package weblogic.diagnostics.snmp.agent.monfox;

import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashSet;
import java.util.Set;
import javax.management.ObjectName;
import monfox.toolkit.snmp.SnmpOid;
import monfox.toolkit.snmp.agent.SnmpAgent;
import monfox.toolkit.snmp.agent.SnmpMibLeaf;
import monfox.toolkit.snmp.agent.SnmpMibTableRow;
import monfox.toolkit.snmp.agent.ext.acm.AppAcm;
import monfox.toolkit.snmp.engine.SnmpEngineID;
import monfox.toolkit.snmp.v3.usm.ext.UsmUserSecurityExtension;
import weblogic.diagnostics.debug.DebugLogger;
import weblogic.management.configuration.ServerMBean;
import weblogic.management.mbeanservers.SecurityUtil;
import weblogic.management.provider.ManagementService;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;

/* loaded from: input_file:weblogic/diagnostics/snmp/agent/monfox/WLSAccessController.class */
public class WLSAccessController implements AppAcm.AccessController {
    private static final DebugLogger DEBUG_LOGGER = DebugLogger.getDebugLogger("DebugSNMPAgent");
    private static final AuthenticatedSubject KERNEL_ID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static final WLSAccessController SINGLETON = new WLSAccessController();
    private SnmpEngineID snmpEngineId;
    private int accessFailureCount;
    private String community = "";
    private boolean communityBasedAccessEnabled = true;
    private Set validContextNames = new HashSet();

    public static WLSAccessController getInstance() {
        return SINGLETON;
    }

    private WLSAccessController() {
        if (ManagementService.getRuntimeAccess(KERNEL_ID).isAdminServer()) {
            for (ServerMBean serverMBean : ManagementService.getRuntimeAccess(KERNEL_ID).getDomain().getServers()) {
                this.validContextNames.add(serverMBean.getName());
            }
            this.validContextNames.add(ManagementService.getRuntimeAccess(KERNEL_ID).getDomainName());
        }
    }

    public boolean checkAccess(SnmpAgent snmpAgent, String str, int i, int i2, boolean z, String str2) {
        if (DEBUG_LOGGER.isDebugEnabled()) {
            DEBUG_LOGGER.debug("WLSAccessController: [" + str + "," + i + "," + i2 + "," + z + "," + str2 + "]");
        }
        if (isAccessAllowed(z, i, i2, str)) {
            return true;
        }
        this.accessFailureCount++;
        if (!DEBUG_LOGGER.isDebugEnabled()) {
            return false;
        }
        DEBUG_LOGGER.debug("Access failed");
        return false;
    }

    public boolean checkAccess(SnmpAgent snmpAgent, String str, int i, int i2, boolean z, String str2, SnmpOid snmpOid, String str3, SnmpOid snmpOid2) {
        SnmpMibLeaf snmpMibLeaf;
        SnmpMibTableRow row;
        boolean z2;
        if (DEBUG_LOGGER.isDebugEnabled()) {
            DEBUG_LOGGER.debug("WLSAccessController: [" + str + "," + i + "," + i2 + "," + z + "," + str2 + "," + snmpOid + "," + str3 + "," + snmpOid2 + ",]");
        }
        if (!isAccessAllowed(z, i, i2, str)) {
            this.accessFailureCount++;
            if (!DEBUG_LOGGER.isDebugEnabled()) {
                return false;
            }
            DEBUG_LOGGER.debug("Access failed");
            return false;
        }
        if ((i <= 2 && this.communityBasedAccessEnabled) || (snmpMibLeaf = snmpAgent.getMib().get(snmpOid2)) == null || !(snmpMibLeaf instanceof SnmpMibLeaf) || (row = snmpMibLeaf.getRow()) == null) {
            return true;
        }
        Object userObject = row.getUserObject();
        if (!(userObject instanceof MBeanInstanceTableRow)) {
            return true;
        }
        MBeanInstanceTableRow mBeanInstanceTableRow = (MBeanInstanceTableRow) userObject;
        try {
            String attributeName = mBeanInstanceTableRow.getAttributeName(str3);
            if (DEBUG_LOGGER.isDebugEnabled()) {
                DEBUG_LOGGER.debug("Checking access for attribute " + attributeName);
            }
            z2 = attributeName == null ? false : (attributeName.equals("Index") || attributeName.equals("ObjectName")) ? true : isMBeanAccessAllowed(str, mBeanInstanceTableRow.getObjectName(), attributeName);
        } catch (Exception e) {
            if (DEBUG_LOGGER.isDebugEnabled()) {
                DEBUG_LOGGER.debug("Exception checking MBean access", e);
            }
            z2 = false;
        }
        if (!z2) {
            this.accessFailureCount++;
        }
        if (DEBUG_LOGGER.isDebugEnabled()) {
            DEBUG_LOGGER.debug("MBean access check = " + z2);
        }
        return z2;
    }

