package weblogic.security.acl.internal;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.security.AccessController;
import java.security.Principal;
import java.security.acl.Acl;
import java.security.acl.AclEntry;
import java.security.acl.Group;
import java.security.acl.NotOwnerException;
import java.security.acl.Permission;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Properties;
import java.util.Vector;
import org.apache.http.protocol.HTTP;
import weblogic.apache.xerces.impl.xs.SchemaSymbols;
import weblogic.logging.LogOutputStream;
import weblogic.management.Admin;
import weblogic.management.WebLogicObjectName;
import weblogic.management.configuration.FileRealmMBean;
import weblogic.management.configuration.SecurityMBean;
import weblogic.management.configuration.ServerDebugMBean;
import weblogic.management.configuration.ServerMBean;
import weblogic.management.internal.BootStrap;
import weblogic.management.internal.ConnectionSigner;
import weblogic.management.servlet.FileDistributionServlet;
import weblogic.security.MessageDigest;
import weblogic.security.MessageDigestUtils;
import weblogic.security.SecurityLogger;
import weblogic.security.WLMessageDigest;
import weblogic.security.acl.AclEntryImpl;
import weblogic.security.acl.AclImpl;
import weblogic.security.acl.BasicRealm;
import weblogic.security.acl.CachingRealm;
import weblogic.security.acl.CertAuthentication;
import weblogic.security.acl.CredentialChanger;
import weblogic.security.acl.DefaultUserImpl;
import weblogic.security.acl.DefaultUserInfoImpl;
import weblogic.security.acl.DynamicUserAcl;
import weblogic.security.acl.Everyone;
import weblogic.security.acl.GroupImpl;
import weblogic.security.acl.ManageableRealm;
import weblogic.security.acl.PermissionImpl;
import weblogic.security.acl.Realm;
import weblogic.security.acl.RefreshableRealm;
import weblogic.security.acl.SSLUserInfo;
import weblogic.security.acl.User;
import weblogic.security.acl.UserInfo;
import weblogic.security.audit.Audit;
import weblogic.security.internal.FileUtils;
import weblogic.security.internal.FileUtilsException;
import weblogic.security.internal.SerializedSystemIni;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.utils.ESubjectImpl;
import weblogic.server.Server;
import weblogic.utils.Hex;
import weblogic.utils.StringUtils;

/* loaded from: input_file:weblogic.jar:weblogic/security/acl/internal/FileRealm.class */
public final class FileRealm implements ManageableRealm, RefreshableRealm, DynamicUserAcl {
    private static final long serialVersionUID = -1640246370085690200L;
    private static final String FILE = "fileRealm.properties";
    private static final char PRINCIPAL_SEPARATOR = ',';
    private static final char ACL_PERMISSION_SEPARATOR = '.';
    private static final String ACL_PREFIX = "acl.";
    private static final String GROUP_PREFIX = "group.";
    private static final String USER_PREFIX = "user.";
    private boolean debug;
    private String name;
    private String password;
    private byte[] salt;
    private DefaultUserImpl aclOwner;
    private LogOutputStream log;
    private int maxUsers;
    private int maxGroups;
    private int maxACLs;
    private boolean addedSystemUser;
    private boolean addedGuest;
    private Group everyone = new Everyone(this);
    private Hashtable users = new Hashtable();
    private Hashtable groups = new Hashtable();
    private Hashtable acls = new Hashtable();
    private Hashtable permissions = new Hashtable();
    private MessageDigest messageDigest = WLMessageDigest.getInstance("SHA");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic.jar:weblogic/security/acl/internal/FileRealm$FileRealmAclImpl.class */
    public class FileRealmAclImpl extends AclImpl {
        private static final long serialVersionUID = -6543322023693167749L;
        private final FileRealm this$0;

        public FileRealmAclImpl(FileRealm fileRealm, Principal principal, String str) {
            super(principal, str);
            this.this$0 = fileRealm;
        }

        @Override // weblogic.security.acl.AclImpl, java.security.acl.Acl
        public boolean addEntry(Principal principal, AclEntry aclEntry) throws NotOwnerException {
            return _addEntry(principal, aclEntry, true);
        }

        public boolean _addEntry(Principal principal, AclEntry aclEntry, boolean z) throws NotOwnerException {
            boolean addEntry = super.addEntry(principal, aclEntry);
            if (addEntry && z) {
                this.this$0.writeFile();
            }
            return addEntry;
        }

        @Override // weblogic.security.acl.AclImpl, java.security.acl.Acl
        public boolean removeEntry(Principal principal, AclEntry aclEntry) throws NotOwnerException {
            return _removeEntry(principal, aclEntry, true);
        }

        public boolean _removeEntry(Principal principal, AclEntry aclEntry, boolean z) throws NotOwnerException {
            boolean removeEntry = super.removeEntry(principal, aclEntry);
            if (removeEntry && z) {
                this.this$0.writeFile();
            }
            return removeEntry;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic.jar:weblogic/security/acl/internal/FileRealm$FileRealmGroupImpl.class */
    public class FileRealmGroupImpl extends GroupImpl {
        private static final long serialVersionUID = -3323170289877387624L;
        private final FileRealm this$0;

        public FileRealmGroupImpl(FileRealm fileRealm, String str) {
            super(str);
            this.this$0 = fileRealm;
        }

        @Override // weblogic.security.acl.GroupImpl, java.security.acl.Group
        public boolean addMember(Principal principal) {
            return _addMember(principal, true);
        }

        public boolean _addMember(Principal principal, boolean z) {
            boolean addMember = super.addMember(principal);
            if (addMember && z) {
                this.this$0.writeFile();
            }
            return addMember;
        }

