package weblogic.security.internal;

import java.security.AccessController;
import java.util.Arrays;
import weblogic.descriptor.DescriptorUpdateEvent;
import weblogic.descriptor.DescriptorUpdateListener;
import weblogic.descriptor.DescriptorUpdateRejectedException;
import weblogic.management.configuration.DomainMBean;
import weblogic.management.configuration.ServerMBean;
import weblogic.management.provider.ManagementService;
import weblogic.management.security.RealmMBean;
import weblogic.management.utils.ErrorCollectionException;
import weblogic.nodemanager.server.NMEncryptionHelper;
import weblogic.security.SecurityLogger;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrivilegedActions;
import weblogic.server.AbstractServerService;

/* loaded from: input_file:weblogic/security/internal/SecurityConfigurationValidator.class */
public final class SecurityConfigurationValidator extends AbstractServerService implements DescriptorUpdateListener {
    private static SecurityConfigurationValidator singleton = null;
    private static final boolean DEBUG = false;
    private String currentNMUser;
    private byte[] currentNMPass;
    private String proposedNMUser;
    private byte[] proposedNMPass;

    private SecurityConfigurationValidator() {
    }

    public static synchronized SecurityConfigurationValidator getInstance() {
        if (singleton == null) {
            singleton = new SecurityConfigurationValidator();
        }
        return singleton;
    }

    private static void p(String str) {
    }

    @Override // weblogic.server.AbstractServerService, weblogic.server.ServerService
    public synchronized void start() {
        ManagementService.getRuntimeAccess((AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction())).getDomain().getDescriptor().addUpdateListener(this);
    }

    @Override // weblogic.descriptor.DescriptorUpdateListener
    public void prepareUpdate(DescriptorUpdateEvent descriptorUpdateEvent) throws DescriptorUpdateRejectedException {
        RealmMBean defaultRealm = ((DomainMBean) descriptorUpdateEvent.getProposedDescriptor().getRootBean()).getSecurityConfiguration().getDefaultRealm();
        if (defaultRealm == null) {
            throw new DescriptorUpdateRejectedException(SecurityLogger.getCannotActivateChangesNoDefaultRealmError());
        }
        try {
            defaultRealm.validate();
            DomainMBean domainMBean = (DomainMBean) descriptorUpdateEvent.getProposedDescriptor().getRootBean();
            this.proposedNMUser = domainMBean.getSecurityConfiguration().getNodeManagerUsername();
            this.proposedNMPass = domainMBean.getSecurityConfiguration().getNodeManagerPassword().getBytes();
            DomainMBean domain = ManagementService.getRuntimeAccess((AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction())).getDomain();
            this.currentNMUser = domain.getSecurityConfiguration().getNodeManagerUsername();
            this.currentNMPass = domain.getSecurityConfiguration().getNodeManagerPassword().getBytes();
            if (this.currentNMUser == null) {
                this.currentNMUser = "";
            }
            if (this.currentNMPass == null) {
                this.currentNMPass = "".getBytes();
            }
        } catch (ErrorCollectionException e) {
            throw new DescriptorUpdateRejectedException(SecurityLogger.getCannotActivateChangesImproperlyConfiguredDefaultRealmError(), e);
        }
    }

    @Override // weblogic.descriptor.DescriptorUpdateListener
    public void activateUpdate(DescriptorUpdateEvent descriptorUpdateEvent) {
        AuthenticatedSubject authenticatedSubject = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
        if (this.proposedNMUser != null || this.proposedNMPass != null) {
            if (this.proposedNMUser == null) {
                this.proposedNMUser = this.currentNMUser;
            }
            if (this.proposedNMPass == null) {
                this.proposedNMPass = this.currentNMPass;
            }
            if (this.proposedNMUser.equals(this.currentNMUser) && Arrays.equals(this.proposedNMPass, this.currentNMPass)) {
                return;
            }
            ServerMBean server = ManagementService.getRuntimeAccess(authenticatedSubject).getServer();
            new String(this.proposedNMPass);
            NMEncryptionHelper.updateNMHash(server.getRootDirectory(), this.proposedNMUser, this.proposedNMPass);
        }
        this.currentNMUser = null;
        this.proposedNMUser = null;
        this.currentNMPass = null;
        this.proposedNMPass = null;
    }

    @Override // weblogic.descriptor.DescriptorUpdateListener
    public void rollbackUpdate(DescriptorUpdateEvent descriptorUpdateEvent) {
        this.currentNMUser = null;
        this.proposedNMUser = null;
        this.currentNMPass = null;
        this.proposedNMPass = null;
    }
}
