package weblogic.security.utils;

import com.bea.common.security.saml.registry.SAMLPartnerLDAPSchema;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.logging.ConsoleHandler;
import java.util.logging.Level;
import java.util.logging.LogManager;
import java.util.logging.Logger;
import java.util.logging.SimpleFormatter;
import weblogic.ldap.EmbeddedLDAP;
import weblogic.management.configuration.DomainMBean;
import weblogic.management.configuration.EmbeddedLDAPMBean;
import weblogic.management.provider.ManagementService;
import weblogic.management.provider.RuntimeAccess;
import weblogic.management.security.RealmMBean;
import weblogic.management.security.authentication.AuthenticationProviderMBean;
import weblogic.management.security.authentication.AuthenticatorMBean;
import weblogic.protocol.LocalServerIdentity;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBean;
import weblogic.security.providers.authentication.DefaultAuthenticatorMBean;
import weblogic.security.providers.authentication.IPlanetAuthenticatorMBean;
import weblogic.security.providers.authentication.LDAPAuthenticatorMBean;
import weblogic.security.providers.authentication.NovellAuthenticatorMBean;
import weblogic.security.providers.authentication.OpenLDAPAuthenticatorMBean;
import weblogic.security.providers.authentication.OracleInternetDirectoryAuthenticatorMBean;
import weblogic.security.providers.authentication.OracleVirtualDirectoryAuthenticatorMBean;
import weblogic.security.service.SecurityManager;
import weblogic.security.service.SecurityServiceRuntimeException;
import weblogic.utils.net.InetAddressHelper;
import weblogic.xml.crypto.utils.DOMUtils;

/* loaded from: input_file:weblogic/security/utils/IdentityStoreConfigUtil.class */
public class IdentityStoreConfigUtil {
    private static final String ADMIN_HIERARCHY_GROUP_PROP = "weblogic.security.hierarchyGroupMemberships";
    private static final String DOMAIN_NAME_PROP = "domain.name";
    private static final String REALM_NAME_PROP = "realm.name";
    private static final String PROVIDERS_ATN_PROP = "providers.atn";
    private static final String IS_ADMIN_SERVER_PROP = "server.admin";
    private static final String LOGGER_NAME = "weblogic.security.utils";
    private static final Logger LOGGER = Logger.getLogger(LOGGER_NAME);

    public static List<LdapStoreConfig> getAllLdapStoreConfig(AuthenticatedSubject authenticatedSubject) {
        Map<String, Object> securityConfiguration = getSecurityConfiguration(authenticatedSubject, null);
        AuthenticationProviderMBean[] authenticationProviderMBeanArr = (AuthenticationProviderMBean[]) securityConfiguration.get(PROVIDERS_ATN_PROP);
        ArrayList arrayList = new ArrayList();
        for (AuthenticationProviderMBean authenticationProviderMBean : authenticationProviderMBeanArr) {
            LdapStoreConfig ldapStoreConfig = getLdapStoreConfig(authenticationProviderMBean, (Map<String, ?>) securityConfiguration);
            if (ldapStoreConfig != null) {
                arrayList.add(ldapStoreConfig);
            }
        }
        return arrayList;
    }

    public static LdapStoreConfig getLdapStoreConfig(AuthenticatedSubject authenticatedSubject, String str) {
        Map<String, Object> securityConfiguration = getSecurityConfiguration(authenticatedSubject, str);
        AuthenticationProviderMBean[] authenticationProviderMBeanArr = (AuthenticationProviderMBean[]) securityConfiguration.get(PROVIDERS_ATN_PROP);
        if (authenticationProviderMBeanArr.length < 1) {
            return null;
        }
        return getLdapStoreConfig(getAuthenticationProviderMBeanByPriority(authenticationProviderMBeanArr), (Map<String, ?>) securityConfiguration);
    }

