package weblogic.security.acl.internal;

import java.io.IOException;
import java.io.InputStream;
import java.rmi.RemoteException;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.util.EmptyStackException;
import javax.security.auth.login.LoginException;
import weblogic.common.internal.BootServicesStub;
import weblogic.common.internal.PeerInfoable;
import weblogic.common.internal.RMIBootServiceStub;
import weblogic.kernel.Kernel;
import weblogic.kernel.ResettableThreadLocalStack;
import weblogic.protocol.Protocol;
import weblogic.rjvm.LocalRJVM;
import weblogic.rjvm.RJVM;
import weblogic.rjvm.RJVMManager;
import weblogic.rmi.spi.RMIRuntime;
import weblogic.security.SSL.SSLClientInfo;
import weblogic.security.SSL.TrustManager;
import weblogic.security.SimpleCallbackHandler;
import weblogic.security.acl.DefaultUserInfoImpl;
import weblogic.security.acl.Realm;
import weblogic.security.acl.UserInfo;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityManager;
import weblogic.security.service.SecurityServiceManager;

/* loaded from: input_file:weblogic.jar:weblogic/security/acl/internal/Security.class */
public final class Security {
    private static final ResettableThreadLocalStack threadUser = new ResettableThreadLocalStack(true);
    private static final ResettableThreadLocalStack threadSSLClientInfo = new ResettableThreadLocalStack(true);
    private static AuthenticatedSubject kernelID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());

    public static void init() {
    }

    public static AuthenticatedUser verify(AuthenticatedUser authenticatedUser) throws SecurityException {
        return (ClusterRealm.THE_ONE == null || !ClusterRealm.THE_ONE.verify(authenticatedUser)) ? authenticate(authenticatedUser) : authenticatedUser;
    }

    private static AuthenticatedUser authenticateLocally(UserInfo userInfo) throws SecurityException {
        AuthenticatedSubject authenticatedSubject = null;
        PrincipalAuthenticator principalAuthenticator = SecurityServiceManager.getPrincipalAuthenticator(kernelID, SecurityServiceManager.defaultRealmName);
        try {
            if (userInfo instanceof DefaultUserInfoImpl) {
                DefaultUserInfoImpl defaultUserInfoImpl = (DefaultUserInfoImpl) userInfo;
                authenticatedSubject = principalAuthenticator.authenticate(new SimpleCallbackHandler(defaultUserInfoImpl.getName(), defaultUserInfoImpl.getPassword()));
            }
            return authenticatedSubject;
        } catch (LoginException e) {
            throw new SecurityException(e.getMessage());
        }
    }

    public static AuthenticatedUser authenticate(UserInfo userInfo, RJVM rjvm, Protocol protocol) throws RemoteException, SecurityException {
        AuthenticatedUser authenticate;
        if (rjvm.getID().equals(RMIRuntime.getLocalHostID())) {
            return authenticateLocally(userInfo);
        }
        RJVM findOrCreate = RJVMManager.getRJVMManager().findOrCreate(rjvm.getID());
        if (isRMIBootstrapPossible(findOrCreate)) {
            try {
                authenticate = RMIBootServiceStub.getStub(findOrCreate).authenticate(userInfo);
            } catch (RemoteException e) {
                if (e.getCause() instanceof SecurityException) {
                    throw ((SecurityException) e.getCause());
                }
                throw e;
            }
        } else {
            authenticate = new BootServicesStub(findOrCreate, protocol).authenticate(userInfo);
        }
        if (!Kernel.isServer()) {
            SecurityManager.setDefaultUser(authenticate == null ? null : SecurityServiceManager.getASFromAU(authenticate));
        }
        return authenticate;
    }

    private static boolean isRMIBootstrapPossible(RJVM rjvm) {
        if (rjvm instanceof PeerInfoable) {
            return LocalRJVM.getLocalRJVM().getPeerInfo().equals(((PeerInfoable) rjvm).getPeerInfo());
        }
        return false;
    }

