package weblogic.security.service;

import com.bea.security.css.CSS;
import com.bea.security.utils.random.FastRandomData;
import com.bea.security.utils.random.SecureRandomData;
import java.security.AccessController;
import java.security.Principal;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.security.auth.login.LoginException;
import weblogic.deploy.event.DeploymentEventListener;
import weblogic.deploy.event.DeploymentEventManager;
import weblogic.jndi.internal.JNDIImageSourceConstants;
import weblogic.kernel.Kernel;
import weblogic.management.DeploymentException;
import weblogic.management.configuration.AppDeploymentMBean;
import weblogic.management.configuration.DomainMBean;
import weblogic.management.configuration.SecurityConfigurationMBean;
import weblogic.management.provider.CommandLine;
import weblogic.management.provider.ManagementService;
import weblogic.management.security.ProviderMBean;
import weblogic.platform.OperatingSystem;
import weblogic.security.SecurityInitializationException;
import weblogic.security.SecurityLogger;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.acl.internal.AuthenticatedUser;
import weblogic.security.internal.ServerPrincipalValidatorImpl;
import weblogic.security.principal.RealmAdapterUser;
import weblogic.security.principal.WLSAbstractPrincipal;
import weblogic.security.principal.WLSKernelIdentity;
import weblogic.security.principal.WLSServerIdentity;
import weblogic.security.service.SecurityService;
import weblogic.security.spi.SecurityProvider;
import weblogic.security.spi.WLSGroup;
import weblogic.security.spi.WLSUser;
import weblogic.security.subject.SubjectManager;
import weblogic.security.utils.AdminServerListener;
import weblogic.security.utils.KeyStoreConfigurationHelper;
import weblogic.security.utils.KeyStoreInfo;
import weblogic.security.utils.MBeanKeyStoreConfiguration;
import weblogic.t3.srvr.T3Srvr;

/* loaded from: input_file:weblogic/security/service/SecurityServiceManager.class */
public final class SecurityServiceManager extends SecurityManager {
    private static final int NEW_CRED_LEN = 32;
    private static AuthenticatedSubject serverIdentity;
    public static final String STORE_BOOT_IDENTITY = "weblogic.system.StoreBootIdentity";
    public static final String REMOVE_BOOT_IDENTITY = "weblogic.system.RemoveBootIdentity";
    static final String NODE_MANANGER_BOOT = "weblogic.system.NodeManagerBoot";
    static final String SHARED_APP = "WEBLOGIC_SHAREDAPP";
    private static ServerPrincipalValidatorImpl serverValidator;
    public static final String defaultRealmName = "weblogicDEFAULT";
    public static final int COMPATIBILITY_ROLE_MAPPING = 0;
    public static final int APPLICATION_ROLE_MAPPING = 1;
    public static final int EXTERNALLY_DEFINED_ROLE_MAPPING = 2;
    private static AuthenticatedSubject kernelIdentity = getKernelIdentity();
    private static boolean permitAnonymousAdmin = false;
    private static SecurityConfigurationMBean securityConfigMbean = null;
    private static String tdsCred = null;
    private static boolean isBooting = true;
    private static PrincipalAuthenticator defaultRealmNamePA = null;
    private static boolean areWebappFilesCaseInsensitive = false;
    private static boolean areWebappFilesCaseInsensitiveSet = false;
    private static boolean enforceStrictURLPattern = true;
    private static boolean enforceValidBasicAuthCredentials = true;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/security/service/SecurityServiceManager$DelegateInstanceMaker.class */
    public static class DelegateInstanceMaker {
        private static final SecurityServiceManagerDelegate SINGLETON;

        private DelegateInstanceMaker() {
        }

        static {
            Object createPlugin = PluginUtils.createPlugin(SecurityServiceManagerDelegate.class, CommandLine.getCommandLine().getSubjectManagerClassPropertyName());
            if (createPlugin != null) {
                SINGLETON = (SecurityServiceManagerDelegate) createPlugin;
            } else {
                SINGLETON = new CommonSecurityServiceManagerDelegateImpl();
            }
        }
    }