    private static AuthenticationProviderMBean getAuthenticationProviderMBeanByPriority(AuthenticationProviderMBean[] authenticationProviderMBeanArr) {
        AuthenticationProviderMBean authenticationProviderMBean = null;
        AuthenticationProviderMBean authenticationProviderMBean2 = null;
        AuthenticationProviderMBean authenticationProviderMBean3 = null;
        AuthenticationProviderMBean authenticationProviderMBean4 = null;
        int length = authenticationProviderMBeanArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            AuthenticationProviderMBean authenticationProviderMBean5 = authenticationProviderMBeanArr[i];
            if ((authenticationProviderMBean5 instanceof DefaultAuthenticatorMBean) || (authenticationProviderMBean5 instanceof LDAPAuthenticatorMBean)) {
                String controlFlag = ((AuthenticatorMBean) authenticationProviderMBean5).getControlFlag();
                if ("REQUIRED".equals(controlFlag)) {
                    authenticationProviderMBean = authenticationProviderMBean5;
                    break;
                }
                if ("REQUISITE".equals(controlFlag) && authenticationProviderMBean2 == null) {
                    authenticationProviderMBean2 = authenticationProviderMBean5;
                } else if ("SUFFICIENT".equals(controlFlag) && authenticationProviderMBean3 == null) {
                    authenticationProviderMBean3 = authenticationProviderMBean5;
                } else if ("OPTIONAL".equals(controlFlag) && authenticationProviderMBean4 == null) {
                    authenticationProviderMBean4 = authenticationProviderMBean5;
                }
            }
            i++;
        }
        return authenticationProviderMBean != null ? authenticationProviderMBean : authenticationProviderMBean2 != null ? authenticationProviderMBean2 : authenticationProviderMBean3 != null ? authenticationProviderMBean3 : authenticationProviderMBean4;
    }

    private static Map<String, Object> getSecurityConfiguration(AuthenticatedSubject authenticatedSubject, String str) {
        SecurityManager.checkKernelIdentity(authenticatedSubject);
        RuntimeAccess runtimeAccess = ManagementService.getRuntimeAccess(authenticatedSubject);
        if (runtimeAccess == null) {
            throw new SecurityServiceRuntimeException("The WLS ManagementService has not been initialized.");
        }
        DomainMBean domain = runtimeAccess.getDomain();
        RealmMBean defaultRealm = domain.getSecurityConfiguration().getDefaultRealm();
        if (defaultRealm == null) {
            throw new SecurityServiceRuntimeException("No default realm found!");
        }
        String name = domain.getName();
        String name2 = defaultRealm.getName();
        AuthenticationProviderMBean[] authenticationProviderMBeanArr = null;
        if (str == null || str.length() < 1) {
            authenticationProviderMBeanArr = defaultRealm.getAuthenticationProviders();
        } else {
            AuthenticationProviderMBean lookupAuthenticationProvider = defaultRealm.lookupAuthenticationProvider(str);
            if (lookupAuthenticationProvider != null) {
                authenticationProviderMBeanArr = new AuthenticationProviderMBean[]{lookupAuthenticationProvider};
            }
        }
        if (authenticationProviderMBeanArr == null) {
            authenticationProviderMBeanArr = new AuthenticationProviderMBean[0];
        }
        Boolean bool = new Boolean(runtimeAccess.isAdminServer());
        HashMap hashMap = new HashMap();
        hashMap.put(DOMAIN_NAME_PROP, name);
        hashMap.put(REALM_NAME_PROP, name2);
        hashMap.put(PROVIDERS_ATN_PROP, authenticationProviderMBeanArr);
        hashMap.put(IS_ADMIN_SERVER_PROP, bool);
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.logp(Level.FINE, "getSecurityConfiguration", "IdentityStoreConfigUtil", new StringBuffer().append("\ndomainName: ").append(name).append("\nisAdminServer: ").append(bool).append("\nrealmName: ").append(name2).append("\natnMbeans: \n").append(Arrays.asList(authenticationProviderMBeanArr)).toString());
        }
        return hashMap;
    }