        @Override // weblogic.security.acl.GroupImpl, java.security.acl.Group
        public boolean removeMember(Principal principal) {
            return _removeMember(principal, true);
        }

        public boolean _removeMember(Principal principal, boolean z) {
            boolean removeMember = super.removeMember(principal);
            if (removeMember && z) {
                this.this$0.writeFile();
            }
            return removeMember;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic.jar:weblogic/security/acl/internal/FileRealm$FileRealmUserImpl.class */
    public class FileRealmUserImpl extends DefaultUserImpl implements CredentialChanger {
        private static final long serialVersionUID = -5265009210019953032L;
        private final FileRealm this$0;

        public FileRealmUserImpl(FileRealm fileRealm, String str, Object obj, BasicRealm basicRealm) {
            super(str, obj, basicRealm);
            this.this$0 = fileRealm;
        }

        @Override // weblogic.security.acl.CredentialChanger
        public void changeCredential(Object obj, Object obj2) throws SecurityException {
            Realm.authenticate(new DefaultUserInfoImpl(getName(), obj, getRealm().getName()));
            setCredential(this.this$0.hashPassword(FileRealm.getPassword(obj2)));
            this.this$0.writeFile();
        }
    }

    public static void convertFromClearTextPasswords(String str, byte[] bArr, Properties properties, Properties properties2, Properties properties3) throws FileNotFoundException, IOException {
        MessageDigest wLMessageDigest = WLMessageDigest.getInstance("SHA");
        Properties properties4 = new Properties();
        Enumeration keys = properties.keys();
        while (keys.hasMoreElements()) {
            String str2 = (String) keys.nextElement();
            checkPrincipalName(str2);
            properties4.put(new StringBuffer().append(USER_PREFIX).append(str2).toString(), hashPassword(wLMessageDigest, bArr, ((String) properties.get(str2)).trim()));
        }
        Enumeration keys2 = properties2.keys();
        while (keys2.hasMoreElements()) {
            String str3 = (String) keys2.nextElement();
            checkPrincipalName(str3);
            properties4.put(new StringBuffer().append(GROUP_PREFIX).append(str3).toString(), (String) properties2.get(str3));
        }
        Enumeration keys3 = properties3.keys();
        while (keys3.hasMoreElements()) {
            String str4 = (String) keys3.nextElement();
            properties4.put(new StringBuffer().append(ACL_PREFIX).append(str4).toString(), (String) properties3.get(str4));
        }
        writeFile(str, properties4);
    }

    private static String getRestOfKey(String str, String str2) {
        if (str.startsWith(str2)) {
            return str.substring(str2.length());
        }
        return null;
    }

    private static String getUserFromKey(String str) {
        return getRestOfKey(str, USER_PREFIX);
    }

    private static String getGroupFromKey(String str) {
        return getRestOfKey(str, GROUP_PREFIX);
    }

    private static String getPermDotAclFromKey(String str) {
        return getRestOfKey(str, ACL_PREFIX);
    }

    private static String[] splitCompletely(String str, char c) {
        return StringUtils.splitCompletely(str, new Character(c).toString());
    }

    private static String getAclFromPermDotAcl(String str) {
        String[] splitCompletely = splitCompletely(str, '.');
        String str2 = splitCompletely[1];
        for (int i = 2; i < splitCompletely.length; i++) {
            str2 = new StringBuffer().append(str2).append('.').append(splitCompletely[i]).toString();
        }
        return str2;
    }

    private static String getPermFromPermDotAcl(String str) {
        return splitCompletely(str, '.')[0];
    }

    public static void main(String[] strArr) {
        if (strArr.length != 2) {
            System.out.println("Syntax: FileRealm fileRealmPath saltPath");
            return;
        }
        try {
            String str = strArr[0];
            String str2 = strArr[1];
            Properties properties = new Properties();
            Properties properties2 = new Properties();
            Properties properties3 = new Properties();
            FileInputStream fileInputStream = new FileInputStream(new StringBuffer().append(str).append(".src").toString());
            try {
                Properties properties4 = new Properties();
                properties4.load(fileInputStream);
                Enumeration keys = properties4.keys();
                while (keys.hasMoreElements()) {
                    String str3 = (String) keys.nextElement();
                    String userFromKey = getUserFromKey(str3);
                    if (userFromKey != null) {
                        properties.put(userFromKey, properties4.get(str3));
                    } else {
                        String groupFromKey = getGroupFromKey(str3);
                        if (groupFromKey != null) {
                            properties2.put(groupFromKey, properties4.get(str3));
                        } else {
                            String permDotAclFromKey = getPermDotAclFromKey(str3);
                            if (permDotAclFromKey != null) {
                                properties3.put(permDotAclFromKey, properties4.get(str3));
                            }
                        }
                    }
                }
                convertFromClearTextPasswords(str, SerializedSystemIni.getSalt(str2), properties, properties2, properties3);
            } finally {
                fileInputStream.close();
            }
        } catch (Exception e) {
            System.out.println(new StringBuffer().append("Error : ").append(e).toString());
            e.printStackTrace();
        }
    }

    @Override // weblogic.security.acl.BasicRealm
    public void init(String str, Object obj) throws NotOwnerException {
        ServerDebugMBean serverDebug;
        this.password = getPassword(obj);
        if (this.aclOwner != null && this.aclOwner != getAclOwner(obj)) {
            throw new NotOwnerException();
        }
        this.name = str;
        this.aclOwner = new FileRealmUserImpl(this, "ACL Owner", this.password, this);
        this.log = new LogOutputStream("Security Realm");
        ServerMBean localServer = Admin.getInstance().getLocalServer();
        if (localServer == null || (serverDebug = localServer.getServerDebug()) == null) {
            return;
        }
        this.debug = serverDebug.getDebugSecurityRealm();
    }

