package weblogic.servlet.security;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.AccessController;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.servlet.ServletException;
import javax.servlet.ServletRequestWrapper;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import weblogic.security.SimpleCallbackHandler;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.spi.IdentityAsserter;
import weblogic.servlet.HTTPLogger;
import weblogic.servlet.internal.HttpServer;
import weblogic.servlet.internal.ServletRequestImpl;
import weblogic.servlet.internal.ServletResponseImpl;
import weblogic.servlet.internal.WebAppServletContext;
import weblogic.servlet.internal.session.SessionContext;
import weblogic.servlet.internal.session.SessionData;
import weblogic.servlet.internal.session.SessionInternal;
import weblogic.servlet.security.internal.SecurityModule;
import weblogic.utils.encoders.BASE64Decoder;

/* loaded from: input_file:weblogic.jar:weblogic/servlet/security/ServletAuthentication.class */
public final class ServletAuthentication {
    public static final String CERT_RESERVED_IP = "IP";
    public static final String CERT_RESERVED_KEYSIZE = "Keysize";
    public static final String CERT_RESERVED_SECRETKEYSIZE = "SecretKeysize";
    private String usernameField;
    private String passwordField;
    private static AuthenticatedSubject kernelId = null;
    public static final int AUTHENTICATED = 0;
    public static final int FAILED_AUTHENTICATION = 1;
    public static final int NEEDS_CREDENTIALS = 2;

    private static AuthenticatedSubject getKernelID() {
        if (kernelId == null) {
            kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
        }
        return kernelId;
    }

    public ServletAuthentication(String str, String str2) {
        this.usernameField = str;
        this.passwordField = str2;
    }

    public void done(HttpServletRequest httpServletRequest) {
        logout(httpServletRequest);
    }

    public static boolean logout(HttpServletRequest httpServletRequest) {
        ServletRequestImpl originalRequest;
        try {
            originalRequest = (ServletRequestImpl) httpServletRequest;
        } catch (ClassCastException e) {
            if (!(httpServletRequest instanceof ServletRequestWrapper)) {
                return false;
            }
            originalRequest = WebAppServletContext.getOriginalRequest(httpServletRequest);
        }
        WebAppServletContext context = originalRequest.getContext();
        HttpServer server = context.getServer();
        SessionInternal sessionInternal = (SessionInternal) originalRequest.getSession(true);
        if (sessionInternal == null) {
            return false;
        }
        String internalId = sessionInternal.getInternalId();
        sessionInternal.removeInternalAttribute(SecurityModule.SESSION_AUTH_USER);
        sessionInternal.removeInternalAttribute(SecurityModule.WLS_AUTHCOOKIE);
        Enumeration webAppsForId = server.getWebAppsForId(internalId);
        while (webAppsForId.hasMoreElements()) {
            WebAppServletContext webAppServletContext = (WebAppServletContext) context.getContext((String) webAppsForId.nextElement());
            if (webAppServletContext != null && webAppServletContext != context) {
                SessionContext sessionContext = webAppServletContext.getSessionContext();
                ServletRequestImpl originalRequest2 = WebAppServletContext.getOriginalRequest(httpServletRequest);
                SessionData sessionInternal2 = sessionContext.getSessionInternal(internalId, originalRequest2, originalRequest2.getResponse());
                if (sessionInternal2 != null) {
                    sessionInternal2.removeInternalAttribute(SecurityModule.SESSION_AUTH_USER);
                    sessionInternal2.removeInternalAttribute(SecurityModule.WLS_AUTHCOOKIE);
                }
            }
        }
        server.unregister(internalId);
        AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(getKernelID());
        if (currentSubject == null || SubjectUtils.isUserAnonymous(currentSubject)) {
            return true;
        }
        SecurityServiceManager.popSubject(getKernelID());
        SecurityServiceManager.pushSubject(getKernelID(), SubjectUtils.getAnonymousSubject());
        return true;
    }

    public static boolean invalidateAll(HttpServletRequest httpServletRequest) {
        ServletRequestImpl originalRequest;
        try {
            originalRequest = (ServletRequestImpl) httpServletRequest;
        } catch (ClassCastException e) {
            if (!(httpServletRequest instanceof ServletRequestWrapper)) {
                return false;
            }
            originalRequest = WebAppServletContext.getOriginalRequest(httpServletRequest);
        }
        WebAppServletContext context = originalRequest.getContext();
        HttpServer server = context.getServer();
        HttpSession session = originalRequest.getSession(true);
        if (session == null) {
            return false;
        }
        String internalId = ((SessionInternal) session).getInternalId();
        session.invalidate();
        Enumeration webAppsForId = server.getWebAppsForId(internalId);
        while (webAppsForId.hasMoreElements()) {
            WebAppServletContext webAppServletContext = (WebAppServletContext) context.getContext((String) webAppsForId.nextElement());
            if (webAppServletContext != null) {
                SessionContext sessionContext = webAppServletContext.getSessionContext();
                ServletRequestImpl originalRequest2 = WebAppServletContext.getOriginalRequest(httpServletRequest);
                SessionData sessionInternal = sessionContext.getSessionInternal(internalId, originalRequest2, originalRequest2.getResponse());
                if (sessionInternal != null) {
                    sessionInternal.invalidate();
                }
            }
        }
        originalRequest.killOldSession();
        server.unregister(internalId);
        AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(getKernelID());
        if (currentSubject == null || SubjectUtils.isUserAnonymous(currentSubject)) {
            return true;
        }
        SecurityServiceManager.popSubject(getKernelID());
        SecurityServiceManager.pushSubject(getKernelID(), SubjectUtils.getAnonymousSubject());
        return true;
    }

