package weblogic.security;

import java.lang.reflect.InvocationTargetException;
import javax.management.Notification;
import javax.management.NotificationListener;
import weblogic.common.T3User;
import weblogic.common.internal.LogOutputStream;
import weblogic.management.Admin;
import weblogic.management.ManagementException;
import weblogic.management.configuration.ConfigurationError;
import weblogic.management.configuration.SecurityMBean;
import weblogic.management.internal.AttributeChangeNotification;
import weblogic.management.runtime.RuntimeMBean;
import weblogic.security.SSL.HostnameVerification;
import weblogic.security.acl.BasicRealm;
import weblogic.security.acl.CachingRealm;
import weblogic.security.acl.CertAuthentication;
import weblogic.security.acl.ListableRealm;
import weblogic.security.acl.Realm;
import weblogic.security.acl.internal.AuthenticatedUser;
import weblogic.security.acl.internal.ClusterRealm;
import weblogic.security.acl.internal.FileRealm;
import weblogic.security.audit.Audit;
import weblogic.security.audit.AuditProvider;
import weblogic.security.net.ConnectionFilter;
import weblogic.server.ServerLifeCycle;
import weblogic.server.ServerLifecycleException;
import weblogic.utils.NestedRuntimeException;

/* loaded from: input_file:weblogic.jar:weblogic/security/SecurityService.class */
public final class SecurityService implements ServerLifeCycle, NotificationListener {
    private RuntimeMBean runtime;
    private static final String DEFAULT_REALM = "weblogic.security.acl.internal.FileRealm";
    private static final String WLREALMNAME = "weblogic";
    private static Object filterObject;
    private static String filterClass;
    static Class class$weblogic$security$net$ConnectionFilterRulesListener;
    static Class array$Ljava$lang$String;
    static Class class$weblogic$security$acl$internal$ClusterRealm;
    private static SecurityService singleton = null;
    private static boolean enableConnectionFilter = false;
    private static boolean enableConnectionLogger = false;
    private BasicRealm oldSecRealm = null;
    private AuditProvider oldAudit = null;
    private SecurityMBean mbean = null;
    private LogOutputStream log = new LogOutputStream("SecurityService");
    private LogOutputStream internalSecurityLog = new LogOutputStream("Security-Crypto");

    public static SecurityService getSecurityService() {
        return singleton;
    }

    public SecurityService() {
        if (singleton != null) {
            throw new InternalError(SecurityLogger.getSecurityAlreadyConfigured());
        }
        singleton = this;
    }

    public LogOutputStream getSecurityLog() {
        return this.internalSecurityLog;
    }

    @Override // weblogic.server.ServerLifeCycle
    public void initialize() throws ServerLifecycleException {
        initializeMBean();
        initializeConnectionFilter();
        initializeHostnameVerification();
        initializeRuntime();
    }

    private T3User getAdminUser() {
        return new T3User(Admin.getInstance().getTimestamp1(), Admin.getInstance().getTimestamp2());
    }

    @Override // weblogic.server.ServerLifeCycle
    public void prepareToSuspend() throws ServerLifecycleException {
    }

    @Override // weblogic.server.ServerLifeCycle
    public void forceSuspend() throws ServerLifecycleException {
    }

    @Override // weblogic.server.ServerLifeCycle
    public void resume() throws ServerLifecycleException {
    }

    @Override // weblogic.server.ServerLifeCycle
    public void shutdown() throws ServerLifecycleException {
    }

    private void initializeMBean() {
        this.mbean = Admin.getInstance().getActiveDomain().getSecurity();
        this.mbean.addNotificationListener(this, null, null);
        if (this.mbean.getSalt() == null) {
            throw new ConfigurationError(SecurityLogger.getSaltNotSet());
        }
    }

    public static final boolean getConnectionFilterEnabled() {
        return enableConnectionFilter;
    }

    public static final void setConnectionFilter(ConnectionFilter connectionFilter) {
        filterObject = connectionFilter;
    }

    public static final ConnectionFilter getConnectionFilter() {
        return (ConnectionFilter) filterObject;
    }

    public static final boolean getConnectionLoggerEnabled() {
        return enableConnectionLogger;
    }

    @Override // javax.management.NotificationListener
    public synchronized void handleNotification(Notification notification, Object obj) {
        if (notification instanceof AttributeChangeNotification) {
            String attributeName = ((AttributeChangeNotification) notification).getAttributeName();
            if (attributeName.equalsIgnoreCase("ConnectionFilterRules") && getConnectionFilterEnabled()) {
                setConnectionFilterRules();
            }
            if (attributeName.equalsIgnoreCase("ConnectionLoggerEnabled")) {
                setConnectionLoggerEnabled();
            }
        }
    }

    private void setConnectionLoggerEnabled() {
        enableConnectionLogger = this.mbean.getConnectionLoggerEnabled();
    }

