package weblogic.security.services;

import java.security.AccessController;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import weblogic.common.internal.LogOutputStream;
import weblogic.management.Admin;
import weblogic.security.SecurityLogger;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.AdminResource;
import weblogic.security.service.AuthorizationManager;
import weblogic.security.service.InvalidParameterException;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;

/* loaded from: input_file:weblogic.jar:weblogic/security/services/Authentication.class */
public final class Authentication {
    private static LogOutputStream log;
    private static boolean debug;
    private static AuthenticatedSubject kernelID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());

    public static Subject login(CallbackHandler callbackHandler) throws LoginException {
        return doLogin(callbackHandler, SecurityServiceManager.getPrincipalAuthenticator(kernelID, SecurityServiceManager.defaultRealmName));
    }

    public static Subject login(String str, CallbackHandler callbackHandler) throws LoginException {
        return doLogin(callbackHandler, SecurityServiceManager.getPrincipalAuthenticator(kernelID, str));
    }

    private static Subject doLogin(CallbackHandler callbackHandler, PrincipalAuthenticator principalAuthenticator) throws LoginException {
        if (principalAuthenticator == null) {
            throw new InvalidParameterException(SecurityLogger.getSecurityServiceUnavailable());
        }
        return principalAuthenticator.authenticate(callbackHandler).getSubject();
    }

    public static Subject assertIdentity(String str, Object obj) throws LoginException {
        return doAssertIdentity(str, obj, SecurityServiceManager.defaultRealmName);
    }

    public static Subject assertIdentity(String str, String str2, Object obj) throws LoginException {
        return doAssertIdentity(str2, obj, str);
    }

    private static Subject doAssertIdentity(String str, Object obj, String str2) throws LoginException {
        PrincipalAuthenticator principalAuthenticator = SecurityServiceManager.getPrincipalAuthenticator(kernelID, str2);
        if (principalAuthenticator == null) {
            throw new InvalidParameterException("Security Service Unavailable");
        }
        AuthorizationManager authorizationManager = SecurityServiceManager.getAuthorizationManager(kernelID, str2);
        if (authorizationManager == null) {
            throw new SecurityException("Security Service Unavailable");
        }
        AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(kernelID);
        AdminResource adminResource = new AdminResource("IdentityAssertion", str2, "assertIdentity");
        if (debug) {
            log.debug(new StringBuffer().append(" isAccessAllowed:  checking Permission for: '").append(adminResource).append("', currentSubject: '").append(SubjectUtils.displaySubject(currentSubject)).append("'").toString());
        }
        if (authorizationManager.isAccessAllowed(currentSubject, adminResource, null)) {
            return principalAuthenticator.assertIdentity(str, obj).getSubject();
        }
        if (debug) {
            log.debug(new StringBuffer().append(" isAccessAllowed:  currentSubject: ").append(currentSubject).append(" does not have permission to assert identity of type ").append(str).append(" in realm ").append(str2).toString());
        }
        throw new SecurityException(new StringBuffer().append("Unable to assert identity using subject: ").append(currentSubject.toString()).append(", for token type: ").append(str).append(", on the realm: ").append(str2).toString());
    }

    static {
        log = null;
        debug = false;
        debug = Admin.getInstance().getLocalServer().getServerDebug().getDebugSecurityAtn();
        if (debug) {
            log = SecurityServiceManager.getSecurityDebugLog();
        }
    }
}
