package weblogic.servlet.security.internal;

import java.io.IOException;
import java.security.AccessController;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import weblogic.management.ManagementException;
import weblogic.management.descriptors.webapp.LoginConfigMBean;
import weblogic.management.descriptors.webapp.SecurityConstraintMBean;
import weblogic.management.descriptors.webapp.SecurityRoleMBean;
import weblogic.management.descriptors.webapp.WebResourceCollectionMBean;
import weblogic.management.descriptors.webappext.SecurityRoleAssignmentMBean;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.AuthorizationManager;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.ResourceBase;
import weblogic.security.service.RoleCreationException;
import weblogic.security.service.RoleManager;
import weblogic.security.service.RoleRemovalException;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.service.URLResource;
import weblogic.security.service.WebResource;
import weblogic.servlet.HTTPLogger;
import weblogic.servlet.internal.ForwardAction;
import weblogic.servlet.internal.RequestDispatcherImpl;
import weblogic.servlet.internal.ServletRequestImpl;
import weblogic.servlet.internal.ServletStubImpl;
import weblogic.servlet.internal.WebAppServletContext;
import weblogic.servlet.internal.dd.SecurityConstraint;
import weblogic.servlet.utils.URLMatchMap;
import weblogic.xml.security.wsse.v200207.WSSEConstants;

/* loaded from: input_file:weblogic.jar:weblogic/servlet/security/internal/WebAppSecurity.class */
public final class WebAppSecurity {
    private WebAppServletContext context;
    private String authFilter;
    private RequestDispatcherImpl authFilterRD;
    private AuthorizationManager authManager;
    private RoleManager roleManager;
    private final boolean useWebResource;
    private final boolean fullSecurityDelegationRequired;
    private static AuthenticatedSubject kernelId = null;
    private static boolean isWin32;
    private String[] roles = null;
    private HashMap roleMapping = null;
    private HashMap runAsMapping = null;
    private String loginPage = null;
    private String errorPage = null;
    private String authMethod = null;
    private URLMatchMap constraintsMap = null;
    private final boolean debug = false;

    private static AuthenticatedSubject getKernelID() {
        if (kernelId == null) {
            kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
        }
        return kernelId;
    }

    public WebAppSecurity(WebAppServletContext webAppServletContext) {
        this.authManager = null;
        this.roleManager = null;
        this.context = webAppServletContext;
        String securityRealmName = webAppServletContext.getSecurityRealmName();
        this.authManager = (AuthorizationManager) SecurityServiceManager.getSecurityService(getKernelID(), securityRealmName, SecurityService.ServiceType.AUTHORIZE);
        this.roleManager = (RoleManager) SecurityServiceManager.getSecurityService(getKernelID(), securityRealmName, SecurityService.ServiceType.ROLE);
        this.useWebResource = SecurityServiceManager.usingDeprecatedWebResource(securityRealmName);
        if (this.useWebResource) {
            this.fullSecurityDelegationRequired = false;
        } else {
            this.fullSecurityDelegationRequired = SecurityServiceManager.isFullAuthorizationDelegationRequired(securityRealmName);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getContextLog() {
        return this.context.getLogContext();
    }

    String getContextName() {
        return this.context.getName() != null ? this.context.getName() : "Default WebApplication";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isFullSecurityDelegationRequired() {
        return this.fullSecurityDelegationRequired;
    }

