package com.ibm.pvc.webcontainer.security;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.pvc.webcontainer.WebContainer;
import com.ibm.pvc.webcontainer.activator.WebContainerActivator;
import com.ibm.pvc.webcontainer.activator.WebContainerConfig;
import com.ibm.pvc.webcontainer.activator.WebContainerConstants;
import com.ibm.pvc.webcontainer.security.util.AuthConstraint;
import com.ibm.pvc.webcontainer.security.util.DataConstraint;
import com.ibm.pvc.webcontainer.security.util.LoginConfig;
import com.ibm.pvc.webcontainer.security.util.SecurityConstraints;
import com.ibm.pvc.webcontainer.webapp.WebAppConfiguration;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.core.SecurityContext;
import com.ibm.ws.security.util.Base64Coder;
import com.ibm.ws.webcontainer.session.IHttpSession;
import com.ibm.ws.webcontainer.webapp.WebApp;
import com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher;
import com.ibm.wsspi.webcontainer.extension.ExtensionProcessor;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpUtils;

/* loaded from: input_file:webcontainer.jar:com/ibm/pvc/webcontainer/security/WebAppSecurityCollaborator.class */
public class WebAppSecurityCollaborator {
    protected static TraceComponent tc;
    private WebAppConfiguration appConfig;
    private WebContainerActivator activator;
    private AuthEngine authEngine = WebContainer.getAuthEngine();
    private static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String AUTHENTICATION_HEADER = "WWW-Authenticate";
    static /* synthetic */ Class class$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    static {
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("com.ibm.pvc.webcontainer.activator.WebAppServiceTrackerCustomizer");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        tc = Tr.register(cls, WebContainerConstants.TRACE_GROUP, WebContainerConstants.MSG_FILE);
    }

    public WebAppSecurityCollaborator(WebAppConfiguration webAppConfiguration, WebContainerActivator webContainerActivator) {
        this.appConfig = webAppConfiguration;
        this.activator = webContainerActivator;
    }

    public void preInvoke(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, SecurityViolationException {
        String method = httpServletRequest.getMethod();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "preInvoke");
        }
        if (tc.isDebugEnabled()) {
            try {
                Tr.debug(tc, new StringBuffer("preInvoke:  contextRoot= ").append(httpServletRequest.getContextPath()).toString());
                if (httpServletRequest != null) {
                    Tr.debug(tc, new StringBuffer("Http Header names and values:\n").append(debugGetAllHttpHdrs(httpServletRequest)).toString());
                }
            } catch (IllegalArgumentException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.web.EJSWebCollaborator.preInvoke", "168", this);
            }
        }
        if (httpServletRequest != null) {
            StringBuffer stringBuffer = new StringBuffer(httpServletRequest.getServletPath());
            String pathInfo = httpServletRequest.getPathInfo();
            stringBuffer.append(pathInfo == null ? "" : pathInfo);
            SecurityConstraints securityConstraints = this.appConfig.getSecurityConstraints(stringBuffer.toString());
            if (securityConstraints == null) {
                return;
            }
            DataConstraint dataConstraint = securityConstraints.getDataConstraint();
            if (dataConstraint != null && ((dataConstraint.getTransportGuarantee().equalsIgnoreCase("confidential") || dataConstraint.getTransportGuarantee().equalsIgnoreCase("integral")) && !httpServletRequest.isSecure())) {
                String sSLPort = getSSLPort();
                if (sSLPort == null) {
                    throw new SecurityViolationException("SSL port is not configured, request cannot be secured", 500);
                }
                String serverName = httpServletRequest.getServerName();
                StringBuffer stringBuffer2 = new StringBuffer("https://");
                stringBuffer2.append(serverName);
                stringBuffer2.append(":");
                stringBuffer2.append(sSLPort);
                stringBuffer2.append(httpServletRequest.getRequestURI());
                SecurityViolationException securityViolationException = new SecurityViolationException("redirect", 200);
                securityViolationException.setRedirectURL(stringBuffer2.toString());
                throw securityViolationException;
            }
            AuthConstraint authConstraint = securityConstraints.getAuthConstraint();
            if (authConstraint == null) {
                return;
            }
            List roleNames = authConstraint.getRoleNames();
            if (roleNames == null || roleNames.size() == 0) {
                throw new SecurityViolationException("Access to this resource is denied.", 403);
            }
            LoginConfig loginConfig = this.appConfig.getLoginConfig();
            if (loginConfig != null) {
                if (stringBuffer.toString().equals(loginConfig.getFormLoginPage()) || stringBuffer.toString().equals(loginConfig.getFormErrorPage())) {
                    return;
                }
                if (stringBuffer.toString().equals("/j_security_check") && method != null && method.equals("POST")) {
                    return;
                }
            }
            this.authEngine.authorize(handleLogin(httpServletRequest, httpServletResponse), securityConstraints.getAuthConstraint().getRoleNames());
        }
    }

