package jeus.servlet.security;

import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.config.AuthConfigFactory;
import javax.security.auth.message.config.AuthConfigProvider;
import javax.security.auth.message.config.ServerAuthConfig;
import javax.security.auth.message.config.ServerAuthContext;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebUserDataPermission;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import jeus.jdbc.driver.blackbox.BlackboxDataSource;
import jeus.security.base.SecurityCommonService;
import jeus.security.base.SecurityException;
import jeus.security.base.ServiceException;
import jeus.security.container.shared.J2EESecurityUtil;
import jeus.security.container.web.ServletSecurity;
import jeus.security.spi.SecurityInstaller;
import jeus.security.util.AuthMethod;
import jeus.server.PatchContentsRelated;
import jeus.servlet.ServletLoggers;
import jeus.servlet.connection.SSLSupport;
import jeus.servlet.deployment.descriptor.FormLoginConfig;
import jeus.servlet.deployment.descriptor.LoginConfig;
import jeus.servlet.deployment.descriptor.SessionCookieDescriptor;
import jeus.servlet.engine.Context;
import jeus.servlet.engine.ExecutionWrapper;
import jeus.servlet.engine.HttpServletRequestImpl;
import jeus.servlet.engine.HttpServletResponseImpl;
import jeus.servlet.filter.LoginInfo;
import jeus.servlet.logger.message.JeusMessage_WebContainer10;
import jeus.servlet.logger.message.JeusMessage_WebContainer2;
import jeus.servlet.security.jaspic.JeusCallbackHandler;
import jeus.servlet.security.jaspic.JeusServletMessageInfo;
import jeus.servlet.security.jaspic.servlet.WebModuleServerAuthModule;
import jeus.util.ExecutionContext;
import jeus.util.JeusRuntimeException;
import jeus.util.logging.JeusLogger;
import jeus.util.message.JeusMessageBundles;

/* loaded from: input_file:jeus/servlet/security/WebModuleSecurityUtil.class */
public final class WebModuleSecurityUtil {
    private static final JeusLogger logger = ServletLoggers.getLogger(ServletLoggers.SECURITY);
    private static final AuthConfigFactory authConfigFactory = AuthConfigFactory.getFactory();
    private static final String ctsServerName = "server";

    public static boolean processLogin(HttpServletRequestImpl httpServletRequestImpl, HttpServletResponse httpServletResponse, ExecutionWrapper executionWrapper, boolean z) throws AuthException {
        String str = "server " + httpServletRequestImpl.getContextPath();
        if (J2EESecurityUtil.isJaspicTest && httpServletRequestImpl.getLookupPath().equals("/AnotherMandatoryAuthen")) {
            str = str + httpServletRequestImpl.getLookupPath();
        }
        AuthConfigProvider configProvider = authConfigFactory.getConfigProvider("HttpServlet", str, null);
        Subject subject = new Subject();
        if (configProvider == null) {
            return true;
        }
        boolean isMandatory = executionWrapper.isMandatory(httpServletRequestImpl);
        if (!J2EESecurityUtil.isJaspicTest && !isMandatory) {
            return true;
        }
        if (z && httpServletResponse.isCommitted()) {
            throw new IllegalStateException(JeusMessageBundles.getMessage(JeusMessage_WebContainer2._3453));
        }
        ServerAuthConfig serverAuthConfig = configProvider.getServerAuthConfig("HttpServlet", str, new JeusCallbackHandler());
        JeusServletMessageInfo jeusServletMessageInfo = new JeusServletMessageInfo(httpServletRequestImpl, httpServletResponse, isMandatory);
        ServerAuthContext authContext = serverAuthConfig.getAuthContext(serverAuthConfig.getAuthContextID(jeusServletMessageInfo), null, getAuthConfig(executionWrapper));
        if (authContext.validateRequest(jeusServletMessageInfo, subject, null) != AuthStatus.SUCCESS) {
            return false;
        }
        HttpServletResponseImpl httpServletResponseImpl = (HttpServletResponseImpl) ExecutionContext.getFromContextStacks(ExecutionWrapper.RESPONSE_INSTANCE_ATTR_NAME);
        httpServletResponseImpl.setMessageInfo(jeusServletMessageInfo);
        httpServletResponseImpl.setAuthContext(authContext);
        return true;
    }

