package weblogic.security.acl.internal;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.security.Principal;
import java.security.acl.Acl;
import java.security.acl.AclEntry;
import java.security.acl.Group;
import java.security.acl.NotOwnerException;
import java.security.acl.Permission;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import weblogic.security.SecurityLogger;
import weblogic.security.acl.AclEntryImpl;
import weblogic.security.acl.AclImpl;
import weblogic.security.acl.CertAuthentication;
import weblogic.security.acl.DefaultUserImpl;
import weblogic.security.acl.DefaultUserInfoImpl;
import weblogic.security.acl.GroupImpl;
import weblogic.security.acl.ManageableRealm;
import weblogic.security.acl.PermissionImpl;
import weblogic.security.acl.SSLUserInfo;
import weblogic.security.acl.User;
import weblogic.security.acl.UserInfo;
import weblogic.security.audit.Audit;

/* loaded from: input_file:weblogic.jar:weblogic/security/acl/internal/DefaultRealmImpl.class */
public final class DefaultRealmImpl implements ManageableRealm {
    private static final long serialVersionUID = -2094130678440103135L;
    private static final String ACL_OWNER_NAME = "system";
    String name;
    private DefaultUserImpl aclOwner;
    protected Hashtable users = new Hashtable();
    protected Hashtable groups = new Hashtable();
    protected Hashtable acls = new Hashtable();
    protected Hashtable permissions = new Hashtable();

    @Override // weblogic.security.acl.BasicRealm
    public void init(String str, Object obj) throws NotOwnerException {
        if (this.aclOwner != null && this.aclOwner != getAclOwner(obj)) {
            throw new NotOwnerException();
        }
        this.name = str;
        this.aclOwner = new DefaultUserImpl(ACL_OWNER_NAME, obj, this);
    }

    @Override // weblogic.security.acl.BasicRealm
    public String getName() {
        return this.name;
    }

    @Override // weblogic.security.acl.BasicRealm
    public User getUser(String str) {
        return (User) this.users.get(str);
    }

    @Override // weblogic.security.acl.BasicRealm
    public User getUser(UserInfo userInfo) {
        return authInternal(userInfo);
    }

    private User authInternal(UserInfo userInfo) {
        User user = null;
        if (userInfo instanceof DefaultUserInfoImpl) {
            DefaultUserInfoImpl defaultUserInfoImpl = (DefaultUserInfoImpl) userInfo;
            String name = defaultUserInfoImpl.getName();
            if (defaultUserInfoImpl.hasCertificates()) {
                user = authCertificates(name, defaultUserInfoImpl.getCertificates());
            }
            if (user == null && defaultUserInfoImpl.hasPassword()) {
                user = authUserPassword(defaultUserInfoImpl);
            }
            if (user == null && (defaultUserInfoImpl instanceof SSLUserInfo)) {
                user = authSSLCertificates(name, ((SSLUserInfo) defaultUserInfoImpl).getSSLCertificates());
            }
        } else {
            user = authUserPassword(userInfo);
        }
        return user;
    }

    private User authUserPassword(UserInfo userInfo) {
        User user = getUser(userInfo.getName());
        User user2 = ((user instanceof DefaultUserImpl) && ((DefaultUserImpl) user).hasMatchingInfo(userInfo)) ? user : null;
        Audit.authenticateUser("Default Realm", userInfo, user2);
        return user2;
    }

    private User authCertificates(String str, Vector vector) {
        User authenticate = CertAuthentication.authenticate(str, vector, false);
        if (authenticate != null) {
            return getUser(authenticate.getName());
        }
        return null;
    }

    private User authSSLCertificates(String str, Vector vector) {
        User authenticate = CertAuthentication.authenticate(str, vector, true);
        if (authenticate != null) {
            return getUser(authenticate.getName());
        }
        return null;
    }

    @Override // weblogic.security.acl.BasicRealm
    public Principal getAclOwner(Object obj) {
        if (this.aclOwner.hasMatchingInfo(new DefaultUserInfoImpl(ACL_OWNER_NAME, obj, this.name))) {
            return this.aclOwner;
        }
        return null;
    }

