package weblogic.security.service;

import java.security.AccessController;
import java.util.Map;
import java.util.Vector;
import javax.security.auth.Subject;
import weblogic.common.internal.LogOutputStream;
import weblogic.management.Admin;
import weblogic.management.security.ProviderMBean;
import weblogic.management.security.RealmMBean;
import weblogic.management.security.authorization.DeployableRoleMapperMBean;
import weblogic.management.security.authorization.RoleMapperMBean;
import weblogic.security.SecurityLogger;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.internal.ForceDDOnly;
import weblogic.security.service.SecurityService;
import weblogic.security.spi.ApplicationLifecycleProviderMixin;
import weblogic.security.spi.AuditSeverity;
import weblogic.security.spi.DeployableRoleProvider;
import weblogic.security.spi.Resource;
import weblogic.security.spi.RoleMapper;
import weblogic.security.spi.RoleProvider;
import weblogic.utils.collections.CombinedMap;

/* loaded from: input_file:weblogic.jar:weblogic/security/service/RoleManager.class */
public class RoleManager implements SecurityService {
    private static final AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private String realmName;
    private Auditor auditor;
    private boolean initialized;
    private Vector roleProviderVector;
    private Vector deployableRoleProviderVector;
    private RoleMapper[] mappers;
    private boolean debug;
    private LogOutputStream log;
    private RealmMBean realmMBean;

    public RoleManager() {
        this.realmName = null;
        this.auditor = null;
        this.roleProviderVector = null;
        this.deployableRoleProviderVector = null;
        this.debug = false;
        this.log = null;
        this.realmMBean = null;
    }

    public RoleManager(String str, ProviderMBean[] providerMBeanArr) {
        this.realmName = null;
        this.auditor = null;
        this.roleProviderVector = null;
        this.deployableRoleProviderVector = null;
        this.debug = false;
        this.log = null;
        this.realmMBean = null;
        this.debug = Admin.getInstance().getLocalServer().getServerDebug().getDebugSecurityRoleMap();
        if (this.debug) {
            this.log = SecurityServiceManager.getSecurityDebugLog();
        }
        this.realmName = str;
        initialize(str, providerMBeanArr);
    }

