package jeus.security.container.web;

import java.io.File;
import java.lang.reflect.Method;
import java.security.Permission;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.Map;
import java.util.Set;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebUserDataPermission;
import javax.servlet.ServletSecurityElement;
import javax.servlet.http.HttpServletRequest;
import jeus.container.security.WebSecurityAnnotationInfo;
import jeus.security.base.AnonymousSubject;
import jeus.security.base.CodeSubject;
import jeus.security.base.CredentialFactoryException;
import jeus.security.base.Domain;
import jeus.security.base.Policy;
import jeus.security.base.SecurityCommonService;
import jeus.security.base.SecurityException;
import jeus.security.base.ServiceException;
import jeus.security.base.Subject;
import jeus.security.container.shared.J2EESecurityUtil;
import jeus.security.container.shared.SecurityContext;
import jeus.security.impl.atn.DefaultIdentityAssertionService;
import jeus.security.impl.atnrep.XMLAccountConverter;
import jeus.security.impl.verification.PasswordWithMD5VerificationService;
import jeus.security.impl.verification.X509CertificateVerificationService;
import jeus.security.resource.PasswordWithMD5Factory;
import jeus.security.resource.PrincipalImpl;
import jeus.security.resource.RolePermission;
import jeus.security.spi.AuthenticationRepositoryService;
import jeus.security.spi.SecurityInstaller;
import jeus.security.util.Constants;
import jeus.server.PatchContentsRelated;
import jeus.util.ErrorMsgManager;
import jeus.util.message.JeusMessage_Security_Exception;
import jeus.xml.binding.j2ee.WebAppType;
import jeus.xml.binding.jeusDD.ContextType;

/* loaded from: input_file:jeus/security/container/web/ServletSecurity.class */
public class ServletSecurity {
    private static Map subjectsTableForRemove = new Hashtable();

    public static void setServletSecurityContext(String str, HttpServletRequest httpServletRequest) {
        if (SecurityInstaller.isSecurityOff()) {
            return;
        }
        SecurityContext securityContext = J2EESecurityUtil.getSecurityContext();
        securityContext.put(SecurityContext.POLICY_ID_KEY, (Object) str);
        securityContext.put("javax.servlet.http.HttpServletRequest", (Object) httpServletRequest);
        Subject currentSubject = SecurityCommonService.getCurrentSubject();
        Principal principal = currentSubject.getPrincipal();
        securityContext.put(SecurityContext.CALLER_SUBJECT_KEY, (Object) currentSubject);
        securityContext.put(SecurityContext.CALLER_PRINCIPAL_KEY, (Object) principal);
        J2EESecurityUtil.pushSecurityContext(securityContext);
    }

    public static void clearServletSecurityContext() {
        if (SecurityInstaller.isSecurityOff()) {
            return;
        }
        J2EESecurityUtil.popSecurityContext();
    }

    public static void setServletRunAsIdentity(String str) throws ServiceException, SecurityException {
        setServletRunAsIdentity(new Subject(new PrincipalImpl(str)));
    }

    public static void setServletRunAsIdentity(String str, String str2) throws ServiceException, SecurityException {
        setServletRunAsIdentity(new Subject(str, new PrincipalImpl(str2)));
    }

    public static void setServletRunAsIdentity(Subject subject) throws ServiceException, SecurityException {
        SecurityCommonService.loginDefault(subject, true);
    }

    public static void clearServletRunAsIdentity() throws ServiceException, SecurityException {
        SecurityCommonService.logout();
    }

    public static void checkServletAccessPermission(WebResourcePermission webResourcePermission) throws ServiceException, SecurityException {
        if (SecurityInstaller.isSecurityOff()) {
            return;
        }
        SecurityCommonService.checkPermission((String) J2EESecurityUtil.peekSecurityContext().get(SecurityContext.POLICY_ID_KEY), webResourcePermission);
    }

    public static void checkServletUserDataPermission(WebUserDataPermission webUserDataPermission) throws ServiceException, SecurityException {
        SecurityContext peekSecurityContext;
        if (SecurityInstaller.isSecurityOff() || (peekSecurityContext = J2EESecurityUtil.peekSecurityContext()) == null) {
            return;
        }
        SecurityCommonService.checkPermission((String) peekSecurityContext.get(SecurityContext.POLICY_ID_KEY), webUserDataPermission);
    }