    @Override // weblogic.security.acl.BasicRealm
    public Group getGroup(String str) {
        return (Group) this.groups.get(str);
    }

    @Override // weblogic.security.acl.BasicRealm
    public Acl getAcl(String str) {
        return (Acl) this.acls.get(str);
    }

    @Override // weblogic.security.acl.BasicRealm
    public Acl getAcl(String str, char c) {
        Acl acl = getAcl(str);
        int lastIndexOf = str.lastIndexOf(c);
        while (true) {
            int i = lastIndexOf;
            if (acl != null || i < 0) {
                break;
            }
            str = str.substring(0, i);
            acl = getAcl(str);
            lastIndexOf = str.lastIndexOf(c, i - 1);
        }
        return acl;
    }

    @Override // weblogic.security.acl.BasicRealm
    public Permission getPermission(String str) {
        if (str == null) {
            return null;
        }
        Permission permission = (Permission) this.permissions.get(str);
        return permission != null ? permission : newPermission(str);
    }

    @Override // weblogic.security.acl.BasicRealm
    public void load(String str, Object obj) throws ClassNotFoundException, IOException, NotOwnerException {
        if (this.aclOwner != null && this.aclOwner != getAclOwner(obj)) {
            throw new NotOwnerException();
        }
        File file = new File(str);
        if (file.exists()) {
            ObjectInputStream objectInputStream = new ObjectInputStream(new BufferedInputStream(new FileInputStream(file)));
            Hashtable hashtable = (Hashtable) objectInputStream.readObject();
            Hashtable hashtable2 = (Hashtable) objectInputStream.readObject();
            Hashtable hashtable3 = (Hashtable) objectInputStream.readObject();
            Hashtable hashtable4 = (Hashtable) objectInputStream.readObject();
            this.users = hashtable;
            this.groups = hashtable2;
            this.permissions = hashtable3;
            this.acls = hashtable4;
        }
    }

    @Override // weblogic.security.acl.BasicRealm
    public void save(String str) throws IOException {
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(new BufferedOutputStream(new FileOutputStream(str)));
        objectOutputStream.writeObject(str);
        objectOutputStream.writeObject(this.users);
        objectOutputStream.writeObject(this.groups);
        objectOutputStream.writeObject(this.permissions);
        objectOutputStream.writeObject(this.acls);
        closeOS(objectOutputStream);
    }

    private void closeOS(OutputStream outputStream) throws IOException {
        outputStream.close();
    }

    @Override // weblogic.security.acl.ListableRealm
    public Enumeration getUsers() {
        return this.users.elements();
    }

    @Override // weblogic.security.acl.ListableRealm
    public Enumeration getGroups() {
        return this.groups.elements();
    }

    @Override // weblogic.security.acl.ListableRealm
    public Enumeration getAcls() {
        return this.acls.elements();
    }

    @Override // weblogic.security.acl.ListableRealm
    public Enumeration getPermissions() {
        return this.permissions.elements();
    }

    @Override // weblogic.security.acl.ManageableRealm
    public User newUser(String str, Object obj, Object obj2) throws SecurityException {
        if (getUser(str) != null || getGroup(str) != null) {
            throw new SecurityException(new StringBuffer().append("Principal ").append(str).append(" already defined in realm ").append(getName()).toString());
        }
        DefaultUserImpl defaultUserImpl = new DefaultUserImpl(str, obj, this);
        this.users.put(str, defaultUserImpl);
        return defaultUserImpl;
    }

    @Override // weblogic.security.acl.ManageableRealm
    public Group newGroup(String str) throws SecurityException {
        if (getGroup(str) != null) {
            throw new SecurityException(new StringBuffer().append("Group ").append(str).append(" already defined in realm ").append(getName()).toString());
        }
        GroupImpl groupImpl = new GroupImpl(str);
        this.groups.put(str, groupImpl);
        return groupImpl;
    }