    @Override // weblogic.security.acl.BasicRealm
    public String getName() {
        return this.name;
    }

    private void checkMaxUsers() {
        if (this.users.size() > this.maxUsers) {
            SecurityLogger.logMaxUserWarning(Integer.toString(this.maxUsers), Integer.toString(this.users.size()));
        }
    }

    private void checkMaxGroups() {
        if (this.groups.size() > this.maxGroups) {
            SecurityLogger.logMaxGroupWarning(Integer.toString(this.maxGroups), Integer.toString(this.groups.size()));
        }
    }

    private void checkMaxAcls() {
        if (this.acls.size() > this.maxACLs) {
            SecurityLogger.logMaxAclWarning(Integer.toString(this.maxACLs), Integer.toString(this.acls.size()));
        }
    }

    @Override // weblogic.security.acl.BasicRealm
    public User getUser(String str) {
        return (User) this.users.get(str);
    }

    @Override // weblogic.security.acl.BasicRealm
    public User getUser(UserInfo userInfo) {
        return authInternal(userInfo);
    }

    private User authInternal(UserInfo userInfo) {
        User user = null;
        if (userInfo instanceof DefaultUserInfoImpl) {
            DefaultUserInfoImpl defaultUserInfoImpl = (DefaultUserInfoImpl) userInfo;
            String name = defaultUserInfoImpl.getName();
            if (defaultUserInfoImpl.hasCertificates()) {
                user = authCertificates(name, defaultUserInfoImpl.getCertificates());
            }
            if (user == null && defaultUserInfoImpl.hasPassword()) {
                user = authUserPassword(defaultUserInfoImpl);
            }
            if (user == null && (defaultUserInfoImpl instanceof SSLUserInfo)) {
                user = authSSLCertificates(name, ((SSLUserInfo) defaultUserInfoImpl).getSSLCertificates());
            }
        } else {
            user = authUserPassword(userInfo);
        }
        return user;
    }

    private User authUserPassword(UserInfo userInfo) {
        User user = getUser(userInfo.getName());
        if (user != null) {
            if (!(user instanceof DefaultUserImpl) || !(userInfo instanceof DefaultUserInfoImpl)) {
                throw new FileRealmException(new StringBuffer().append("FileRealm only supports DefaultUserInfoImpls : ").append(userInfo.toString()).toString());
            }
            DefaultUserImpl defaultUserImpl = (DefaultUserImpl) user;
            DefaultUserInfoImpl defaultUserInfoImpl = (DefaultUserInfoImpl) userInfo;
            if (defaultUserInfoImpl.hasPassword()) {
                defaultUserInfoImpl = new DefaultUserInfoImpl(defaultUserInfoImpl.getName(), hashPassword(defaultUserInfoImpl.getPassword()), defaultUserInfoImpl.getRealmName());
            }
            if (!defaultUserImpl.hasMatchingInfo(defaultUserInfoImpl)) {
                user = null;
            }
        }
        Audit.authenticateUser("Default Realm", userInfo, user);
        return user;
    }

    private User authCertificates(String str, Vector vector) {
        return CertAuthentication.authenticate(str, vector, false);
    }

    private User authSSLCertificates(String str, Vector vector) {
        return CertAuthentication.authenticate(str, vector, true);
    }

    @Override // weblogic.security.acl.BasicRealm
    public Principal getAclOwner(Object obj) {
        if (this.aclOwner.hasMatchingInfo(new DefaultUserInfoImpl("ACL Owner", obj, this.name))) {
            return this.aclOwner;
        }
        return null;
    }

    @Override // weblogic.security.acl.BasicRealm
    public Group getGroup(String str) {
        return (Group) this.groups.get(str);
    }

    @Override // weblogic.security.acl.BasicRealm
    public Acl getAcl(String str) {
        return (Acl) this.acls.get(str);
    }

    @Override // weblogic.security.acl.BasicRealm
    public Acl getAcl(String str, char c) {
        Acl acl = getAcl(str);
        int lastIndexOf = str.lastIndexOf(c);
        while (true) {
            int i = lastIndexOf;
            if (acl != null || i < 0) {
                break;
            }
            str = str.substring(0, i);
            acl = getAcl(str);
            lastIndexOf = str.lastIndexOf(c, i - 1);
        }
        return acl;
    }

    @Override // weblogic.security.acl.BasicRealm
    public Permission getPermission(String str) {
        if (str == null) {
            return null;
        }
        Permission permission = (Permission) this.permissions.get(str);
        return permission != null ? permission : newPermission(str);
    }

    @Override // weblogic.security.acl.ListableRealm
    public Enumeration getUsers() {
        return this.users.elements();
    }

    @Override // weblogic.security.acl.ListableRealm
    public Enumeration getGroups() {
        return this.groups.elements();
    }

    @Override // weblogic.security.acl.ListableRealm
    public Enumeration getAcls() {
        return this.acls.elements();
    }

    @Override // weblogic.security.acl.ListableRealm
    public Enumeration getPermissions() {
        return this.permissions.elements();
    }

