package weblogic.servlet.security.internal;

import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import weblogic.management.descriptors.webapp.LoginConfigMBean;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;
import weblogic.servlet.HTTPLogger;
import weblogic.servlet.internal.RequestDispatcherImpl;
import weblogic.servlet.internal.ServletRequestImpl;
import weblogic.servlet.internal.ServletResponseImpl;
import weblogic.servlet.internal.WebAppServletContext;
import weblogic.servlet.internal.dd.LoginDescriptor;
import weblogic.servlet.internal.session.SessionInternal;

/* loaded from: input_file:weblogic.jar:weblogic/servlet/security/internal/ServletSecurityManager.class */
public final class ServletSecurityManager {
    private SecurityModule delegateModule;
    private WebAppSecurity webAppSecurity;
    private static AuthenticatedSubject kernelId = null;
    private WebAppServletContext context;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic.jar:weblogic/servlet/security/internal/ServletSecurityManager$AuthFilterAction.class */
    public static class AuthFilterAction implements PrivilegedAction {
        private HttpServletRequest request;
        private HttpServletResponse response;
        private RequestDispatcherImpl dispatcher;

        AuthFilterAction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestDispatcherImpl requestDispatcherImpl) {
            this.request = httpServletRequest;
            this.response = httpServletResponse;
            this.dispatcher = requestDispatcherImpl;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            try {
                this.dispatcher.include(this.request, this.response);
                return null;
            } catch (Throwable th) {
                return th;
            }
        }
    }

    public ServletSecurityManager(WebAppServletContext webAppServletContext) {
        this.webAppSecurity = new WebAppSecurity(webAppServletContext);
        setupDelegate(webAppServletContext);
        this.context = webAppServletContext;
    }

    private AuthenticatedSubject getKernelID() {
        if (kernelId == null) {
            kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
        }
        return kernelId;
    }

    private void setupDelegate(WebAppServletContext webAppServletContext) {
        if (this.webAppSecurity != null) {
            String authMethod = this.webAppSecurity.getAuthMethod();
            if (authMethod == null || authMethod.length() < 1 || authMethod.equals("BASIC")) {
                this.delegateModule = new BasicSecurityModule(webAppServletContext, this.webAppSecurity);
            } else if (authMethod.equals("FORM")) {
                this.delegateModule = new FormSecurityModule(webAppServletContext, this.webAppSecurity);
            } else if (authMethod.equals(LoginDescriptor.AM_CLIENT_CERT)) {
                this.delegateModule = new CertSecurityModule(webAppServletContext, this.webAppSecurity);
            } else {
                if (!authMethod.equals("DIGEST")) {
                    throw new IllegalArgumentException(authMethod);
                }
                HTTPLogger.logDigestAuthNotSupported(webAppServletContext.getLogContext());
                this.delegateModule = new BasicSecurityModule(webAppServletContext, this.webAppSecurity);
            }
        } else {
            this.delegateModule = new BasicSecurityModule(webAppServletContext, this.webAppSecurity);
        }
        this.delegateModule.setAuthRealmBanner(webAppServletContext.getAuthRealmName());
    }

