package weblogic.management.internal;

import com.bea.util.jam.xml.JamXmlElements;
import java.rmi.RemoteException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.acl.Acl;
import java.security.acl.AclEntry;
import java.security.acl.Group;
import java.security.acl.NotOwnerException;
import java.security.acl.Permission;
import java.util.Enumeration;
import java.util.HashSet;
import weblogic.management.PrincipalInfo;
import weblogic.management.configuration.DomainMBean;
import weblogic.management.configuration.ListResults;
import weblogic.management.configuration.RealmMBean;
import weblogic.management.configuration.RemoteEnumeration;
import weblogic.management.configuration.SecurityMBean;
import weblogic.management.internal.BatchedEnumeration;
import weblogic.management.provider.ManagementService;
import weblogic.rmi.server.UnicastRemoteObject;
import weblogic.security.acl.CredentialChanger;
import weblogic.security.acl.ManageableRealm;
import weblogic.security.acl.Realm;
import weblogic.security.acl.User;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;
import weblogic.utils.enumerations.IteratorEnumerator;

/* loaded from: input_file:weblogic/management/internal/RemoteRealmManagerImpl.class */
public class RemoteRealmManagerImpl implements RemoteRealmManager {
    private int batchSize;
    private static boolean debug = false;
    private static AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());

