package weblogic.management.mbeanservers.internal;

import java.io.IOException;
import java.security.AccessController;
import javax.management.Descriptor;
import javax.management.InstanceNotFoundException;
import javax.management.IntrospectionException;
import javax.management.MBeanException;
import javax.management.ObjectName;
import javax.management.ReflectionException;
import javax.management.modelmbean.ModelMBeanInfo;
import weblogic.descriptor.DescriptorClassLoader;
import weblogic.diagnostics.debug.DebugLogger;
import weblogic.management.internal.ManagementTextTextFormatter;
import weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase;
import weblogic.management.provider.ManagementService;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrivilegedActions;

/* loaded from: input_file:weblogic/management/mbeanservers/internal/SecurityMBeanMgmtOpsInterceptor.class */
public class SecurityMBeanMgmtOpsInterceptor extends WLSMBeanServerInterceptorBase {
    private static final String REALM_MBEAN = "weblogic.management.security.RealmMBean";
    private static final String SECURITY_STORE_MBEAN = "weblogic.management.security.RDBMSSecurityStoreMBean";
    private static final String ULM_MBEAN = "weblogic.management.security.authentication.UserLockoutManagerMBean";
    private static final String PROVIDER_MBEAN = "weblogic.management.security.ProviderMBean";
    private static DebugLogger debug = DebugLogger.getDebugLogger("DebugJMX");
    private static AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    public static final int EDIT_MBS = 1;
    public static final int DOMAIN_RUNTIME_MBS = 2;
    private int mbsType;

    public SecurityMBeanMgmtOpsInterceptor(int i) {
        this.mbsType = i;
    }

    @Override // weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase
    public Object invoke(ObjectName objectName, String str, Object[] objArr, String[] strArr) throws InstanceNotFoundException, MBeanException, ReflectionException, IOException {
        if (isInvokeAllowed(objectName, str)) {
            return super.invoke(objectName, str, objArr, strArr);
        }
        String mgmtOperationsIllegal = ManagementTextTextFormatter.getInstance().getMgmtOperationsIllegal();
        if (this.mbsType == 2) {
            mgmtOperationsIllegal = ManagementTextTextFormatter.getInstance().getMgmtOperationsIllegalDomainRuntime();
        }
        throw new MBeanException(new RuntimeException(mgmtOperationsIllegal), mgmtOperationsIllegal);
    }

    private boolean isInvokeAllowed(ObjectName objectName, String str) throws InstanceNotFoundException, IOException, MBeanException, ReflectionException {
        try {
            if (this.mbsType == 2 && !ManagementService.getRuntimeAccess(kernelId).getServerRuntime().isRestartRequired()) {
                return true;
            }
            ModelMBeanInfo mBeanInfo = super.getMBeanInfo(objectName);
            if (!(mBeanInfo instanceof ModelMBeanInfo)) {
                return true;
            }
            ModelMBeanInfo modelMBeanInfo = mBeanInfo;
            if (!isSecurityMBean(DescriptorClassLoader.loadClass(modelMBeanInfo.getClassName())) || modelMBeanInfo.getOperation(str) == null || modelMBeanInfo.getOperation(str).getImpact() == 0) {
                return true;
            }
            Descriptor descriptor = modelMBeanInfo.getOperation(str).getDescriptor();
            Boolean bool = (Boolean) descriptor.getFieldValue("com.bea.allowSecurityOperations");
            if ((bool != null && bool.booleanValue()) || ((String) descriptor.getFieldValue("com.bea.collectionRole")) == null) {
                return true;
            }
            if (!debug.isDebugEnabled()) {
                return false;
            }
            debug.debug("This operation " + str + " is a Management operation on MBean " + objectName + " and will be prevented.");
            return false;
        } catch (ClassNotFoundException e) {
            if (!debug.isDebugEnabled()) {
                return true;
            }
            debug.debug("ClassNotFoundException thrown while checking the mgmt operations.", e);
            return true;
        } catch (IntrospectionException e2) {
            if (!debug.isDebugEnabled()) {
                return true;
            }
            debug.debug("IntrospectionException thrown while checking the mgmt operations.", e2);
            return true;
        }
    }

    private boolean isSecurityMBean(Class cls) throws ClassNotFoundException {
        if (!Class.forName(REALM_MBEAN).isAssignableFrom(cls) && !Class.forName(PROVIDER_MBEAN).isAssignableFrom(cls) && !Class.forName(ULM_MBEAN).isAssignableFrom(cls) && !Class.forName(SECURITY_STORE_MBEAN).isAssignableFrom(cls)) {
            return false;
        }
        if (!debug.isDebugEnabled()) {
            return true;
        }
        debug.debug("Invoking a management operation on a security mbean.");
        return true;
    }
}
