package weblogic.security.utils;

import javax.security.auth.Subject;
import weblogic.entitlement.expression.AdjudicationException;
import weblogic.entitlement.expression.Context;
import weblogic.entitlement.predicate.DefaultPredicateArgument;
import weblogic.entitlement.predicate.DefaultPredicateDescription;
import weblogic.entitlement.predicate.IllegalPredicateArgumentException;
import weblogic.entitlement.predicate.Predicate;
import weblogic.entitlement.predicate.PredicateArgument;
import weblogic.entitlement.predicate.PredicateDescription;
import weblogic.logging.LogOutputStream;
import weblogic.security.SecurityLogger;
import weblogic.security.service.SecurityServiceManager;

/* loaded from: input_file:weblogic.jar:weblogic/security/utils/SignaturePredicate.class */
public class SignaturePredicate implements Predicate {
    public static final String GROUP_TYPE = "group";
    public static final String USERNAME_TYPE = "user";
    private boolean debug;
    private LogOutputStream log;
    private PredicateDescription predDescr = null;
    private boolean isUser = false;
    private String signatureType = null;
    private String signedBy = null;

    public SignaturePredicate() {
        this.debug = false;
        this.log = null;
        try {
            if (this.debug) {
                this.log = SecurityServiceManager.getSecurityDebugLog();
                if (this.log == null) {
                    this.debug = false;
                }
            }
        } catch (Exception e) {
        }
    }

    @Override // weblogic.entitlement.predicate.Predicate
    public void init(String[] strArr) throws IllegalPredicateArgumentException {
        if (strArr == null || strArr.length != 3) {
            throw new IllegalPredicateArgumentException(SecurityLogger.getThreeArgumentsRequired());
        }
        String str = strArr[0];
        if (GROUP_TYPE.equalsIgnoreCase(str)) {
            this.isUser = false;
        } else {
            if (!"user".equalsIgnoreCase(str)) {
                throw new IllegalPredicateArgumentException(SecurityLogger.getTypeMustValueIs(GROUP_TYPE, "user", str));
            }
            this.isUser = true;
        }
        this.signatureType = new StringBuffer().append("Integrity{").append(strArr[1]).append("}").toString();
        if (this.signatureType == null) {
            throw new IllegalPredicateArgumentException(SecurityLogger.getSignatureTypeCanNotBeNull());
        }
        this.signedBy = strArr[2];
        if (this.signedBy == null) {
            throw new IllegalPredicateArgumentException(SecurityLogger.getSignedByCanNotBeNull());
        }
        if (this.debug) {
            this.log.debug(new StringBuffer().append("**** Signature Predicate init(): isUser = ").append(this.isUser).append(" sig type = ").append(this.signatureType).append(" signed by = ").append(this.signedBy).toString());
        }
    }

    @Override // weblogic.entitlement.predicate.Predicate
    public boolean evaluate(Context context) throws AdjudicationException {
        if (context == null) {
            if (!this.debug) {
                return false;
            }
            this.log.debug("**** Signature Predicate evaluate(): context is null");
            return false;
        }
        Subject subject = (Subject) context.getValue(this.signatureType);
        if (subject == null) {
            if (!this.debug) {
                return false;
            }
            this.log.debug("**** Signature Predicate evaluate(): signer is null");
            return false;
        }
        ESubjectImpl eSubjectImpl = new ESubjectImpl(subject);
        if (this.isUser) {
            boolean isUser = eSubjectImpl.isUser(this.signedBy);
            if (this.debug) {
                this.log.debug(new StringBuffer().append("**** Signature Predicate evaluate(): matchUser is ").append(isUser).toString());
            }
            return isUser;
        }
        boolean isMemberOf = eSubjectImpl.isMemberOf(this.signedBy);
        if (this.debug) {
            this.log.debug(new StringBuffer().append("**** Signature Predicate evaluate(): matchGroup is ").append(isMemberOf).toString());
        }
        return isMemberOf;
    }

    @Override // weblogic.entitlement.predicate.Predicate
    public PredicateDescription getDescription() {
        if (this.predDescr == null) {
            PredicateArgument[] predicateArgumentArr = new PredicateArgument[3];
            try {
                predicateArgumentArr[0] = new DefaultPredicateArgument("type", "java.lang.String", "user or group type", true, null);
                predicateArgumentArr[1] = new DefaultPredicateArgument("signatureType", "java.lang.String", "signature type", true, null);
                predicateArgumentArr[2] = new DefaultPredicateArgument("signedBy", "java.lang.String", "signed by value", true, null);
            } catch (ClassNotFoundException e) {
            }
            this.predDescr = new DefaultPredicateDescription("weblogic.security.providers.SignaturePredicate", "descr", predicateArgumentArr);
        }
        return this.predDescr;
    }
}
