package weblogic.jndi.security.internal.server;

import java.rmi.RemoteException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.security.auth.login.LoginException;
import weblogic.corba.j2ee.naming.ContextImpl;
import weblogic.corba.j2ee.naming.NameParser;
import weblogic.iiop.IIOPClient;
import weblogic.iiop.IIOPLogger;
import weblogic.jndi.Environment;
import weblogic.jndi.internal.ExceptionTranslator;
import weblogic.jndi.security.SubjectPusher;
import weblogic.kernel.Kernel;
import weblogic.rmi.extensions.PortableRemoteObject;
import weblogic.rmi.internal.InitialReferenceConstants;
import weblogic.security.SimpleCallbackHandler;
import weblogic.security.acl.DefaultUserInfoImpl;
import weblogic.security.acl.SecurityService;
import weblogic.security.acl.UserInfo;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.auth.login.PasswordCredential;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.service.SubjectManagerImpl;
import weblogic.utils.Debug;
import weblogic.utils.DebugCategory;

/* loaded from: input_file:weblogic/jndi/security/internal/server/ServerSubjectPusher.class */
public final class ServerSubjectPusher implements SubjectPusher, InitialReferenceConstants {
    private static final boolean DEBUG = false;
    private static AuthenticatedSubject kernelId;
    private static final DebugCategory debugSecurity = Debug.getCategory("weblogic.jndi.security");

    public ServerSubjectPusher() {
        SubjectManagerImpl.ensureInitialized();
        kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    }

    @Override // weblogic.jndi.security.SubjectPusher
    public final void pushSubject(Hashtable hashtable, Context context) throws NamingException {
        Environment environment = new Environment(hashtable);
        if (Kernel.isServer()) {
            serverPushSubject(environment, context);
        } else {
            clientPushSubject(environment, context);
        }
    }

    @Override // weblogic.jndi.security.SubjectPusher
    public final void popSubject() {
        SecurityServiceManager.popSubject(kernelId);
    }

    private static final void clientPushSubject(Environment environment, Context context) throws NamingException {
        UserInfo securityUser = environment.getSecurityUser();
        if (securityUser == null && environment.isClientCertAvailable()) {
            securityUser = new DefaultUserInfoImpl(null, null);
        }
        if (securityUser == null || !(securityUser instanceof DefaultUserInfoImpl)) {
            return;
        }
        AuthenticatedSubject securitySubject = environment.getSecuritySubject();
        if (securitySubject == null) {
            ContextImpl contextImpl = (ContextImpl) context;
            if (IIOPClient.isEnabled() && contextImpl.getContext() != null && contextImpl.getContext()._get_delegate().getIOR().getProfile().useSAS()) {
                securitySubject = new AuthenticatedSubject();
                securitySubject.getPrincipals().add(securityUser);
                if (debugSecurity.isEnabled()) {
                    IIOPLogger.logDebugSecurity("pushing user " + securityUser + " using CSIv2");
                }
                addPasswordCreds((DefaultUserInfoImpl) securityUser, securitySubject);
            } else {
                if (debugSecurity.isEnabled()) {
                    IIOPLogger.logDebugSecurity("authenticating " + securityUser);
                }
                try {
                    securitySubject = SecurityServiceManager.getASFromAU(((SecurityService) PortableRemoteObject.narrow(context.lookup(SecurityService.name), SecurityService.class)).authenticate(securityUser));
                } catch (RemoteException e) {
                    throw ExceptionTranslator.toNamingException(e);
                }
            }
            environment.setSecuritySubject(securitySubject);
        }
        SecurityServiceManager.pushSubject(kernelId, securitySubject);
        if (context instanceof ContextImpl) {
            ((ContextImpl) context).enableLogoutOnClose();
        }
    }