    private static SecurityServiceManagerDelegate getDelegate() {
        return DelegateInstanceMaker.SINGLETON;
    }

    public SecurityServiceManager(AuthenticatedSubject authenticatedSubject) {
        checkKernelIdentity(authenticatedSubject);
    }

    public static boolean isSecurityServiceInitialized() {
        return getDelegate().isSecurityServiceInitialized();
    }

    public static SecurityService getSecurityService(AuthenticatedSubject authenticatedSubject, String str, SecurityService.ServiceType serviceType) throws com.bea.common.engine.InvalidParameterException, NotYetInitializedException {
        return getDelegate().getSecurityService(authenticatedSubject, str, serviceType);
    }

    public static PrincipalAuthenticator getPrincipalAuthenticator(AuthenticatedSubject authenticatedSubject, String str) throws com.bea.common.engine.InvalidParameterException, NotYetInitializedException {
        return (PrincipalAuthenticator) getSecurityService(authenticatedSubject, str, SecurityService.ServiceType.AUTHENTICATION);
    }

    public static AuthorizationManager getAuthorizationManager(AuthenticatedSubject authenticatedSubject, String str) throws com.bea.common.engine.InvalidParameterException, NotYetInitializedException {
        return (AuthorizationManager) getSecurityService(authenticatedSubject, str, SecurityService.ServiceType.AUTHORIZE);
    }

    public static SecurityService getBulkAuthorizationManager(AuthenticatedSubject authenticatedSubject, String str) throws com.bea.common.engine.InvalidParameterException, NotYetInitializedException {
        return getSecurityService(authenticatedSubject, str, SecurityService.ServiceType.BULKAUTHORIZE);
    }

    public static RoleManager getRoleManager(AuthenticatedSubject authenticatedSubject, String str) throws com.bea.common.engine.InvalidParameterException, NotYetInitializedException {
        return (RoleManager) getSecurityService(authenticatedSubject, str, SecurityService.ServiceType.ROLE);
    }

    public static SecurityService getBulkRoleManager(AuthenticatedSubject authenticatedSubject, String str) throws com.bea.common.engine.InvalidParameterException, NotYetInitializedException {
        return getSecurityService(authenticatedSubject, str, SecurityService.ServiceType.BULKROLE);
    }

    public static SecurityService getSecurityTokenServiceManager(AuthenticatedSubject authenticatedSubject, String str) throws com.bea.common.engine.InvalidParameterException, NotYetInitializedException {
        return getSecurityService(authenticatedSubject, str, SecurityService.ServiceType.STSMANAGER);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecurityService getSecurityServiceInternal(String str, SecurityService.ServiceType serviceType) throws com.bea.common.engine.InvalidParameterException {
        return getDelegate().getSecurityServiceInternal(str, serviceType);
    }

    public static boolean doesRealmExist(String str) throws com.bea.common.engine.InvalidParameterException, NotYetInitializedException {
        return getDelegate().doesRealmExist(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean doesRealmExistInternal(String str) throws com.bea.common.engine.InvalidParameterException, NotYetInitializedException {
        return getDelegate().doesRealmExistInternal(str);
    }

    public static AuthenticatedSubject getASFromAU(AuthenticatedUser authenticatedUser) {
        AuthenticatedSubject aSFromAUInServer;
        if (authenticatedUser == null) {
            return SubjectUtils.getAnonymousSubject();
        }
        if (authenticatedUser instanceof AuthenticatedSubject) {
            return getASFromWire((AuthenticatedSubject) authenticatedUser);
        }
        if (Kernel.isServer() && (aSFromAUInServer = getASFromAUInServer(authenticatedUser)) != null) {
            return aSFromAUInServer;
        }
        AuthenticatedSubject authenticatedSubject = new AuthenticatedSubject(authenticatedUser);
        authenticatedSubject.getPrincipals().add(new RealmAdapterUser(authenticatedUser.getName(), authenticatedUser.getSalt(), authenticatedUser.getSignature()));
        authenticatedSubject.getPublicCredentials().add(authenticatedUser);
        return authenticatedSubject;
    }