    @Override // weblogic.security.service.SecurityService
    public void initialize(String str, ProviderMBean[] providerMBeanArr) {
        if (null == providerMBeanArr || 0 == providerMBeanArr.length) {
            throw new InvalidParameterException(SecurityLogger.getNoProviderMBeans());
        }
        if (this.debug) {
            this.log.debug(new StringBuffer().append("RoleManager initializing for realm: ").append(str).toString());
        }
        this.auditor = (Auditor) SecurityServiceManager.getSecurityServiceInternal(str, SecurityService.ServiceType.AUDIT);
        this.roleProviderVector = new Vector(providerMBeanArr.length);
        this.deployableRoleProviderVector = new Vector(providerMBeanArr.length);
        for (int i = 0; i < providerMBeanArr.length; i++) {
            if (!(providerMBeanArr[i] instanceof RoleMapperMBean)) {
                cleanup();
                throw new InvalidParameterException(SecurityLogger.getNonRoleMapperMBeanPassed());
            }
            RoleMapperMBean roleMapperMBean = (RoleMapperMBean) providerMBeanArr[i];
            if (this.realmMBean == null) {
                this.realmMBean = roleMapperMBean.getRealm();
            }
            RoleProvider roleProvider = (RoleProvider) SecurityServiceManager.createSecurityProvider(roleMapperMBean, this.auditor);
            if (roleProvider.getRoleMapper() == null) {
                cleanup();
                throw new ProviderException(SecurityLogger.getProblemGettingRoleMapper());
            }
            this.roleProviderVector.add(roleProvider);
            if (roleMapperMBean instanceof DeployableRoleMapperMBean) {
                if (((DeployableRoleMapperMBean) roleMapperMBean).isRoleDeploymentEnabled()) {
                    this.deployableRoleProviderVector.add(roleProvider);
                    if (this.debug) {
                        this.log.debug(new StringBuffer().append("RoleManager initialize added DeployableRoleProvider: ").append(roleProvider.getRoleMapper().getClass().getName()).toString());
                    }
                } else if (this.debug) {
                    this.log.debug(new StringBuffer().append("RoleManager initialize found DeployableRoleProvider: ").append(roleProvider.getRoleMapper().getClass().getName()).append(" but isRoleDeploymentEnabled is false").toString());
                }
            } else if (this.debug) {
                this.log.debug(new StringBuffer().append("RoleManager initialize added RoleMapper: ").append(roleProvider.getRoleMapper().getClass().getName()).toString());
            }
        }
        if (this.deployableRoleProviderVector.isEmpty() && this.debug) {
            this.log.debug("RoleManager initialize found no DeployableRoleProviders with RoleDeploymentEnabled set to true");
        }
        if (this.realmMBean == null) {
            cleanup();
            if (this.debug) {
                this.log.debug("RoleManager initialize did not find a RealmMBean on the provider MBeans passed in");
            }
            throw new InvalidParameterException(SecurityLogger.getNoBackPointerToRealmMBean());
        }
        if (this.debug) {
            this.log.debug(new StringBuffer().append("RoleManager.initialize found ").append(this.roleProviderVector.size()).append(" Role Mappers of which ").append(this.deployableRoleProviderVector.size()).append(" were deployable").toString());
        }
        this.mappers = new RoleMapper[this.roleProviderVector.size()];
        for (int i2 = 0; i2 < this.roleProviderVector.size(); i2++) {
            this.mappers[i2] = ((RoleProvider) this.roleProviderVector.elementAt(i2)).getRoleMapper();
        }
        this.initialized = true;
    }

    @Override // weblogic.security.service.SecurityService
    public void start() {
    }

    @Override // weblogic.security.service.SecurityService
    public void suspend() {
    }

    @Override // weblogic.security.service.SecurityService
    public void shutdown() {
        cleanup();
    }

    public Map getRoles(AuthenticatedSubject authenticatedSubject, Resource resource, ContextHandler contextHandler) {
        if (!this.initialized) {
            throw new NotYetInitializedException(SecurityLogger.getRoleMgrNotYetInitialized());
        }
        AuthenticatedSubject seal = SecurityServiceManager.seal(kernelId, authenticatedSubject);
        if (this.debug) {
            this.log.debug(new StringBuffer().append("RoleManager.getRoles subject: ").append(SubjectUtils.displaySubject(seal)).append(" Resource: ").append(resource).toString());
        }
        if (this.auditor != null) {
            this.auditor.writeEvent(new AuditRoleEventImpl(AuditSeverity.INFORMATION, seal, resource, contextHandler, null, null));
        }
        Map collectRoles = collectRoles(seal, resource, contextHandler);
        if (this.auditor != null) {
            this.auditor.writeEvent(new AuditRoleEventImpl(AuditSeverity.INFORMATION, seal, resource, contextHandler, collectRoles, null));
        }
        if (this.debug) {
            this.log.debug(new StringBuffer().append("RoleManager.getRoles  Subject: ").append(SubjectUtils.displaySubject(seal)).append(" Resource: ").append(resource.getType()).append(" ").append(resource).append(" ").append(collectRoles).append(" roles.").toString());
        }
        return collectRoles;
    }

    public boolean isDeployRoleIgnored() {
        if (ForceDDOnly.isForceDDOnly()) {
            return false;
        }
        return this.realmMBean.isDeployRoleIgnored();
    }