    private static final void serverPushSubject(Environment environment, Context context) throws NamingException {
        UserInfo securityUser = environment.getSecurityUser();
        AuthenticatedSubject authenticatedSubject = null;
        if (debugSecurity.isEnabled()) {
            IIOPLogger.logDebugSecurity("pushing user: " + securityUser);
        }
        if (securityUser != null && securityUser.getName() != null && securityUser.getName().length() != 0) {
            AuthenticatedSubject securitySubject = environment.getSecuritySubject();
            authenticatedSubject = securitySubject;
            if (securitySubject != null) {
                authenticatedSubject = environment.getSecuritySubject();
            } else {
                try {
                    if (securityUser instanceof DefaultUserInfoImpl) {
                        DefaultUserInfoImpl defaultUserInfoImpl = (DefaultUserInfoImpl) securityUser;
                        if (environment.getProviderUrl() == Environment.LOCAL_URL || NameParser.getProtocol(environment.getProviderUrl()) == NameParser.TGIOP_PROTOCOL) {
                            authenticatedSubject = authenticateLocally(defaultUserInfoImpl);
                        }
                        if (defaultUserInfoImpl.getName() == null || defaultUserInfoImpl.getPassword() == null) {
                            if (authenticatedSubject == null) {
                                authenticatedSubject = authenticateLocally(defaultUserInfoImpl);
                            }
                        } else if (isLocalServer(context)) {
                            authenticatedSubject = authenticateLocally(defaultUserInfoImpl);
                        } else {
                            if (authenticatedSubject == null) {
                                authenticatedSubject = new AuthenticatedSubject();
                                authenticatedSubject.getPrincipals().add(securityUser);
                            }
                            addPasswordCreds(defaultUserInfoImpl, authenticatedSubject);
                        }
                    }
                } catch (LoginException e) {
                    AuthenticationException authenticationException = new AuthenticationException();
                    authenticationException.setRootCause(e);
                    throw authenticationException;
                }
            }
        }
        if (authenticatedSubject != null) {
            environment.setSecuritySubject(authenticatedSubject);
            SecurityServiceManager.pushSubject(kernelId, authenticatedSubject);
            if (context instanceof ContextImpl) {
                ((ContextImpl) context).enableLogoutOnClose();
            }
        }
    }

    private static boolean isLocalServer(Context context) {
        boolean z;
        if (!(context instanceof ContextImpl)) {
            return false;
        }
        ContextImpl contextImpl = (ContextImpl) context;
        try {
            if (contextImpl.getContext() != null) {
                if (contextImpl.getContext()._get_delegate().getIOR().isLocal()) {
                    z = true;
                    return z;
                }
            }
            z = false;
            return z;
        } catch (Throwable th) {
            if (!debugSecurity.isEnabled()) {
                return false;
            }
            IIOPLogger.logDebugSecurity("isLocalServer: false; Unable to determine whether is local or not; will treat it as remote. Exception: " + th);
            return false;
        }
    }

    private static AuthenticatedSubject authenticateLocally(DefaultUserInfoImpl defaultUserInfoImpl) throws LoginException {
        return ((PrincipalAuthenticator) SecurityServiceManager.getSecurityService(kernelId, SecurityServiceManager.defaultRealmName, SecurityService.ServiceType.AUTHENTICATION)).authenticate(new SimpleCallbackHandler(defaultUserInfoImpl.getName(), defaultUserInfoImpl.getPassword()));
    }

    private static void addPasswordCreds(DefaultUserInfoImpl defaultUserInfoImpl, final AuthenticatedSubject authenticatedSubject) {
        if (defaultUserInfoImpl.getName() == null || defaultUserInfoImpl.getPassword() == null) {
            return;
        }
        if (debugSecurity.isEnabled()) {
            IIOPLogger.logDebugSecurity("adding password credentials to " + defaultUserInfoImpl);
        }
        final PasswordCredential passwordCredential = new PasswordCredential(defaultUserInfoImpl.getName(), defaultUserInfoImpl.getPassword());
        AccessController.doPrivileged(new PrivilegedAction() { // from class: weblogic.jndi.security.internal.server.ServerSubjectPusher.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                AuthenticatedSubject.this.getPrivateCredentials(ServerSubjectPusher.kernelId).add(passwordCredential);
                return null;
            }
        });
    }

    static void p(String str) {
        System.err.println("<ServerSecurityManager> " + str);
    }
}
