package weblogic.security.acl.internal;

import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.Serializable;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.AbstractSet;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.ListIterator;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.commons.lang.StringUtils;
import weblogic.common.internal.InteropWriteReplaceable;
import weblogic.common.internal.PeerInfo;
import weblogic.security.SecurityLogger;
import weblogic.security.service.SecurityManager;
import weblogic.security.subject.AbstractSubject;
import weblogic.security.subject.SubjectManager;
import weblogic.utils.AssertionError;

/* loaded from: input_file:weblogic/security/acl/internal/AuthenticatedSubject.class */
public final class AuthenticatedSubject extends AuthenticatedUser implements InteropWriteReplaceable, AbstractSubject {
    static final long serialVersionUID = -5562362296231458788L;
    public static AuthenticatedSubject ANON = new AuthenticatedSubject(true);
    private final SealableSet principals;
    private transient SealableSet pubCredentials;
    private transient SealableSet privCredentials;
    private transient Subject subject;
    private transient boolean sealed;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/security/acl/internal/AuthenticatedSubject$SealableSet.class */
    public static final class SealableSet extends AbstractSet implements Set, Serializable {
        static final long serialVersionUID = -6020057914807495674L;
        final LinkedList elements;
        private boolean sealed;
        private boolean hashCodeValid;
        private int hashCode;
        private final boolean isPrincipalSet;

        SealableSet() {
            this(false);
        }

        SealableSet(boolean z) {
            this.sealed = false;
            this.hashCodeValid = false;
            this.elements = new LinkedList();
            this.isPrincipalSet = z;
        }

        SealableSet(Set set) {
            this(set, false);
        }

        SealableSet(Set set, boolean z) {
            this.sealed = false;
            this.hashCodeValid = false;
            this.elements = new LinkedList(set);
            this.isPrincipalSet = z;
        }

        @Override // java.util.AbstractCollection, java.util.Collection, java.util.Set
        public boolean add(Object obj) {
            if (this.sealed) {
                throw new SecurityException(SecurityLogger.getAttemptingToModifySealedSubject());
            }
            if (obj == null) {
                throw new NullPointerException();
            }
            if (this.isPrincipalSet && !(obj instanceof Principal)) {
                throw new SecurityException(SecurityLogger.getNotAPrincipal(obj.getClass().getName()));
            }
            if (this.elements.contains(obj)) {
                return false;
            }
            return this.elements.add(obj);
        }

        @Override // java.util.AbstractCollection, java.util.Collection, java.util.Set
        public int size() {
            return this.elements.size();
        }

        @Override // java.util.AbstractCollection, java.util.Collection, java.lang.Iterable, java.util.Set
        public Iterator iterator() {
            return new Iterator() { // from class: weblogic.security.acl.internal.AuthenticatedSubject.SealableSet.1
                ListIterator i;

                {
                    this.i = SealableSet.this.elements.listIterator(0);
                }

                @Override // java.util.Iterator
                public boolean hasNext() {
                    return this.i.hasNext();
                }

                @Override // java.util.Iterator
                public Object next() {
                    return this.i.next();
                }

                @Override // java.util.Iterator
                public void remove() {
                    if (SealableSet.this.sealed) {
                        throw new SecurityException(SecurityLogger.getAttemptingToModifySealedSubject());
                    }
                    SealableSet.this.hashCodeValid = false;
                    this.i.remove();
                }
            };
        }

        @Override // java.util.AbstractCollection, java.util.Collection, java.util.Set
        public void clear() {
            if (this.sealed) {
                throw new SecurityException(SecurityLogger.getAttemptingToModifySealedSubject());
            }
            this.hashCodeValid = false;
            this.elements.clear();
        }

        void seal() {
            this.sealed = true;
        }

        @Override // java.util.AbstractSet, java.util.Collection, java.util.Set
        public int hashCode() {
            if (!this.hashCodeValid) {
                this.hashCode = super.hashCode();
                this.hashCodeValid = true;
            }
            return this.hashCode;
        }
    }

