package weblogic.security;

import com.bea.common.security.jdkutils.X509CertificateFactory;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
import java.lang.reflect.InvocationTargetException;
import java.security.AccessController;
import weblogic.common.T3User;
import weblogic.management.ManagementException;
import weblogic.management.configuration.ConfigurationError;
import weblogic.management.configuration.SecurityConfigurationMBean;
import weblogic.management.configuration.SecurityMBean;
import weblogic.management.provider.ManagementService;
import weblogic.management.runtime.RuntimeMBean;
import weblogic.security.acl.BasicRealm;
import weblogic.security.acl.CachingRealm;
import weblogic.security.acl.CertAuthentication;
import weblogic.security.acl.ListableRealm;
import weblogic.security.acl.Realm;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.acl.internal.AuthenticatedUser;
import weblogic.security.acl.internal.ClusterRealm;
import weblogic.security.acl.internal.FileRealm;
import weblogic.security.audit.Audit;
import weblogic.security.audit.AuditProvider;
import weblogic.security.internal.SecurityConfigurationValidator;
import weblogic.security.net.ConnectionFilter;
import weblogic.security.net.ConnectionFilterRulesListener;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.service.SecurityServiceRuntimeException;
import weblogic.security.shared.LoggerWrapper;
import weblogic.security.utils.CertPathTrustManagerUtils;
import weblogic.server.AbstractServerService;
import weblogic.server.ServiceFailureException;
import weblogic.utils.NestedRuntimeException;

/* loaded from: input_file:weblogic/security/SecurityService.class */
public class SecurityService extends AbstractServerService implements PropertyChangeListener {
    private RuntimeMBean runtime;
    private static final String DEFAULT_REALM = "weblogic.security.acl.internal.FileRealm";
    private static final String WLREALMNAME = "weblogic";
    private static Object filterObject;
    private static String filterClass;
    private SecurityConfigurationValidator securityConfigurationValidator;
    private static SecurityService singleton = null;
    private static LoggerWrapper log = LoggerWrapper.getInstance("SecurityService");
    private static boolean enableConnectionFilter = false;
    private static boolean enableConnectionLogger = false;
    private static boolean enableCompatibilityFilters = false;
    private static final AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private BasicRealm oldSecRealm = null;
    private AuditProvider oldAudit = null;
    private SecurityMBean oldMbean = null;
    private SecurityConfigurationMBean newMbean = null;
    private SecurityServiceManager securityServiceManager = null;

    public SecurityService() {
        this.securityConfigurationValidator = null;
        if (singleton != null) {
            throw new InternalError(SecurityLogger.getSecurityAlreadyConfigured());
        }
        singleton = this;
        this.securityConfigurationValidator = SecurityConfigurationValidator.getInstance();
    }

    public static SecurityService getSecurityService() {
        return singleton;
    }

    @Override // weblogic.server.AbstractServerService, weblogic.server.ServerService
    public void start() throws ServiceFailureException {
        try {
            X509CertificateFactory.register();
            initializeMBean();
            initializeConnectionFilter();
            SecurityServiceManager securityServiceManager = new SecurityServiceManager(kernelId);
            securityServiceManager.initialize(kernelId);
            this.securityServiceManager = securityServiceManager;
            initializeRuntimeMBeans();
            this.securityConfigurationValidator.start();
        } catch (SecurityServiceRuntimeException e) {
            throw new ServiceFailureException(e);
        } catch (RuntimeException e2) {
            throw e2;
        } catch (Exception e3) {
            SecurityLogger.logStackTrace(e3);
            throw new ServiceFailureException(e3);
        }
    }

    private T3User getAdminUser() {
        return new T3User(ManagementService.getPropertyService(kernelId).getTimestamp1(), ManagementService.getPropertyService(kernelId).getTimestamp2());
    }

    @Override // weblogic.server.AbstractServerService, weblogic.server.ServerService
    public void stop() throws ServiceFailureException {
        this.securityConfigurationValidator.stop();
        CertPathTrustManagerUtils.stop();
    }

    @Override // weblogic.server.AbstractServerService, weblogic.server.ServerService
    public void halt() throws ServiceFailureException {
        this.securityConfigurationValidator.halt();
        CertPathTrustManagerUtils.halt();
    }

    private void initializeMBean() {
        this.newMbean = ManagementService.getRuntimeAccess(kernelId).getDomain().getSecurityConfiguration();
        if (this.newMbean.getSalt() == null) {
            throw new ConfigurationError(SecurityLogger.getSaltNotSet());
        }
        this.newMbean.addPropertyChangeListener(this);
        this.oldMbean = ManagementService.getRuntimeAccess(kernelId).getDomain().getSecurity();
    }

    public static final boolean getConnectionFilterEnabled() {
        return enableConnectionFilter;
    }

    public static final void setConnectionFilter(ConnectionFilter connectionFilter) {
        filterObject = connectionFilter;
    }

    public static final ConnectionFilter getConnectionFilter() {
        return (ConnectionFilter) filterObject;
    }

    public static final boolean getConnectionLoggerEnabled() {
        return enableConnectionLogger;
    }

    public static final boolean getCompatibilityConnectionFiltersEnabled() {
        return enableCompatibilityFilters;
    }