    private static LdapStoreConfig getLdapStoreConfig(AuthenticationProviderMBean authenticationProviderMBean, Map<String, ?> map) {
        LdapStoreConfig ldapStoreConfig = null;
        if (authenticationProviderMBean instanceof DefaultAuthenticatorMBean) {
            ldapStoreConfig = getLdapStoreConfig((DefaultAuthenticatorMBean) authenticationProviderMBean, map);
        } else if (authenticationProviderMBean instanceof LDAPAuthenticatorMBean) {
            ldapStoreConfig = getLdapStoreConfig((LDAPAuthenticatorMBean) authenticationProviderMBean, map);
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.logp(Level.FINE, "getSecurityConfiguration", "getLdapStoreConfig", ldapStoreConfig == null ? "null" : ldapStoreConfig.toString());
        }
        return ldapStoreConfig;
    }

    private static LdapStoreConfig getLdapStoreConfig(LDAPAuthenticatorMBean lDAPAuthenticatorMBean, Map<String, ?> map) {
        String str = (String) map.get(DOMAIN_NAME_PROP);
        String str2 = (String) map.get(REALM_NAME_PROP);
        String controlFlag = lDAPAuthenticatorMBean.getControlFlag();
        String guidAttribute = lDAPAuthenticatorMBean.getGuidAttribute();
        LdapStoreConfig ldapStoreConfig = new LdapStoreConfig(str, str2, false, lDAPAuthenticatorMBean.getName(), getIdentityStoreType(lDAPAuthenticatorMBean), controlFlag, guidAttribute);
        ldapStoreConfig.setUserInfo(null, lDAPAuthenticatorMBean.getUserObjectClass(), lDAPAuthenticatorMBean.getUserBaseDN(), lDAPAuthenticatorMBean.getUserNameAttribute(), lDAPAuthenticatorMBean.getUserDynamicGroupDNAttribute());
        ldapStoreConfig.setGroupInfo(Boolean.getBoolean("weblogic.security.hierarchyGroupMemberships"), null, lDAPAuthenticatorMBean.getStaticGroupObjectClass(), lDAPAuthenticatorMBean.getGroupBaseDN(), lDAPAuthenticatorMBean.getStaticGroupNameAttribute(), lDAPAuthenticatorMBean.getStaticMemberDNAttribute(), lDAPAuthenticatorMBean.getDynamicGroupObjectClass(), lDAPAuthenticatorMBean.getDynamicGroupNameAttribute(), lDAPAuthenticatorMBean.getDynamicMemberURLAttribute());
        ldapStoreConfig.setServerInfo(lDAPAuthenticatorMBean.getHost(), lDAPAuthenticatorMBean.getPort(), lDAPAuthenticatorMBean.isSSLEnabled(), lDAPAuthenticatorMBean.getPrincipal(), lDAPAuthenticatorMBean.getCredential());
        return ldapStoreConfig;
    }

