package weblogic.security.internal;

import java.util.HashSet;
import weblogic.management.commo.StandardInterface;
import weblogic.management.security.ProviderMBean;
import weblogic.management.security.RealmMBean;
import weblogic.management.security.authentication.AuthenticationProviderMBean;
import weblogic.management.security.authentication.AuthenticatorMBean;
import weblogic.management.security.authentication.IdentityAsserterMBean;
import weblogic.management.security.authorization.AuthorizerMBean;
import weblogic.management.security.authorization.DeployableAuthorizerMBean;
import weblogic.management.security.authorization.DeployableRoleMapperMBean;
import weblogic.management.security.authorization.RoleMapperMBean;
import weblogic.management.security.credentials.CredentialMapperMBean;
import weblogic.management.security.credentials.DeployableCredentialMapperMBean;
import weblogic.management.security.pk.KeyStoreMBean;
import weblogic.management.utils.ErrorCollectionException;
import weblogic.security.SecurityLogger;
import weblogic.t3.srvr.T3Srvr;

/* loaded from: input_file:weblogic.jar:weblogic/security/internal/RealmValidatorImpl.class */
public class RealmValidatorImpl implements RealmValidator {
    static final String REALM_ADAPTER_ADJUDICATOR = "weblogic.security.providers.realmadapter.AdjudicationProviderImpl";
    static final String REALM_ADAPTER_AUTHORIZER = "weblogic.security.providers.realmadapter.AuthorizationProviderImpl";
    static final String REALM_ADAPTER_AUTHENTICATOR = "weblogic.security.providers.realmadapter.AuthenticationProviderImpl";
    static final String DEFAULT_AUTHORIZER = "weblogic.security.providers.authorization.DefaultAuthorizationProviderImpl";
    static final String DEFAULT_KEYSTORE = "weblogic.security.providers.pk.DefaultKeyStoreProviderImpl";
    private static boolean isBooting = true;

    @Override // weblogic.security.internal.RealmValidator
    public void validate(StandardInterface standardInterface) throws ErrorCollectionException {
        RealmMBean realmMBean = (RealmMBean) standardInterface;
        ErrorCollectionException errorCollectionException = new ErrorCollectionException(SecurityLogger.getInvalidRealmWarning(realmMBean.wls_getDisplayName()));
        checkAuthenticationProviders(realmMBean, errorCollectionException);
        checkRoleMappers(realmMBean, errorCollectionException);
        checkAdjudicator(realmMBean, errorCollectionException, checkAuthorizers(realmMBean, errorCollectionException));
        checkCredentialMappers(realmMBean, errorCollectionException);
        checkCompatibilityMode(realmMBean, errorCollectionException);
        checkKeyStoreProviders(realmMBean, errorCollectionException);
        if (!errorCollectionException.isEmpty()) {
            throw errorCollectionException;
        }
    }

    private void checkAuthenticationProviders(RealmMBean realmMBean, ErrorCollectionException errorCollectionException) {
        AuthenticationProviderMBean[] authenticationProviders = realmMBean.getAuthenticationProviders();
        checkHaveAuthenticator(realmMBean, authenticationProviders, errorCollectionException);
        checkActiveTypesUnique(realmMBean, authenticationProviders, errorCollectionException);
    }

    private void checkHaveAuthenticator(RealmMBean realmMBean, AuthenticationProviderMBean[] authenticationProviderMBeanArr, ErrorCollectionException errorCollectionException) {
        boolean z = false;
        for (int i = 0; !z && authenticationProviderMBeanArr != null && i < authenticationProviderMBeanArr.length; i++) {
            if (authenticationProviderMBeanArr[i] instanceof AuthenticatorMBean) {
                z = true;
            }
        }
        if (z) {
            return;
        }
        addError(errorCollectionException, SecurityLogger.getInvalidRealmNoAuthenticatorWarning(realmMBean.wls_getDisplayName()));
    }

    private void checkActiveTypesUnique(RealmMBean realmMBean, AuthenticationProviderMBean[] authenticationProviderMBeanArr, ErrorCollectionException errorCollectionException) {
        HashSet hashSet = new HashSet();
        for (int i = 0; authenticationProviderMBeanArr != null && i < authenticationProviderMBeanArr.length; i++) {
            if (authenticationProviderMBeanArr[i] instanceof IdentityAsserterMBean) {
                String[] activeTypes = ((IdentityAsserterMBean) authenticationProviderMBeanArr[i]).getActiveTypes();
                for (int i2 = 0; activeTypes != null && i2 < activeTypes.length; i2++) {
                    String str = activeTypes[i2];
                    if (str != null && str.length() > 0) {
                        if (hashSet.contains(str)) {
                            addError(errorCollectionException, SecurityLogger.getInvalidRealmMultipleIdentityAssertersForActiveTokenTypeWarning(realmMBean.wls_getDisplayName(), str));
                        } else {
                            hashSet.add(str);
                        }
                    }
                }
            }
        }
    }

