package weblogic.security.acl;

import java.security.AccessController;
import java.security.Principal;
import java.security.acl.Acl;
import java.security.acl.Permission;
import weblogic.jndi.internal.JNDIImageSourceConstants;
import weblogic.management.provider.ManagementService;
import weblogic.rmi.spi.HostID;
import weblogic.security.SecurityLogger;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.acl.internal.AuthenticatedUser;
import weblogic.security.audit.Audit;
import weblogic.security.principal.RealmAdapterUser;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;

/* loaded from: input_file:weblogic/security/acl/Security.class */
public final class Security {
    private static BasicRealm wlRealm;
    private static RealmProxy wlRealmProxy;
    private static final boolean verbose = false;
    static final String AUDIT_NAME = "Central Security";
    private static PasswordGuessing passwordguessing;
    private static AuthenticatedSubject kernelID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static long cum_user_lockout_count;
    private static long cum_invalid_login_count;
    private static long cum_locked_attempts_count;
    private static long high_invalid_login_users;
    private static long cum_user_unlock_count;
    private static long current_lock_count;

    public static BasicRealm getRealm() {
        return wlRealm;
    }

    public static boolean hasPermission(Principal principal, String str, String str2, char c) {
        return hasPermission(AUDIT_NAME, principal, str, str2, c);
    }

    public static boolean hasPermission(String str, Principal principal, String str2, String str3, char c) {
        return hasPermission(str, principal, str2, wlRealm.getPermission(str3), c);
    }

    public static boolean hasPermission(Principal principal, String str, Permission permission, char c) {
        return hasPermission(AUDIT_NAME, principal, str, permission, c);
    }

    /* JADX WARN: Removed duplicated region for block: B:18:0x0059  */
    /* JADX WARN: Removed duplicated region for block: B:22:0x005e  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static boolean hasPermission(java.lang.String r6, java.security.Principal r7, java.lang.String r8, java.security.acl.Permission r9, char r10) {
        /*
            r0 = 0
            r11 = r0
            r0 = r7
            boolean r0 = r0 instanceof weblogic.security.principal.RealmAdapterUser
            if (r0 == 0) goto L1a
            weblogic.security.acl.BasicRealm r0 = getRealm()
            r1 = r7
            java.lang.String r1 = r1.getName()
            weblogic.security.acl.User r0 = r0.getUser(r1)
            r11 = r0
        L1a:
            weblogic.security.acl.BasicRealm r0 = weblogic.security.acl.Security.wlRealm
            r1 = r8
            r2 = r10
            java.security.acl.Acl r0 = r0.getAcl(r1, r2)
            r12 = r0
            r0 = r7
            if (r0 == 0) goto L4e
            r0 = r9
            if (r0 == 0) goto L4e
            r0 = r12
            if (r0 == 0) goto L4e
            r0 = r12
            r1 = r11
            if (r1 == 0) goto L40
            r1 = r11
            goto L41
        L40:
            r1 = r7
        L41:
            r2 = r9
            boolean r0 = r0.checkPermission(r1, r2)
            if (r0 == 0) goto L4e
            r0 = 1
            goto L4f
        L4e:
            r0 = 0
        L4f:
            r13 = r0
            r0 = r6
            r1 = r12
            r2 = r11
            if (r2 == 0) goto L5e
            r2 = r11
            goto L5f
        L5e:
            r2 = r7
        L5f:
            r3 = r9
            r4 = r13
            weblogic.security.audit.Audit.checkPermission(r0, r1, r2, r3, r4)
            r0 = r13
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: weblogic.security.acl.Security.hasPermission(java.lang.String, java.security.Principal, java.lang.String, java.security.acl.Permission, char):boolean");
    }

    public static boolean hasPermission(Principal principal, String str, Permission permission, char c, Acl acl) {
        return hasPermission(AUDIT_NAME, principal, str, permission, c, acl);
    }