    @Override // weblogic.security.acl.ManageableRealm
    public User newUser(String str, Object obj, Object obj2) throws SecurityException {
        User _newUser = _newUser(str, hashPassword(getPassword(obj)), obj2);
        checkMaxUsers();
        writeFile();
        return _newUser;
    }

    private static void checkPrincipalName(String str) {
        if (str.indexOf(44) != -1) {
            throw new FileRealmException(new StringBuffer().append("Principal names in the FileRealm must not contain the , character: ").append(str).toString());
        }
    }

    private static void checkPermissionName(String str) {
        if (str.indexOf(46) != -1) {
            throw new FileRealmException(new StringBuffer().append("Permission names in the FileRealm must not contain the . character: ").append(str).toString());
        }
    }

    private User _newUser(String str, Object obj, Object obj2) throws SecurityException {
        checkPrincipalName(str);
        if (getUser(str) != null || getGroup(str) != null) {
            throw new SecurityException(new StringBuffer().append("Principal ").append(str).append(" already defined in realm ").append(getName()).toString());
        }
        FileRealmUserImpl fileRealmUserImpl = new FileRealmUserImpl(this, str, obj, this);
        this.users.put(str, fileRealmUserImpl);
        return fileRealmUserImpl;
    }

    @Override // weblogic.security.acl.ManageableRealm
    public Group newGroup(String str) throws SecurityException {
        Group _newGroup = _newGroup(str);
        checkMaxGroups();
        writeFile();
        return _newGroup;
    }

    private Group _newGroup(String str) throws SecurityException {
        checkPrincipalName(str);
        if (getGroup(str) != null) {
            throw new SecurityException(new StringBuffer().append("Group ").append(str).append(" already defined in realm ").append(getName()).toString());
        }
        FileRealmGroupImpl fileRealmGroupImpl = new FileRealmGroupImpl(this, str);
        this.groups.put(str, fileRealmGroupImpl);
        return fileRealmGroupImpl;
    }

    @Override // weblogic.security.acl.ManageableRealm
    public Acl newAcl(Principal principal, String str) throws SecurityException {
        Acl _newAcl = _newAcl(principal, str);
        checkMaxAcls();
        writeFile();
        return _newAcl;
    }

    private Acl _newAcl(Principal principal, String str) throws SecurityException {
        if (getAcl(str) != null) {
            throw new SecurityException(new StringBuffer().append("Acl ").append(str).append(" already defined in realm ").append(getName()).toString());
        }
        if (this.aclOwner != principal) {
            throw new SecurityException(new StringBuffer().append(principal).append(" does not own the ACL").toString());
        }
        FileRealmAclImpl fileRealmAclImpl = new FileRealmAclImpl(this, principal, str);
        this.acls.put(str, fileRealmAclImpl);
        return fileRealmAclImpl;
    }

    @Override // weblogic.security.acl.ManageableRealm
    public Permission newPermission(String str) throws SecurityException {
        checkPermissionName(str);
        PermissionImpl permissionImpl = new PermissionImpl(str);
        this.permissions.put(str, permissionImpl);
        return permissionImpl;
    }

    @Override // weblogic.security.acl.ManageableRealm
    public void deleteUser(User user) throws SecurityException {
        _deleteUser(user);
        writeFile();
    }

    private void _deleteUser(User user) throws SecurityException {
        if (getUser(user.getName()) == null) {
            throw new SecurityException(new StringBuffer().append("User ").append(user.getName()).append(" doesn't exist in realm ").append(getName()).toString());
        }
        this.users.remove(user.getName());
        deletePrincipal(user);
    }

    @Override // weblogic.security.acl.ManageableRealm
    public void deleteGroup(Group group) throws SecurityException {
        _deleteGroup(group);
        writeFile();
    }

    public void _deleteGroup(Group group) throws SecurityException {
        if (getGroup(group.getName()) == null) {
            throw new SecurityException(new StringBuffer().append("Group ").append(group.getName()).append(" doesn't exist in realm ").append(getName()).toString());
        }
        this.groups.remove(group.getName());
        deletePrincipal(group);
    }

    @Override // weblogic.security.acl.ManageableRealm
    public void deletePermission(Permission permission) throws SecurityException {
        this.permissions.remove(permission instanceof PermissionImpl ? ((PermissionImpl) permission).getName() : permission.toString());
    }

    private void deletePrincipal(Principal principal) {
        synchronized (this.groups) {
            Enumeration groups = getGroups();
            while (groups.hasMoreElements()) {
                Group group = (Group) groups.nextElement();
                if (!(group instanceof Everyone)) {
                    group.removeMember(principal);
                }
            }
        }
        synchronized (this.acls) {
            Enumeration acls = getAcls();
            while (acls.hasMoreElements()) {
                Acl acl = (Acl) acls.nextElement();
                Enumeration<AclEntry> entries = acl.entries();
                while (true) {
                    if (!entries.hasMoreElements()) {
                        break;
                    }
                    AclEntry nextElement = entries.nextElement();
                    if (nextElement.getPrincipal().equals(principal)) {
                        try {
                            acl.removeEntry(this.aclOwner, nextElement);
                            break;
                        } catch (NotOwnerException e) {
                        }
                    }
                }
            }
        }
    }

    @Override // weblogic.security.acl.ManageableRealm
    public void deleteAcl(Principal principal, Acl acl) throws SecurityException {
        _deleteAcl(principal, acl);
        writeFile();
    }

    public void _deleteAcl(Principal principal, Acl acl) throws SecurityException {
        if (this.aclOwner != principal) {
            throw new SecurityException(new StringBuffer().append(principal).append(" does not own the ACL").toString());
        }
        this.acls.remove(acl.getName());
    }