    public static AuthenticatedSubject getSealedSubjectFromWire(AuthenticatedSubject authenticatedSubject, AuthenticatedUser authenticatedUser) {
        AuthenticatedSubject aSFromAU = getASFromAU(authenticatedUser);
        try {
            aSFromAU = seal(authenticatedSubject, aSFromAU);
        } catch (SecurityException e) {
            if (securityConfigMbean == null || !securityConfigMbean.getDowngradeUntrustedPrincipals()) {
                throw e;
            }
            SecurityLogger.logDowngradingUntrustedIdentity(aSFromAU.toString());
            aSFromAU = SubjectUtils.getAnonymousSubject();
        }
        return aSFromAU;
    }

    public static AuthenticatedSubject getASFromAUInServerOrClient(AuthenticatedUser authenticatedUser) {
        if (!Kernel.isServer()) {
            return getASFromAU(authenticatedUser);
        }
        AuthenticatedSubject aSFromAUInServer = getASFromAUInServer(authenticatedUser);
        if (aSFromAUInServer == null) {
            aSFromAUInServer = SubjectUtils.getAnonymousSubject();
        }
        return aSFromAUInServer;
    }

    private static AuthenticatedSubject getASFromAUInServer(AuthenticatedUser authenticatedUser) {
        AuthenticatedSubject authenticatedSubject = null;
        try {
            authenticatedSubject = getPrincipalAuthenticator(kernelIdentity, getDefaultRealmName()).assertIdentity("AuthenticatedUser", authenticatedUser);
        } catch (LoginException e) {
        }
        return authenticatedSubject;
    }

    public static AuthenticatedSubject getASFromWire(AuthenticatedSubject authenticatedSubject) {
        Set principals = authenticatedSubject.getPrincipals();
        if (principals.size() == 1) {
            Principal principal = (Principal) principals.iterator().next();
            if ((principal instanceof WLSServerIdentity) && serverValidator != null) {
                if (serverValidator.validate((WLSServerIdentity) principal)) {
                    return kernelIdentity;
                }
                SecurityLogger.logDowngradingUntrustedServerIdentity();
                return SubjectUtils.getAnonymousSubject();
            }
        }
        return authenticatedSubject;
    }

    public static AuthenticatedSubject sendASToWire(AuthenticatedSubject authenticatedSubject) {
        return isKernelIdentity(authenticatedSubject) ? getServerID() : authenticatedSubject;
    }

    public static AuthenticatedUser convertToAuthenticatedUser(AuthenticatedUser authenticatedUser) {
        return authenticatedUser.getClass().equals(AuthenticatedUser.class) ? authenticatedUser : getAuthenticatedUserFromPrincipals(((AuthenticatedSubject) authenticatedUser).getPrincipals());
    }

