package weblogic.servlet.security.internal;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.util.Enumeration;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.cookie.SM;
import sun.io.CharToByteConverter;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.SecurityServiceManager;
import weblogic.servlet.HTTPLogger;
import weblogic.servlet.internal.ServletInputStreamImpl;
import weblogic.servlet.internal.ServletRequestImpl;
import weblogic.servlet.internal.WebAppServletContext;
import weblogic.servlet.internal.session.SessionInternal;
import weblogic.utils.http.QueryParams;

/* loaded from: input_file:weblogic.jar:weblogic/servlet/security/internal/FormSecurityModule.class */
public final class FormSecurityModule extends SecurityModule {
    public FormSecurityModule(WebAppServletContext webAppServletContext, WebAppSecurity webAppSecurity) {
        super(webAppServletContext, webAppSecurity);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // weblogic.servlet.security.internal.SecurityModule
    public boolean checkA(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Object obj;
        ServletRequestImpl servletRequestImpl = (ServletRequestImpl) httpServletRequest;
        String requestURI = servletRequestImpl.getRequestURI();
        SessionInternal userSession = getUserSession(httpServletRequest, false);
        ResourceConstraint constraint = this.webAppSecurity.getConstraint(servletRequestImpl);
        if (requestURI.endsWith("/j_security_check") && userSession != null) {
            SecurityModule.logoutAuthUser(getHttpServer(), userSession);
        }
        if (userSession != null) {
            try {
                obj = userSession.getInternalAttribute("weblogic.formauth.postcookie");
            } catch (IllegalStateException e) {
                obj = null;
            }
            if (obj != null) {
                if (this.verbose) {
                    this.log.debug("Found that this was a POST, restoring original headers");
                }
                userSession.removeInternalAttribute("weblogic.formauth.method");
                userSession.removeInternalAttribute("weblogic.formauth.postcookie");
                servletRequestImpl.setMethod(HttpPost.METHOD_NAME);
                QueryParams queryParams = (QueryParams) userSession.getInternalAttribute("weblogic.formauth.queryparams");
                if (queryParams != null) {
                    userSession.removeInternalAttribute("weblogic.formauth.queryparams");
                    servletRequestImpl.setQueryParams(queryParams);
                }
                byte[] bArr = (byte[]) userSession.getInternalAttribute("weblogic.formauth.bytearray");
                if (bArr != null) {
                    userSession.removeInternalAttribute("weblogic.formauth.bytearray");
                    servletRequestImpl.setInputStream((ServletInputStream) new ServletInputStreamImpl(new ByteArrayInputStream(bArr)));
                }
                List list = (List) userSession.getInternalAttribute("weblogic.formauth.reqheadernames");
                if (list != null) {
                    List list2 = (List) userSession.getInternalAttribute("weblogic.formauth.reqheadervalues");
                    byte[] headerValueBytes = servletRequestImpl.getHeaderValueBytes(SM.COOKIE);
                    if (headerValueBytes != null) {
                        int size = list.size();
                        boolean z = false;
                        int i = 0;
                        while (true) {
                            if (i >= size) {
                                break;
                            }
                            if (SM.COOKIE.startsWith((String) list.get(i))) {
                                list2.set(i, headerValueBytes);
                                z = true;
                                break;
                            }
                            i++;
                        }
                        if (!z) {
                            list.add(SM.COOKIE);
                            list2.add(headerValueBytes);
                        }
                    }
                    userSession.removeInternalAttribute("weblogic.formauth.reqheadernames");
                    userSession.removeInternalAttribute("weblogic.formauth.reqheadervalues");
                    servletRequestImpl.setHeaderArrayList(list, list2);
                }
            } else {
                String str = (String) userSession.getInternalAttribute("weblogic.formauth.method");
                if (str != null && str.equals(HttpGet.METHOD_NAME)) {
                    userSession.removeInternalAttribute("weblogic.formauth.method");
                }
            }
        }
        if (constraint == null && !this.webAppSecurity.isFullSecurityDelegationRequired() && !requestURI.endsWith("/j_security_check")) {
            if (requestURI.equals(new StringBuffer().append(servletRequestImpl.getContext().getContextPath()).append(this.webAppSecurity.getErrorPage()).toString())) {
                Object obj2 = null;
                if (userSession != null) {
                    obj2 = userSession.getInternalAttribute("weblogic.formauth.targeturl");
                }