    @Override // weblogic.security.acl.ManageableRealm
    public void setPermission(Acl acl, Principal principal, Permission permission, boolean z) {
        weblogic.security.acl.Security.checkPermission("FileRealm", "weblogic.admin.acl", getPermission("modify"), '.');
        try {
            AclEntry aclEntry = null;
            AclEntry aclEntry2 = null;
            Enumeration<AclEntry> entries = acl.entries();
            while (entries.hasMoreElements()) {
                AclEntry nextElement = entries.nextElement();
                if (nextElement.getPrincipal().equals(principal)) {
                    acl.removeEntry(this.aclOwner, nextElement);
                    if (nextElement.isNegative()) {
                        aclEntry2 = nextElement;
                    } else {
                        aclEntry = nextElement;
                    }
                }
            }
            if (z) {
                if (aclEntry == null) {
                    aclEntry = new AclEntryImpl(principal);
                }
                addRemove(acl, aclEntry, aclEntry2, permission);
            } else {
                if (aclEntry2 == null) {
                    aclEntry2 = new AclEntryImpl(principal);
                    aclEntry2.setNegativePermissions();
                }
                addRemove(acl, aclEntry2, aclEntry, permission);
            }
        } catch (NotOwnerException e) {
            SecurityLogger.logStackTrace(e);
            throw new InternalError("aclOwner not owner");
        }
    }

    private void addRemove(Acl acl, AclEntry aclEntry, AclEntry aclEntry2, Permission permission) throws NotOwnerException {
        aclEntry.addPermission(permission);
        acl.addEntry(this.aclOwner, aclEntry);
        if (aclEntry2 == null) {
            return;
        }
        aclEntry2.removePermission(permission);
        if (aclEntry2.permissions().hasMoreElements()) {
            acl.addEntry(this.aclOwner, aclEntry2);
        }
    }

    private void createObjectsFromProps(Properties properties) {
        getAclOwner(this.password);
        Enumeration keys = properties.keys();
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            String userFromKey = getUserFromKey(str);
            if (userFromKey != null) {
                _newUser(userFromKey, (String) properties.get(str), null);
            } else {
                String groupFromKey = getGroupFromKey(str);
                if (groupFromKey != null) {
                    _newGroup(groupFromKey);
                } else {
                    String permDotAclFromKey = getPermDotAclFromKey(str);
                    if (permDotAclFromKey != null) {
                        String aclFromPermDotAcl = getAclFromPermDotAcl(permDotAclFromKey);
                        if (getAcl(aclFromPermDotAcl) == null) {
                            _newAcl(this.aclOwner, aclFromPermDotAcl);
                        }
                    }
                }
            }
        }
    }

    private void ensureRequiredObjectsExist() {
        CachingRealm cachingRealm = null;
        BasicRealm realm = weblogic.security.acl.Security.getRealm();
        if (realm instanceof CachingRealm) {
            cachingRealm = (CachingRealm) realm;
        }
        if (getPrincipalFromAnyRealm(ESubjectImpl.EVERYONE_GROUP) == null) {
            this.groups.put(this.everyone.getName(), this.everyone);
            if (cachingRealm != null) {
                cachingRealm.clearGroupCaches();
            }
        }
        String systemUser = Server.getSecurityConfig().getSystemUser();
        if (getPrincipalFromAnyRealm(systemUser) == null) {
            SecurityLogger.logNonexistentSystemUserWarning(systemUser);
            _newUser(systemUser, hashPassword(systemUser), null);
            this.addedSystemUser = true;
        }
        if (getPrincipalFromAnyRealm("guest") == null) {
            String str = "guest";
            if (Server.getSecurityConfig().isGuestDisabled()) {
                MessageDigestUtils.update(this.messageDigest, System.currentTimeMillis());
                str = new String(this.messageDigest.digest());
                this.messageDigest.reset();
                if (this.debug) {
                    this.log.debug("disabling guest access");
                }
            }
            if (this.debug) {
                this.log.debug("Guest user does not exist, creating it.");
            }
            _newUser("guest", hashPassword(str), null);
            this.addedGuest = true;
        }
        if ((this.addedSystemUser || this.addedGuest) && cachingRealm != null) {
            cachingRealm.clearUserCaches();
        }
    }

    private Principal getPrincipalFromAnyRealm(String str) {
        BasicRealm realm = Realm.getRealm(WebLogicObjectName.WEBLOGIC);
        User user = realm.getUser(str);
        if (user == null) {
            user = realm.getGroup(str);
        }
        return user;
    }

    private Acl getAclFromAnyRealm(String str) {
        return Realm.getRealm(WebLogicObjectName.WEBLOGIC).getAcl(str);
    }

    private void loadGroupMembersFromProps(Properties properties) {
        Enumeration keys = properties.keys();
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            String groupFromKey = getGroupFromKey(str);
            if (groupFromKey != null) {
                Group group = getGroup(groupFromKey);
                if (group == null) {
                    SecurityLogger.logMissingGroupWarning(groupFromKey);
                } else {
                    String str2 = (String) properties.get(str);
                    if (str2 != null) {
                        for (String str3 : splitCompletely(str2, ',')) {
                            String trim = str3.trim();
                            Principal principalFromAnyRealm = getPrincipalFromAnyRealm(trim);
                            if (principalFromAnyRealm == null) {
                                SecurityLogger.logNonexistentPrincipalGroupWarning(trim, group.toString());
                            } else {
                                ((FileRealmGroupImpl) group)._addMember(principalFromAnyRealm, false);
                            }
                        }
                    }
                }
            }
        }
    }