    public static AuthenticatedUser authenticate(UserInfo userInfo) throws SecurityException {
        return ClusterRealm.THE_ONE.certify(Realm.getAuthenticatedName(userInfo));
    }

    public static AuthenticatedUser getThreadCurrentUser() {
        Object obj = threadUser.get();
        if (obj == null || !(obj instanceof AuthenticatedUser)) {
            return null;
        }
        return (AuthenticatedUser) obj;
    }

    public static AuthenticatedUser getCurrentUser() {
        AuthenticatedUser threadCurrentUser = getThreadCurrentUser();
        return threadCurrentUser == null ? SecurityManager.getDefaultUser() : threadCurrentUser;
    }

    public static AuthenticatedUser getCurrentUser(RJVM rjvm) {
        AuthenticatedUser threadCurrentUser = getThreadCurrentUser();
        if (threadCurrentUser == null && rjvm != null) {
            threadCurrentUser = rjvm.getUser();
        }
        return threadCurrentUser == null ? SecurityManager.getDefaultUser() : threadCurrentUser;
    }

    public static AuthenticatedSubject getDefaultUser() {
        return SecurityManager.getDefaultUser();
    }

    public static void pushUser(AuthenticatedUser authenticatedUser) {
        threadUser.push(authenticatedUser);
    }

    public static AuthenticatedUser popUser() {
        AuthenticatedUser authenticatedUser = null;
        try {
            authenticatedUser = (AuthenticatedUser) threadUser.pop();
        } catch (EmptyStackException e) {
        }
        return authenticatedUser;
    }

    public static SSLClientInfo getThreadSSLClientInfo() {
        SSLClientInfo sSLClientInfo;
        Object obj = threadSSLClientInfo.get();
        if (obj == null || !(obj instanceof SSLClientInfo)) {
            sSLClientInfo = new SSLClientInfo();
            threadSSLClientInfo.set(sSLClientInfo);
        } else {
            sSLClientInfo = (SSLClientInfo) obj;
        }
        return sSLClientInfo;
    }

    public static void setThreadSSLClientInfo(SSLClientInfo sSLClientInfo) {
        threadSSLClientInfo.set(sSLClientInfo);
    }

    public static final void setSSLRootCAFingerprints(String str) {
        getThreadSSLClientInfo().setRootCAfingerprints(str);
    }

    public static final void setSSLRootCAFingerprints(byte[][] bArr) {
        getThreadSSLClientInfo().setRootCAfingerprints(bArr);
    }

    public static final byte[][] getSSLRootCAFingerprints() {
        return getThreadSSLClientInfo().getRootCAfingerprints();
    }

    public static void setTrustManager(TrustManager trustManager) {
        getThreadSSLClientInfo().setTrustManager(trustManager);
    }

    public static final void setSSLServerName(String str) {
        getThreadSSLClientInfo().setExpectedName(str);
    }

    public static final String getSSLServerName() {
        return getThreadSSLClientInfo().getExpectedName();
    }

    public static final Object getSSLClientCertificate() throws IOException {
        return getThreadSSLClientInfo().getSSLClientCertificate();
    }

    public static final void setSSLClientCertificate(InputStream[] inputStreamArr) {
        getThreadSSLClientInfo().setSSLClientCertificate(inputStreamArr);
    }

    public static final void setSSLClientKeyPassword(String str) {
        getThreadSSLClientInfo().setSSLClientKeyPassword(str);
    }

    public static final String getSSLClientKeyPassword() {
        return getThreadSSLClientInfo().getSSLClientKeyPassword();
    }

    public static final void loadLocalIdentity(Certificate[] certificateArr, PrivateKey privateKey) {
        getThreadSSLClientInfo().loadLocalIdentity(certificateArr, privateKey);
    }

    public static final boolean isClientCertAvailable() {
        Object obj = null;
        try {
            obj = getSSLClientCertificate();
        } catch (IOException e) {
        }
        return obj != null;
    }
}