    public static void checkServletRolePermission(String str, String str2, String str3, String str4) throws ServiceException, SecurityException {
        try {
            if (SecurityInstaller.isSecurityOff()) {
                return;
            }
            try {
                SecurityCommonService.loginDefault(new Subject(str2, new PrincipalImpl(str3)), true);
                SecurityCommonService.checkPermission(str, new RolePermission(str4));
            } catch (SecurityException e) {
                throw e;
            } catch (ServiceException e2) {
                throw e2;
            }
        } finally {
            SecurityCommonService.logout();
        }
    }

    public static Principal getServletUserPrincipal() throws ServiceException, SecurityException {
        Subject currentSubject = SecurityCommonService.getCurrentSubject();
        if (AnonymousSubject.isAnonymous(currentSubject)) {
            return null;
        }
        return currentSubject.getPrincipal();
    }

    public static Principal getServletRunasUserPrincipal() {
        SecurityContext peekRunasSecurityContext = J2EESecurityUtil.peekRunasSecurityContext();
        if (peekRunasSecurityContext == null) {
            return null;
        }
        return (Principal) peekRunasSecurityContext.get(SecurityContext.CALLER_PRINCIPAL_KEY);
    }

    public static void checkServletUserInRole(Permission permission) throws ServiceException, SecurityException {
        SecurityContext peekSecurityContext;
        if (SecurityInstaller.isSecurityOff() || (peekSecurityContext = J2EESecurityUtil.peekSecurityContext()) == null) {
            return;
        }
        SecurityCommonService.checkPermission((String) peekSecurityContext.get(SecurityContext.POLICY_ID_KEY), permission);
    }

    public static void checkServletRunasUserInRole(Permission permission) throws ServiceException, SecurityException {
        boolean z = false;
        try {
            SecurityContext peekRunasSecurityContext = J2EESecurityUtil.peekRunasSecurityContext();
            SecurityCommonService.loginDefault((Subject) peekRunasSecurityContext.get(SecurityContext.CALLER_SUBJECT_KEY));
            z = true;
            SecurityCommonService.checkPermission((String) peekRunasSecurityContext.get(SecurityContext.POLICY_ID_KEY), permission);
            if (1 != 0) {
                SecurityCommonService.logout();
            }
        } catch (Throwable th) {
            if (z) {
                SecurityCommonService.logout();
            }
            throw th;
        }
    }

    public static Object runServletBusinessCode(Object obj, Method method, Object[] objArr) throws Throwable {
        return J2EESecurityUtil.runCode(obj, method, objArr);
    }

    public static boolean addServletPolicyToApp(String str, WebAppType webAppType, ContextType contextType, Policy policy, String str2, Map<String, ServletSecurityElement> map, Map<String, WebSecurityAnnotationInfo> map2, Set<String> set, String str3) throws Exception {
        if (SecurityInstaller.isSecurityOff()) {
            return false;
        }
        if (policy == null) {
            policy = new Policy();
        }
        if (str2 == null || str2.equals("")) {
            str2 = Domain.DEFAULT_APPLICATION_DOMAIN_NAME;
        }
        Policy makePolicy = J2EESecurityUtil.makePolicy(str, webAppType, contextType, new XMLJ2EEWebDDConverter(map, map2, set), new XMLJEUSWebDDConverter(), str2);
        policy.add(makePolicy);
        J2EESecurityUtil.addPolicy(policy, str2, str3);
        return makePolicy.isUnchecked();
    }

    public static void removeServletPolicy(String str, String str2, String str3) throws Exception {
        J2EESecurityUtil.removePolicy(str, str2, str3);
    }