    private boolean isMBeanAccessAllowed(String str, final ObjectName objectName, final String str2) throws Exception {
        Object runAs = SecurityServiceManager.runAs(KERNEL_ID, ((PrincipalAuthenticator) SecurityServiceManager.getSecurityService(KERNEL_ID, SecurityServiceManager.getDefaultRealmName(), SecurityService.ServiceType.AUTHENTICATION)).impersonateIdentity(str, null), new PrivilegedAction() { // from class: weblogic.diagnostics.snmp.agent.monfox.WLSAccessController.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    return new Boolean(SecurityUtil.isGetAccessAllowed(2, objectName, str2));
                } catch (Exception e) {
                    return Boolean.FALSE;
                }
            }
        });
        if (DEBUG_LOGGER.isDebugEnabled()) {
            DEBUG_LOGGER.debug("Returned object is " + runAs + " for user_name " + str + " object_name " + objectName + "attribute_name " + str2);
        }
        if (runAs instanceof Boolean) {
            return ((Boolean) runAs).booleanValue();
        }
        return false;
    }

    private boolean isAccessAllowed(boolean z, int i, int i2, String str) {
        if (z) {
            return false;
        }
        if (i == 3) {
            UsmUserSecurityExtension.UserInfo userInfo = WLSSecurityExtension.getInstance().getUserInfo(str, this.snmpEngineId);
            if (userInfo == null) {
                return false;
            }
            boolean isAuthSecurityLevel = isAuthSecurityLevel(userInfo.getSecLevel());
            boolean isAuthSecurityLevel2 = isAuthSecurityLevel(i2);
            if (isAuthSecurityLevel && !isAuthSecurityLevel2) {
                return false;
            }
        }
        if (i <= 2 && !this.communityBasedAccessEnabled) {
            return false;
        }
        String str2 = str;
        int indexOf = str.indexOf("@");
        if (indexOf > 0) {
            str2 = str.substring(0, indexOf);
            String substring = indexOf < str.length() - 1 ? str.substring(indexOf + 1) : "";
            if (DEBUG_LOGGER.isDebugEnabled()) {
                DEBUG_LOGGER.debug("Context Name = " + substring);
            }
            String str3 = substring == null ? "" : substring;
            if (!this.validContextNames.contains(str3)) {
                String str4 = "Invalid Context Name " + str3;
                if (DEBUG_LOGGER.isDebugEnabled()) {
                    DEBUG_LOGGER.debug(str4);
                }
                throw new IllegalArgumentException(str4);
            }
        }
        if (DEBUG_LOGGER.isDebugEnabled()) {
            DEBUG_LOGGER.debug("Input community = " + str2);
        }
        return i > 2 || str2.equals(this.community);
    }

    private boolean isAuthSecurityLevel(int i) {
        switch (i) {
            case 1:
            case 3:
                return true;
            default:
                return false;
        }
    }

    String getCommunity() {
        return this.community;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCommunity(String str) {
        this.community = str;
    }

    boolean isCommunityBasedAccessEnabled() {
        return this.communityBasedAccessEnabled;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setCommunityBasedAccessEnabled(boolean z) {
        this.communityBasedAccessEnabled = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSnmpEngineId(SnmpEngineID snmpEngineID) {
        this.snmpEngineId = snmpEngineID;
    }

    public int getFailedAuthorizationCount() {
        return this.accessFailureCount;
    }
}
