package weblogic.security.provider;

import java.security.Principal;
import weblogic.logging.LogOutputStream;
import weblogic.management.Admin;
import weblogic.security.HMAC;
import weblogic.security.principal.WLSAbstractPrincipal;
import weblogic.security.principal.WLSPrincipal;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.spi.PrincipalValidator;
import weblogic.utils.collections.SecondChanceCacheMap;

/* loaded from: input_file:weblogic.jar:weblogic/security/provider/PrincipalValidatorImpl.class */
public class PrincipalValidatorImpl implements PrincipalValidator {
    private byte[] secret;
    private boolean debug;
    private LogOutputStream log;
    private final int sigCacheSize = 100;
    private SecondChanceCacheMap sigCache;
    static Class class$weblogic$security$principal$WLSPrincipal;

    /* loaded from: input_file:weblogic.jar:weblogic/security/provider/PrincipalValidatorImpl$SigCacheEntry.class */
    private final class SigCacheEntry {
        byte[] sig;
        byte[] salt;
        private final PrincipalValidatorImpl this$0;

        SigCacheEntry(PrincipalValidatorImpl principalValidatorImpl, byte[] bArr, byte[] bArr2) {
            this.this$0 = principalValidatorImpl;
            this.sig = bArr;
            this.salt = bArr2;
        }
    }

    public PrincipalValidatorImpl() {
        this.debug = false;
        this.log = null;
        this.sigCache = null;
        if (Admin.getInstance().getLocalServer() != null) {
            this.debug = Admin.getInstance().getLocalServer().getServerDebug().getDebugSecurityAtn();
        }
        if (this.debug) {
            this.log = SecurityServiceManager.getSecurityDebugLog();
            if (this.log == null) {
                this.log = new LogOutputStream("PrincipalValidatorDebug");
            }
        }
        this.secret = Admin.getInstance().getActiveDomain().getSecurityConfiguration().getCredential().getBytes();
        this.sigCache = new SecondChanceCacheMap(100);
    }

    @Override // weblogic.security.spi.PrincipalValidator
    public boolean validate(Principal principal) throws SecurityException {
        WLSPrincipal wLSPrincipal;
        byte[] signature;
        if (!(principal instanceof WLSPrincipal) || (signature = (wLSPrincipal = (WLSPrincipal) principal).getSignature()) == null) {
            return false;
        }
        boolean verify = HMAC.verify(signature, wLSPrincipal.getSignedData(), this.secret, wLSPrincipal.getSalt());
        if (this.debug) {
            this.log.debug(new StringBuffer().append("Validate WLS principal ").append(wLSPrincipal.getName()).append(" returns ").append(verify).toString());
        }
        return verify;
    }

    @Override // weblogic.security.spi.PrincipalValidator
    public boolean sign(Principal principal) {
        if (!(principal instanceof WLSPrincipal)) {
            return false;
        }
        WLSPrincipal wLSPrincipal = (WLSPrincipal) principal;
        String name = wLSPrincipal.getName();
        SigCacheEntry sigCacheEntry = null;
        boolean z = principal instanceof WLSAbstractPrincipal;
        if (z) {
            sigCacheEntry = (SigCacheEntry) this.sigCache.get(name);
        }
        if (sigCacheEntry == null) {
            byte[] salt = wLSPrincipal.getSalt();
            sigCacheEntry = new SigCacheEntry(this, HMAC.digest(wLSPrincipal.getSignedData(), this.secret, salt), salt);
            if (z) {
                this.sigCache.put(name, sigCacheEntry);
            }
            if (this.debug) {
                this.log.debug(new StringBuffer().append("Generated WLS principal signature ").append(name).toString());
            }
        }
        wLSPrincipal.setSignature(sigCacheEntry.sig);
        if (z) {
            ((WLSAbstractPrincipal) wLSPrincipal).setSalt(sigCacheEntry.salt);
        }
        if (!this.debug) {
            return true;
        }
        this.log.debug(new StringBuffer().append("Signed WLS principal ").append(name).toString());
        return true;
    }

    @Override // weblogic.security.spi.PrincipalValidator
    public Class getPrincipalBaseClass() {
        if (class$weblogic$security$principal$WLSPrincipal != null) {
            return class$weblogic$security$principal$WLSPrincipal;
        }
        Class class$ = class$("weblogic.security.principal.WLSPrincipal");
        class$weblogic$security$principal$WLSPrincipal = class$;
        return class$;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }
}