    private void loadAclGranteesFromProps(Properties properties) {
        Principal aclOwner = getAclOwner(this.password);
        Enumeration keys = properties.keys();
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            String permDotAclFromKey = getPermDotAclFromKey(str);
            if (permDotAclFromKey != null) {
                String permFromPermDotAcl = getPermFromPermDotAcl(permDotAclFromKey);
                String aclFromPermDotAcl = getAclFromPermDotAcl(permDotAclFromKey);
                Permission permission = getPermission(permFromPermDotAcl);
                if (permission == null) {
                    SecurityLogger.logNonexistentPermissionWarning(permFromPermDotAcl);
                } else {
                    Acl acl = getAcl(aclFromPermDotAcl);
                    if (acl == null) {
                        SecurityLogger.logNonexistentAclWarning(aclFromPermDotAcl);
                    } else {
                        for (String str2 : splitCompletely((String) properties.get(str), ',')) {
                            addPermission(permission, acl, aclOwner, str2, false);
                        }
                    }
                }
            }
        }
    }

    public static String getPassword(Object obj) {
        if (obj == null) {
            return null;
        }
        return obj instanceof DefaultUserInfoImpl ? ((DefaultUserInfoImpl) obj).getPassword() : obj.toString();
    }

    private void addPermission(Permission permission, Acl acl, Principal principal, String str, boolean z) {
        Principal principalFromAnyRealm = getPrincipalFromAnyRealm(str);
        if (principalFromAnyRealm == null) {
            SecurityLogger.logNonexistentPrincipalAclWarning(str, acl.getName());
            return;
        }
        FileRealmAclImpl fileRealmAclImpl = (FileRealmAclImpl) acl;
        try {
            Enumeration<AclEntry> entries = acl.entries();
            while (entries.hasMoreElements()) {
                AclEntry nextElement = entries.nextElement();
                if (nextElement.getPrincipal().equals(principalFromAnyRealm)) {
                    fileRealmAclImpl._removeEntry(principal, nextElement, z);
                    nextElement.addPermission(permission);
                    fileRealmAclImpl._addEntry(principal, nextElement, z);
                    return;
                }
            }
            fileRealmAclImpl._addEntry(principal, new AclEntryImpl(principalFromAnyRealm, permission), z);
        } catch (NotOwnerException e) {
            SecurityLogger.logStackTrace(e);
            throw new Error("Internal error!");
        }
    }

    private void addDefault(Acl acl, Principal principal, Permission permission) {
        try {
            acl.addEntry(principal, new AclEntryImpl(this.everyone, permission));
        } catch (NotOwnerException e) {
            SecurityLogger.logStackTrace(e);
            throw new Error("Internal error!");
        }
    }

    private Acl getNamedAcl(Principal principal, String str) {
        Acl acl = getAcl(str);
        if (acl != null) {
            return acl;
        }
        Acl _newAcl = _newAcl(principal, str);
        checkMaxAcls();
        return _newAcl;
    }

    private Principal getPrincipal(String str) {
        Group group = getGroup(str);
        if (group == null) {
            group = getUser(str);
        }
        return group;
    }

    @Override // weblogic.security.acl.BasicRealm
    public void load(String str, Object obj) throws ClassNotFoundException, IOException, NotOwnerException {
        if (obj == null || !getPassword(obj).equals(this.password)) {
            throw new NotOwnerException();
        }
        SecurityMBean securityConfig = Server.getSecurityConfig();
        FileRealmMBean fileRealm = securityConfig.getRealm().getFileRealm();
        this.maxUsers = fileRealm.getMaxUsers();
        this.maxGroups = fileRealm.getMaxGroups();
        this.maxACLs = fileRealm.getMaxACLs();
        this.salt = securityConfig.getSalt();
        createObjectsFromProps(loadFromAdminServer());
    }

    public void loadMembers() {
        ensureRequiredObjectsExist();
        Server.getSecurityConfig().getRealm().getFileRealm();
        Properties loadFromAdminServer = loadFromAdminServer();
        loadGroupMembersFromProps(loadFromAdminServer);
        loadAclGranteesFromProps(loadFromAdminServer);
        checkMaxUsers();
        checkMaxGroups();
        checkMaxAcls();
    }

    public void addRuntimeACLs() {
        try {
            addDefaultAcl("weblogic.jms", ESubjectImpl.EVERYONE_GROUP, new String[]{"send", "receive", "browse"});
            addDefaultAcl("weblogic.jndi", ESubjectImpl.EVERYONE_GROUP, new String[]{"lookup", SchemaSymbols.ATTVAL_LIST, "modify"});
            addDefaultAcl("weblogic.jdbc", ESubjectImpl.EVERYONE_GROUP, new String[]{"admin", "modify", "reserve", "shrink", "reset"});
        } catch (NotOwnerException e) {
            throw new SecurityException(new StringBuffer().append("Default ACL - ").append(e.toString()).toString());
        }
    }

    private void addDefaultAcl(String str, String str2, String[] strArr) throws NotOwnerException {
        if (getAclFromAnyRealm(str) != null) {
            if (this.debug) {
                this.log.debug(new StringBuffer().append("Default ACL - ").append(str).append(" already exists").toString());
                return;
            }
            return;
        }
        Principal principalFromAnyRealm = getPrincipalFromAnyRealm(str2);
        if (principalFromAnyRealm == null) {
            throw new SecurityException(new StringBuffer().append("Default ACL - Principal ").append(str2).append(" not found").toString());
        }
        AclEntryImpl aclEntryImpl = new AclEntryImpl(principalFromAnyRealm);
        for (String str3 : strArr) {
            aclEntryImpl.addPermission(getPermission(str3));
        }
        FileRealmAclImpl fileRealmAclImpl = new FileRealmAclImpl(this, this.aclOwner, str);
        fileRealmAclImpl._addEntry(this.aclOwner, aclEntryImpl, false);
        if (this.debug) {
            this.log.debug(new StringBuffer().append("Default ").append(fileRealmAclImpl.toString()).toString());
        }
        this.acls.put(str, fileRealmAclImpl);
    }