    private String handleLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, SecurityViolationException {
        HttpSession session = httpServletRequest.getSession(true);
        FormLoginInfo formLoginInfo = (FormLoginInfo) ((IHttpSession) session).getSecurityInfo();
        LoginConfig loginConfig = this.appConfig.getLoginConfig();
        if (formLoginInfo != null) {
            String username = formLoginInfo.getUsername();
            String password = formLoginInfo.getPassword();
            if (username != null && password != null) {
                if (this.authEngine.authenticate(username, password)) {
                    SecurityContext.setUser(username);
                    return username;
                }
                String formErrorPage = loginConfig.getFormErrorPage();
                if (formErrorPage == null) {
                    throw new SecurityViolationException("Login Failed.", 401);
                }
                String contextPath = httpServletRequest.getContextPath();
                StringBuffer stringBuffer = new StringBuffer(contextPath);
                stringBuffer.append(contextPath.equals("/") ? formErrorPage.startsWith("/") ? formErrorPage.substring(1) : formErrorPage : formErrorPage);
                SecurityViolationException securityViolationException = new SecurityViolationException("redirect", 200);
                securityViolationException.setRedirectURL(stringBuffer.toString());
                throw securityViolationException;
            }
        }
        WebAppRequestDispatcher.unwrapRequest(httpServletRequest).setPrivateAttribute("AUTH_TYPE", loginConfig.getAuthMethod());
        String formLoginPage = loginConfig.getFormLoginPage();
        if (formLoginPage != null) {
            StringBuffer requestURL = HttpUtils.getRequestURL(httpServletRequest);
            if (httpServletRequest.getQueryString() != null) {
                requestURL.append("?");
                requestURL.append(httpServletRequest.getQueryString());
            }
            String stringBuffer2 = requestURL.toString();
            if (formLoginInfo == null) {
                formLoginInfo = new FormLoginInfo();
            }
            formLoginInfo.setRefererURL(stringBuffer2);
            ((IHttpSession) session).putSecurityInfo(formLoginInfo);
            String contextPath2 = httpServletRequest.getContextPath();
            StringBuffer stringBuffer3 = new StringBuffer(contextPath2);
            stringBuffer3.append(contextPath2.equals("/") ? formLoginPage.startsWith("/") ? formLoginPage.substring(1) : formLoginPage : formLoginPage);
            SecurityViolationException securityViolationException2 = new SecurityViolationException("redirect", 200);
            securityViolationException2.setRedirectURL(stringBuffer3.toString());
            throw securityViolationException2;
        }
        String header = httpServletRequest.getHeader(AUTHORIZATION_HEADER);
        if (header == null || !header.startsWith("Basic ")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "basic 401");
            }
            String realmName = loginConfig.getRealmName();
            httpServletResponse.setHeader(AUTHENTICATION_HEADER, realmName != null ? new StringBuffer("Basic realm=").append(realmName).toString() : "Basic");
            throw new SecurityViolationException(null, 401);
        }
        String base64DecodeNew = Base64Coder.base64DecodeNew(header.substring(6));
        int indexOf = base64DecodeNew.indexOf(58);
        if (indexOf < 0) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Failed to find username/password info -- Sending 401.");
            }
            httpServletResponse.sendError(401);
            return null;
        }
        String substring = base64DecodeNew.substring(0, indexOf);
        if (this.authEngine.authenticate(substring, base64DecodeNew.substring(indexOf + 1))) {
            SecurityContext.setUser(substring);
            return substring;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Failed to authenticate username/password info -- Sending 401.");
        }
        throw new SecurityViolationException("Login Failed.", 401);
    }

    public void postInvoke() {
        SecurityContext.setUser(null);
    }

    public Principal getUserPrincipal(String str) {
        return this.authEngine.getUserPrincipal(str);
    }

    public boolean isUserInRole(String str, String str2) {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(str);
        return this.authEngine.authorize(str2, arrayList);
    }

    public ExtensionProcessor getFormLoginProcessor(WebApp webApp) {
        return new FormLoginProcessor(webApp);
    }

    public ExtensionProcessor getFormLogoutProcessor(WebApp webApp) {
        return new FormLogoutProcessor(webApp);
    }

    private String getSSLPort() {
        if (this.activator.config.get(WebContainerConfig.KEY_HTTPS_PORT) != null) {
            return this.activator.config.get(WebContainerConfig.KEY_HTTPS_PORT).toString();
        }
        return null;
    }

    private String debugGetAllParms(HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer(512);
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            stringBuffer.append(str).append("=");
            String[] parameterValues = httpServletRequest.getParameterValues(str);
            if (parameterValues.length == 1) {
                String str2 = parameterValues[0];
                String lowerCase = str.toLowerCase();
                if (str2.length() == 0) {
                    stringBuffer.append("[No Value]\n");
                } else if (lowerCase.indexOf("password") != -1) {
                    stringBuffer.append("[XXXXXXXX]\n");
                } else {
                    stringBuffer.append("[").append(str2).append("]\n");
                }
            } else {
                for (String str3 : parameterValues) {
                    stringBuffer.append("[").append(str3).append("] ");
                }
                stringBuffer.append("\n");
            }
        }
        return stringBuffer.toString();
    }

    private String debugGetAllHttpHdrs(HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer(512);
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            stringBuffer.append(str).append("=");
            stringBuffer.append("[").append(httpServletRequest.getHeader(str)).append("]\n");
        }
        return stringBuffer.toString();
    }
}