    private static LdapStoreConfig getLdapStoreConfig(DefaultAuthenticatorMBean defaultAuthenticatorMBean, Map<String, ?> map) {
        String str = (String) map.get(DOMAIN_NAME_PROP);
        String str2 = (String) map.get(REALM_NAME_PROP);
        EmbeddedLDAPMBean embeddedLDAPMBean = EmbeddedLDAP.getEmbeddedLDAP().getEmbeddedLDAPMBean();
        LdapStoreConfig ldapStoreConfig = new LdapStoreConfig(str, str2, true, defaultAuthenticatorMBean.getName(), getIdentityStoreType(defaultAuthenticatorMBean), defaultAuthenticatorMBean.getControlFlag(), ProviderUtils.GUID);
        ldapStoreConfig.setUserInfo(new String[]{SAMLPartnerLDAPSchema.CLASS_TOP, "person", "organizationalPerson", "inetOrgPerson", "wlsUser"}, "person", "ou=people,ou=" + str2 + ",dc=" + str, "uid", "wlsMemberOf");
        ldapStoreConfig.setGroupInfo(Boolean.getBoolean("weblogic.security.hierarchyGroupMemberships"), new String[]{SAMLPartnerLDAPSchema.CLASS_TOP, "groupOfURLs", "groupOfUniqueNames"}, "groupOfUniqueNames", "ou=groups,ou=" + str2 + ",dc=" + str, "cn", "uniquemember", "groupofURLs", "cn", "memberURL");
        boolean booleanValue = ((Boolean) map.get(IS_ADMIN_SERVER_PROP)).booleanValue();
        String convertHostIfIPV6 = InetAddressHelper.convertHostIfIPV6(EmbeddedLDAP.getEmbeddedLDAPHost());
        int embeddedLDAPPort = EmbeddedLDAP.getEmbeddedLDAPPort();
        if (convertHostIfIPV6 == null || convertHostIfIPV6.length() < 1 || embeddedLDAPPort < 0) {
            throw new SecurityServiceRuntimeException("Invalid host or port for admin server.");
        }
        if (!booleanValue) {
            String findLdapURL = EmbeddedLDAP.findLdapURL(LocalServerIdentity.getIdentity());
            if (findLdapURL == null) {
                throw new SecurityServiceRuntimeException("Null Local Embedded LDAP URL.");
            }
            try {
                URI uri = new URI(findLdapURL);
                String convertHostIfIPV62 = InetAddressHelper.convertHostIfIPV6(uri.getHost());
                int port = uri.getPort();
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append(convertHostIfIPV6).append(DOMUtils.QNAME_SEPARATOR).append(embeddedLDAPPort).append(" ").append(convertHostIfIPV62).append(DOMUtils.QNAME_SEPARATOR).append(port);
                convertHostIfIPV6 = stringBuffer.toString();
            } catch (Exception e) {
                throw new SecurityServiceRuntimeException(e);
            }
        }
        ldapStoreConfig.setServerInfo(convertHostIfIPV6, embeddedLDAPPort, EmbeddedLDAP.getEmbeddedLDAPUseSSL(), EmbeddedLDAP.ROOT_USER_NAME, embeddedLDAPMBean.getCredential());
        return ldapStoreConfig;
    }

    private static String getIdentityStoreType(AuthenticationProviderMBean authenticationProviderMBean) {
        return authenticationProviderMBean instanceof DefaultAuthenticatorMBean ? LdapStoreConfig.WLS_OVD : authenticationProviderMBean instanceof ActiveDirectoryAuthenticatorMBean ? LdapStoreConfig.ACTIVE_DIRECTORY : authenticationProviderMBean instanceof IPlanetAuthenticatorMBean ? LdapStoreConfig.IPLANET : authenticationProviderMBean instanceof NovellAuthenticatorMBean ? LdapStoreConfig.EDIRECTORY : authenticationProviderMBean instanceof OpenLDAPAuthenticatorMBean ? LdapStoreConfig.OPEN_LDAP : authenticationProviderMBean instanceof OracleInternetDirectoryAuthenticatorMBean ? LdapStoreConfig.OID : authenticationProviderMBean instanceof OracleVirtualDirectoryAuthenticatorMBean ? LdapStoreConfig.OVD : "CUSTOM";
    }

    private static void enableLog() {
        if (Boolean.getBoolean("debug.IdentityStoreConfigUtil")) {
            LogManager logManager = LogManager.getLogManager();
            Logger logger = logManager.getLogger(LOGGER_NAME);
            if (logger == null) {
                logger = LOGGER;
                logManager.addLogger(logger);
            }
            logger.addHandler(getConsoleHandler());
            logger.setLevel(Level.ALL);
            logger.setUseParentHandlers(false);
        }
    }

    private static ConsoleHandler getConsoleHandler() {
        ConsoleHandler consoleHandler = new ConsoleHandler();
        consoleHandler.setFormatter(new SimpleFormatter());
        consoleHandler.setLevel(Level.ALL);
        return consoleHandler;
    }

    static {
        enableLog();
    }
}