    private Map collectRoles(AuthenticatedSubject authenticatedSubject, Resource resource, ContextHandler contextHandler) {
        Subject subject = authenticatedSubject != null ? authenticatedSubject.getSubject() : null;
        if (this.mappers.length == 1) {
            try {
                return this.mappers[0].getRoles(subject, resource, contextHandler);
            } catch (Exception e) {
                return collectRolesProblem(this.mappers[0], authenticatedSubject, resource, contextHandler, e);
            }
        }
        Map[] mapArr = new Map[this.mappers.length];
        for (int i = 0; i < this.mappers.length; i++) {
            try {
                mapArr[i] = this.mappers[i].getRoles(subject, resource, contextHandler);
            } catch (Exception e2) {
                mapArr[i] = collectRolesProblem(this.mappers[i], authenticatedSubject, resource, contextHandler, e2);
            }
        }
        return new CombinedMap(mapArr);
    }

    private Map collectRolesProblem(RoleMapper roleMapper, AuthenticatedSubject authenticatedSubject, Resource resource, ContextHandler contextHandler, Exception exc) {
        SecurityLogger.logRoleMapperError(roleMapper.getClass().getName(), exc);
        if (this.auditor != null) {
            this.auditor.writeEvent(new AuditRoleEventImpl(AuditSeverity.ERROR, authenticatedSubject, resource, contextHandler, null, exc));
        }
        if (this.debug) {
            this.log.debug(new StringBuffer().append("RoleManager.getRoles got an exception: ").append(exc).toString());
        }
        return new CombinedMap(new Map[0]);
    }

    public void deployRole(Resource resource, String str, String[] strArr) throws RoleCreationException {
        deployRole(resource, str, strArr, false);
    }

    public void deployRole(Resource resource, String str, String[] strArr, boolean z) throws RoleCreationException {
        if (!z && isDeployRoleIgnored()) {
            if (this.debug) {
                this.log.debug("RoleManager will not deploy role, isDeployRoleIgnored is true.");
                return;
            }
            return;
        }
        if (this.deployableRoleProviderVector == null || this.deployableRoleProviderVector.isEmpty()) {
            SecurityLogger.logUnableToDeploySecurityInformation(this.realmMBean.wls_getDisplayName(), "DeployableRoleProvider");
            return;
        }
        for (int i = 0; i < this.deployableRoleProviderVector.size(); i++) {
            DeployableRoleProvider deployableRoleProvider = (DeployableRoleProvider) this.deployableRoleProviderVector.elementAt(i);
            try {
                deployableRoleProvider.deployRole(resource, str, strArr);
                if (this.auditor != null) {
                    this.auditor.writeEvent(new AuditRoleDeployEventImpl(AuditSeverity.SUCCESS, SecurityServiceManager.getCurrentSubject(kernelId), resource, str, strArr, null));
                }
            } catch (Exception e) {
                if (this.debug) {
                    this.log.debug(new StringBuffer().append("RoleManager.deployRole got an exception: ").append(e).toString());
                }
                SecurityLogger.logDeployableRoleProviderError(deployableRoleProvider.getClass().getName(), e);
                if (this.auditor != null) {
                    this.auditor.writeEvent(new AuditRoleDeployEventImpl(AuditSeverity.FAILURE, SecurityServiceManager.getCurrentSubject(kernelId), resource, str, strArr, e));
                }
                if (e instanceof weblogic.security.spi.RoleCreationException) {
                    throw new RoleCreationException(e);
                }
            }
        }
    }