    private void checkRoleMappers(RealmMBean realmMBean, ErrorCollectionException errorCollectionException) {
        RoleMapperMBean[] roleMappers = realmMBean.getRoleMappers();
        if (roleMappers == null || roleMappers.length == 0) {
            addError(errorCollectionException, SecurityLogger.getInvalidRealmNoRoleMapperWarning(realmMBean.wls_getDisplayName()));
            return;
        }
        if (realmMBean.isDeployRoleIgnored()) {
            return;
        }
        boolean z = false;
        boolean z2 = false;
        for (int i = 0; !z2 && i < roleMappers.length; i++) {
            if (roleMappers[i] instanceof DeployableRoleMapperMBean) {
                z = true;
                if (((DeployableRoleMapperMBean) roleMappers[i]).isRoleDeploymentEnabled()) {
                    z2 = true;
                }
            }
        }
        if (!z) {
            if (isBooting()) {
                SecurityLogger.logNoDeployableProviderProperlyConfigured(realmMBean.wls_getDisplayName(), "DeployableRoleMapper");
                return;
            } else {
                addError(errorCollectionException, SecurityLogger.getInvalidRealmNoDeployableRoleMapperWarning(realmMBean.wls_getDisplayName()));
                return;
            }
        }
        if (z2) {
            return;
        }
        if (isBooting()) {
            SecurityLogger.logNoDeployableProviderProperlyConfigured(realmMBean.wls_getDisplayName(), "DeployableRoleMapper");
        } else {
            addError(errorCollectionException, SecurityLogger.getInvalidRealmNoDeployableRoleMapperEnabledWarning(realmMBean.wls_getDisplayName()));
        }
    }

    private int checkAuthorizers(RealmMBean realmMBean, ErrorCollectionException errorCollectionException) {
        AuthorizerMBean[] authorizers = realmMBean.getAuthorizers();
        if (authorizers == null || authorizers.length == 0) {
            addError(errorCollectionException, SecurityLogger.getInvalidRealmNoAuthorizerWarning(realmMBean.wls_getDisplayName()));
            return 0;
        }
        if (!realmMBean.isDeployPolicyIgnored()) {
            boolean z = false;
            boolean z2 = false;
            for (int i = 0; !z2 && i < authorizers.length; i++) {
                if (authorizers[i] instanceof DeployableAuthorizerMBean) {
                    z = true;
                    if (((DeployableAuthorizerMBean) authorizers[i]).isPolicyDeploymentEnabled()) {
                        z2 = true;
                    }
                }
            }
            if (z) {
                if (!z2) {
                    if (isBooting()) {
                        SecurityLogger.logNoDeployableProviderProperlyConfigured(realmMBean.wls_getDisplayName(), "DeployableAuthorizer");
                    } else {
                        addError(errorCollectionException, SecurityLogger.getInvalidRealmNoDeployableAuthorizerEnabledWarning(realmMBean.wls_getDisplayName()));
                    }
                }
            } else if (isBooting()) {
                SecurityLogger.logNoDeployableProviderProperlyConfigured(realmMBean.wls_getDisplayName(), "DeployableAuthorizer");
            } else {
                addError(errorCollectionException, SecurityLogger.getInvalidRealmNoDeployableAuthorizerWarning(realmMBean.wls_getDisplayName()));
            }
        }
        return authorizers.length;
    }

    private void checkCredentialMappers(RealmMBean realmMBean, ErrorCollectionException errorCollectionException) {
        CredentialMapperMBean[] credentialMappers = realmMBean.getCredentialMappers();
        if (credentialMappers == null || credentialMappers.length == 0) {
            addError(errorCollectionException, SecurityLogger.getInvalidRealmNoCredentialMapperWarning(realmMBean.wls_getDisplayName()));
            return;
        }
        if (realmMBean.isDeployCredentialMappingIgnored()) {
            return;
        }
        boolean z = false;
        boolean z2 = false;
        for (int i = 0; !z2 && i < credentialMappers.length; i++) {
            if (credentialMappers[i] instanceof DeployableCredentialMapperMBean) {
                z = true;
                if (((DeployableCredentialMapperMBean) credentialMappers[i]).isCredentialMappingDeploymentEnabled()) {
                    z2 = true;
                }
            }
        }
        if (!z) {
            if (isBooting()) {
                SecurityLogger.logNoDeployableProviderProperlyConfigured(realmMBean.wls_getDisplayName(), "DeployableCredentialMapper");
                return;
            } else {
                addError(errorCollectionException, SecurityLogger.getInvalidRealmNoDeployableCredentialMapperWarning(realmMBean.wls_getDisplayName()));
                return;
            }
        }
        if (z2) {
            return;
        }
        if (isBooting()) {
            SecurityLogger.logNoDeployableProviderProperlyConfigured(realmMBean.wls_getDisplayName(), "DeployableCredentialMapper");
        } else {
            addError(errorCollectionException, SecurityLogger.getInvalidRealmNoDeployableCredentialMapperEnabledWarning(realmMBean.wls_getDisplayName()));
        }
    }