    public boolean checkAccess(ServletRequestImpl servletRequestImpl, ServletResponseImpl servletResponseImpl) throws IOException {
        if (this.webAppSecurity == null) {
            return true;
        }
        RequestDispatcherImpl authFilterRD = this.webAppSecurity.getAuthFilterRD();
        if (authFilterRD != null) {
            servletRequestImpl.setAttribute(SecurityModule.REQUEST_AUTH_RESULT, new Integer(-1));
            Throwable th = (Throwable) SecurityServiceManager.runAs(getKernelID(), SubjectUtils.getAnonymousSubject(), new AuthFilterAction(servletRequestImpl, servletResponseImpl, authFilterRD));
            if (th != null) {
                HTTPLogger.logAuthFilterInvocationFailed(this.webAppSecurity.getAuthFilter(), "pre-auth", servletRequestImpl.getRequestURI(), th);
            }
            servletRequestImpl.removeAttribute(SecurityModule.REQUEST_AUTH_RESULT);
        }
        try {
            ResourceConstraint constraint = this.webAppSecurity.getConstraint(servletRequestImpl);
            if (constraint == null || !constraint.isCompletelyRestricted()) {
                boolean checkA = this.delegateModule.checkA(servletRequestImpl, servletResponseImpl);
                WebAppServletContext context = servletRequestImpl.getContext();
                SessionInternal userSession = this.delegateModule.getUserSession(servletRequestImpl, false);
                if (userSession != null) {
                    if (checkA) {
                        context.getServer().register(userSession.getInternalId(), context.getContextPath());
                    } else {
                        context.getServer().unregister(userSession.getInternalId(), context.getContextPath());
                    }
                }
                if (authFilterRD != null) {
                    AuthenticatedSubject authenticatedSubject = null;
                    if (servletRequestImpl.getAttribute(SecurityModule.REQUEST_AUTH_RESULT) == null) {
                        if (checkA) {
                            authenticatedSubject = SecurityModule.getCurrentUser(this.context.getServer(), servletRequestImpl);
                            servletRequestImpl.setAttribute(SecurityModule.REQUEST_AUTH_RESULT, new Integer(0));
                        } else {
                            servletRequestImpl.setAttribute(SecurityModule.REQUEST_AUTH_RESULT, new Integer(1));
                        }
                    }
                    if (authenticatedSubject == null) {
                        authenticatedSubject = SubjectUtils.getAnonymousSubject();
                    }
                    Throwable th2 = (Throwable) SecurityServiceManager.runAs(getKernelID(), authenticatedSubject, new AuthFilterAction(servletRequestImpl, servletResponseImpl, authFilterRD));
                    if (th2 != null) {
                        HTTPLogger.logAuthFilterInvocationFailed(this.webAppSecurity.getAuthFilter(), "post-auth", servletRequestImpl.getRequestURI(), th2);
                    }
                    Integer num = (Integer) servletRequestImpl.getAttribute(SecurityModule.REQUEST_AUTH_RESULT);
                    if (num != null && checkA && num.intValue() == 1) {
                        checkA = false;
                        this.delegateModule.sendError(servletRequestImpl, servletResponseImpl);
                    }
                }
                servletRequestImpl.removeAttribute(SecurityModule.REQUEST_AUTH_RESULT);
                return checkA;
            }
            if (this.delegateModule instanceof FormSecurityModule) {
                String contextPath = servletRequestImpl.getContext().getContextPath();
                String requestURI = servletRequestImpl.getRequestURI();
                if (requestURI.equals(new StringBuffer().append(contextPath).append(this.webAppSecurity.getLoginPage()).toString()) || requestURI.equals(new StringBuffer().append(contextPath).append(this.webAppSecurity.getErrorPage()).toString())) {
                    if (authFilterRD != null) {
                        AuthenticatedSubject authenticatedSubject2 = null;
                        if (servletRequestImpl.getAttribute(SecurityModule.REQUEST_AUTH_RESULT) == null) {
                            if (1 != 0) {
                                authenticatedSubject2 = SecurityModule.getCurrentUser(this.context.getServer(), servletRequestImpl);
                                servletRequestImpl.setAttribute(SecurityModule.REQUEST_AUTH_RESULT, new Integer(0));
                            } else {
                                servletRequestImpl.setAttribute(SecurityModule.REQUEST_AUTH_RESULT, new Integer(1));
                            }
                        }
                        if (authenticatedSubject2 == null) {
                            authenticatedSubject2 = SubjectUtils.getAnonymousSubject();