    @Override // weblogic.security.acl.BasicRealm
    public void save(String str) throws IOException {
    }

    @Override // weblogic.security.acl.DynamicUserAcl
    public synchronized void newUserAcl(String str, char c, Permission[] permissionArr) throws SecurityException {
        try {
            if (getAcl(str) != null) {
                return;
            }
            Acl acl = getAcl(str, c);
            Principal aclOwner = getAclOwner(this.password);
            Acl newAcl = newAcl(aclOwner, str);
            User currentUser = weblogic.security.acl.Security.getCurrentUser();
            boolean z = false;
            if (acl != null) {
                Enumeration<AclEntry> entries = acl.entries();
                while (entries.hasMoreElements()) {
                    AclEntry nextElement = entries.nextElement();
                    if (nextElement.getPrincipal().equals(currentUser) && !nextElement.isNegative()) {
                        z = true;
                        for (Permission permission : permissionArr) {
                            nextElement.addPermission(permission);
                        }
                    }
                    newAcl.addEntry(aclOwner, nextElement);
                }
            }
            if (!z) {
                newAcl.addEntry(aclOwner, new AclEntryImpl(currentUser, permissionArr));
            }
        } catch (NotOwnerException e) {
        } catch (Throwable th) {
            SecurityLogger.logStackTrace(th);
        }
    }

    /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
        jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:16:0x0036
        	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
        	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
        */
    private java.util.Properties loadFromAdminServer() {
        /*
            r5 = this;
            java.util.Properties r0 = new java.util.Properties
            r1 = r0
            r1.<init>()
            r6 = r0
            r0 = r5
            java.io.InputStream r0 = r0.getInputStream()
            r7 = r0
            r0 = r6
            r1 = r7
            r0.load(r1)     // Catch: java.io.IOException -> L18 java.lang.Throwable -> L25
            r0 = jsr -> L2d
        L15:
            goto L47
        L18:
            r8 = move-exception
            weblogic.security.acl.internal.FileRealmException r0 = new weblogic.security.acl.internal.FileRealmException     // Catch: java.lang.Throwable -> L25
            r1 = r0
            java.lang.String r2 = "Unable to load properties"
            r3 = r8
            r1.<init>(r2, r3)     // Catch: java.lang.Throwable -> L25
            throw r0     // Catch: java.lang.Throwable -> L25
        L25:
            r9 = move-exception
            r0 = jsr -> L2d
        L2a:
            r1 = r9
            throw r1
        L2d:
            r10 = r0
            r0 = r7
            r0.close()     // Catch: java.io.IOException -> L36
            goto L45
        L36:
            r11 = move-exception
            weblogic.security.acl.internal.FileRealmException r0 = new weblogic.security.acl.internal.FileRealmException
            r1 = r0
            java.lang.String r2 = "Unable to close stream"
            r3 = r11
            r1.<init>(r2, r3)
            throw r0
        L45:
            ret r10
        L47:
            r1 = r6
            java.util.Enumeration r1 = r1.keys()
            r8 = r1
            goto L75
        L4f:
            r1 = r8
            java.lang.Object r1 = r1.nextElement()
            java.lang.String r1 = (java.lang.String) r1
            r9 = r1
            r1 = r6
            r2 = r9
            java.lang.Object r1 = r1.get(r2)
            java.lang.String r1 = (java.lang.String) r1
            r10 = r1
            r1 = r10
            java.lang.String r1 = r1.trim()
            r10 = r1
            r1 = r6
            r2 = r9
            r3 = r10
            java.lang.Object r1 = r1.put(r2, r3)
        L75:
            r1 = r8
            boolean r1 = r1.hasMoreElements()
            if (r1 != 0) goto L4f
            r1 = r5
            boolean r1 = r1.debug
            if (r1 == 0) goto L8f
            r1 = r5
            weblogic.logging.LogOutputStream r1 = r1.log
            java.lang.String r2 = "Completed load of properties"
            r1.debug(r2)
        L8f:
            r1 = r6
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: weblogic.security.acl.internal.FileRealm.loadFromAdminServer():java.util.Properties");
    }

    private InputStream getInputStream() throws FileRealmException {
        Admin.getInstance();
        if (Admin.isAdminServer()) {
            Server.getSecurityConfig().getRealm().getFileRealm();
            try {
                if (this.debug) {
                    this.log.debug(new StringBuffer().append("reading from ").append(getPath()).toString());
                }
                return new FileInputStream(new File(getPath()));
            } catch (FileNotFoundException e) {
                throw new FileRealmException(new StringBuffer().append("Source file not found: ").append(getPath()).toString(), e);
            }
        }
        try {
            URL url = FileDistributionServlet.getURL();
            try {
                AuthenticatedSubject authenticatedSubject = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
                URLConnection openConnection = url.openConnection();
                HttpURLConnection httpURLConnection = (HttpURLConnection) openConnection;
                ConnectionSigner.signConnection(openConnection, authenticatedSubject);
                httpURLConnection.setRequestProperty(FileDistributionServlet.REQUEST_TYPE, FileDistributionServlet.FILE_REALM_REQUEST);
                httpURLConnection.setRequestProperty("Connection", HTTP.CONN_CLOSE);
                return httpURLConnection.getInputStream();
            } catch (IOException e2) {
                throw new FileRealmException(new StringBuffer().append("Unable to open url: ").append(url.toString()).toString(), e2);
            }
        } catch (MalformedURLException e3) {
            throw new FileRealmException("Unable to build properties url", e3);
        }
    }

    public static String getPath() {
        return BootStrap.getPathRelativeDomainDir(FILE);
    }