    public static void killCookie(HttpServletRequest httpServletRequest) {
        ServletRequestImpl originalRequest;
        try {
            originalRequest = (ServletRequestImpl) httpServletRequest;
        } catch (ClassCastException e) {
            if (!(httpServletRequest instanceof ServletRequestWrapper)) {
                return;
            } else {
                originalRequest = WebAppServletContext.getOriginalRequest(httpServletRequest);
            }
        }
        originalRequest.killOldSession();
        AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(getKernelID());
        if (currentSubject == null || SubjectUtils.isUserAnonymous(currentSubject)) {
            return;
        }
        SecurityServiceManager.popSubject(getKernelID());
        SecurityServiceManager.pushSubject(getKernelID(), SubjectUtils.getAnonymousSubject());
    }

    public int strong(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        return strong(httpServletRequest, httpServletResponse, ((ServletRequestImpl) httpServletRequest).getContext().getSecurityRealmName());
    }

    public int strong(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws ServletException, IOException {
        AuthenticatedSubject authenticatedSubject;
        PrincipalAuthenticator principalAuthenticator = (PrincipalAuthenticator) SecurityServiceManager.getSecurityService(getKernelID(), str, SecurityService.ServiceType.AUTHENTICATION);
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            String str2 = null;
            byte[] bArr = null;
            if (!(httpServletRequest instanceof ServletRequestImpl)) {
                return 2;
            }
            ServletRequestImpl servletRequestImpl = (ServletRequestImpl) httpServletRequest;
            List proxyClientCertType = servletRequestImpl.getProxyClientCertType();
            int size = proxyClientCertType.size();
            if (size > 0) {
                List proxyClientCert = servletRequestImpl.getProxyClientCert();
                for (int i = size - 1; i >= 0; i--) {
                    str2 = (String) proxyClientCertType.get(i);
                    if (!str2.equalsIgnoreCase(CERT_RESERVED_IP) && !str2.equalsIgnoreCase(CERT_RESERVED_KEYSIZE) && !str2.equalsIgnoreCase(CERT_RESERVED_SECRETKEYSIZE)) {
                        try {
                            bArr = new BASE64Decoder().decodeBuffer(new ByteArrayInputStream((byte[]) proxyClientCert.get(i)));
                            break;
                        } catch (Exception e) {
                            HTTPLogger.logIgnoringClientCert(str2, e);
                        }
                    }
                }
            }
            if (bArr == null || str2 == null) {
                return 2;
            }
            try {
                authenticatedSubject = principalAuthenticator.assertIdentity(str2, bArr);
            } catch (LoginException e2) {
                authenticatedSubject = null;
            }
        } else {
            try {
                authenticatedSubject = principalAuthenticator.assertIdentity(IdentityAsserter.X509_TYPE, x509CertificateArr);
            } catch (LoginException e3) {
                authenticatedSubject = null;
            }
        }
        if (authenticatedSubject == null || SubjectUtils.isUserAnonymous(authenticatedSubject)) {
            return 1;
        }
        ((SessionInternal) httpServletRequest.getSession(true)).setInternalAttribute(SecurityModule.SESSION_AUTH_USER, authenticatedSubject);
        SecurityServiceManager.popSubject(getKernelID());
        SecurityServiceManager.pushSubject(getKernelID(), authenticatedSubject);
        return 0;
    }

    public int weak(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        return weak(httpServletRequest.getParameter(this.usernameField), httpServletRequest.getParameter(this.passwordField), httpServletRequest);
    }

    public static int weak(String str, String str2, HttpServletRequest httpServletRequest) {
        ServletRequestImpl originalRequest;
        try {
            originalRequest = (ServletRequestImpl) httpServletRequest;
        } catch (ClassCastException e) {
            if (!(httpServletRequest instanceof ServletRequestWrapper)) {
                return 1;
            }
            originalRequest = WebAppServletContext.getOriginalRequest(httpServletRequest);
        }
        httpServletRequest.getSession(true);
        AuthenticatedSubject checkAuthenticate = SecurityModule.checkAuthenticate(str, str2, originalRequest, false);
        if (checkAuthenticate == null) {
            return 1;
        }
        SecurityServiceManager.popSubject(getKernelID());
        SecurityServiceManager.pushSubject(getKernelID(), checkAuthenticate);
        return 0;
    }