    private void checkAdjudicator(RealmMBean realmMBean, ErrorCollectionException errorCollectionException, int i) {
        if (realmMBean.getAdjudicator() != null || i <= 1) {
            return;
        }
        addError(errorCollectionException, SecurityLogger.getInvalidRealmNoAdjudicatorWarning(realmMBean.wls_getDisplayName()));
    }

    private boolean providerIsA(ProviderMBean providerMBean, String str) {
        if (providerMBean == null) {
            return false;
        }
        return str.equals(providerMBean.getProviderClassName());
    }

    private int providerCount(ProviderMBean[] providerMBeanArr, String str) {
        int i = 0;
        for (int i2 = 0; providerMBeanArr != null && i2 < providerMBeanArr.length; i2++) {
            if (providerIsA(providerMBeanArr[i2], str)) {
                i++;
            }
        }
        return i;
    }

    private void checkCompatibilityMode(RealmMBean realmMBean, ErrorCollectionException errorCollectionException) {
        AuthorizerMBean[] authorizers = realmMBean.getAuthorizers();
        int providerCount = providerCount(authorizers, REALM_ADAPTER_AUTHORIZER);
        int providerCount2 = providerCount(authorizers, DEFAULT_AUTHORIZER);
        int providerCount3 = providerCount(realmMBean.getAuthenticationProviders(), REALM_ADAPTER_AUTHENTICATOR);
        if (providerIsA(realmMBean.getAdjudicator(), REALM_ADAPTER_ADJUDICATOR)) {
            if (providerCount == 0) {
                addError(errorCollectionException, SecurityLogger.getInvalidRealmRealmAdapterNoRealmAdapterAuthorizerWarning(realmMBean.wls_getDisplayName()));
            }
            if (providerCount2 == 0) {
                addError(errorCollectionException, SecurityLogger.getInvalidRealmRealmAdapterNoDefaultAuthorizerWarning(realmMBean.wls_getDisplayName()));
            }
            if (providerCount2 > 1) {
                addError(errorCollectionException, SecurityLogger.getInvalidRealmRealmAdapterMultipleDefaultAuthorizersWarning(realmMBean.wls_getDisplayName()));
            }
            if (authorizers.length > providerCount + providerCount2) {
                addError(errorCollectionException, SecurityLogger.getInvalidRealmRealmAdapterUnsupportedAuthorizerWarning(realmMBean.wls_getDisplayName()));
            }
        }
        if (providerCount > 1) {
            addError(errorCollectionException, SecurityLogger.getInvalidRealmRealmAdapterMultipleRealmAdapterAuthorizersWarning(realmMBean.wls_getDisplayName()));
        }
        if (providerCount3 > 1) {
            addError(errorCollectionException, SecurityLogger.getInvalidRealmRealmAdapterMultipleRealmAdapterAuthenticatorsWarning(realmMBean.wls_getDisplayName()));
        }
        if (providerCount <= 0 || providerCount3 != 0) {
            return;
        }
        addError(errorCollectionException, SecurityLogger.getInvalidRealmRealmAdapterNoRealmAdapterAuthenticatorWarning(realmMBean.wls_getDisplayName()));
    }

    private void checkKeyStoreProviders(RealmMBean realmMBean, ErrorCollectionException errorCollectionException) {
        if (System.getProperty("weblogic.security.AllowAllKeyStoreProviders") != null) {
            return;
        }
        KeyStoreMBean[] keyStores = realmMBean.getKeyStores();
        if (keyStores != null && keyStores.length != providerCount(keyStores, DEFAULT_KEYSTORE)) {
            addError(errorCollectionException, SecurityLogger.getInvalidRealmInvalidKeyStoreProviderWarning(realmMBean.wls_getDisplayName()));
        }
        int i = 0;
        int i2 = 0;
        for (int i3 = 0; keyStores != null && i3 < keyStores.length; i3++) {
            KeyStoreMBean keyStoreMBean = keyStores[i3];
            String rootCAKeyStoreLocation = keyStoreMBean.getRootCAKeyStoreLocation();
            if (rootCAKeyStoreLocation != null && rootCAKeyStoreLocation.length() > 0) {
                i++;
            }
            String privateKeyStoreLocation = keyStoreMBean.getPrivateKeyStoreLocation();
            if (privateKeyStoreLocation != null && privateKeyStoreLocation.length() > 0) {
                i2++;
            }
        }
        if (i > 1) {
            addError(errorCollectionException, SecurityLogger.getInvalidRealmMultipleTrustedCAKeyStoresWarning(realmMBean.wls_getDisplayName()));
        }
        if (i2 > 1) {
            addError(errorCollectionException, SecurityLogger.getInvalidRealmMultiplePrivateKeyStoresWarning(realmMBean.wls_getDisplayName()));
        }
    }

    private void addError(ErrorCollectionException errorCollectionException, String str) {
        errorCollectionException.add(new Exception(str));
    }

    private static synchronized boolean isBooting() {
        if (!isBooting) {
            return false;
        }
        if (T3Srvr.getT3Srvr().getRunState() != 2) {
            return true;
        }
        isBooting = false;
        return false;
    }
}