    public static boolean hasPermission(String str, Principal principal, String str2, Permission permission, char c, Acl acl) {
        boolean z;
        boolean z2 = false;
        User user = null;
        if (principal instanceof RealmAdapterUser) {
            user = getRealm().getUser(principal.getName());
        }
        Acl acl2 = wlRealm.getAcl(str2, c);
        if (acl2 == null) {
            if (acl == null) {
                z2 = true;
            }
            acl2 = acl;
        }
        if (!z2) {
            if (principal != null && permission != null) {
                if (acl2.checkPermission(user != null ? user : principal, permission)) {
                    z = true;
                    z2 = z;
                }
            }
            z = false;
            z2 = z;
        }
        Audit.checkPermission(str, acl2, user != null ? user : principal, permission, z2);
        return z2;
    }

    public static boolean hasPermission(String str, Permission permission, char c) {
        return hasPermission(getCurrentUser(), str, permission, c);
    }

    public static boolean hasPermission(String str, Permission permission, char c, Acl acl) {
        return hasPermission(getCurrentUser(), str, permission, c, acl);
    }

    public static String getThreadCurrentUserName() {
        User currentUser = getCurrentUser();
        if (currentUser != null) {
            return currentUser.getName();
        }
        return null;
    }

    public static User getCurrentUser() {
        AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(kernelID);
        if (SecurityServiceManager.isKernelIdentity(currentSubject)) {
            return wlRealm.getUser(ManagementService.getRuntimeAccess(kernelID).getDomain().getSecurity().getSystemUser());
        }
        RealmAdapterUser realmAdapterUser = null;
        Object[] array = currentSubject.getPrincipals(RealmAdapterUser.class).toArray();
        if (array != null && array.length > 0) {
            realmAdapterUser = (RealmAdapterUser) array[0];
        }
        User user = null;
        if (wlRealm != null) {
            if (realmAdapterUser == null) {
                return wlRealm.getUser("guest");
            }
            user = wlRealm.getUser(realmAdapterUser.getName());
            if (user == null) {
                user = new User(realmAdapterUser.getName());
            }
        }
        return user;
    }

    public static void checkPermission(Principal principal, String str, Permission permission, char c, Acl acl) throws SecurityException {
        checkPermission(AUDIT_NAME, principal, str, permission, c, acl);
    }

    public static void checkPermission(String str, Principal principal, String str2, Permission permission, char c, Acl acl) throws SecurityException {
        if (hasPermission(str, principal, str2, permission, c, acl)) {
            return;
        }
        logAndThrow("User \"" + principal + "\" does not have Permission \"" + permission + "\" based on ACL \"" + str2 + "\".");
    }

    public static void checkPermission(Principal principal, String str, Permission permission, char c) throws SecurityException {
        checkPermission(AUDIT_NAME, principal, str, permission, c);
    }

    public static void checkPermission(String str, Principal principal, String str2, Permission permission, char c) throws SecurityException {
        if (ManagementService.getRuntimeAccess(kernelID).getDomain().getSecurity().getLogAllChecksEnabled()) {
            Acl acl = wlRealm.getAcl(str2, c);
            SecurityLogger.logCheckUserPermissionInfo(principal.toString(), permission.toString(), acl == null ? " on (unknown) ACL \"" + str2 + JNDIImageSourceConstants.DOUBLE_QUOTES : "on ACL \"" + acl.toString() + JNDIImageSourceConstants.DOUBLE_QUOTES);
        }
        if (hasPermission(str, principal, str2, permission, c)) {
            return;
        }
        logAndThrow("User \"" + principal + "\" does not have Permission \"" + permission + "\" based on ACL \"" + str2 + "\".");
    }

    public static void checkPermission(String str, Permission permission, char c) throws SecurityException {
        checkPermission(AUDIT_NAME, str, permission, c);
    }

    public static void checkPermission(String str, String str2, Permission permission, char c) throws SecurityException {
        checkPermission(str, getCurrentUser(), str2, permission, c);
    }

    public static UserInfo getUserInfo(String str, Object obj) {
        return wlRealmProxy.createUserInfo(str, obj);
    }