    private static AuthenticatedUser getAuthenticatedUserFromPrincipals(Set set) {
        WLSServerIdentity wLSServerIdentity = null;
        WLSKernelIdentity wLSKernelIdentity = null;
        WLSUser wLSUser = null;
        Principal principal = null;
        for (Object obj : set) {
            if (obj instanceof RealmAdapterUser) {
                RealmAdapterUser realmAdapterUser = (RealmAdapterUser) obj;
                return new AuthenticatedUser(realmAdapterUser.getName(), realmAdapterUser.getSignature(), realmAdapterUser.getSalt());
            }
            if (obj instanceof WLSServerIdentity) {
                wLSServerIdentity = (WLSServerIdentity) obj;
            } else if (obj instanceof WLSKernelIdentity) {
                wLSKernelIdentity = (WLSKernelIdentity) obj;
            } else if (obj instanceof WLSUser) {
                wLSUser = (WLSUser) obj;
            } else if (!(obj instanceof WLSGroup)) {
                principal = (Principal) obj;
            }
        }
        if ((wLSKernelIdentity != null && SubjectManagerImpl.kernelPrincipal.equals(wLSKernelIdentity)) || (wLSServerIdentity != null && serverValidator.validate(wLSServerIdentity))) {
            return certifyUser("system", true);
        }
        if (set.size() == 0) {
            return null;
        }
        if (wLSUser == null) {
            if (principal != null) {
                return certifyUser(principal.getName(), false);
            }
            throw new IllegalArgumentException(SecurityLogger.getPrincipalSetDoesNotContainRAUser());
        }
        if (Kernel.isServer() || !(wLSUser instanceof WLSAbstractPrincipal)) {
            return certifyUser(wLSUser.getName(), false);
        }
        WLSAbstractPrincipal wLSAbstractPrincipal = (WLSAbstractPrincipal) wLSUser;
        return new AuthenticatedUser(wLSAbstractPrincipal.getName(), wLSAbstractPrincipal.getSignature(), wLSAbstractPrincipal.getSalt());
    }

    private static AuthenticatedUser certifyUser(String str, boolean z) {
        if (securityConfigMbean == null) {
            securityConfigMbean = ManagementService.getRuntimeAccess(kernelIdentity).getDomain().getSecurityConfiguration();
        }
        if (tdsCred == null) {
            tdsCred = securityConfigMbean.getCredential();
        }
        return z ? new AuthenticatedUser(str, tdsCred, 1L) : new AuthenticatedUser(str, tdsCred);
    }

    public static boolean isFullAuthorizationDelegationRequired(String str, SecurityApplicationInfo securityApplicationInfo) {
        return getDelegate().isFullAuthorizationDelegationRequired(str, securityApplicationInfo);
    }

    public static AuthenticatedSubject getServerIdentity(AuthenticatedSubject authenticatedSubject) {
        checkKernelIdentity(authenticatedSubject);
        return serverIdentity;
    }

    public static boolean isTrustedServerIdentity(AuthenticatedSubject authenticatedSubject) {
        Principal onePrincipal = SubjectUtils.getOnePrincipal(authenticatedSubject, WLSServerIdentity.class);
        if (serverValidator == null || onePrincipal == null) {
            return false;
        }
        return serverValidator.validate((WLSServerIdentity) onePrincipal);
    }

    public static AuthenticatedSubject seal(AuthenticatedSubject authenticatedSubject, AuthenticatedSubject authenticatedSubject2) {
        if (authenticatedSubject2 == null) {
            return null;
        }
        if (!authenticatedSubject2.isSealed() && Kernel.isServer()) {
            checkKernelIdentity(authenticatedSubject);
            if (isKernelIdentity(authenticatedSubject2)) {
                return authenticatedSubject2;
            }
            boolean z = authenticatedSubject2.getTimeStamp() == 1 && "system".equals(authenticatedSubject2.getName());
            if (isBooting) {
                if (T3Srvr.getT3Srvr().getRunState() != 2) {
                    if (z) {
                        return kernelIdentity;
                    }
                    authenticatedSubject2.seal(kernelIdentity);
                    return authenticatedSubject2;
                }
                isBooting = false;
            }
            if (!defaultRealmNamePA.validateIdentity(authenticatedSubject2)) {
                throw new SecurityException(SecurityLogger.getInvalidSubject("" + authenticatedSubject2));
            }
            if (z) {
                return kernelIdentity;
            }
            Iterator it = authenticatedSubject2.getPrincipals().iterator();
            while (it.hasNext()) {
                if (((Principal) it.next()) instanceof WLSServerIdentity) {
                    return kernelIdentity;
                }
            }
            authenticatedSubject2.seal(kernelIdentity);
            return authenticatedSubject2;
        }
        return authenticatedSubject2;
    }

