package weblogic.servlet.security.internal;

import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.SecurityServiceManager;
import weblogic.server.Server;
import weblogic.servlet.HTTPLogger;
import weblogic.servlet.internal.ErrorMessages;
import weblogic.servlet.internal.ServletRequestImpl;
import weblogic.servlet.internal.ServletResponseImpl;
import weblogic.servlet.internal.WebAppServletContext;
import weblogic.utils.StringUtils;
import weblogic.utils.encoders.BASE64Decoder;

/* loaded from: input_file:weblogic.jar:weblogic/servlet/security/internal/BasicSecurityModule.class */
public final class BasicSecurityModule extends SecurityModule {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:weblogic.jar:weblogic/servlet/security/internal/BasicSecurityModule$UserPass.class */
    public class UserPass {
        public String password;
        public String username;
        private final BasicSecurityModule this$0;

        UserPass(BasicSecurityModule basicSecurityModule, String str, String str2) {
            this.this$0 = basicSecurityModule;
            this.username = str;
            this.password = str2;
        }
    }

    public BasicSecurityModule(WebAppServletContext webAppServletContext, WebAppSecurity webAppSecurity) {
        super(webAppServletContext, webAppSecurity);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // weblogic.servlet.security.internal.SecurityModule
    public boolean checkA(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (checkTransport(httpServletRequest, httpServletResponse)) {
            return beginCheck(httpServletRequest, httpServletResponse);
        }
        return false;
    }

    private UserPass splitAuthHeader(HttpServletRequest httpServletRequest) throws IOException {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            return null;
        }
        String[] split = StringUtils.split(header, ' ');
        if (!split[0].equals("Basic")) {
            return null;
        }
        String[] split2 = StringUtils.split(new String(new BASE64Decoder().decodeBuffer(split[1]), 0), ':');
        return new UserPass(this, split2[0], split2[1]);
    }

    @Override // weblogic.servlet.security.internal.SecurityModule
    boolean checkUserPerm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticatedSubject authenticatedSubject) throws IOException {
        ResourceConstraint constraint = this.webAppSecurity.getConstraint(httpServletRequest);
        ServletRequestImpl servletRequestImpl = (ServletRequestImpl) httpServletRequest;
        if (checkPerm(servletRequestImpl, constraint, authenticatedSubject)) {
            if (checkAuthCookie(getHttpServer(), httpServletRequest, null)) {
                return true;
            }
            httpServletResponse.setHeader("WWW-Authenticate", this.authRealmBanner);
            httpServletResponse.sendError(401, ErrorMessages.getErrorPage(401));
            return false;
        }
        UserPass splitAuthHeader = splitAuthHeader(httpServletRequest);
        if (splitAuthHeader == null) {
            httpServletResponse.setHeader("WWW-Authenticate", this.authRealmBanner);
            httpServletResponse.sendError(401, ErrorMessages.getErrorPage(401));
            return false;
        }
        if (Server.getConfig().isAdministrationPortEnabled() && Server.getSecurityConfig().getSystemUser().equals(splitAuthHeader.username) && ((ServletResponseImpl) httpServletResponse).getSocket().getLocalPort() != Server.getConfig().getAdministrationPortAfterOverride()) {
            httpServletResponse.setHeader("WWW-Authenticate", this.authRealmBanner);
            httpServletResponse.sendError(401, ErrorMessages.getErrorPage(401));
            return false;
        }
        AuthenticatedSubject checkAuthenticate = SecurityModule.checkAuthenticate(splitAuthHeader.username, splitAuthHeader.password, servletRequestImpl, false);
        if (checkAuthenticate == null) {
            httpServletResponse.setHeader("WWW-Authenticate", this.authRealmBanner);
            httpServletResponse.sendError(401, ErrorMessages.getErrorPage(401));
            return false;
        }
        if (!checkPerm(servletRequestImpl, constraint, checkAuthenticate)) {
            httpServletResponse.setHeader("WWW-Authenticate", this.authRealmBanner);
            httpServletResponse.sendError(401, ErrorMessages.getErrorPage(401));
            return false;
        }
        ServletRequestImpl servletRequestImpl2 = (ServletRequestImpl) httpServletRequest;
        if (!SubjectUtils.isUserAnonymous(checkAuthenticate) && !SecurityServiceManager.isKernelIdentity(checkAuthenticate)) {
            SecurityModule.storeAuthUser(servletRequestImpl2, getUserSession(httpServletRequest, true), getHttpServer(), checkAuthenticate);
        }
        if (this.verbose) {
            HTTPLogger.logUserPermission(this.webAppSecurity.getContextLog(), SubjectUtils.getUsername(checkAuthenticate), servletRequestImpl2.getRequestURI());
        }
        if (checkAuthCookie(getHttpServer(), httpServletRequest, null)) {
            return true;
        }
        httpServletResponse.setHeader("WWW-Authenticate", this.authRealmBanner);
        httpServletResponse.sendError(401, ErrorMessages.getErrorPage(401));
        return false;
    }
}