    public void undeployRole(Resource resource, String str) throws RoleRemovalException {
        if (isDeployRoleIgnored()) {
            if (this.debug) {
                this.log.debug("RoleManager will not undeploy role, isDeployRoleIgnored is true.");
                return;
            }
            return;
        }
        if (this.deployableRoleProviderVector == null || this.deployableRoleProviderVector.isEmpty()) {
            SecurityLogger.logUnableToUndeploySecurityInformation(this.realmMBean.wls_getDisplayName(), "DeployableRoleProvider");
            return;
        }
        for (int i = 0; i < this.deployableRoleProviderVector.size(); i++) {
            try {
                ((DeployableRoleProvider) this.deployableRoleProviderVector.elementAt(i)).undeployRole(resource, str);
                if (this.auditor != null) {
                    this.auditor.writeEvent(new AuditRoleUndeployEventImpl(AuditSeverity.SUCCESS, SecurityServiceManager.getCurrentSubject(kernelId), resource, str, null));
                }
            } catch (Exception e) {
                if (this.debug) {
                    this.log.debug(new StringBuffer().append("RoleManager.undeployRole got an exception: ").append(e).toString());
                }
                SecurityLogger.logDeployableRoleProviderError(new String(((DeployableRoleProvider) this.deployableRoleProviderVector.elementAt(i)).getClass().getName()), e);
                if (this.auditor != null) {
                    this.auditor.writeEvent(new AuditRoleUndeployEventImpl(AuditSeverity.FAILURE, SecurityServiceManager.getCurrentSubject(kernelId), resource, str, e));
                }
                if (e instanceof weblogic.security.spi.RoleRemovalException) {
                    throw new RoleRemovalException(e);
                }
            }
        }
    }

    public void applicationDeleted(String str, int i, String str2) {
        for (int i2 = 0; i2 < this.deployableRoleProviderVector.size(); i2++) {
            DeployableRoleProvider deployableRoleProvider = (DeployableRoleProvider) this.deployableRoleProviderVector.elementAt(i2);
            if (deployableRoleProvider instanceof ApplicationLifecycleProviderMixin) {
                try {
                    ((ApplicationLifecycleProviderMixin) deployableRoleProvider).applicationDeleted(str, i, str2);
                } catch (Exception e) {
                    if (this.debug) {
                        this.log.debug(new StringBuffer().append("RoleManager.applicationDeleted got an exception: ").append(e).toString());
                    }
                }
            }
        }
    }

    public void applicationDeployBegun(String str, int i, String str2) {
        if (isDeployRoleIgnored()) {
            return;
        }
        for (int i2 = 0; i2 < this.deployableRoleProviderVector.size(); i2++) {
            DeployableRoleProvider deployableRoleProvider = (DeployableRoleProvider) this.deployableRoleProviderVector.elementAt(i2);
            if (deployableRoleProvider instanceof ApplicationLifecycleProviderMixin) {
                try {
                    ((ApplicationLifecycleProviderMixin) deployableRoleProvider).applicationDeployBegun(str, i, str2);
                } catch (Exception e) {
                    if (this.debug) {
                        this.log.debug(new StringBuffer().append("RoleManager.applicationDeployBegun got an exception: ").append(e).toString());
                    }
                }
            }
        }
    }

    public void applicationDeployEnded(String str, int i, String str2) {
        if (isDeployRoleIgnored()) {
            return;
        }
        for (int i2 = 0; i2 < this.deployableRoleProviderVector.size(); i2++) {
            DeployableRoleProvider deployableRoleProvider = (DeployableRoleProvider) this.deployableRoleProviderVector.elementAt(i2);
            if (deployableRoleProvider instanceof ApplicationLifecycleProviderMixin) {
                try {
                    ((ApplicationLifecycleProviderMixin) deployableRoleProvider).applicationDeployEnded(str, i, str2);
                } catch (Exception e) {
                    if (this.debug) {
                        this.log.debug(new StringBuffer().append("RoleManager.applicationDeployEnded got an exception: ").append(e).toString());
                    }
                }
            }
        }
    }

    private void cleanup() {
        if (this.roleProviderVector.size() == 0) {
            return;
        }
        for (int i = 0; i < this.roleProviderVector.size(); i++) {
            ((RoleProvider) this.roleProviderVector.elementAt(i)).shutdown();
        }
        this.roleProviderVector = null;
        if (this.deployableRoleProviderVector != null) {
            this.deployableRoleProviderVector.clear();
            this.deployableRoleProviderVector = null;
        }
    }
}
