject, PrivilegedExceptionAction privilegedExceptionAction) throws NamingException, JMSException {
        try {
            return abstractSubject.doAs(KERNEL_ID, privilegedExceptionAction);
        } catch (PrivilegedActionException e) {
            NamingException exception = e.getException();
            if (exception instanceof NamingException) {
                throw exception;
            }
            throw new JMSException((Throwable) exception);
        }
    }

    public static final Object doAs(AbstractSubject abstractSubject, PrivilegedExceptionAction privilegedExceptionAction) throws javax.jms.JMSException {
        try {
            return abstractSubject.doAs(KERNEL_ID, privilegedExceptionAction);
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            if (exception instanceof javax.jms.JMSException) {
                throw ((javax.jms.JMSException) exception);
            }
            throw new JMSException(exception);
        }
    }

    public static final boolean isServerIdentity(AuthenticatedSubject authenticatedSubject) {
        return SecurityServiceManager.isKernelIdentity(authenticatedSubject) || SecurityServiceManager.isServerIdentity(authenticatedSubject);
    }

    public static final AbstractSubject getAnonymousSubject() {
        return anonymous;
    }

    public static void pushSubject(AuthenticatedSubject authenticatedSubject) {
        SubjectManager.getSubjectManager().pushSubject(KERNEL_ID, authenticatedSubject);
    }
}