    public AuthenticatedSubject() {
        this.sealed = false;
        this.principals = new SealableSet(true);
        this.pubCredentials = new SealableSet();
        this.privCredentials = new SealableSet();
    }

    public AuthenticatedSubject(boolean z, Set set) {
        this.sealed = false;
        this.principals = new SealableSet(set, true);
        this.pubCredentials = new SealableSet();
        this.privCredentials = new SealableSet();
        if (z) {
            sealInternal();
        }
    }

    public AuthenticatedSubject(AuthenticatedUser authenticatedUser) {
        super(authenticatedUser);
        this.sealed = false;
        this.principals = new SealableSet(true);
        this.pubCredentials = new SealableSet();
        this.privCredentials = new SealableSet();
    }

    private AuthenticatedSubject(boolean z) {
        this();
        sealInternal();
        this.subject = new Subject(true, this.principals, this.pubCredentials, this.privCredentials);
    }

    public AuthenticatedSubject(Subject subject) {
        this.sealed = false;
        this.principals = new SealableSet(subject.getPrincipals(), true);
        this.pubCredentials = new SealableSet(subject.getPublicCredentials());
        this.privCredentials = new SealableSet(subject.getPrivateCredentials());
        this.subject = subject;
    }

    public static AuthenticatedSubject getFromSubject(final Subject subject) {
        return (AuthenticatedSubject) AccessController.doPrivileged(new PrivilegedAction() { // from class: weblogic.security.acl.internal.AuthenticatedSubject.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                for (Object obj : subject.getPrivateCredentials()) {
                    if (obj instanceof AuthenticatedSubject) {
                        return obj;
                    }
                }
                return new AuthenticatedSubject(subject);
            }
        });
    }

    @Override // weblogic.security.subject.AbstractSubject
    public Set getPrincipals() {
        return this.principals;
    }

    @Override // weblogic.security.subject.AbstractSubject
    public Set getPrincipals(Class cls) {
        return getClassSubset(this.principals, cls);
    }

    @Override // weblogic.security.subject.AbstractSubject
    public Set getPublicCredentials() {
        return this.pubCredentials;
    }

    @Override // weblogic.security.subject.AbstractSubject
    public Set getPublicCredentials(Class cls) {
        return getClassSubset(this.pubCredentials, cls);
    }

    @Override // weblogic.security.subject.AbstractSubject
    public Set getPrivateCredentials(AbstractSubject abstractSubject) {
        SecurityManager.checkKernelIdentity((AuthenticatedSubject) abstractSubject);
        return this.privCredentials;
    }

    @Override // weblogic.security.subject.AbstractSubject
    public Set getPrivateCredentials(AbstractSubject abstractSubject, Class cls) {
        SecurityManager.checkKernelIdentity((AuthenticatedSubject) abstractSubject);
        return getClassSubset(this.privCredentials, cls);
    }

    private Set getClassSubset(Set set, Class cls) {
        if (cls == null) {
            throw new NullPointerException(SecurityLogger.getNullClass());
        }
        HashSet hashSet = new HashSet();
        for (Object obj : set) {
            if (cls.isAssignableFrom(obj.getClass())) {
                hashSet.add(obj);
            }
        }
        return hashSet;
    }

    @Override // weblogic.security.subject.AbstractSubject
    public synchronized Subject getSubject() {
        if (this.subject != null) {
            return this.subject;
        }
        Subject subject = new Subject(false, this.principals, this.pubCredentials, this.privCredentials);
        synchronized (subject) {
            this.subject = subject;
        }
        AccessController.doPrivileged(new PrivilegedAction() { // from class: weblogic.security.acl.internal.AuthenticatedSubject.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                AuthenticatedSubject.this.subject.getPrivateCredentials().add(this);
                return null;
            }
        });
        return this.subject;
    }

    public void seal(AbstractSubject abstractSubject) {
        SecurityManager.checkKernelIdentity((AuthenticatedSubject) abstractSubject);
        sealInternal();
    }

