package weblogic.connector.common.internal;

import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Vector;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NameClassPair;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.resource.spi.ConnectionRequestInfo;
import javax.resource.spi.ManagedConnectionFactory;
import javax.resource.spi.security.GenericCredential;
import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
import weblogic.connector.ConnectorLogger;
import weblogic.connector.common.ConnectorDebug;
import weblogic.connector.deploy.DeployerUtil;
import weblogic.management.configuration.ConnectorComponentMBean;
import weblogic.management.descriptors.connector.ConnectorDescriptorMBean;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.AuthorizationManager;
import weblogic.security.service.CredentialManager;
import weblogic.security.service.EISResource;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.spi.CredentialMapper;

/* loaded from: input_file:weblogic.jar:weblogic/connector/common/internal/SecurityContext.class */
public final class SecurityContext {
    public static final boolean DEBUG = ConnectorDebug.debugConnectorAllocConnection;
    public static String SHARED_APPNAME = "WEBLOGIC_SHAREDAPP";
    private static String ipAnonymousConnectionsName = "weblogic_ra_anonymous";
    private static String ipInitialConnectionsName = "weblogic_ra_initial";
    private static String ipDefaultConnectionsName = "weblogic_ra_default";
    private static AuthenticatedSubject kernelId = null;
    private AuthorizationManager am = null;
    private ConnectionRequestInfo clientInfo;
    private boolean isContainerManaged;
    private boolean shareable;
    private String poolName;
    private Subject rpSubject;
    private ConnectorDescriptorMBean descrMBean;
    private ConnectorComponentMBean connMBean;
    private EISResource eisRes;

    public SecurityContext(ConnectorDescriptorMBean connectorDescriptorMBean, ConnectorComponentMBean connectorComponentMBean, String str, ManagedConnectionFactory managedConnectionFactory, ConnectionRequestInfo connectionRequestInfo, boolean z) {
        initialize(connectorDescriptorMBean, connectorComponentMBean, str, managedConnectionFactory, connectionRequestInfo, z);
    }

    private static void debug(String str, String str2) {
        if (ConnectorDebug.debugConnectorAllocConnection) {
            ConnectorDebug.debug(str, str2);
        }
    }

    private void initialize(ConnectorDescriptorMBean connectorDescriptorMBean, ConnectorComponentMBean connectorComponentMBean, String str, ManagedConnectionFactory managedConnectionFactory, ConnectionRequestInfo connectionRequestInfo, boolean z) {
        if (kernelId == null) {
            kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
        }
        this.am = (AuthorizationManager) SecurityServiceManager.getSecurityService(kernelId, SecurityServiceManager.getDefaultRealmName(), SecurityService.ServiceType.AUTHORIZE);
        this.descrMBean = connectorDescriptorMBean;
        this.connMBean = connectorComponentMBean;
        this.poolName = str;
        this.clientInfo = connectionRequestInfo;
        this.isContainerManaged = true;
        this.shareable = true;
        this.rpSubject = null;
        this.eisRes = getEISResource(connectorComponentMBean, connectorDescriptorMBean);
        debug(new StringBuffer().append("Initializing SecurityContext with AppName = ").append(this.eisRes.getApplicationName()).append(", ModuleName = ").append(this.eisRes.getModuleName()).append(", EIS Type = ").append(this.eisRes.getType()).append(", ResourceId = ").append(this.eisRes.toString()).toString());
        initSubject(managedConnectionFactory, z);
    }

    private void initSubject(ManagedConnectionFactory managedConnectionFactory, boolean z) {
        Vector credentials = getCredentials(z);
        if (credentials == null || credentials.size() <= 0) {
            if (this.isContainerManaged && DEBUG) {
                ConnectorLogger.logNoResourcePrincipalFound();
                return;
            }
            return;
        }
        this.rpSubject = new Subject();
        for (int i = 0; i < credentials.size(); i++) {
            Object obj = credentials.get(i);
            if (obj instanceof PasswordCredential) {
                PasswordCredential passwordCredential = (PasswordCredential) obj;
                passwordCredential.setManagedConnectionFactory(managedConnectionFactory);
                ResourcePrincipal resourcePrincipal = new ResourcePrincipal(passwordCredential.getUserName(), new String(passwordCredential.getPassword()));
                debug(new StringBuffer().append("Adding resource principal Username: ").append(passwordCredential.getUserName()).toString());
                AccessController.doPrivileged(new PrivilegedAction(this, resourcePrincipal, passwordCredential) { // from class: weblogic.connector.common.internal.SecurityContext.1
                    private final ResourcePrincipal val$rp;
                    private final PasswordCredential val$pc;
                    private final SecurityContext this$0;

