package weblogic.security.subject;

import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import weblogic.kernel.AuditableThread;

/* loaded from: input_file:weblogic.jar:weblogic/security/subject/SubjectManager.class */
public abstract class SubjectManager implements SubjectStack {
    private static final GetKernelIdentityAction THE_ONE = new GetKernelIdentityAction(null);
    protected static final Permission KERNEL_PERM = new RuntimePermission("weblogic.kernelPermission");
    private static SubjectManager singleton;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic.jar:weblogic/security/subject/SubjectManager$GetKernelIdentityAction.class */
    public static final class GetKernelIdentityAction implements PrivilegedAction {
        private GetKernelIdentityAction() {
        }

        @Override // java.security.PrivilegedAction
        public final Object run() {
            return SubjectManager.getSubjectManager().getKernelIdentity();
        }

        GetKernelIdentityAction(AnonymousClass1 anonymousClass1) {
            this();
        }
    }

    /* loaded from: input_file:weblogic.jar:weblogic/security/subject/SubjectManager$SetSubjectManagerAction.class */
    private static final class SetSubjectManagerAction implements PrivilegedAction {
        private final SubjectManager manager;

        private SetSubjectManagerAction(SubjectManager subjectManager) {
            this.manager = subjectManager;
        }

        @Override // java.security.PrivilegedAction
        public final Object run() {
            SubjectManager.setSubjectManager(this.manager);
            return null;
        }

        SetSubjectManagerAction(SubjectManager subjectManager, AnonymousClass1 anonymousClass1) {
            this(subjectManager);
        }
    }

    public static final PrivilegedAction getKernelIdentityAction() {
        return THE_ONE;
    }

    public static final Permission getKernelPermission() {
        return KERNEL_PERM;
    }

    public void checkKernelPermission() {
        AccessController.checkPermission(KERNEL_PERM);
    }

    public boolean isKernelIdentity(AbstractSubject abstractSubject) {
        return abstractSubject == getKernelIdentity();
    }

    public void checkKernelIdentity(AbstractSubject abstractSubject) {
        if (isKernelIdentity(abstractSubject)) {
        } else {
            throw new SecurityException(new StringBuffer().append("Subject '").append(abstractSubject == null ? "<null>" : abstractSubject.toString()).append("' is not the kernel identity").toString());
        }
    }

    protected abstract AbstractSubject getKernelIdentity();

    public static final SubjectManager getSubjectManager() {
        return singleton == null ? new SubjectManager() { // from class: weblogic.security.subject.SubjectManager.1
            @Override // weblogic.security.subject.SubjectManager
            protected AbstractSubject getKernelIdentity() {
                return null;
            }

            @Override // weblogic.security.subject.SubjectStack
            public AbstractSubject getCurrentSubject(AbstractSubject abstractSubject) {
                throw new SecurityException("SubjectManager not installed");
            }

            @Override // weblogic.security.subject.SubjectStack
            public AbstractSubject getCurrentSubject(AbstractSubject abstractSubject, AuditableThread auditableThread) {
                throw new SecurityException("SubjectManager not installed");
            }

            @Override // weblogic.security.subject.SubjectStack
            public void pushSubject(AbstractSubject abstractSubject, AbstractSubject abstractSubject2) {
                throw new SecurityException("SubjectManager not installed");
            }

            @Override // weblogic.security.subject.SubjectStack
            public void popSubject(AbstractSubject abstractSubject) {
                throw new SecurityException("SubjectManager not installed");
            }

            @Override // weblogic.security.subject.SubjectManager
            protected AbstractSubject createAbstractSubject(Subject subject) {
                throw new SecurityException("SubjectManager not installed");
            }
        } : singleton;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final boolean subjectManagerInstalled() {
        return singleton != null;
    }

    public static final void setSubjectManager(SubjectManager subjectManager) {
        if (singleton != null) {
            AccessController.checkPermission(KERNEL_PERM);
        }
        singleton = subjectManager;
    }

    public static final PrivilegedAction setSubjectManagerAction(SubjectManager subjectManager) {
        return new SetSubjectManagerAction(subjectManager, null);
    }

    public Object runAs(Subject subject, PrivilegedAction privilegedAction) {
        if (subject == null) {
            throw new SecurityException("Null user identity");
        }
        return getAbstractSubject(subject).doAs(getKernelIdentity(), privilegedAction);
    }

    public Object runAs(Subject subject, PrivilegedExceptionAction privilegedExceptionAction) throws PrivilegedActionException {
        if (subject == null) {
            throw new SecurityException("Null user identity");
        }
        return getAbstractSubject(subject).doAs(getKernelIdentity(), privilegedExceptionAction);
    }

    protected abstract AbstractSubject createAbstractSubject(Subject subject);

    private final AbstractSubject getAbstractSubject(Subject subject) {
        return (AbstractSubject) AccessController.doPrivileged(new PrivilegedAction(this, subject) { // from class: weblogic.security.subject.SubjectManager.2
            private final Subject val$subject;
            private final SubjectManager this$0;

            {
                this.this$0 = this;
                this.val$subject = subject;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                for (Object obj : this.val$subject.getPrivateCredentials()) {
                    if (obj instanceof AbstractSubject) {
                        return obj;
                    }
                }
                return this.this$0.createAbstractSubject(this.val$subject);
            }
        });
    }
}