    public RemoteRealmManagerImpl() {
        SecurityMBean security;
        RealmMBean realm;
        this.batchSize = 200;
        DomainMBean domain = ManagementService.getRuntimeAccess(kernelId).getDomain();
        if (domain != null && (security = domain.getSecurity()) != null && (realm = security.getRealm()) != null) {
            this.batchSize = realm.getResultsBatchSize();
        }
        if (debug) {
            trace(JamXmlElements.CONSTRUCTOR);
        }
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public ListResults getMembers(String str) throws RemoteException, RemoteRealmException {
        if (debug) {
            trace("getMembers(" + str + ")");
        }
        checkReadAccess();
        return getListResults(getGroup(str).members(), new BatchedEnumeration.ElementHandler() { // from class: weblogic.management.internal.RemoteRealmManagerImpl.1
            @Override // weblogic.management.internal.BatchedEnumeration.ElementHandler
            public Object handle(Object obj) {
                if (RemoteRealmManagerImpl.debug) {
                    RemoteRealmManagerImpl.this.trace("getMembers.handle(" + ((Principal) obj).getName() + ")");
                }
                return RemoteRealmManagerImpl.this.getPrincipalInfo((Principal) obj);
            }
        });
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public String[] getPermissions(String str) throws RemoteRealmException {
        if (debug) {
            trace("getPermissions(" + str + ")");
        }
        checkReadAccess();
        Acl acl = getAcl(str);
        HashSet hashSet = new HashSet();
        Enumeration<AclEntry> entries = acl.entries();
        while (entries.hasMoreElements()) {
            Enumeration<Permission> permissions = entries.nextElement().permissions();
            while (permissions.hasMoreElements()) {
                hashSet.add(getPermissionName(permissions.nextElement()));
            }
        }
        return (String[]) hashSet.toArray(new String[0]);
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public ListResults getGrantees(String str, String str2) throws RemoteException, RemoteRealmException {
        if (debug) {
            trace("getGrantees(" + str + "," + str2 + ")");
        }
        checkReadAccess();
        Acl acl = getAcl(str);
        HashSet hashSet = new HashSet();
        Enumeration<AclEntry> entries = acl.entries();
        while (entries.hasMoreElements()) {
            AclEntry nextElement = entries.nextElement();
            Principal principal = nextElement.getPrincipal();
            Enumeration<Permission> permissions = nextElement.permissions();
            while (permissions.hasMoreElements()) {
                if (getPermissionName(permissions.nextElement()).equals(str2)) {
                    hashSet.add(getPrincipalInfo(principal));
                }
            }
        }
        return getListResults(new IteratorEnumerator(hashSet.iterator()), new BatchedEnumeration.ElementHandler() { // from class: weblogic.management.internal.RemoteRealmManagerImpl.2
            @Override // weblogic.management.internal.BatchedEnumeration.ElementHandler
            public Object handle(Object obj) {
                return obj;
            }
        });
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public void createUser(String str, Object obj) throws RemoteRealmException {
        if (debug) {
            trace("createUser(" + str + ")");
        }
        checkWriteAccess();
        getRealm().newUser(str, obj, null);
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public void createGroup(String str) throws RemoteRealmException {
        if (debug) {
            trace("createGroup(" + str + ")");
        }
        checkWriteAccess();
        getRealm().newGroup(str);
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public void createAcl(String str) throws RemoteRealmException {
        if (debug) {
            trace("createAcl(" + str + ")");
        }
        checkWriteAccess();
        getRealm().newAcl(getAclOwner(), str);
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public void removeUser(String str) throws RemoteRealmException {
        if (debug) {
            trace("removeUser(" + str + ")");
        }
        checkWriteAccess();
        getRealm().deleteUser(getUser(str));
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public void removeGroup(String str) throws RemoteRealmException {
        if (debug) {
            trace("removeGroup(" + str + ")");
        }
        checkWriteAccess();
        getRealm().deleteGroup(getGroup(str));
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public void removeAcl(String str) throws RemoteRealmException {
        if (debug) {
            trace("removeAcl(" + str + ")");
        }
        checkWriteAccess();
        getRealm().deleteAcl(getAclOwner(), getAcl(str));
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public boolean userExists(String str) throws RemoteRealmException {
        if (debug) {
            trace("userExists(" + str + ")");
        }
        checkReadAccess();
        return getRealm().getUser(str) != null;
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public boolean groupExists(String str) throws RemoteRealmException {
        if (debug) {
            trace("groupExists(" + str + ")");
        }
        checkReadAccess();
        return getRealm().getGroup(str) != null;
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public boolean aclExists(String str) throws RemoteRealmException {
        if (debug) {
            trace("aclExists(" + str + ")");
        }
        checkReadAccess();
        return getRealm().getAcl(str) != null;
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public ListResults listUsers() throws RemoteException, RemoteRealmException {
        if (debug) {
            trace("listUsers");
        }
        if (!isAdmin()) {
            return null;
        }
        checkReadAccess();
        return getListResults(getRealm().getUsers(), new BatchedEnumeration.ElementHandler() { // from class: weblogic.management.internal.RemoteRealmManagerImpl.3
            @Override // weblogic.management.internal.BatchedEnumeration.ElementHandler
            public Object handle(Object obj) {
                if (RemoteRealmManagerImpl.debug) {
                    RemoteRealmManagerImpl.this.trace("listUsers.handle(" + ((User) obj).getName() + ")");
                }
                if (obj == null) {
                    return null;
                }
                return ((User) obj).getName();
            }
        });
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public ListResults listGroups() throws RemoteException, RemoteRealmException {
        if (debug) {
            trace("listGroups");
        }
        if (!isAdmin()) {
            return null;
        }
        checkReadAccess();
        return getListResults(getRealm().getGroups(), new BatchedEnumeration.ElementHandler() { // from class: weblogic.management.internal.RemoteRealmManagerImpl.4
            @Override // weblogic.management.internal.BatchedEnumeration.ElementHandler
            public Object handle(Object obj) {
                if (RemoteRealmManagerImpl.debug) {
                    RemoteRealmManagerImpl.this.trace("listGroup.handle(" + ((Group) obj).getName() + ")");
                }
                return ((Group) obj).getName();
            }
        });
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public ListResults listAcls() throws RemoteException, RemoteRealmException {
        if (debug) {
            trace("listAcls");
        }
        if (!isAdmin()) {
            return null;
        }
        checkReadAccess();
        return getListResults(getRealm().getAcls(), new BatchedEnumeration.ElementHandler() { // from class: weblogic.management.internal.RemoteRealmManagerImpl.5
            @Override // weblogic.management.internal.BatchedEnumeration.ElementHandler
            public Object handle(Object obj) {
                if (RemoteRealmManagerImpl.debug) {
                    RemoteRealmManagerImpl.this.trace("listAcls.handle(" + ((Acl) obj).getName() + ")");
                }
                return ((Acl) obj).getName();
            }
        });
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public boolean changeCredential(String str, Object obj, Object obj2) throws RemoteException, RemoteRealmException {
        if (debug) {
            trace("changeCredential(" + str + "," + obj + "," + obj2 + ")");
        }
        checkWriteAccess();
        Principal user = getUser(str);
        if (!(user instanceof CredentialChanger)) {
            return false;
        }
        ((CredentialChanger) user).changeCredential(obj, obj2);
        return true;
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public void addMember(String str, String str2) throws RemoteRealmException {
        if (debug) {
            trace("addMember(" + str + "," + str2 + ")");
        }
        checkWriteAccess();
        if (!getGroup(str).addMember(getPrincipal(str2))) {
            throw new RemoteRealmException(str2 + " is already a member of the " + str + " group.");
        }
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public void removeMember(String str, String str2) throws RemoteRealmException {
        if (debug) {
            trace("removeMember(" + str + "," + str2 + ")");
        }
        checkWriteAccess();
        if (!getGroup(str).removeMember(getPrincipal(str2))) {
            throw new RemoteRealmException(str2 + " is not a member of the " + str + " group.");
        }
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public void grantPermission(String str, String str2, String str3) throws RemoteRealmException {
        if (debug) {
            trace("grantPermission(" + str + "," + str2 + "," + str3 + ")");
        }
        checkWriteAccess();
        getRealm().setPermission(getAcl(str), getPrincipal(str2), getRealm().getPermission(str3), true);
    }