    private void deployRoles() {
        if (this.roles == null || this.roles.length < 1) {
            return;
        }
        ResourceBase webResource = this.useWebResource ? new WebResource(this.context.getApplicationName(), this.context.getURI(), null, null, null) : new URLResource(this.context.getApplicationName(), this.context.getContextPath(), "/*", (String) null, (String) null);
        StringBuffer stringBuffer = null;
        int i = 0;
        for (int i2 = 0; i2 < this.roles.length; i2++) {
            String[] strArr = this.roleMapping != null ? (String[]) this.roleMapping.get(this.roles[i2]) : null;
            if (strArr == null || strArr.length <= 0) {
                try {
                    this.roleManager.deployRole(webResource, this.roles[i2], new String[]{this.roles[i2]}, this.context.isInternalApp());
                } catch (RoleCreationException e) {
                    HTTPLogger.logCouldNotDeployRole(this.roles[i2], this.context.getURI(), this.context.getApplicationName(), e);
                }
                if (i < 1) {
                    stringBuffer = new StringBuffer();
                    stringBuffer.append(this.roles[i2]);
                } else {
                    stringBuffer.append(new StringBuffer().append(", ").append(this.roles[i2]).toString());
                }
                i++;
            } else if (strArr.length != 1 || (strArr[0] != null && strArr[0].length() >= 1)) {
                try {
                    this.roleManager.deployRole(webResource, this.roles[i2], strArr, this.context.isInternalApp());
                } catch (RoleCreationException e2) {
                    HTTPLogger.logCouldNotDeployRole(this.roles[i2], this.context.getURI(), this.context.getApplicationName(), e2);
                }
            }
        }
        if (stringBuffer != null) {
            if (i == 1) {
                HTTPLogger.logCreatingImplicitMapForRoles(this.context.getLogContext(), WSSEConstants.ATTR_ROLE, "has", stringBuffer.toString());
            } else {
                HTTPLogger.logCreatingImplicitMapForRoles(this.context.getLogContext(), "roles", "have", stringBuffer.toString());
            }
        }
    }

    public void setConstraints(SecurityConstraintMBean[] securityConstraintMBeanArr) {
        deployRoles();
        if (securityConstraintMBeanArr == null || securityConstraintMBeanArr.length < 1) {
            return;
        }
        for (SecurityConstraintMBean securityConstraintMBean : securityConstraintMBeanArr) {
            SecurityConstraint securityConstraint = new SecurityConstraint(securityConstraintMBean);
            WebResourceCollectionMBean[] webResourceCollection = securityConstraint.getWebResourceCollection();
            if (webResourceCollection != null) {
                for (WebResourceCollectionMBean webResourceCollectionMBean : webResourceCollection) {
                    ResourceConstraint resourceConstraint = this.useWebResource ? new ResourceConstraint(this.authManager, webResourceCollectionMBean, securityConstraint.getAuthConstraint(), securityConstraint.getTransportGuarantee(), null, this.context, true, false) : null;
                    String[] urlPatterns = webResourceCollectionMBean.getUrlPatterns();
                    for (int i = 0; urlPatterns != null && i < urlPatterns.length; i++) {
                        if (this.constraintsMap == null) {
                            this.constraintsMap = new URLMatchMap(null, isWin32);
                        }
                        if (!this.useWebResource) {
                            resourceConstraint = new ResourceConstraint(this.authManager, webResourceCollectionMBean, securityConstraint.getAuthConstraint(), securityConstraint.getTransportGuarantee(), urlPatterns[i], this.context, false, this.fullSecurityDelegationRequired);
                        }
                        this.constraintsMap.put(urlPatterns[i], resourceConstraint);
                    }
                }
            }
        }
    }

    public void setRoles(SecurityRoleMBean[] securityRoleMBeanArr) {
        if (securityRoleMBeanArr == null) {
            this.roles = new String[0];
            return;
        }
        this.roles = new String[securityRoleMBeanArr.length];
        for (int i = 0; i < securityRoleMBeanArr.length; i++) {
            this.roles[i] = securityRoleMBeanArr[i].getRoleName();
            if (securityRoleMBeanArr[i].getRunAsIdentity() != null) {
                if (this.runAsMapping == null) {
                    this.runAsMapping = new HashMap();
                }
                this.runAsMapping.put(this.roles[i], securityRoleMBeanArr[i].getRunAsIdentity());
            }
        }
    }