    public static int weak(String str, String str2, HttpSession httpSession) {
        if (httpSession == null || !(httpSession instanceof SessionInternal)) {
            return 1;
        }
        SessionInternal sessionInternal = (SessionInternal) httpSession;
        WebAppServletContext servletContext = sessionInternal.getContext().getServletContext();
        HttpServer server = servletContext.getServer();
        try {
            AuthenticatedSubject authenticate = ((PrincipalAuthenticator) SecurityServiceManager.getSecurityService(getKernelID(), servletContext.getSecurityRealmName(), SecurityService.ServiceType.AUTHENTICATION)).authenticate(new SimpleCallbackHandler(str, str2));
            if (authenticate == null) {
                return 1;
            }
            server.setAuthUser(sessionInternal.getInternalId(), authenticate);
            sessionInternal.setInternalAttribute(SecurityModule.SESSION_AUTH_USER, authenticate);
            SecurityServiceManager.popSubject(getKernelID());
            SecurityServiceManager.pushSubject(getKernelID(), authenticate);
            return 0;
        } catch (LoginException e) {
            return 1;
        }
    }

    public static int authObject(String str, Object obj, HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(true);
        if (session == null) {
            return 1;
        }
        return authObject(str, obj, session, httpServletRequest);
    }

    public static int authObject(String str, Object obj, HttpSession httpSession, HttpServletRequest httpServletRequest) {
        AuthenticatedSubject checkAuthenticate = SecurityModule.checkAuthenticate(str, obj, (ServletRequestImpl) httpServletRequest, false);
        if (checkAuthenticate == null) {
            return 1;
        }
        SecurityServiceManager.popSubject(getKernelID());
        SecurityServiceManager.pushSubject(getKernelID(), checkAuthenticate);
        return 0;
    }

    public static int authenticate(CallbackHandler callbackHandler, HttpServletRequest httpServletRequest) {
        ServletRequestImpl servletRequestImpl = (ServletRequestImpl) httpServletRequest;
        try {
            AuthenticatedSubject authenticate = ((PrincipalAuthenticator) SecurityServiceManager.getSecurityService(getKernelID(), servletRequestImpl.getContext().getSecurityRealmName(), SecurityService.ServiceType.AUTHENTICATION)).authenticate(callbackHandler);
            if (authenticate == null) {
                return 1;
            }
            SessionInternal sessionInternal = (SessionInternal) httpServletRequest.getSession(true);
            HttpServer server = servletRequestImpl.getContext().getServer();
            if (sessionInternal != null) {
                if (server != null) {
                    server.setAuthUser(sessionInternal.getInternalId(), authenticate);
                }
                sessionInternal.setInternalAttribute(SecurityModule.SESSION_AUTH_USER, authenticate);
            } else {
                String requestedSessionId = httpServletRequest.getRequestedSessionId();
                if (requestedSessionId != null && authenticate != null && !SubjectUtils.isUserAnonymous(authenticate) && !SecurityServiceManager.isKernelIdentity(authenticate)) {
                    server.setAuthUser(requestedSessionId, authenticate);
                }
            }
            SecurityServiceManager.popSubject(getKernelID());
            SecurityServiceManager.pushSubject(getKernelID(), authenticate);
            return 0;
        } catch (LoginException e) {
            return 1;
        }
    }

    public static void generateNewSessionID(HttpServletRequest httpServletRequest) {
        if (httpServletRequest instanceof ServletRequestImpl) {
            ((ServletRequestImpl) httpServletRequest).updateSessionId();
        }
    }

    public static Cookie getSessionCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if ((httpServletResponse instanceof ServletResponseImpl) && (httpServletRequest instanceof ServletRequestImpl)) {
            return ((ServletResponseImpl) httpServletResponse).getCookie(((ServletRequestImpl) httpServletRequest).getContext().getSessionCookieName());
        }
        return null;
    }

    public static void runAs(Subject subject, HttpServletRequest httpServletRequest) {
        runAs(AuthenticatedSubject.getFromSubject(subject), httpServletRequest);
    }

    public static void runAs(AuthenticatedSubject authenticatedSubject, HttpServletRequest httpServletRequest) {
        HttpServer server = ((ServletRequestImpl) httpServletRequest).getContext().getServer();
        SessionInternal sessionInternal = (SessionInternal) httpServletRequest.getSession(true);
        sessionInternal.setInternalAttribute(SecurityModule.SESSION_AUTH_USER, authenticatedSubject);
        if (server != null) {
            server.setAuthUser(sessionInternal.getInternalId(), authenticatedSubject);
        }
        SecurityServiceManager.popSubject(getKernelID());
        SecurityServiceManager.pushSubject(getKernelID(), authenticatedSubject);
    }

    public static String getTargetURLForFormAuthentication(HttpSession httpSession) {
        return (String) ((SessionInternal) httpSession).getInternalAttribute("weblogic.formauth.targeturl");
    }
}