    private synchronized void setConnectionFilterRules() {
        Class cls;
        Class<?> cls2;
        String[] connectionFilterRules = this.mbean.getConnectionFilterRules();
        try {
            Class<?> cls3 = Class.forName(filterClass);
            if (class$weblogic$security$net$ConnectionFilterRulesListener == null) {
                cls = class$("weblogic.security.net.ConnectionFilterRulesListener");
                class$weblogic$security$net$ConnectionFilterRulesListener = cls;
            } else {
                cls = class$weblogic$security$net$ConnectionFilterRulesListener;
            }
            if (cls.isAssignableFrom(cls3)) {
                try {
                    Class<?>[] clsArr = new Class[1];
                    if (array$Ljava$lang$String == null) {
                        cls2 = class$("[Ljava.lang.String;");
                        array$Ljava$lang$String = cls2;
                    } else {
                        cls2 = array$Ljava$lang$String;
                    }
                    clsArr[0] = cls2;
                    cls3.getMethod("setRules", clsArr).invoke(filterObject, connectionFilterRules);
                } catch (InvocationTargetException e) {
                    Throwable targetException = e.getTargetException();
                    if (targetException.toString().startsWith("java.text.ParseException")) {
                        SecurityLogger.logBootFilterCritical(targetException.getMessage());
                    }
                    throw e;
                }
            }
        } catch (Throwable th) {
            SecurityLogger.logStackTrace(th);
            throw new NestedRuntimeException(SecurityLogger.getProblemWithConnFilterRules(), th);
        }
    }

    private void initializeConnectionFilter() {
        filterClass = this.mbean.getConnectionFilter();
        if (filterClass != null) {
            try {
                filterObject = Class.forName(filterClass).newInstance();
                enableConnectionFilter = true;
                setConnectionFilterRules();
            } catch (Exception e) {
                SecurityLogger.logStackTrace(e);
                throw new NestedRuntimeException(SecurityLogger.getProblemWithConnFilter(), e);
            }
        }
        setConnectionLoggerEnabled();
    }

    public synchronized void initializeAuditing() {
        String auditProviderClassName;
        if (this.oldAudit == null && (auditProviderClassName = this.mbean.getAuditProviderClassName()) != null) {
            try {
                AuditProvider auditProvider = (AuditProvider) Class.forName(auditProviderClassName).newInstance();
                Audit.setProvider(auditProvider);
                this.oldAudit = auditProvider;
            } catch (Exception e) {
                SecurityLogger.logStackTrace(e);
                String message = e.getMessage();
                this.log.critical(new StringBuffer().append("*** Security audit provider not set correctly [").append(e.getClass().getName()).append((message == null || message.length() == 0) ? "" : new StringBuffer().append(": ").append(message).toString()).append("]").toString());
                throw new SecurityException(SecurityLogger.getMustSetAuditProviderClassName());
            }
        }
    }

    public void initializeClusterRealm(String str) {
        Class cls;
        if (class$weblogic$security$acl$internal$ClusterRealm == null) {
            cls = class$("weblogic.security.acl.internal.ClusterRealm");
            class$weblogic$security$acl$internal$ClusterRealm = cls;
        } else {
            cls = class$weblogic$security$acl$internal$ClusterRealm;
        }
        ClusterRealm.THE_ONE = (ClusterRealm) Realm.getRealm(AuthenticatedUser.REALM_NAME, str, cls.getName());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public synchronized void initializeRealm() {
        if (this.oldSecRealm != null) {
            return;
        }
        T3User adminUser = getAdminUser();
        FileRealm fileRealm = (FileRealm) Realm.getRealm("weblogic", adminUser, DEFAULT_REALM);
        FileRealm fileRealm2 = fileRealm;
        if (this.mbean.getRealm().getCachingRealm() != null) {
            String realmClassName = this.mbean.getRealm().getCachingRealm().getBasicRealm().getRealmClassName();
            if (realmClassName == null || realmClassName.length() == 0) {
                throw new SecurityException(SecurityLogger.getMustSetRealmClassName(this.mbean.getRealm().getCachingRealm().getBasicRealm().getName()));
            }
            CachingRealm cachingRealm = new CachingRealm((ListableRealm) Realm.getRealm("custom", adminUser, realmClassName), fileRealm, adminUser);
            cachingRealm.masqueradeAs("weblogic");
            weblogic.security.acl.Security.init(cachingRealm);
            fileRealm2 = cachingRealm;
        } else {
            weblogic.security.acl.Security.init(fileRealm);
        }
        fileRealm.loadMembers();
        fileRealm.addRuntimeACLs();
        this.oldSecRealm = fileRealm2;
    }

    public void initializeCertAuthentication() {
        CertAuthentication.setup();
    }

    private void initializeHostnameVerification() {
        HostnameVerification.setup();
    }

    private void initializeRuntime() {
        try {
            new SecurityRuntime(this.mbean);
        } catch (ManagementException e) {
            SecurityLogger.logErrorCreatingSecurityRuntime(e);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }
}