                        }
                        Throwable th3 = (Throwable) SecurityServiceManager.runAs(getKernelID(), authenticatedSubject2, new AuthFilterAction(servletRequestImpl, servletResponseImpl, authFilterRD));
                        if (th3 != null) {
                            HTTPLogger.logAuthFilterInvocationFailed(this.webAppSecurity.getAuthFilter(), "post-auth", servletRequestImpl.getRequestURI(), th3);
                        }
                        Integer num2 = (Integer) servletRequestImpl.getAttribute(SecurityModule.REQUEST_AUTH_RESULT);
                        if (num2 != null && 1 != 0 && num2.intValue() == 1) {
                            this.delegateModule.sendError(servletRequestImpl, servletResponseImpl);
                        }
                    }
                    servletRequestImpl.removeAttribute(SecurityModule.REQUEST_AUTH_RESULT);
                    return true;
                }
            }
            servletResponseImpl.sendError(403);
            if (authFilterRD != null) {
                AuthenticatedSubject authenticatedSubject3 = null;
                if (servletRequestImpl.getAttribute(SecurityModule.REQUEST_AUTH_RESULT) == null) {
                    if (0 != 0) {
                        authenticatedSubject3 = SecurityModule.getCurrentUser(this.context.getServer(), servletRequestImpl);
                        servletRequestImpl.setAttribute(SecurityModule.REQUEST_AUTH_RESULT, new Integer(0));
                    } else {
                        servletRequestImpl.setAttribute(SecurityModule.REQUEST_AUTH_RESULT, new Integer(1));
                    }
                }
                if (authenticatedSubject3 == null) {
                    authenticatedSubject3 = SubjectUtils.getAnonymousSubject();
                }
                Throwable th4 = (Throwable) SecurityServiceManager.runAs(getKernelID(), authenticatedSubject3, new AuthFilterAction(servletRequestImpl, servletResponseImpl, authFilterRD));
                if (th4 != null) {
                    HTTPLogger.logAuthFilterInvocationFailed(this.webAppSecurity.getAuthFilter(), "post-auth", servletRequestImpl.getRequestURI(), th4);
                }
                Integer num3 = (Integer) servletRequestImpl.getAttribute(SecurityModule.REQUEST_AUTH_RESULT);
                if (num3 != null && 0 != 0 && num3.intValue() == 1) {
                    this.delegateModule.sendError(servletRequestImpl, servletResponseImpl);
                }
            }
            servletRequestImpl.removeAttribute(SecurityModule.REQUEST_AUTH_RESULT);
            return false;
        } catch (Throwable th5) {
            if (authFilterRD != null) {
                AuthenticatedSubject authenticatedSubject4 = null;
                if (servletRequestImpl.getAttribute(SecurityModule.REQUEST_AUTH_RESULT) == null) {
                    if (1 != 0) {
                        authenticatedSubject4 = SecurityModule.getCurrentUser(this.context.getServer(), servletRequestImpl);
                        servletRequestImpl.setAttribute(SecurityModule.REQUEST_AUTH_RESULT, new Integer(0));
                    } else {
                        servletRequestImpl.setAttribute(SecurityModule.REQUEST_AUTH_RESULT, new Integer(1));
                    }
                }
                if (authenticatedSubject4 == null) {
                    authenticatedSubject4 = SubjectUtils.getAnonymousSubject();
                }
                Throwable th6 = (Throwable) SecurityServiceManager.runAs(getKernelID(), authenticatedSubject4, new AuthFilterAction(servletRequestImpl, servletResponseImpl, authFilterRD));
                if (th6 != null) {
                    HTTPLogger.logAuthFilterInvocationFailed(this.webAppSecurity.getAuthFilter(), "post-auth", servletRequestImpl.getRequestURI(), th6);
                }
                Integer num4 = (Integer) servletRequestImpl.getAttribute(SecurityModule.REQUEST_AUTH_RESULT);
                if (num4 != null && 1 != 0 && num4.intValue() == 1) {
                    this.delegateModule.sendError(servletRequestImpl, servletResponseImpl);
                }
            }
            servletRequestImpl.removeAttribute(SecurityModule.REQUEST_AUTH_RESULT);
            throw th5;
        }
    }

    public WebAppSecurity getWebAppSecurity() {
        return this.webAppSecurity;
    }

    public void setWebAppSecurity(WebAppSecurity webAppSecurity) {
        this.webAppSecurity = webAppSecurity;
        setupDelegate(this.context);
    }

    public void setLoginConfig(LoginConfigMBean loginConfigMBean) {
        this.webAppSecurity.setLoginConfig(loginConfigMBean);
        setupDelegate(this.context);
    }

    public void setAuthRealmName(String str) {
        this.delegateModule.setAuthRealmBanner(str);
    }

    public SecurityModule getDelegateModule() {
        return this.delegateModule;
    }
}