    public void setRoleMapping(SecurityRoleAssignmentMBean[] securityRoleAssignmentMBeanArr) {
        if (securityRoleAssignmentMBeanArr == null) {
            return;
        }
        for (int i = 0; i < securityRoleAssignmentMBeanArr.length; i++) {
            if (this.roleMapping == null) {
                this.roleMapping = new HashMap();
            }
            SecurityRoleMBean role = securityRoleAssignmentMBeanArr[i].getRole();
            if (role != null) {
                if (securityRoleAssignmentMBeanArr[i].isGlobalRole()) {
                    this.roleMapping.put(role.getRoleName(), new String[]{null});
                } else if (securityRoleAssignmentMBeanArr[i].getPrincipalNames() != null && securityRoleAssignmentMBeanArr[i].getPrincipalNames().length >= 1) {
                    this.roleMapping.put(role.getRoleName(), securityRoleAssignmentMBeanArr[i].getPrincipalNames());
                }
            }
        }
    }

    public String getRunAsIdentity(String str) {
        if (this.runAsMapping == null) {
            return null;
        }
        return (String) this.runAsMapping.get(str);
    }

    public String getFirstPrincipal(String str) {
        String[] strArr;
        if (this.roleMapping == null || (strArr = (String[]) this.roleMapping.get(str)) == null || strArr.length < 1) {
            return null;
        }
        return strArr[0];
    }

    public void unregister() {
        if (this.constraintsMap != null) {
            Object[] values = this.constraintsMap.values();
            for (int i = 0; values != null && i < values.length; i++) {
                ResourceConstraint resourceConstraint = (ResourceConstraint) values[i];
                String[] httpMethods = resourceConstraint.getHttpMethods();
                if (httpMethods == null || httpMethods.length < 1) {
                    ResourceBase webResource = this.useWebResource ? new WebResource(this.context.getApplicationName(), this.context.getURI(), resourceConstraint.getResourceId(), null, null) : new URLResource(this.context.getApplicationName(), this.context.getContextPath(), resourceConstraint.getResourceId(), (String) null, (String) null);
                    try {
                        this.authManager.undeployPolicy(webResource);
                    } catch (Exception e) {
                        HTTPLogger.logFailedToUndeploySecurityPolicy(webResource.toString(), e);
                    }
                } else {
                    for (int i2 = 0; i2 < httpMethods.length; i2++) {
                        ResourceBase webResource2 = this.useWebResource ? new WebResource(this.context.getApplicationName(), this.context.getURI(), resourceConstraint.getResourceId(), httpMethods[i2], null) : new URLResource(this.context.getApplicationName(), this.context.getContextPath(), resourceConstraint.getResourceId(), httpMethods[i2], (String) null);
                        try {
                            this.authManager.undeployPolicy(webResource2);
                        } catch (Exception e2) {
                            HTTPLogger.logFailedToUndeploySecurityPolicy(webResource2.toString(), e2);
                        }
                    }
                }
            }
        }
        ResourceBase webResource3 = this.useWebResource ? new WebResource(this.context.getApplicationName(), this.context.getURI(), null, null, null) : new URLResource(this.context.getApplicationName(), this.context.getContextPath(), "/*", (String) null, (String) null);
        for (int i3 = 0; this.roles != null && i3 < this.roles.length; i3++) {
            try {
                this.roleManager.undeployRole(webResource3, this.roles[i3]);
            } catch (RoleRemovalException e3) {
                HTTPLogger.logFailedToUndeploySecurityRole(webResource3.toString(), e3);
            }
        }
    }