                if (obj2 != null) {
                    servletRequestImpl.setAttribute(SecurityModule.REQUEST_FORM_TARGETURL, obj2);
                }
            }
            if (!this.verbose) {
                return true;
            }
            HTTPLogger.logCheckAccessPassed(this.webAppSecurity.getContextLog(), servletRequestImpl.getRequestURI());
            return true;
        }
        if (!checkTransport(servletRequestImpl, httpServletResponse)) {
            return false;
        }
        String contextPath = servletRequestImpl.getContext().getContextPath();
        if (requestURI.equals(new StringBuffer().append(contextPath).append(this.webAppSecurity.getLoginPage()).toString()) || requestURI.equals(new StringBuffer().append(contextPath).append(this.webAppSecurity.getErrorPage()).toString())) {
            if (!this.verbose) {
                return true;
            }
            HTTPLogger.logCheckAccessPassed(this.webAppSecurity.getContextLog(), servletRequestImpl.getRequestURI());
            return true;
        }
        if (requestURI.endsWith("/j_security_check") || this.webAppSecurity.isFullSecurityDelegationRequired() || constraint.isCompletelyUnrestricted() != 1) {
            return beginCheck(servletRequestImpl, httpServletResponse);
        }
        if (!this.verbose) {
            return true;
        }
        HTTPLogger.logCheckAccessPassed(this.webAppSecurity.getContextLog(), servletRequestImpl.getRequestURI());
        return true;
    }

    @Override // weblogic.servlet.security.internal.SecurityModule
    boolean checkUserPerm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticatedSubject authenticatedSubject) throws IOException {
        ResourceConstraint constraint = this.webAppSecurity.getConstraint(httpServletRequest);
        if (!httpServletRequest.getRequestURI().endsWith("j_security_check")) {
            if (authenticatedSubject == null) {
                if (this.webAppSecurity.isFullSecurityDelegationRequired() && checkPerm((ServletRequestImpl) httpServletRequest, constraint, null)) {
                    return true;
                }
                stuffSession(httpServletRequest, httpServletResponse);
                try {
                    this.webAppSecurity.sendLoginPage(httpServletRequest, httpServletResponse);
                    return false;
                } catch (ServletException e) {
                    return false;
                }
            }
            SessionInternal userSession = getUserSession(httpServletRequest, false);
            if (!checkPerm((ServletRequestImpl) httpServletRequest, constraint, authenticatedSubject)) {
                if (userSession == null || userSession.getInternalAttribute("weblogic.formauth.immediate") == null) {
                    stuffSession(httpServletRequest, httpServletResponse);
                    try {
                        this.webAppSecurity.sendLoginPage(httpServletRequest, httpServletResponse);
                        return false;
                    } catch (ServletException e2) {
                        return false;
                    }
                }
                userSession.removeInternalAttribute("weblogic.formauth.immediate");
                try {
                    this.webAppSecurity.sendErrorPage(httpServletRequest, httpServletResponse);
                    return false;
                } catch (ServletException e3) {
                    return false;
                }
            }
            if (userSession != null && !SubjectUtils.isUserAnonymous(authenticatedSubject) && !SecurityServiceManager.isKernelIdentity(authenticatedSubject)) {
                userSession = getUserSession(httpServletRequest, true);
                getHttpServer().setAuthUser(userSession.getInternalId(), authenticatedSubject);
                userSession.setInternalAttribute(SecurityModule.SESSION_AUTH_USER, authenticatedSubject);
            }
            if (userSession != null) {
                userSession.removeInternalAttribute("weblogic.formauth.targeturl");
            }
            if (checkAuthCookie(getHttpServer(), httpServletRequest, userSession)) {
                return true;
            }
            try {
                this.webAppSecurity.sendLoginPage(httpServletRequest, httpServletResponse);
                return false;
            } catch (ServletException e4) {
                return false;
            }
        }
        String parameter = httpServletRequest.getParameter("j_character_encoding");
        if (parameter != null) {
            try {
                if (Charset.isSupported(parameter) || CharToByteConverter.getConverter(parameter) != null) {
                    httpServletRequest.setCharacterEncoding(parameter);
                }
            } catch (UnsupportedEncodingException e5) {
            }
        }
        String parameter2 = httpServletRequest.getParameter("j_username");
        String parameter3 = httpServletRequest.getParameter("j_password");
        if (parameter2 == null || parameter3 == null) {
            try {
                this.webAppSecurity.sendErrorPage(httpServletRequest, httpServletResponse);
                return false;
            } catch (ServletException e6) {
                return false;