    private static Map<String, Object> getAuthConfig(ExecutionWrapper executionWrapper) {
        FormLoginConfig formLoginConfig;
        HashMap hashMap = new HashMap();
        String securityDomain = executionWrapper.getSecurityDomain();
        if (securityDomain == null) {
            hashMap.put(WebModuleServerAuthModule.SECURITY_DOMAIN_PARAM, SecurityInstaller.getEnvironment().defaultDomainName);
        } else {
            hashMap.put(WebModuleServerAuthModule.SECURITY_DOMAIN_PARAM, securityDomain);
        }
        String securityPolicyID = executionWrapper.getSecurityPolicyID();
        if (securityPolicyID == null) {
            throw new JeusRuntimeException(JeusMessageBundles.getMessage(JeusMessage_WebContainer10._10602));
        }
        hashMap.put(WebModuleServerAuthModule.SECURITY_POLICY_ID_PARAM, securityPolicyID);
        LoginConfig loginConfig = executionWrapper.getLoginConfig();
        if (loginConfig != null) {
            AuthMethod authMethod = AuthMethod.getAuthMethod(loginConfig.getAuthMethod());
            hashMap.put(WebModuleServerAuthModule.AUTH_METHOD_PARAM, authMethod);
            if (authMethod == AuthMethod.FORM && (formLoginConfig = loginConfig.getFormLoginConfig()) != null) {
                hashMap.put(WebModuleServerAuthModule.FORM_LOGIN_PAGE_PARAM, formLoginConfig.getLoginPage());
                hashMap.put(WebModuleServerAuthModule.FORM_ERROR_PAGE_PARAM, formLoginConfig.getErrorPage());
            }
            String realmName = loginConfig.getRealmName();
            if (realmName != null) {
                hashMap.put(WebModuleServerAuthModule.REALM_NAME_PARAM, realmName);
            }
        } else {
            hashMap.put(WebModuleServerAuthModule.AUTH_METHOD_PARAM, AuthMethod.BASIC);
        }
        return hashMap;
    }

    public static boolean isMandatory(String str, HttpServletRequest httpServletRequest) {
        if (((Context) httpServletRequest.getServletContext()).getWebAppDesc().getLoginConfig() != null && ((Context) httpServletRequest.getServletContext()).getWebAppDesc().getLoginConfig().getAuthMethod().equals("FORM") && httpServletRequest.getRequestURI().endsWith(WebModuleServerAuthModule.J_SECURITY_CHECK)) {
            return true;
        }
        if (((Context) httpServletRequest.getServletContext()).isNoSecurityLogin()) {
            return false;
        }
        return (checkUserDataPermission(str, httpServletRequest) && checkResourcePermission(str, httpServletRequest)) ? false : true;
    }

    private static String getUriMinusContextPath(HttpServletRequestImpl httpServletRequestImpl) {
        String decodedRequestURI = httpServletRequestImpl.getDecodedRequestURI();
        String contextPath = httpServletRequestImpl.getContextPath();
        int length = contextPath == null ? 0 : contextPath.length();
        if (length > 0) {
            decodedRequestURI = decodedRequestURI.substring(length);
        }
        if (decodedRequestURI.equals(SessionCookieDescriptor.DEFAULT_PATH)) {
            decodedRequestURI = "";
        }
        return decodedRequestURI;
    }

    public static boolean checkUserDataPermission(String str, HttpServletRequest httpServletRequest) {
        WebUserDataPermission webUserDataPermission;
        String str2 = httpServletRequest.isSecure() ? "CONFIDENTIAL" : BlackboxDataSource.TRANSACTION_NONE;
        String[] strArr = {httpServletRequest.getMethod()};
        if (httpServletRequest.getRequestURI() != null) {
            webUserDataPermission = new WebUserDataPermission(getUriMinusContextPath((HttpServletRequestImpl) ExecutionContext.getExecutionContext().get(ExecutionWrapper.REQUEST_INSTANCE_ATTR_NAME)).replace(PatchContentsRelated.COLON_SEPARATOR, "&#58;"), strArr, str2);
        } else {
            strArr[0] = httpServletRequest.getMethod();
            webUserDataPermission = new WebUserDataPermission(httpServletRequest.getPathInfo(), strArr, str2);
        }
        try {
            SecurityCommonService.checkPermission(str, webUserDataPermission);
            return true;
        } catch (SecurityException e) {
            if (ServletSecurity.isAnonymousSubject() || !logger.isLoggable(JeusMessage_WebContainer2._3454_LEVEL)) {
                return false;
            }
            logger.log(JeusMessage_WebContainer2._3454_LEVEL, JeusMessage_WebContainer2._3454, (Object) webUserDataPermission, (Throwable) e);
            return false;
        } catch (ServiceException e2) {
            if (!logger.isLoggable(JeusMessage_WebContainer2._3454_LEVEL)) {
                return false;
            }
            logger.log(JeusMessage_WebContainer2._3454_LEVEL, JeusMessage_WebContainer2._3454, (Object) webUserDataPermission, (Throwable) e2);
            return false;
        }
    }