    public ResourceConstraint getConstraint(HttpServletRequest httpServletRequest) {
        String unescapedURI;
        if (this.constraintsMap == null) {
            return null;
        }
        String str = (String) httpServletRequest.getAttribute(WebAppServletContext.WEBFLOW_RESOURCE);
        if (str != null) {
            unescapedURI = str;
            String unescapedContextPath = ServletRequestImpl.getUnescapedContextPath(httpServletRequest);
            if (unescapedURI.startsWith(unescapedContextPath)) {
                unescapedURI = unescapedURI.substring(unescapedContextPath.length());
            }
        } else if (httpServletRequest instanceof ServletRequestImpl) {
            unescapedURI = ((ServletRequestImpl) httpServletRequest).getRelativeUri();
        } else {
            unescapedURI = ServletRequestImpl.getUnescapedURI(httpServletRequest);
            String unescapedContextPath2 = ServletRequestImpl.getUnescapedContextPath(httpServletRequest);
            if (unescapedURI.startsWith(unescapedContextPath2)) {
                unescapedURI = unescapedURI.substring(unescapedContextPath2.length());
            }
        }
        String method = httpServletRequest.getMethod();
        ResourceConstraint resourceConstraint = (ResourceConstraint) this.constraintsMap.get(unescapedURI);
        if (resourceConstraint == null) {
            return null;
        }
        boolean z = false;
        String[] httpMethods = resourceConstraint.getHttpMethods();
        if (httpMethods != null && httpMethods.length >= 1) {
            int i = 0;
            while (true) {
                if (i >= httpMethods.length) {
                    break;
                }
                if (method.equals(httpMethods[i])) {
                    z = true;
                    break;
                }
                i++;
            }
        } else {
            z = true;
        }
        if (z) {
            return resourceConstraint;
        }
        return null;
    }

    public void setLoginConfig(LoginConfigMBean loginConfigMBean) {
        this.loginPage = loginConfigMBean.getLoginPage();
        this.errorPage = loginConfigMBean.getErrorPage();
        this.authMethod = loginConfigMBean.getAuthMethod();
    }

    public String getLoginPage() {
        return this.loginPage;
    }

    public String getErrorPage() {
        return this.errorPage;
    }

    public String getAuthMethod() {
        return this.authMethod;
    }

    public boolean checkTransport(ResourceConstraint resourceConstraint, HttpServletRequest httpServletRequest) {
        return resourceConstraint == null || resourceConstraint.getTransportGuarantee() == 0 || httpServletRequest.isSecure();
    }

    public boolean hasPermission(ServletRequestImpl servletRequestImpl, AuthenticatedSubject authenticatedSubject, ResourceConstraint resourceConstraint) {
        ResourceBase uRLResource;
        if (this.fullSecurityDelegationRequired) {
            if (resourceConstraint != null && resourceConstraint.isCompletelyUnrestricted() == 2 && authenticatedSubject == null) {
                return false;
            }
        } else {
            if (resourceConstraint == null) {
                return true;
            }
            if (resourceConstraint.isCompletelyRestricted()) {
                return false;
            }
            if (resourceConstraint.isCompletelyUnrestricted() == 1) {
                return true;
            }
            if (resourceConstraint.isCompletelyUnrestricted() == 2) {
                return authenticatedSubject != null;
            }
            if (authenticatedSubject == null) {
                return false;
            }
        }
        if (authenticatedSubject == null) {
            authenticatedSubject = SubjectUtils.getAnonymousSubject();
        }
        if (this.useWebResource) {
            uRLResource = new WebResource(this.context.getApplicationName(), this.context.getURI(), resourceConstraint == null ? servletRequestImpl.getUnescapedURI() : resourceConstraint.getResourceId(), servletRequestImpl.getMethod(), null);
        } else {
            String str = (String) servletRequestImpl.getAttribute(WebAppServletContext.WEBFLOW_RESOURCE);
            if (str == null) {
                str = servletRequestImpl.getRelativeUri();
            }
            uRLResource = new URLResource(this.context.getApplicationName(), this.context.getContextPath(), str, servletRequestImpl.getMethod(), (String) null);
        }
        return this.authManager.isAccessAllowed(authenticatedSubject, uRLResource, servletRequestImpl.getSecurityContextHandler());
    }