    public void initialize(AuthenticatedSubject authenticatedSubject) {
        checkKernelIdentity(authenticatedSubject);
        initializeConfiguration();
        initializeDeploymentCallbacks();
        if (!ManagementService.getRuntimeAccess(kernelIdentity).isAdminServer()) {
            initializeAdminServerListener();
        }
        getDelegate().initialize(authenticatedSubject);
        if (defaultRealmNamePA == null) {
            defaultRealmNamePA = (PrincipalAuthenticator) getSecurityService(authenticatedSubject, getDefaultRealmName(), SecurityService.ServiceType.AUTHENTICATION);
        }
        getServerID();
    }

    public void stop() {
        getDelegate().shutdown();
    }

    private void initializeConfiguration() {
        securityConfigMbean = ManagementService.getRuntimeAccess(kernelIdentity).getDomain().getSecurityConfiguration();
        if (securityConfigMbean == null) {
            throw new SecurityServiceRuntimeException(SecurityLogger.getSecConfigUnavailable());
        }
        tdsCred = securityConfigMbean.getCredential();
        if (tdsCred == null || tdsCred.length() == 0) {
            throw new SecurityServiceRuntimeException(SecurityLogger.getSecCredUnavailable());
        }
        String anonymousAdminLookupEnabledString = CommandLine.getCommandLine().getAnonymousAdminLookupEnabledString();
        if (anonymousAdminLookupEnabledString != null) {
            permitAnonymousAdmin = new Boolean(anonymousAdminLookupEnabledString).booleanValue();
        } else {
            permitAnonymousAdmin = securityConfigMbean.isAnonymousAdminLookupEnabled();
        }
        weblogic.security.SecurityService.getSecurityService().initializeClusterRealm(tdsCred);
        areWebAppFilesCaseInsensitive();
        enforceStrictURLPattern = securityConfigMbean.getEnforceStrictURLPattern();
        enforceValidBasicAuthCredentials = securityConfigMbean.getEnforceValidBasicAuthCredentials();
    }

    private void initializeDeploymentCallbacks() {
        try {
            DeploymentListener deploymentListener = new DeploymentListener();
            DeploymentEventManager.addDeploymentEventListener((DeploymentEventListener) deploymentListener, true);
            DeploymentEventManager.addVetoableDeploymentListener(deploymentListener);
        } catch (DeploymentException e) {
            throw new SecurityInitializationException(e.getMessage(), e);
        }
    }

    private void initializeAdminServerListener() {
        if (Boolean.getBoolean("weblogic.security.AdminServerListenerEnabled")) {
            try {
                AdminServerListener.start(ManagementService.getRuntimeAccess(kernelIdentity).isAdminServerAvailable());
            } catch (Exception e) {
                throw new SecurityInitializationException(e.getMessage(), e);
            }
        }
    }

    private static String convertToNewProperty(String str) {
        return (str == null || str.equals("")) ? "false" : str.equalsIgnoreCase("os") ? "os" : str.equalsIgnoreCase("on") ? "true" : str.equalsIgnoreCase("off") ? "false" : "false";
    }

    private static boolean intrepretWebAppFilesCaseSetting(String str) {
        if (str == null || str.equals("false")) {
            return false;
        }
        if (!str.equals("os")) {
            return str.equals("true");
        }
        String property = System.getProperty("os.name");
        return property != null && property.toLowerCase().indexOf(OperatingSystem.WINDOWS) >= 0;
    }

    public static boolean isAnonymousAdminLookupEnabled() {
        return permitAnonymousAdmin;
    }

    public static boolean getEnforceStrictURLPattern() {
        return enforceStrictURLPattern;
    }

    public static boolean getEnforceValidBasicAuthCredentials() {
        return enforceValidBasicAuthCredentials;
    }