                    {
                        this.this$0 = this;
                        this.val$rp = resourcePrincipal;
                        this.val$pc = passwordCredential;
                    }

                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        this.this$0.rpSubject.getPrincipals().add(this.val$rp);
                        this.this$0.rpSubject.getPrivateCredentials().add(this.val$pc);
                        return null;
                    }
                });
            } else if (obj instanceof GenericCredential) {
                GenericCredential genericCredential = (GenericCredential) obj;
                ResourcePrincipal resourcePrincipal2 = new ResourcePrincipal(genericCredential.getName(), "");
                debug(new StringBuffer().append("Adding resource principal Username: ").append(genericCredential.getName()).toString());
                AccessController.doPrivileged(new PrivilegedAction(this, resourcePrincipal2, genericCredential) { // from class: weblogic.connector.common.internal.SecurityContext.2
                    private final ResourcePrincipal val$rp;
                    private final GenericCredential val$gc;
                    private final SecurityContext this$0;

                    {
                        this.this$0 = this;
                        this.val$rp = resourcePrincipal2;
                        this.val$gc = genericCredential;
                    }

                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        this.this$0.rpSubject.getPrincipals().add(this.val$rp);
                        this.this$0.rpSubject.getPrivateCredentials().add(this.val$gc);
                        return null;
                    }
                });
            } else {
                debug(new StringBuffer().append("An unsupported credential type was encountered and will be ignored:  ").append(obj.getClass().getName()).toString());
            }
        }
        setSubjectReadOnly(this.rpSubject);
    }

    private void logUsingAppManagedSecurity() {
        debug("Establishing Security Context for Application Managed client");
        if (this.clientInfo == null && DEBUG) {
            ConnectorLogger.logNoConnectionRequestInfo();
        }
    }

    private void checkResourceReference() throws NamingException {
        try {
            Object lookup = new InitialContext().lookup("java:/comp/env/wls-connector-resref");
            if (lookup == null && ConnectorDebug.debugConnectorAllocConnection) {
                ConnectorDebug.debug(this.poolName, new StringBuffer().append("SecurityContext.checkResourceReference() returned null entry for ").append("java:/comp/env/wls-connector-resref").append(" of calling component").toString());
            } else if (lookup != null) {
                processResourceReference((Context) lookup);
            }
        } catch (NameNotFoundException e) {
            if (ConnectorDebug.debugConnectorAllocConnection) {
                ConnectorDebug.debug(this.poolName, new StringBuffer().append("SecurityContext.checkResourceReference() couldn't find ").append("java:/comp/env/wls-connector-resref").append(" for calling component").toString());
            }
        }
    }

    private boolean processResourceReference(Context context) throws NamingException {
        boolean z = false;
        NamingEnumeration list = context.list("");
        while (true) {
            if (!list.hasMore() || z) {
                break;
            }
            NameClassPair nameClassPair = (NameClassPair) list.next();
            if (nameClassPair.getClassName().endsWith("NamingNode")) {
                z = processResourceReference((Context) context.lookup(nameClassPair.getName()));
                if (z) {
                    break;
                }
            } else if (nameClassPair.getName().endsWith("JNDI")) {
                String name = nameClassPair.getName();
                debug(new StringBuffer().append("Found JNDI entry \"").append(name).append("\" in wls-connector-resref context -- looking it up...").toString());
                String obj = context.lookup(name).toString();
                debug(new StringBuffer().append("Lookup of \"").append(name).append("\" yields: \"").append(obj).append("\", comparing with \"").append(this.descrMBean.getWeblogicRAMBean().getJndiName()).append("\"").toString());
                if (obj == null || !obj.equalsIgnoreCase(this.descrMBean.getWeblogicRAMBean().getJndiName())) {
                    debug("Skipping non-matching JNDIName");
                } else {
                    debug(new StringBuffer().append("Found matching entry with jndiName: ").append(obj).toString());
                    String lookupResAttr = lookupResAttr(name, context, "Auth");
                    if (lookupResAttr != null) {
                        this.isContainerManaged = !lookupResAttr.equalsIgnoreCase("Application");
                        if (DEBUG) {
                            ConnectorLogger.logRequestedSecurityType(obj, lookupResAttr);
                        }
                    }
                    String lookupResAttr2 = lookupResAttr(name, context, "SharingScope");
                    if (lookupResAttr2 != null) {
                        this.shareable = lookupResAttr2.equalsIgnoreCase("Shareable");
                        if (DEBUG) {
                        }
                    } else {
                        this.shareable = true;
                    }
                    z = true;
                }
            } else {
                debug("Skipping non-JNDI Entry in context");
            }
        }
        return z;
    }