    public static boolean checkResourcePermission(String str, HttpServletRequest httpServletRequest) {
        String[] strArr = {httpServletRequest.getMethod()};
        WebResourcePermission webResourcePermission = httpServletRequest.getRequestURI() != null ? new WebResourcePermission(getUriMinusContextPath((HttpServletRequestImpl) ExecutionContext.getExecutionContext().get(ExecutionWrapper.REQUEST_INSTANCE_ATTR_NAME)).replace(PatchContentsRelated.COLON_SEPARATOR, "&#58;"), strArr) : new WebResourcePermission(httpServletRequest.getPathInfo(), strArr);
        try {
            SecurityCommonService.checkPermission(str, webResourcePermission);
            return true;
        } catch (SecurityException e) {
            if (ServletSecurity.isAnonymousSubject() || !logger.isLoggable(JeusMessage_WebContainer2._3454_LEVEL)) {
                return false;
            }
            logger.log(JeusMessage_WebContainer2._3454_LEVEL, JeusMessage_WebContainer2._3454, (Object) webResourcePermission, (Throwable) e);
            return false;
        } catch (ServiceException e2) {
            if (!logger.isLoggable(JeusMessage_WebContainer2._3454_LEVEL)) {
                return false;
            }
            logger.log(JeusMessage_WebContainer2._3454_LEVEL, JeusMessage_WebContainer2._3454, (Object) webResourcePermission, (Throwable) e2);
            return false;
        }
    }

    public static void loginBasic(String str, HttpServletRequestImpl httpServletRequestImpl) throws ServiceException, SecurityException {
        LoginInfo basicLoginInfoFromRequestHeader = WebModuleServerAuthModule.getBasicLoginInfoFromRequestHeader(httpServletRequestImpl);
        loginBasic(str, httpServletRequestImpl, basicLoginInfoFromRequestHeader.username, basicLoginInfoFromRequestHeader.password);
    }

    public static void loginBasic(String str, HttpServletRequestImpl httpServletRequestImpl, String str2, String str3) throws ServiceException, SecurityException {
        ServletSecurity.loginServletCaller(str, str2, str3);
        httpServletRequestImpl.setUserPrincipal(SecurityCommonService.getCurrentSubject().getPrincipal());
        httpServletRequestImpl.setAuthType("BASIC");
    }

    public static boolean loginCertificate(String str, HttpServletRequestImpl httpServletRequestImpl) {
        SSLSupport sslSupport;
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequestImpl.getAttribute(SSLSupport.CERTIFICATE_KEY);
        if ((x509CertificateArr == null || x509CertificateArr.length < 1) && (sslSupport = httpServletRequestImpl.getSslSupport()) != null) {
            try {
                x509CertificateArr = sslSupport.getPeerCertificateChain(true);
                if (x509CertificateArr != null) {
                    httpServletRequestImpl.setAttribute(SSLSupport.CERTIFICATE_KEY, x509CertificateArr);
                }
            } catch (IOException e) {
                return false;
            } catch (Throwable th) {
                th.printStackTrace();
            }
        }
        if (x509CertificateArr == null || x509CertificateArr.length < 1) {
            return false;
        }
        try {
            ServletSecurity.loginServletCaller(str, x509CertificateArr);
            httpServletRequestImpl.setUserPrincipal(SecurityCommonService.getCurrentSubject().getPrincipal());
            httpServletRequestImpl.setAuthType("CLIENT_CERT");
            return true;
        } catch (Throwable th2) {
            return false;
        }
    }
}
