package weblogic.security.service;

import com.bea.common.security.service.BulkRoleMappingService;
import com.bea.security.css.CSS;
import java.security.AccessController;
import java.util.List;
import java.util.Map;
import weblogic.management.security.ProviderMBean;
import weblogic.security.SecurityLogger;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.shared.LoggerWrapper;
import weblogic.security.spi.Resource;

/* loaded from: input_file:weblogic/security/service/BulkRoleManager.class */
public class BulkRoleManager implements SecurityService {
    private BulkRoleMappingService roleService = null;
    private boolean initialized;
    private static final AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static LoggerWrapper log = LoggerWrapper.getInstance("SecurityRoleMap");

    public BulkRoleManager() {
    }

    public BulkRoleManager(String str, ProviderMBean[] providerMBeanArr) {
        initialize(str, providerMBeanArr);
    }

    @Override // weblogic.security.service.SecurityService
    public void initialize(String str, ProviderMBean[] providerMBeanArr) {
        if (null == str || !SecurityServiceManager.doesRealmExistInternal(str)) {
            throw new com.bea.common.engine.InvalidParameterException(SecurityLogger.getValidRealmNameMustBeSpecifed());
        }
        if (null == providerMBeanArr) {
            throw new com.bea.common.engine.InvalidParameterException(SecurityLogger.getNoAuthAndNoAdjMBeans());
        }
        if (providerMBeanArr.length < 1) {
            throw new com.bea.common.engine.InvalidParameterException(SecurityLogger.getNeedAtLeastOneAuthMBean());
        }
        if (log.isDebugEnabled()) {
            log.debug("BulkRoleManager initializing for realm: " + str);
        }
        try {
            this.roleService = (BulkRoleMappingService) SecurityServiceManager.getCSS(kernelId).getService(CSS.BULK_ROLE_MAPPING_SERVICE);
            this.initialized = true;
        } catch (Exception e) {
            if (log.isDebugEnabled()) {
                SecurityLogger.logStackTrace(e);
            }
            SecurityServiceRuntimeException securityServiceRuntimeException = new SecurityServiceRuntimeException(SecurityLogger.getExceptionObtainingService("Common BulkRoleMappingService", e.toString()));
            securityServiceRuntimeException.initCause(e);
            throw securityServiceRuntimeException;
        }
    }

    @Override // weblogic.security.service.SecurityService
    public void start() {
    }

    @Override // weblogic.security.service.SecurityService
    public void suspend() {
    }

    @Override // weblogic.security.service.SecurityService
    public void shutdown() {
        this.roleService = null;
    }

    public Map<Resource, Map<String, SecurityRole>> getRoles(AuthenticatedSubject authenticatedSubject, List<Resource> list, ContextHandler contextHandler) {
        if (!this.initialized) {
            throw new NotYetInitializedException(SecurityLogger.getRoleMgrNotYetInitialized());
        }
        if (null == authenticatedSubject || null == list) {
            throw new com.bea.common.engine.InvalidParameterException(SecurityLogger.getReqParamNotSuppliedIsAccess());
        }
        return this.roleService.getRoles(IdentityUtility.authenticatedSubjectToIdentity(authenticatedSubject), list, contextHandler);
    }
}