    public static AuthenticatedSubject getCurrentSubjectForWire(AuthenticatedSubject authenticatedSubject) {
        return sendASToWire(getCurrentSubject(authenticatedSubject));
    }

    public static boolean isKernelIdentity(AuthenticatedSubject authenticatedSubject) {
        return authenticatedSubject == kernelIdentity;
    }

    public static boolean isServerIdentity(AuthenticatedSubject authenticatedSubject) {
        return authenticatedSubject == serverIdentity;
    }

    public static void checkKernelIdentity(AuthenticatedSubject authenticatedSubject) {
        if (isKernelIdentity(authenticatedSubject)) {
        } else {
            throw new NotAuthorizedRuntimeException(SecurityLogger.getSubjectIsNotTheKernelIdentity(authenticatedSubject == null ? "<null>" : authenticatedSubject.toString()));
        }
    }

    public static boolean isUserInRole(AuthenticatedSubject authenticatedSubject, String str, Map map) {
        return (map == null || map.get(str) == null) ? false : true;
    }

    private static AuthenticatedSubject createServerID() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("<WLS Server ");
        stringBuffer.append(Kernel.getConfig().getName());
        stringBuffer.append(JNDIImageSourceConstants.CLOSE_BRACKET);
        WLSServerIdentity wLSServerIdentity = new WLSServerIdentity(stringBuffer.toString());
        AccessController.doPrivileged(PrivilegedActions.getSignPrincipalAction(serverValidator, wLSServerIdentity));
        AuthenticatedSubject authenticatedSubject = new AuthenticatedSubject();
        authenticatedSubject.getPrincipals().add(wLSServerIdentity);
        return authenticatedSubject;
    }

    private static AuthenticatedSubject getServerID() {
        AuthenticatedSubject authenticatedSubject;
        if (serverIdentity != null) {
            return serverIdentity;
        }
        synchronized (SubjectManager.getKernelPermission()) {
            if (serverIdentity == null) {
                serverValidator = new ServerPrincipalValidatorImpl();
                serverIdentity = createServerID();
            }
            authenticatedSubject = serverIdentity;
        }
        return authenticatedSubject;
    }

    public static String getDefaultRealmName() {
        return getDelegate().getDefaultRealmName();
    }

    public static SecurityProvider createSecurityProvider(ProviderMBean providerMBean, Auditor auditor) {
        return getDelegate().createSecurityProvider(providerMBean, auditor);
    }

    public static void applicationDeleted(AppDeploymentMBean appDeploymentMBean) {
        getDelegate().applicationDeleted(appDeploymentMBean);
    }

    public static void applicationDeployBegun(AppDeploymentMBean appDeploymentMBean, String[] strArr) {
        getDelegate().applicationDeployBegun(appDeploymentMBean, strArr);
    }

    public static void applicationDeployEnded(AppDeploymentMBean appDeploymentMBean, String[] strArr) {
        getDelegate().applicationDeployEnded(appDeploymentMBean, strArr);
    }

    public static boolean areWebAppFilesCaseInsensitive() {
        if (areWebappFilesCaseInsensitiveSet) {
            return areWebappFilesCaseInsensitive;
        }
        String property = System.getProperty("weblogic.security.URLResourceCaseMapping");
        if (Kernel.isServer()) {
            String str = null;
            DomainMBean domain = ManagementService.getRuntimeAccess(kernelIdentity).getDomain();
            if (domain != null) {
                str = domain.getSecurityConfiguration().getWebAppFilesCaseInsensitive();
            }
            areWebappFilesCaseInsensitive = intrepretWebAppFilesCaseSetting(str);
            if (property != null) {
                if (areWebappFilesCaseInsensitive != intrepretWebAppFilesCaseSetting(convertToNewProperty(property))) {
                    throw new SecurityServiceRuntimeException(SecurityLogger.logWebAppFilesCaseMismatch(property, str));
                }
            }
        } else if (property != null) {
            areWebappFilesCaseInsensitive = intrepretWebAppFilesCaseSetting(convertToNewProperty(property));
        }
        areWebappFilesCaseInsensitiveSet = true;
        return areWebappFilesCaseInsensitive;
    }