    @Override // java.beans.PropertyChangeListener
    public synchronized void propertyChange(PropertyChangeEvent propertyChangeEvent) {
        String propertyName = propertyChangeEvent.getPropertyName();
        if (propertyName.equalsIgnoreCase("ConnectionFilterRules") && getConnectionFilterEnabled()) {
            setConnectionFilterRules();
        }
        if (propertyName.equalsIgnoreCase("ConnectionLoggerEnabled")) {
            setConnectionLoggerEnabled();
        }
        if (propertyName.equalsIgnoreCase("CompatibilityConnectionFiltersEnabled")) {
            setCompatibilityConnectionFiltersEnabled();
        }
    }

    private void setConnectionLoggerEnabled() {
        enableConnectionLogger = this.newMbean.getConnectionLoggerEnabled();
    }

    private void setCompatibilityConnectionFiltersEnabled() {
        enableCompatibilityFilters = this.newMbean.getCompatibilityConnectionFiltersEnabled();
    }

    private synchronized void setConnectionFilterRules() {
        String[] connectionFilterRules = this.newMbean.getConnectionFilterRules();
        try {
            Class<?> cls = Class.forName(filterClass);
            if (ConnectionFilterRulesListener.class.isAssignableFrom(cls)) {
                try {
                    cls.getMethod("setRules", String[].class).invoke(filterObject, connectionFilterRules);
                } catch (InvocationTargetException e) {
                    Throwable targetException = e.getTargetException();
                    if (targetException.toString().startsWith("java.text.ParseException")) {
                        SecurityLogger.logBootFilterCritical(targetException.getMessage());
                    }
                    throw e;
                }
            }
        } catch (Throwable th) {
            SecurityLogger.logStackTrace(th);
            throw new NestedRuntimeException(SecurityLogger.getProblemWithConnFilterRules(), th);
        }
    }

    private void initializeConnectionFilter() {
        filterClass = this.newMbean.getConnectionFilter();
        if (filterClass != null) {
            try {
                filterObject = Class.forName(filterClass).newInstance();
                enableConnectionFilter = true;
                setConnectionFilterRules();
            } catch (Exception e) {
                SecurityLogger.logStackTrace(e);
                throw new NestedRuntimeException(SecurityLogger.getProblemWithConnFilter(), e);
            }
        }
        setConnectionLoggerEnabled();
        setCompatibilityConnectionFiltersEnabled();
    }

    public synchronized void initializeAuditing() {
        String auditProviderClassName;
        if (this.oldAudit == null && (auditProviderClassName = this.oldMbean.getAuditProviderClassName()) != null) {
            try {
                AuditProvider auditProvider = (AuditProvider) Class.forName(auditProviderClassName).newInstance();
                Audit.setProvider(auditProvider);
                this.oldAudit = auditProvider;
            } catch (Exception e) {
                SecurityLogger.logStackTrace(e);
                String message = e.getMessage();
                log.severe("*** Security audit provider not set correctly [" + e.getClass().getName() + ((message == null || message.length() == 0) ? "" : ": " + message) + "]");
                throw new SecurityException(SecurityLogger.getMustSetAuditProviderClassName());
            }
        }
    }

    public void initializeClusterRealm(String str) {
        ClusterRealm.THE_ONE = (ClusterRealm) Realm.getRealm(AuthenticatedUser.REALM_NAME, str, ClusterRealm.class.getName());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public synchronized void initializeRealm() {
        if (this.oldSecRealm != null) {
            return;
        }
        T3User adminUser = getAdminUser();
        FileRealm fileRealm = (FileRealm) Realm.getRealm("weblogic", adminUser, DEFAULT_REALM);
        FileRealm fileRealm2 = fileRealm;
        if (this.oldMbean.getRealm().getCachingRealm() != null) {
            String realmClassName = this.oldMbean.getRealm().getCachingRealm().getBasicRealm().getRealmClassName();
            if (realmClassName == null || realmClassName.length() == 0) {
                throw new SecurityException(SecurityLogger.getMustSetRealmClassName(this.oldMbean.getRealm().getCachingRealm().getBasicRealm().getName()));
            }
            CachingRealm cachingRealm = new CachingRealm((ListableRealm) Realm.getRealm("custom", adminUser, realmClassName), fileRealm, adminUser);
            cachingRealm.masqueradeAs("weblogic");
            weblogic.security.acl.Security.init(cachingRealm);
            fileRealm2 = cachingRealm;
        } else {
            weblogic.security.acl.Security.init(fileRealm);
        }
        fileRealm.loadMembers();
        fileRealm.addRuntimeACLs();
        this.oldSecRealm = fileRealm2;
    }

    public void initializeCertAuthentication() {
        CertAuthentication.setup();
    }

    private void initializeRuntimeMBeans() {
        try {
            new SecurityRuntime(this.newMbean, this.oldMbean);
            new SingleSignOnServicesRuntime();
        } catch (ManagementException e) {
            SecurityLogger.logErrorCreatingSecurityRuntime(e);
        }
    }
}
