package weblogic.t3.srvr;

import java.security.AccessController;
import java.util.Locale;
import weblogic.i18n.Localizer;
import weblogic.i18ntools.L10nLookup;
import weblogic.kernel.T3SrvrLogger;
import weblogic.management.provider.ManagementService;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.AuthorizationManager;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.service.ServerResource;

/* loaded from: input_file:weblogic/t3/srvr/ServerLockoutManager.class */
public final class ServerLockoutManager {
    private static final AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private String lockedMessage;
    private static final int LOCKSERVER_CODE = 1;
    private static final int UNLOCKSERVER_CODE = 2;
    private static final int SHUTDOWN_CODE = 3;
    private static final int CANCELSHUTDOWN_CODE = 4;
    private boolean isLocked = false;
    private final AuthorizationManager am = SecurityServiceManager.getAuthorizationManager(kernelId, SecurityServiceManager.defaultRealmName);

    public void checkServerLock() throws SecurityException {
        if (this.isLocked) {
            throw new SecurityException(this.lockedMessage);
        }
    }

    public String lockServer(String str) throws SecurityException {
        AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(kernelId);
        simpleCheckSubject(currentSubject, 1);
        T3SrvrLogger.logLockServerRequested(SubjectUtils.getUsername(currentSubject));
        if (!this.am.isAccessAllowed(currentSubject, new ServerResource(null, ManagementService.getRuntimeAccess(kernelId).getServerName(), "lock"), null)) {
            throw new SecurityException("User: '" + SubjectUtils.getUsername(currentSubject) + "' does not have permission to lock server");
        }
        this.lockedMessage = str;
        this.isLocked = true;
        return getLocalMessage(T3SrvrLogger.logLockServerHappened());
    }

    public String unlockServer() throws SecurityException {
        AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(kernelId);
        simpleCheckSubject(currentSubject, 2);
        T3SrvrLogger.logUnlockServerRequested(SubjectUtils.getUsername(currentSubject));
        if (!this.am.isAccessAllowed(currentSubject, new ServerResource(null, ManagementService.getRuntimeAccess(kernelId).getServerName(), "unlock"), null)) {
            throw new SecurityException("User: '" + SubjectUtils.getUsername(currentSubject) + "' does not have permission to unlock server");
        }
        this.isLocked = false;
        this.lockedMessage = null;
        return getLocalMessage(T3SrvrLogger.logUnlockServerHappened());
    }

    private void simpleCheckSubject(AuthenticatedSubject authenticatedSubject, int i) throws SecurityException {
        if (authenticatedSubject == null) {
            switch (i) {
                case 1:
                    T3SrvrLogger.logNoLockServerNullUser();
                    throw new SecurityException("Cannot disable server logins, the request was from a null Principal");
                case 2:
                    T3SrvrLogger.logNoUnlockServerNullUser();
                    throw new SecurityException("Cannot enable server logins, the request was from a null Principal");
                case 3:
                default:
                    T3SrvrLogger.logNoShutdownNullUser();
                    throw new SecurityException("Cannot shutdown, the request was from a null Principal");
                case 4:
                    T3SrvrLogger.logNoCancelShutdownNullUser();
                    throw new SecurityException("Cannot cancel the server shutdown, the request was from a null user (Principal)");
            }
        }
        String username = SubjectUtils.getUsername(authenticatedSubject);
        if (username == null || username.trim().length() <= 0) {
            switch (i) {
                case 1:
                    T3SrvrLogger.logNoLockServerNamelessUser();
                    throw new SecurityException("Cannot disable server logins, the request was from a nameless user (Principal)");
                case 2:
                    T3SrvrLogger.logNoUnlockServerNamelessUser();
                    throw new SecurityException("Cannot enable server logins, the request was from a nameless user (Principal)");
                case 3:
                default:
                    T3SrvrLogger.logNoShutdownNamelessUser();
                    throw new SecurityException("Cannot shutdown the server, the request was from a nameless user (Principal)");
                case 4:
                    T3SrvrLogger.logNoCancelShutdownNamelessUser();
                    throw new SecurityException("Cannot cancel the server shutdown, the request was from a nameless user (Principal)");
            }
        }
    }

    private String getLocalMessage(String str) {
        String str2;
        try {
            str2 = (String) L10nLookup.getLocalizer(Locale.getDefault(), "weblogic.i18n.T3SrvrLogLocalizer").getObject(Localizer.MESSAGE_BODY, Integer.parseInt(str));
        } catch (Exception e) {
            T3SrvrLogger.logLocalizerProblem(str, e);
            str2 = "A message regarding the status of server shutdown or logins could not be retrieved, messageid " + str;
        }
        return str2;
    }
}