    public static void addServletSubjectsToApp(String str, String str2, String str3) throws ServiceException {
        File file = new File(str3 + File.separator + Constants.DEFAULT_ACCOUNTS_FILE_NAME);
        if (file.exists()) {
            if (str == null) {
                str = Domain.DEFAULT_APPLICATION_DOMAIN_NAME;
            } else if (str.equals("SYSTEM_DOMAIN")) {
                return;
            }
            try {
                try {
                    Subject[] subjectArr = (Subject[]) new XMLAccountConverter(str).unmarshal(file);
                    try {
                        try {
                            SecurityCommonService.loginCodeSubject(str);
                            AuthenticationRepositoryService.addSubjects(str, subjectArr, false);
                            try {
                                SecurityCommonService.logout();
                            } catch (Exception e) {
                            }
                        } finally {
                            try {
                                SecurityCommonService.logout();
                            } catch (Exception e2) {
                            }
                        }
                    } catch (SecurityException e3) {
                    }
                    subjectsTableForRemove.put(str + PatchContentsRelated.COLON_SEPARATOR + str2, subjectArr);
                } catch (Exception e4) {
                    throw new ServiceException(e4.toString());
                }
            } catch (Exception e5) {
            }
        }
    }

    public static void removeServletSubjectsFromApp(String str, String str2) throws ServiceException {
        if (str == null) {
            str = Domain.DEFAULT_APPLICATION_DOMAIN_NAME;
        } else if (str.equals("SYSTEM_DOMAIN")) {
            return;
        }
        Subject[] subjectArr = (Subject[]) subjectsTableForRemove.remove(str + PatchContentsRelated.COLON_SEPARATOR + str2);
        try {
            if (subjectArr == null) {
                return;
            }
            try {
                SecurityCommonService.loginCodeSubject(str);
                AuthenticationRepositoryService.removeSubjects(str, subjectArr, false);
            } catch (SecurityException e) {
                try {
                    SecurityCommonService.logout();
                } catch (Exception e2) {
                }
            }
        } finally {
            try {
                SecurityCommonService.logout();
            } catch (Exception e3) {
            }
        }
    }

    public static Subject logoutServletCaller() throws ServiceException, SecurityException {
        return SecurityCommonService.logout();
    }

    public static void loginServletCaller(String str, String str2) throws ServiceException, SecurityException {
        loginServletCaller(null, str, str2);
    }

    public static void loginServletCaller(String str, String str2, String str3) throws ServiceException, SecurityException {
        if (SecurityInstaller.isSecurityOff()) {
            return;
        }
        if (str == null) {
            str = Domain.DEFAULT_APPLICATION_DOMAIN_NAME;
        }
        try {
            SecurityCommonService.loginDefault(Subject.makeSubject(str, str2, str3));
        } catch (Exception e) {
            throw new ServiceException(ErrorMsgManager.getErrorStringMessage(JeusMessage_Security_Exception._21), e);
        }
    }

    public static void loginServletCaller(Subject subject) throws ServiceException, SecurityException {
        SecurityCommonService.loginDefault(subject);
    }

    public static void loginServletCaller(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9) throws ServiceException, SecurityException {
        if (str == null) {
            str = Domain.DEFAULT_APPLICATION_DOMAIN_NAME;
        }
        if (!checkDigestService(str)) {
            throw new ServiceException(ErrorMsgManager.getErrorStringMessage(JeusMessage_Security_Exception._22));
        }
        try {
            Subject makeSubject = Subject.makeSubject(str, str2, (String) null);
            try {
                PasswordWithMD5Factory passwordWithMD5Factory = new PasswordWithMD5Factory();
                passwordWithMD5Factory.setProperty("password", str3);
                passwordWithMD5Factory.setProperty(PasswordWithMD5Factory.NONCE_PROPERTY_KEY, str4);
                passwordWithMD5Factory.setProperty(PasswordWithMD5Factory.NC_PROPERTY_KEY, str5);
                passwordWithMD5Factory.setProperty(PasswordWithMD5Factory.CNONCE_PROPERTY_KEY, str6);
                passwordWithMD5Factory.setProperty(PasswordWithMD5Factory.QOP_PROPERTY_KEY, str7);
                passwordWithMD5Factory.setProperty(PasswordWithMD5Factory.REALM_PROPERTY_KEY, str8);
                passwordWithMD5Factory.setProperty(PasswordWithMD5Factory.MD5A2_PROPERTY_KEY, str9);
                makeSubject.getCredentialFactories().add(passwordWithMD5Factory);
                try {
                    makeSubject.getPrivateCredentials().add(passwordWithMD5Factory.getCredential());
                    makeSubject.setDomainName(str);
                    SecurityCommonService.loginDefault(makeSubject);
                } catch (CredentialFactoryException e) {
                    e.printStackTrace();
                    throw new SecurityException(ErrorMsgManager.getErrorStringMessage(JeusMessage_Security_Exception._23, str2));
                }
            } catch (Exception e2) {
                e2.printStackTrace();
            }
        } catch (Exception e3) {
            throw new ServiceException(ErrorMsgManager.getErrorStringMessage(JeusMessage_Security_Exception._21), e3);
        }
    }