    private String lookupResAttr(String str, Context context, String str2) {
        Object obj = null;
        String str3 = null;
        String stringBuffer = new StringBuffer().append(str.substring(0, str.length() - 4)).append(str2).toString();
        debug(new StringBuffer().append("Now looking up: \"").append(stringBuffer).append("\" ...").toString());
        try {
            obj = context.lookup(stringBuffer);
        } catch (NamingException e) {
        }
        if (obj != null) {
            str3 = obj.toString();
        }
        return str3;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void debug(String str) {
        debug(this.poolName, str);
    }

    private void setSubjectReadOnly(Subject subject) {
        AccessController.doPrivileged(new PrivilegedAction(this, subject) { // from class: weblogic.connector.common.internal.SecurityContext.3
            private final Subject val$subject;
            private final SecurityContext this$0;

            {
                this.this$0 = this;
                this.val$subject = subject;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    this.val$subject.setReadOnly();
                    return null;
                } catch (SecurityException e) {
                    this.this$0.debug(new StringBuffer().append("WARNING:  Failed to modify Subject to be read-only:  ").append(e).toString());
                    return null;
                }
            }
        });
    }

    public static EISResource getEISResource(ConnectorComponentMBean connectorComponentMBean, ConnectorDescriptorMBean connectorDescriptorMBean) {
        String str = "";
        String str2 = "";
        if (connectorComponentMBean != null && connectorComponentMBean.getApplication() != null) {
            str = connectorComponentMBean.getApplication().getName();
        }
        if (str == null || str.length() == 0) {
            str = SHARED_APPNAME;
        }
        String name = connectorComponentMBean != null ? connectorComponentMBean.getName() : "";
        if (connectorDescriptorMBean != null && connectorDescriptorMBean.getRAMBean() != null) {
            str2 = connectorDescriptorMBean.getRAMBean().getConnectorEisType();
        }
        return new EISResource(str, name, str2);
    }

    public boolean isAccessAllowed() {
        boolean isAccessAllowed = this.am.isAccessAllowed(SecurityServiceManager.getCurrentSubject(kernelId), this.eisRes, null);
        if (!isAccessAllowed) {
            ConnectorLogger.logAccessDeniedWarning(this.poolName, this.eisRes.getApplicationName(), this.eisRes.getModuleName(), this.eisRes.getEISName());
        }
        return isAccessAllowed;
    }

    public boolean isContainerManaged() {
        return this.isContainerManaged;
    }

    public boolean isEmptyContext() {
        return this.rpSubject == null && this.clientInfo == null;
    }

    public ConnectionRequestInfo getClientInfo() {
        return this.clientInfo;
    }

    public Subject getSubject() {
        return this.rpSubject;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isShareable() {
        return this.shareable;
    }

    private Vector getInitialCredentials() {
        debug("Looking up credentials for initial connections");
        Vector credentials = getCredentials(ipInitialConnectionsName);
        if (credentials == null || credentials.size() == 0) {
            debug("No credentials explicitly provided for initial connections.  Will attempt to find default credentials.");
            credentials = getDefaultCredentials();
        } else {
            debug("Using provided credentials for initial connections.");
        }
        return credentials;
    }