    @Override // weblogic.security.acl.ManageableRealm
    public Acl newAcl(Principal principal, String str) throws SecurityException {
        if (this.aclOwner != principal) {
            throw new SecurityException(new StringBuffer().append(principal).append(" does not own the ACL").toString());
        }
        AclImpl aclImpl = new AclImpl(principal, str);
        this.acls.put(str, aclImpl);
        return aclImpl;
    }

    @Override // weblogic.security.acl.ManageableRealm
    public Permission newPermission(String str) throws SecurityException {
        PermissionImpl permissionImpl = new PermissionImpl(str);
        this.permissions.put(str, permissionImpl);
        return permissionImpl;
    }

    @Override // weblogic.security.acl.ManageableRealm
    public void deleteUser(User user) throws SecurityException {
        this.users.remove(user.getName());
        deletePrincipal(user);
    }

    @Override // weblogic.security.acl.ManageableRealm
    public void deleteGroup(Group group) throws SecurityException {
        this.groups.remove(group.getName());
        deletePrincipal(group);
    }

    @Override // weblogic.security.acl.ManageableRealm
    public void deletePermission(Permission permission) throws SecurityException {
        this.permissions.remove(permission instanceof PermissionImpl ? ((PermissionImpl) permission).getName() : permission.toString());
    }

    protected void deletePrincipal(Principal principal) {
        synchronized (this.acls) {
            Enumeration keys = ((Hashtable) this.acls.clone()).keys();
            while (keys.hasMoreElements()) {
                Acl acl = getAcl(keys.nextElement().toString());
                Acl newAcl = newAcl(this.aclOwner, acl.getName());
                Enumeration<AclEntry> entries = acl.entries();
                while (entries.hasMoreElements()) {
                    AclEntry nextElement = entries.nextElement();
                    if (!nextElement.getPrincipal().equals(principal)) {
                        try {
                            newAcl.addEntry(this.aclOwner, nextElement);
                        } catch (NotOwnerException e) {
                        }
                    }
                }
            }
        }
    }

    @Override // weblogic.security.acl.ManageableRealm
    public void deleteAcl(Principal principal, Acl acl) throws SecurityException {
        if (this.aclOwner != principal) {
            throw new SecurityException(new StringBuffer().append(principal).append(" does not own the ACL").toString());
        }
        this.acls.remove(acl.getName());
    }

    @Override // weblogic.security.acl.ManageableRealm
    public void setPermission(Acl acl, Principal principal, Permission permission, boolean z) {
        try {
            AclEntry aclEntry = null;
            AclEntry aclEntry2 = null;
            Enumeration<AclEntry> entries = acl.entries();
            while (entries.hasMoreElements()) {
                AclEntry nextElement = entries.nextElement();
                if (nextElement.getPrincipal().equals(principal)) {
                    acl.removeEntry(this.aclOwner, nextElement);
                    if (nextElement.isNegative()) {
                        aclEntry2 = nextElement;
                    } else {
                        aclEntry = nextElement;
                    }
                }
            }
            if (z) {
                if (aclEntry == null) {
                    aclEntry = new AclEntryImpl(principal);
                }
                addRemove(acl, aclEntry, aclEntry2, permission);
            } else {
                if (aclEntry2 == null) {
                    aclEntry2 = new AclEntryImpl(principal);
                    aclEntry2.setNegativePermissions();
                }
                addRemove(acl, aclEntry2, aclEntry, permission);
            }
        } catch (NotOwnerException e) {
            SecurityLogger.logStackTrace(e);
            throw new InternalError("aclOwner not owner");
        }
    }

    private void addRemove(Acl acl, AclEntry aclEntry, AclEntry aclEntry2, Permission permission) throws NotOwnerException {
        aclEntry.addPermission(permission);
        acl.addEntry(this.aclOwner, aclEntry);
        if (aclEntry2 == null) {
            return;
        }
        aclEntry2.removePermission(permission);
        if (aclEntry2.permissions().hasMoreElements()) {
            acl.addEntry(this.aclOwner, aclEntry2);
        }
    }
}