            }
        }
        AuthenticatedSubject checkAuthenticate = SecurityModule.checkAuthenticate(parameter2, parameter3, (ServletRequestImpl) httpServletRequest, true);
        if (checkAuthenticate == null) {
            try {
                this.webAppSecurity.sendErrorPage(httpServletRequest, httpServletResponse);
                return false;
            } catch (ServletException e7) {
                return false;
            }
        }
        httpServletRequest.setAttribute(SecurityModule.REQUEST_AUTH_RESULT, new Integer(0));
        if (!SubjectUtils.isUserAnonymous(checkAuthenticate) && !SecurityServiceManager.isKernelIdentity(checkAuthenticate)) {
            SecurityModule.storeAuthUser(httpServletRequest, getUserSession(httpServletRequest, true), getHttpServer(), checkAuthenticate);
        }
        SessionInternal userSession2 = getUserSession(httpServletRequest, false);
        String str = null;
        if (userSession2 != null) {
            str = (String) userSession2.getInternalAttribute("weblogic.formauth.targeturl");
        }
        if (userSession2 == null || str == null) {
            String requestURI = httpServletRequest.getRequestURI();
            int length = httpServletRequest.getContextPath().length();
            String substring = length > 0 ? requestURI.substring(0, length) : "/";
            ((ServletRequestImpl) httpServletRequest).setRedirected(true);
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(substring));
            return false;
        }
        String str2 = null;
        if (userSession2 != null) {
            str2 = (String) userSession2.getInternalAttribute("weblogic.formauth.method");
        } else {
            userSession2 = getUserSession(httpServletRequest, true);
        }
        if (str2 != null && HttpPost.METHOD_NAME.equals(str2)) {
            userSession2.setInternalAttribute("weblogic.formauth.postcookie", "true");
        }
        userSession2.setInternalAttribute("weblogic.formauth.immediate", "true");
        if (this.verbose) {
            this.log.debug(new StringBuffer().append(checkAuthenticate).append(" has permission to execute ").append("this webapp on ").append(str).toString());
        }
        ((ServletRequestImpl) httpServletRequest).setRedirected(true);
        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(str));
        return false;
    }

    private void stuffSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        SessionInternal userSession = getUserSession(httpServletRequest, true);
        String requestURI = httpServletRequest.getRequestURI();
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null) {
            requestURI = new StringBuffer().append(requestURI).append("?").append(queryString).toString();
        }
        userSession.setInternalAttribute("weblogic.formauth.targeturl", requestURI);
        userSession.setInternalAttribute("weblogic.formauth.method", httpServletRequest.getMethod());
        if (HttpPost.METHOD_NAME.equals(httpServletRequest.getMethod())) {
            ServletInputStream inputStream = ((ServletRequestImpl) httpServletRequest).getInputStream();
            byte[] bArr = new byte[4096];
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (true) {
                int read = inputStream.read(bArr, 0, bArr.length);
                if (read == -1) {
                    break;
                } else {
                    byteArrayOutputStream.write(bArr, 0, read);
                }
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (byteArray.length > 0) {
                userSession.setInternalAttribute("weblogic.formauth.bytearray", byteArray);
            } else {
                userSession.removeInternalAttribute("weblogic.formauth.bytearray");
            }
            userSession.setInternalAttribute("weblogic.formauth.reqheadernames", ((ServletRequestImpl) httpServletRequest).getHeaderNamesArrayList());
            userSession.setInternalAttribute("weblogic.formauth.reqheadervalues", ((ServletRequestImpl) httpServletRequest).getHeaderValuesArrayList());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // weblogic.servlet.security.internal.SecurityModule
    public void sendError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            this.webAppSecurity.sendErrorPage(httpServletRequest, httpServletResponse);
        } catch (IOException e) {
            HTTPLogger.logServlet("Error sending errorPage", e.getMessage());
        } catch (ServletException e2) {
            HTTPLogger.logServlet("Error sending errorPage", e2.getMessage());
        }
    }

    private void dumpSession(SessionInternal sessionInternal) {
        Enumeration internalAttributeNames = sessionInternal.getInternalAttributeNames();
        System.out.println("____________session info_____________");
        System.out.println(new StringBuffer().append(" session is ").append(sessionInternal.getClass().getName()).toString());
        while (internalAttributeNames.hasMoreElements()) {
            String str = (String) internalAttributeNames.nextElement();
            System.out.println(new StringBuffer().append(" -- ").append(str).append("\t= ").append(sessionInternal.getInternalAttribute(str)).toString());
        }
    }
}