    private Vector getAnonymousCredentials() {
        debug("No authenticated user, so looking up anonymous credentials");
        Vector credentials = getCredentials(ipAnonymousConnectionsName);
        if (credentials == null || credentials.size() == 0) {
            debug("No credentials provided for anonymous users.  Will try to find default credentials.");
        } else {
            debug("Using provided credentials for anonymous users");
        }
        return credentials;
    }

    private Vector getDefaultCredentials() {
        debug("Looking up default credentials");
        Vector credentials = getCredentials(ipDefaultConnectionsName);
        if (credentials == null || credentials.size() == 0) {
            debug("No default credentials are provided");
        } else {
            debug("Using provided default credentials");
        }
        return credentials;
    }

    private Vector getNonInitialCredentials() {
        Vector vector;
        try {
            checkResourceReference();
        } catch (NamingException e) {
            ConnectorLogger.logContextProcessingError(e);
        }
        if (this.isContainerManaged) {
            AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(kernelId);
            vector = (currentSubject == null || currentSubject.getPrincipals() == null || currentSubject.getPrincipals().size() == 0) ? getAnonymousCredentials() : getCredentials(currentSubject);
            if (vector == null || vector.size() == 0) {
                vector = getDefaultCredentials();
            }
        } else {
            vector = null;
            logUsingAppManagedSecurity();
        }
        return vector;
    }

    private Vector getCredentials(boolean z) {
        return z ? getInitialCredentials() : getNonInitialCredentials();
    }

    private Vector getCredentials(String str) {
        return getTheCredentials(str);
    }

    private Vector getCredentials(AuthenticatedSubject authenticatedSubject) {
        return getTheCredentials(authenticatedSubject);
    }

    private Vector getTheCredentials(Object obj) {
        Vector vector = null;
        if (obj == null) {
            return null;
        }
        if (getCredentialTypes() == null) {
            debug("No credential types have been specified. Therefore no credentials can be attempted to be found.");
            return null;
        }
        CredentialManager credentialManager = (CredentialManager) SecurityServiceManager.getSecurityService(kernelId, SecurityServiceManager.getDefaultRealmName(), SecurityService.ServiceType.CREDENTIALMANAGER);
        if (credentialManager != null) {
            debug(new StringBuffer().append("Looking up credentials for initiating principal:  ").append(getUserName(obj)).toString());
            if (obj instanceof String) {
                vector = credentialManager.getCredentials(kernelId, (String) obj, this.eisRes, getCredentialTypes());
            } else if (obj instanceof AuthenticatedSubject) {
                vector = credentialManager.getCredentials(kernelId, (AuthenticatedSubject) obj, this.eisRes, getCredentialTypes());
            }
            if (vector == null || vector.size() == 0) {
                debug(new StringBuffer().append("No credentials explicitly provided for initiating principal: ").append(getUserName(obj)).append(".  Will attempt to find default.").toString());
            } else {
                debug(new StringBuffer().append("Using provided credentials for initiating principal:  ").append(getUserName(obj)).toString());
            }
        } else {
            debug("No Credential Manager configured.  Server will not be able to provide any credentials.");
        }
        return vector;
    }

    private String getUserName(Object obj) {
        return obj instanceof String ? (String) obj : obj instanceof AuthenticatedSubject ? SubjectUtils.getUsername((AuthenticatedSubject) obj) : obj.toString();
    }

    private String[] getCredentialTypes() {
        HashSet authenticationMechanism = DeployerUtil.getAuthenticationMechanism(this.descrMBean);
        if (authenticationMechanism == null) {
            debug("No authentication mechanisms were specified. Therefore no credential types can be attempted to be found.");
            return null;
        }
        String[] strArr = new String[authenticationMechanism.size()];
        Iterator it = authenticationMechanism.iterator();
        int i = 0;
        while (it.hasNext()) {
            strArr[i] = (String) ((Hashtable) it.next()).get("authentication-mechanism-type");
            if (strArr[i].equalsIgnoreCase("BasicPassword")) {
                strArr[i] = CredentialMapper.USER_PASSWORD_TYPE;
            }
            i++;
        }
        return strArr;
    }
}