    @Override // weblogic.management.internal.RemoteRealmManager
    public void revokePermission(String str, String str2, String str3) throws RemoteRealmException {
        if (debug) {
            trace("revokePermission(" + str + "," + str2 + "," + str3 + ")");
        }
        checkWriteAccess();
        Acl acl = getAcl(str);
        Principal principal = getPrincipal(str2);
        Permission permission = getRealm().getPermission(str3);
        Enumeration<AclEntry> entries = acl.entries();
        while (entries.hasMoreElements()) {
            AclEntry nextElement = entries.nextElement();
            if (nextElement.getPrincipal().equals(principal)) {
                AclEntry aclEntry = (AclEntry) nextElement.clone();
                try {
                    if (aclEntry.removePermission(permission) && acl.removeEntry(getAclOwner(), nextElement) && acl.addEntry(getAclOwner(), aclEntry)) {
                        return;
                    } else {
                        throw new RemoteRealmException("Couldn't revoke permission " + str3 + " for " + str2 + " to " + str);
                    }
                } catch (NotOwnerException e) {
                    throw new RemoteRealmException("Couldn't revoke permission " + str3 + " for " + str2 + " to " + str);
                }
            }
        }
        throw new RemoteRealmException(str3 + " for " + str2 + " not on " + str);
    }

    private String getPermissionName(Permission permission) {
        return permission.toString();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public PrincipalInfo getPrincipalInfo(Principal principal) {
        return principal instanceof Group ? new PrincipalInfo(principal.getName(), true) : new PrincipalInfo(principal.getName(), false);
    }

    private Principal getPrincipal(String str) throws RemoteRealmException {
        Group group = getRealm().getGroup(str);
        if (group != null) {
            return group;
        }
        User user = getRealm().getUser(str);
        if (user != null) {
            return user;
        }
        throw new RemoteRealmException("Principal " + str + " doesn't exist.");
    }

    private User getUser(String str) throws RemoteRealmException {
        User user = getRealm().getUser(str);
        if (user == null) {
            throw new RemoteRealmException("User " + str + " doesn't exist.");
        }
        return user;
    }

    private Group getGroup(String str) throws RemoteRealmException {
        Group group = getRealm().getGroup(str);
        if (group == null) {
            throw new RemoteRealmException("Group " + str + " doesn't exist.");
        }
        return group;
    }

    private Acl getAcl(String str) throws RemoteRealmException {
        Acl acl = getRealm().getAcl(str);
        if (acl == null) {
            throw new RemoteRealmException("Acl " + str + " doesn't exist.");
        }
        return acl;
    }

    private ManageableRealm getRealm() {
        return (ManageableRealm) Realm.getRealm("weblogic");
    }

    private Principal getAclOwner() {
        return getRealm().getAclOwner((String) SecurityServiceManager.runAs(kernelId, kernelId, new PrivilegedAction() { // from class: weblogic.management.internal.RemoteRealmManagerImpl.6
            @Override // java.security.PrivilegedAction
            public Object run() {
                return ManagementService.getPropertyService(RemoteRealmManagerImpl.kernelId).getTimestamp2();
            }
        }));
    }

    private boolean isAdmin() {
        return ManagementService.getRuntimeAccess(kernelId).isAdminServer();
    }

    private ListResults getListResults(Enumeration enumeration, BatchedEnumeration.ElementHandler elementHandler) throws RemoteException {
        if (debug) {
            trace("getListResults");
        }
        BatchedEnumeration batchedEnumeration = new BatchedEnumeration(enumeration, this.batchSize, elementHandler);
        Object[] nextBatch = batchedEnumeration.getNextBatch();
        RemoteEnumerationImpl remoteEnumerationImpl = (nextBatch == null || !batchedEnumeration.hasMoreElements()) ? null : new RemoteEnumerationImpl(batchedEnumeration);
        return new ListResults(nextBatch, remoteEnumerationImpl != null ? (RemoteEnumeration) UnicastRemoteObject.exportObject(remoteEnumerationImpl) : null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void trace(String str) {
        System.out.println("RemoteRealmManagerImpl " + str);
    }

    private void checkReadAccess() throws RemoteRealmException {
    }

    private void checkWriteAccess() throws RemoteRealmException {
        if (!isAdmin()) {
            throw new RemoteRealmException("Realms cannot be managed by managed servers.");
        }
    }
}
