package weblogic.security.auth;

import java.io.IOException;
import java.net.MalformedURLException;
import java.rmi.RemoteException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import weblogic.jndi.Environment;
import weblogic.jndi.internal.ThreadEnvironment;
import weblogic.kernel.KernelStatus;
import weblogic.protocol.Protocol;
import weblogic.protocol.ProtocolManager;
import weblogic.rjvm.RJVM;
import weblogic.rjvm.RJVMManager;
import weblogic.rjvm.ServerURL;
import weblogic.rjvm.t3.client.ProtocolHandlerT3;
import weblogic.security.acl.DefaultUserInfoImpl;
import weblogic.security.acl.UserInfo;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.acl.internal.AuthenticatedUser;
import weblogic.security.acl.internal.WlT3ClientSecurity;
import weblogic.security.auth.login.PasswordCredential;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.subject.SubjectManager;
import weblogic.utils.AssertionError;

/* loaded from: input_file:weblogic/security/auth/Authenticate.class */
public final class Authenticate {
    public static void authenticate(Environment environment, final Subject subject) throws LoginException, IOException, RemoteException {
        RJVM localRJVM;
        String providerUrl = environment.getProviderUrl();
        if (providerUrl != null && providerUrl.length() != 0 && providerUrl != Environment.LOCAL_URL) {
            ThreadEnvironment.push(environment);
            try {
                localRJVM = new ServerURL(providerUrl).findOrCreateRJVM(environment.getProviderChannel());
            } finally {
            }
        } else {
            if (!KernelStatus.isServer()) {
                return;
            }
            localRJVM = RJVMManager.getLocalRJVM();
            environment.setProperty("java.naming.provider.url", null);
        }
        UserInfo securityUser = environment.getSecurityUser();
        localRJVM.equals(RJVMManager.getLocalRJVM());
        if (securityUser == null && environment.isClientCertAvailable()) {
            securityUser = new DefaultUserInfoImpl(null, null);
        }
        if (securityUser != null) {
            ThreadEnvironment.push(environment);
            try {
                try {
                    AuthenticatedUser authenticate = WlT3ClientSecurity.authenticate(securityUser, localRJVM, getProtocol(environment), environment.getProviderChannel());
                    AuthenticatedSubject aSFromAU = SecurityServiceManager.getASFromAU(authenticate);
                    environment.setSecuritySubject(aSFromAU);
                    try {
                        if (Boolean.getBoolean("weblogic.security.authenticatePushSubject")) {
                            SecurityServiceManager.pushSubject((AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction()), aSFromAU);
                        }
                    } catch (SecurityException e) {
                    }
                    subject.getPrincipals().addAll(aSFromAU.getPrincipals());
                    if (securityUser instanceof DefaultUserInfoImpl) {
                        DefaultUserInfoImpl defaultUserInfoImpl = (DefaultUserInfoImpl) securityUser;
                        if (defaultUserInfoImpl.getName() != null && defaultUserInfoImpl.getPassword() != null) {
                            final PasswordCredential passwordCredential = new PasswordCredential(defaultUserInfoImpl.getName(), defaultUserInfoImpl.getPassword());
                            AccessController.doPrivileged(new PrivilegedAction() { // from class: weblogic.security.auth.Authenticate.1
                                @Override // java.security.PrivilegedAction
                                public Object run() {
                                    subject.getPrivateCredentials().add(passwordCredential);
                                    return null;
                                }
                            });
                        }
                        environment.setSecurityUser(authenticate);
                        if (KernelStatus.isServer() || authenticate == null) {
                            return;
                        }
                        localRJVM.setUser(authenticate);
                    }
                } finally {
                }
            } catch (SecurityException e2) {
                String securityException = e2.toString();
                int indexOf = securityException.indexOf("Start server side stack trace:");
                if (indexOf > 0) {
                    securityException = securityException.substring(0, indexOf - 1);
                }
                throw new LoginException(securityException);
            }
        }
    }

    private static Protocol getProtocol(Environment environment) {
        try {
            String providerUrl = environment.getProviderUrl();
            return providerUrl == Environment.LOCAL_URL ? ProtocolHandlerT3.PROTOCOL_T3 : ProtocolManager.getProtocolByName(new ServerURL(providerUrl).getProtocol());
        } catch (MalformedURLException e) {
            throw new AssertionError(e);
        }
    }

    public static void logout(Subject subject) throws LoginException, IOException, RemoteException {
        subject.getPrincipals().clear();
        subject.getPrivateCredentials().clear();
        subject.getPublicCredentials().clear();
    }

    static {
        SubjectManager.ensureInitialized();
    }
}