    @Override // weblogic.security.subject.AbstractSubject
    public void setReadOnly(AbstractSubject abstractSubject) {
        seal(abstractSubject);
    }

    public boolean isSealed() {
        return this.sealed;
    }

    @Override // weblogic.security.subject.AbstractSubject
    public boolean isReadOnly() {
        return this.sealed;
    }

    @Override // weblogic.security.subject.AbstractSubject
    public Object doAs(AbstractSubject abstractSubject, PrivilegedAction privilegedAction) {
        if (privilegedAction == null) {
            throw new SecurityException(SecurityLogger.getNullAction());
        }
        int size = SubjectManager.getSubjectManager().getSize();
        SubjectManager.getSubjectManager().pushSubject(abstractSubject, this);
        try {
            Object run = privilegedAction.run();
            int size2 = SubjectManager.getSubjectManager().getSize();
            while (true) {
                int i = size2;
                size2--;
                if (i <= size) {
                    return run;
                }
                SubjectManager.getSubjectManager().popSubject(abstractSubject);
            }
        } catch (Throwable th) {
            int size3 = SubjectManager.getSubjectManager().getSize();
            while (true) {
                int i2 = size3;
                size3--;
                if (i2 <= size) {
                    break;
                }
                SubjectManager.getSubjectManager().popSubject(abstractSubject);
            }
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    @Override // weblogic.security.subject.AbstractSubject
    public Object doAs(AbstractSubject abstractSubject, PrivilegedExceptionAction privilegedExceptionAction) throws PrivilegedActionException {
        if (privilegedExceptionAction == null) {
            throw new SecurityException(SecurityLogger.getNullAction());
        }
        int size = SubjectManager.getSubjectManager().getSize();
        SubjectManager.getSubjectManager().pushSubject(abstractSubject, this);
        try {
            try {
                Object run = privilegedExceptionAction.run();
                int size2 = SubjectManager.getSubjectManager().getSize();
                while (true) {
                    int i = size2;
                    size2--;
                    if (i <= size) {
                        return run;
                    }
                    SubjectManager.getSubjectManager().popSubject(abstractSubject);
                }
            } catch (RuntimeException e) {
                throw e;
            } catch (Exception e2) {
                throw new PrivilegedActionException(e2);
            }
        } catch (Throwable th) {
            int size3 = SubjectManager.getSubjectManager().getSize();
            while (true) {
                int i2 = size3;
                size3--;
                if (i2 <= size) {
                    break;
                }
                SubjectManager.getSubjectManager().popSubject(abstractSubject);
            }
            throw th;
        }
    }

    private void sealInternal() {
        this.sealed = true;
        this.principals.seal();
        this.pubCredentials.seal();
        this.privCredentials.seal();
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        this.pubCredentials = new SealableSet();
        this.privCredentials = new SealableSet();
    }

    @Override // weblogic.security.acl.internal.AuthenticatedUser, java.security.Principal
    public int hashCode() {
        if (this.principals == null) {
            return 0;
        }
        return this.principals.hashCode();
    }

    @Override // weblogic.security.acl.internal.AuthenticatedUser, java.security.Principal
    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (obj != null && (obj instanceof AuthenticatedSubject)) {
            return this.principals.equals(((AuthenticatedSubject) obj).principals);
        }
        return false;
    }

    @Override // weblogic.common.internal.InteropWriteReplaceable
    public Object interopWriteReplace(PeerInfo peerInfo) throws IOException {
        return peerInfo.getMajor() < 7 ? convertToAuthenticatedUser(this) : this;
    }

    private Object convertToAuthenticatedUser(AuthenticatedSubject authenticatedSubject) {
        try {
            return Class.forName("weblogic.security.service.SecurityServiceManager").getMethod("convertToAuthenticatedUser", AuthenticatedUser.class).invoke(null, authenticatedSubject);
        } catch (Exception e) {
            throw new AssertionError(SecurityLogger.getCouldNotConvertASToAU(StringUtils.EMPTY + authenticatedSubject));
        }
    }

    @Override // weblogic.security.acl.internal.AuthenticatedUser, java.security.Principal
    public String toString() {
        return "principals=" + this.principals;
    }
}