    public static User getUser(String str, Object obj) {
        return wlRealm.getUser(getUserInfo(str, obj));
    }

    public static void logAndThrow(String str) throws SecurityException {
        SecurityException securityException = new SecurityException(str);
        SecurityLogger.logAccessFailedInfo(Thread.currentThread().toString(), securityException.toString());
        throw securityException;
    }

    public static void init(BasicRealm basicRealm) {
        wlRealm = basicRealm;
        wlRealmProxy = RealmProxy.getRealmProxy(wlRealm.getName());
        weblogic.security.acl.internal.Security.init();
    }

    public static Object doAsPrivileged(UserInfo userInfo, PrivilegedAction privilegedAction) {
        if (privilegedAction == null) {
            throw new NullPointerException("null action provided");
        }
        AuthenticatedUser authenticate = weblogic.security.acl.internal.Security.authenticate(userInfo);
        if (authenticate == null) {
            throw new SecurityException("Unable to authenticate " + userInfo);
        }
        SecurityServiceManager.pushSubject(kernelID, SecurityServiceManager.getASFromAU(authenticate));
        try {
            return privilegedAction.run();
        } finally {
            SecurityServiceManager.popSubject(kernelID);
        }
    }

    public static Object doAsPrivileged(UserInfo userInfo, PrivilegedExceptionAction privilegedExceptionAction) throws Exception {
        if (privilegedExceptionAction == null) {
            throw new NullPointerException("null action provided");
        }
        AuthenticatedUser authenticate = weblogic.security.acl.internal.Security.authenticate(userInfo);
        if (authenticate == null) {
            throw new SecurityException("Unable to authenticate " + userInfo);
        }
        SecurityServiceManager.pushSubject(kernelID, SecurityServiceManager.getASFromAU(authenticate));
        try {
            return privilegedExceptionAction.run();
        } finally {
            SecurityServiceManager.popSubject(kernelID);
        }
    }

    public static Principal getPrincipal(String str) {
        if (wlRealm instanceof CachingRealm) {
            return ((CachingRealm) wlRealm).getPrincipal(str);
        }
        Principal group = wlRealm.getGroup(str);
        if (group == null) {
            group = wlRealm.getUser(str);
        }
        return group;
    }

    public static long getUserLockoutTotalCount() {
        return cum_user_lockout_count;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void incrementUserLockoutTotalCount() {
        cum_user_lockout_count++;
    }

    public static long getInvalidLoginAttemptsTotalCount() {
        return cum_invalid_login_count;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void incrementInvalidLoginAttemptsTotalCount() {
        cum_invalid_login_count++;
    }

    public static long getLoginAttemptsWhileLockedTotalCount() {
        return cum_locked_attempts_count;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void incrementLoginAttemptsWhileLockedTotalCount() {
        cum_locked_attempts_count++;
    }

    public static long getInvalidLoginUsersHighCount() {
        return high_invalid_login_users;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setInvalidLoginUsersHighCount(long j) {
        high_invalid_login_users = j;
    }

    public static long getUnlockedUsersTotalCount() {
        return cum_user_unlock_count;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void incrementUnlockedUsersTotalCount() {
        cum_user_unlock_count++;
    }

    public static long getLockedUsersCurrentCount() {
        return current_lock_count;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void incrementLockedUsersCurrentCount() {
        current_lock_count++;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void decrementLockedUsersCurrentCount() {
        current_lock_count--;
    }

    public static PasswordGuessing getPasswordGuessing() {
        synchronized (PasswordGuessing.class) {
            if (passwordguessing == null) {
                passwordguessing = (PasswordGuessing) SecurityServiceManager.runAs(kernelID, kernelID, new java.security.PrivilegedAction() { // from class: weblogic.security.acl.Security.1
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        return new PasswordGuessing();
                    }
                });
            }
        }
        return passwordguessing;
    }

    public static void receiveSecurityMessage(HostID hostID, SecurityMessage securityMessage) {
        passwordguessing.processSecurityMessage(securityMessage.nextSeqNo(), securityMessage.record());
    }
}