    public static void loginServletCaller(String str, X509Certificate[] x509CertificateArr) throws ServiceException, SecurityException {
        if (str == null) {
            str = Domain.DEFAULT_APPLICATION_DOMAIN_NAME;
        }
        if (!checkClientCertService(str)) {
            throw new ServiceException(ErrorMsgManager.getErrorStringMessage(JeusMessage_Security_Exception._24));
        }
        Subject subject = new Subject(str, null);
        subject.getPublicCredentials().addAll(Arrays.asList(x509CertificateArr));
        subject.setDomainName(str);
        SecurityCommonService.loginDefault(subject);
    }

    private static boolean checkDigestService(String str) {
        try {
            Domain domain = Domain.getDomain(str);
            if (domain.isEnableDigistService()) {
                return true;
            }
            synchronized (domain) {
                if (domain.isEnableDigistService()) {
                    return true;
                }
                PasswordWithMD5VerificationService passwordWithMD5VerificationService = new PasswordWithMD5VerificationService();
                domain.addService(passwordWithMD5VerificationService);
                try {
                    try {
                        passwordWithMD5VerificationService.create(true);
                        domain.setEnableDigistService(true);
                        return true;
                    } catch (ServiceException e) {
                        e.printStackTrace();
                        domain.removeService(passwordWithMD5VerificationService);
                        return false;
                    }
                } catch (SecurityException e2) {
                    e2.printStackTrace();
                    domain.removeService(passwordWithMD5VerificationService);
                    return false;
                }
            }
        } catch (ServiceException e3) {
            e3.printStackTrace();
            return false;
        }
    }

    private static boolean checkClientCertService(String str) {
        try {
            Domain domain = Domain.getDomain(str);
            if (domain.isEnableClientCertService()) {
                return true;
            }
            synchronized (domain) {
                if (domain.isEnableClientCertService()) {
                    return true;
                }
                X509CertificateVerificationService x509CertificateVerificationService = new X509CertificateVerificationService();
                domain.addService(x509CertificateVerificationService);
                try {
                    try {
                        x509CertificateVerificationService.create(true);
                        DefaultIdentityAssertionService defaultIdentityAssertionService = new DefaultIdentityAssertionService();
                        domain.addService(defaultIdentityAssertionService);
                        try {
                            try {
                                defaultIdentityAssertionService.create(true);
                                domain.setEnableClientCertService(true);
                                return true;
                            } catch (ServiceException e) {
                                e.printStackTrace();
                                domain.removeService(defaultIdentityAssertionService);
                                x509CertificateVerificationService.destroy();
                                domain.removeService(x509CertificateVerificationService);
                                return false;
                            }
                        } catch (SecurityException e2) {
                            e2.printStackTrace();
                            domain.removeService(defaultIdentityAssertionService);
                            x509CertificateVerificationService.destroy();
                            domain.removeService(x509CertificateVerificationService);
                            return false;
                        }
                    } catch (ServiceException e3) {
                        e3.printStackTrace();
                        domain.removeService(x509CertificateVerificationService);
                        return false;
                    }
                } catch (SecurityException e4) {
                    e4.printStackTrace();
                    domain.removeService(x509CertificateVerificationService);
                    return false;
                }
            }
        } catch (ServiceException e5) {
            e5.printStackTrace();
            return false;
        }
    }

    public static boolean isCodeSubject() throws SecurityException, ServiceException {
        return CodeSubject.isCode(SecurityCommonService.getCurrentSubject());
    }

    public static boolean isAnonymousSubject() {
        return SecurityCommonService.getCurrentSubject() instanceof AnonymousSubject;
    }
}