    public boolean isSubjectInRole(AuthenticatedSubject authenticatedSubject, String str, WebAppContextHandler webAppContextHandler) {
        ResourceBase webResource = this.useWebResource ? new WebResource(this.context.getApplicationName(), this.context.getURI(), null, null, null) : new URLResource(this.context.getApplicationName(), this.context.getContextPath(), "/*", (String) null, (String) null);
        if (authenticatedSubject == null) {
            authenticatedSubject = SubjectUtils.getAnonymousSubject();
        }
        Map roles = this.roleManager.getRoles(authenticatedSubject, webResource, webAppContextHandler);
        if (roles == null) {
            return false;
        }
        return SecurityServiceManager.isUserInRole(authenticatedSubject, str, roles);
    }

    public void sendErrorPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        httpServletResponse.setStatus(403);
        ((ServletRequestImpl) httpServletRequest).setRedirected(true);
        if (httpServletResponse.isCommitted()) {
            ((ServletRequestImpl) httpServletRequest).setRedirected(true);
            httpServletResponse.sendRedirect(httpServletResponse.encodeURL(new StringBuffer().append(getContextURL(httpServletRequest)).append(this.errorPage).toString()));
            return;
        }
        if (!this.errorPage.startsWith("/")) {
            this.errorPage = new StringBuffer().append("/").append(this.errorPage).toString();
        }
        RequestDispatcher requestDispatcher = httpServletRequest.getRequestDispatcher(this.errorPage);
        AuthenticatedSubject currentUser = SecurityModule.getCurrentUser(getContext().getHttpServer(), httpServletRequest);
        if (currentUser == null) {
            currentUser = SubjectUtils.getAnonymousSubject();
        }
        Throwable th = (Throwable) SecurityServiceManager.runAs(getKernelID(), currentUser, new ForwardAction(requestDispatcher, httpServletRequest, httpServletResponse));
        if (th != null) {
            if (th instanceof IOException) {
                throw ((IOException) th);
            }
            if (th instanceof ServletException) {
                throw ((ServletException) th);
            }
            HTTPLogger.logSendError(getContext().getLogContext(), th);
        }
    }

    public void sendLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        ((ServletRequestImpl) httpServletRequest).setRedirected(true);
        httpServletResponse.sendRedirect(httpServletResponse.encodeURL(new StringBuffer().append(ServletRequestImpl.getUnescapedContextPath(httpServletRequest)).append(this.loginPage).toString()));
    }

    private static String getContextURL(HttpServletRequest httpServletRequest) {
        int serverPort = httpServletRequest.getServerPort();
        return (serverPort == 80 || serverPort == 443) ? new StringBuffer().append(httpServletRequest.getScheme()).append("://").append(httpServletRequest.getServerName()).append(ServletRequestImpl.getUnescapedContextPath(httpServletRequest)).toString() : new StringBuffer().append(httpServletRequest.getScheme()).append("://").append(httpServletRequest.getServerName()).append(":").append(httpServletRequest.getServerPort()).append(ServletRequestImpl.getUnescapedContextPath(httpServletRequest)).toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public WebAppServletContext getContext() {
        return this.context;
    }

    public String getAuthFilter() {
        return this.authFilter;
    }

    public RequestDispatcherImpl getAuthFilterRD() {
        return this.authFilterRD;
    }

    public void setAuthFilter(String str) {
        this.authFilter = str;
        try {
            this.authFilterRD = new RequestDispatcherImpl(new ServletStubImpl(str, str, this.context, false), this.context, false);
        } catch (ManagementException e) {
            HTTPLogger.logFailedToSetAuthFilter(this.context.getLogContext(), str, e);
            this.authFilterRD = null;
        }
    }

    static {
        isWin32 = false;
        String property = System.getProperty("os.name");
        if (property == null || property.toLowerCase().indexOf("windows") < 0) {
            return;
        }
        isWin32 = true;
    }
}