    public static boolean isApplicationVersioningSupported(String str) {
        return getDelegate().isApplicationVersioningSupported(str);
    }

    public static void applicationVersionCreated(AppDeploymentMBean appDeploymentMBean, AppDeploymentMBean appDeploymentMBean2) {
        getDelegate().applicationVersionCreated(appDeploymentMBean, appDeploymentMBean2);
    }

    public static KeyStoreInfo getServerIdentityKeyStore(AuthenticatedSubject authenticatedSubject) {
        checkKernelIdentity(authenticatedSubject);
        return new KeyStoreConfigurationHelper(MBeanKeyStoreConfiguration.getInstance()).getIdentityKeyStore();
    }

    public static KeyStoreInfo[] getServerTrustKeyStores(AuthenticatedSubject authenticatedSubject) {
        checkKernelIdentity(authenticatedSubject);
        return new KeyStoreConfigurationHelper(MBeanKeyStoreConfiguration.getInstance()).getTrustKeyStores();
    }

    public static void initJava2Security() {
        getDelegate().initJava2Security();
    }

    public static boolean isJACCEnabled() {
        return getDelegate().isJACCEnabled();
    }

    public static DeploymentValidator getDeploymentValidator(AuthenticatedSubject authenticatedSubject, String str, SecurityApplicationInfo securityApplicationInfo) {
        return getDelegate().getDeploymentValidator(authenticatedSubject, str, securityApplicationInfo);
    }

    public static int getRoleMappingBehavior(String str, SecurityApplicationInfo securityApplicationInfo) {
        return getDelegate().getRoleMappingBehavior(str, securityApplicationInfo);
    }

    public static byte[] getSecureRandomBytes(int i) {
        return SecureRandomData.getInstance().getRandomBytes(i);
    }

    public static boolean isCaseSensitiveUserNames() {
        return Boolean.getBoolean("caseSensitiveUserNames");
    }

    public static byte[] getFastRandomBytes(int i) {
        return FastRandomData.getInstance().getRandomBytes(i);
    }

    public static JMXPolicyConsumer getJMXPolicyConsumer(AuthenticatedSubject authenticatedSubject) {
        checkKernelIdentity(authenticatedSubject);
        return new JMXPolicyConsumer(getAuthorizationManager(authenticatedSubject, defaultRealmName).getPolicyConsumerService());
    }

    public static WSPolicyConsumer getWSPolicyConsumer(AuthenticatedSubject authenticatedSubject) {
        checkKernelIdentity(authenticatedSubject);
        return new WSPolicyConsumer(getAuthorizationManager(authenticatedSubject, defaultRealmName).getPolicyConsumerService());
    }

    public static WSRoleConsumer getWSRoleConsumer(AuthenticatedSubject authenticatedSubject) {
        checkKernelIdentity(authenticatedSubject);
        return new WSRoleConsumer(getAuthorizationManager(authenticatedSubject, defaultRealmName).getRoleConsumerService());
    }

    public static GenericPolicyConsumer getGenericPolicyConsumer(AuthenticatedSubject authenticatedSubject) {
        checkKernelIdentity(authenticatedSubject);
        return new GenericPolicyConsumer(getAuthorizationManager(authenticatedSubject, defaultRealmName).getPolicyConsumerService());
    }

    public static GenericRoleConsumer getGenericRoleConsumer(AuthenticatedSubject authenticatedSubject) {
        checkKernelIdentity(authenticatedSubject);
        return new GenericRoleConsumer(getAuthorizationManager(authenticatedSubject, defaultRealmName).getRoleConsumerService());
    }

    public static CSS getCSS(AuthenticatedSubject authenticatedSubject) {
        return getDelegate().getCSS(authenticatedSubject);
    }
}