    private static String saltPassword(byte[] bArr, String str) {
        byte[] bytes = str.getBytes();
        byte[] bArr2 = new byte[Math.max(bArr.length, bytes.length)];
        for (int i = 0; i < bytes.length; i++) {
            int i2 = i;
            bArr2[i2] = (byte) (bArr2[i2] + bytes[i]);
        }
        for (int i3 = 0; i3 < bArr.length; i3++) {
            int i4 = i3;
            bArr2[i4] = (byte) (bArr2[i4] + bArr[i3]);
        }
        return Hex.asHex(bArr2);
    }

    private static String hashPassword(MessageDigest messageDigest, byte[] bArr, String str) {
        MessageDigestUtils.updateASCII(messageDigest, saltPassword(bArr, str));
        byte[] digest = messageDigest.digest();
        messageDigest.reset();
        return Hex.asHex(digest);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized String hashPassword(String str) {
        return hashPassword(this.messageDigest, this.salt, str);
    }

    private String getMemberName(Object obj) {
        if (obj instanceof User) {
            return ((User) obj).getName();
        }
        if (obj instanceof Group) {
            return ((Group) obj).getName();
        }
        throw new FileRealmException(new StringBuffer().append("member not a User or Group : ").append(obj.toString()).toString());
    }

    private void writeUsersToProps(Properties properties) {
        String systemUser = Server.getSecurityConfig().getSystemUser();
        Enumeration users = getUsers();
        while (users.hasMoreElements()) {
            User user = (User) users.nextElement();
            if (!this.addedSystemUser || !user.getName().equals(systemUser)) {
                if (!this.addedGuest || !user.getName().equals("guest")) {
                    properties.put(new StringBuffer().append(USER_PREFIX).append(user.getName()).toString(), (String) ((DefaultUserImpl) user).getCredential(this.password));
                }
            }
        }
    }

    private void writeGroupsToProps(Properties properties) {
        Enumeration groups = getGroups();
        while (groups.hasMoreElements()) {
            Group group = (Group) groups.nextElement();
            if (!(group instanceof Everyone)) {
                String str = "";
                Enumeration<? extends Principal> members = group.members();
                boolean z = true;
                while (members.hasMoreElements()) {
                    if (z) {
                        z = false;
                    } else {
                        str = new StringBuffer().append(str).append(',').toString();
                    }
                    str = new StringBuffer().append(str).append(getMemberName(members.nextElement())).toString();
                }
                properties.put(new StringBuffer().append(GROUP_PREFIX).append(group.getName()).toString(), str);
            }
        }
    }

    private void writeAclsToProps(Properties properties) {
        Enumeration acls = getAcls();
        while (acls.hasMoreElements()) {
            Acl acl = (Acl) acls.nextElement();
            Hashtable hashtable = new Hashtable();
            Enumeration<AclEntry> entries = acl.entries();
            while (entries.hasMoreElements()) {
                AclEntry nextElement = entries.nextElement();
                nextElement.getPrincipal();
                String memberName = getMemberName(nextElement.getPrincipal());
                Enumeration<Permission> permissions = nextElement.permissions();
                while (permissions.hasMoreElements()) {
                    String name = ((PermissionImpl) permissions.nextElement()).getName();
                    Vector vector = (Vector) hashtable.get(name);
                    if (vector == null) {
                        vector = new Vector();
                        hashtable.put(name, vector);
                    }
                    vector.add(memberName);
                }
            }
            Enumeration keys = hashtable.keys();
            while (keys.hasMoreElements()) {
                String str = (String) keys.nextElement();
                String str2 = "";
                Enumeration elements = ((Vector) hashtable.get(str)).elements();
                boolean z = true;
                while (elements.hasMoreElements()) {
                    if (z) {
                        z = false;
                    } else {
                        str2 = new StringBuffer().append(str2).append(',').toString();
                    }
                    str2 = new StringBuffer().append(str2).append((String) elements.nextElement()).toString();
                }
                properties.put(new StringBuffer().append(ACL_PREFIX).append(str).append('.').append(acl.getName()).toString(), str2);
            }
        }
    }

    private static void writeFile(String str, Properties properties) {
        try {
            FileUtils.replace(str, new FileRealmFileWriter(properties));
        } catch (FileUtilsException e) {
            throw new FileRealmException(new StringBuffer().append("Error rewriting ").append(str).toString(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void writeFile() {
        Admin.getInstance();
        if (!Admin.isAdminServer()) {
            SecurityLogger.logInMemoryFileRealmChangeWarning();
            return;
        }
        Properties properties = new Properties();
        writeUsersToProps(properties);
        writeGroupsToProps(properties);
        writeAclsToProps(properties);
        writeFile(getPath(), properties);
    }

    @Override // weblogic.security.acl.RefreshableRealm
    public void refresh() {
        Hashtable hashtable = this.users;
        Hashtable hashtable2 = this.groups;
        Hashtable hashtable3 = this.acls;
        this.users = new Hashtable();
        this.groups = new Hashtable();
        this.acls = new Hashtable();
        try {
            Server.getSecurityConfig().getRealm().getFileRealm();
            Properties loadFromAdminServer = loadFromAdminServer();
            createObjectsFromProps(loadFromAdminServer);
            ensureRequiredObjectsExist();
            loadGroupMembersFromProps(loadFromAdminServer);
            loadAclGranteesFromProps(loadFromAdminServer);
            checkMaxUsers();
            checkMaxGroups();
            checkMaxAcls();
        } catch (Throwable th) {
            this.users = hashtable;
            this.groups = hashtable2;
            this.acls = hashtable3;
            throw new FileRealmException("FileRealm couldn't synchronize - using old values", th);
        }
    }
}
