package org.apache.geronimo.jetty;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.management.MalformedObjectNameException;
import javax.management.ObjectName;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyConfiguration;
import javax.security.jacc.PolicyConfigurationFactory;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebUserDataPermission;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.gbean.WaitingException;
import org.apache.geronimo.kernel.Kernel;
import org.apache.geronimo.naming.java.ReadOnlyContext;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.GeronimoSecurityException;
import org.apache.geronimo.security.IdentificationPrincipal;
import org.apache.geronimo.security.PrimaryRealmPrincipal;
import org.apache.geronimo.security.RealmPrincipal;
import org.apache.geronimo.security.SubjectId;
import org.apache.geronimo.security.deploy.AutoMapAssistant;
import org.apache.geronimo.security.deploy.DefaultPrincipal;
import org.apache.geronimo.security.deploy.Security;
import org.apache.geronimo.security.realm.SecurityRealm;
import org.apache.geronimo.security.util.ConfigurationUtil;
import org.apache.geronimo.transaction.OnlineUserTransaction;
import org.apache.geronimo.transaction.TrackedConnectionAssociator;
import org.apache.geronimo.transaction.context.TransactionContextManager;
import org.mortbay.http.Authenticator;
import org.mortbay.http.HttpException;
import org.mortbay.http.HttpRequest;
import org.mortbay.http.HttpResponse;
import org.mortbay.http.PathMap;
import org.mortbay.http.SecurityConstraint;
import org.mortbay.http.UserRealm;
import org.mortbay.jetty.servlet.FormAuthenticator;
import org.mortbay.jetty.servlet.ServletHttpRequest;
import org.mortbay.util.LazyList;

/* loaded from: input_file:org/apache/geronimo/jetty/JettyWebAppJACCContext.class */
public class JettyWebAppJACCContext extends JettyWebAppContext {
    private static Log log;
    private final Kernel kernel;
    private final String policyContextID;
    private final Security securityConfig;
    private final JAASJettyPrincipal defaultPrincipal;
    private PolicyConfigurationFactory factory;
    private PolicyConfiguration policyConfiguration;
    private final Map roleDesignates;
    private final PathMap constraintMap;
    private String formLoginPath;
    public static final GBeanInfo GBEAN_INFO;
    static Class class$org$apache$geronimo$jetty$JettyWebAppJACCContext;
    static Class class$org$apache$geronimo$kernel$Kernel;
    static Class class$java$lang$String;
    static Class class$org$apache$geronimo$security$deploy$Security;

    public JettyWebAppJACCContext() {
        this.roleDesignates = new HashMap();
        this.constraintMap = new PathMap();
        this.kernel = null;
        this.policyContextID = null;
        this.securityConfig = null;
        this.defaultPrincipal = null;
    }

    public JettyWebAppJACCContext(Kernel kernel, URI uri, ReadOnlyContext readOnlyContext, OnlineUserTransaction onlineUserTransaction, ClassLoader classLoader, URI[] uriArr, boolean z, URL url, Set set, Set set2, String str, Security security, TransactionContextManager transactionContextManager, TrackedConnectionAssociator trackedConnectionAssociator, JettyContainer jettyContainer) throws MalformedURLException {
        super(uri, readOnlyContext, onlineUserTransaction, classLoader, uriArr, z, url, set, set2, transactionContextManager, trackedConnectionAssociator, jettyContainer);
        this.roleDesignates = new HashMap();
        this.constraintMap = new PathMap();
        this.kernel = kernel;
        this.policyContextID = str;
        this.securityConfig = security;
        this.defaultPrincipal = generateDefaultPrincipal(security);
        addHandler(new JettyWebAppHandler());
    }

    public Kernel getKernel() {
        return this.kernel;
    }

    public String getPolicyContextID() {
        return this.policyContextID;
    }

    public Security getSecurityConfig() {
        return this.securityConfig;
    }

    public Subject getRoleDesignate(String str) {
        return (Subject) this.roleDesignates.get(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRoleDesignate(String str, Subject subject) {
        this.roleDesignates.put(str, subject);
    }

    @Override // org.apache.geronimo.jetty.JettyWebAppContext
    public void handle(String str, String str2, HttpRequest httpRequest, HttpResponse httpResponse) throws HttpException, IOException {
        String contextID = PolicyContext.getContextID();
        JettyWebAppJACCContext currentWebAppContext = JettyServer.getCurrentWebAppContext();
        try {
            PolicyContext.setContextID(this.policyContextID);
            JettyServer.setCurrentWebAppContext(this);
            super.handle(str, str2, httpRequest, httpResponse);
            JettyServer.setCurrentWebAppContext(currentWebAppContext);
            PolicyContext.setContextID(contextID);
        } catch (Throwable th) {
            JettyServer.setCurrentWebAppContext(currentWebAppContext);
            PolicyContext.setContextID(contextID);
            throw th;
        }
    }

    public void addSecurityConstraint(String str, SecurityConstraint securityConstraint) {
        super.addSecurityConstraint(str, securityConstraint);
        this.constraintMap.put(str, LazyList.add(this.constraintMap.get(str), securityConstraint));
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("added ").append(securityConstraint).append(" at ").append(str).toString());
        }
    }

    public boolean checkSecurityConstraints(String str, HttpRequest httpRequest, HttpResponse httpResponse) throws HttpException, IOException {
        if (this.formLoginPath != null) {
            if ((str.indexOf(63) > 0 ? str.substring(0, str.indexOf(63)) : str).equals(this.formLoginPath)) {
                return true;
            }
        }
        try {
            SecurityConstraint.Nobody obtainUser = obtainUser(str, httpRequest, httpResponse);
            if (obtainUser == null) {
                return false;
            }
            if (obtainUser == SecurityConstraint.__NOBODY) {
                return true;
            }
            AccessControlContext currentContext = ContextManager.getCurrentContext();
            ServletHttpRequest servletHttpRequest = (ServletHttpRequest) httpRequest.getWrapper();
            currentContext.checkPermission(new WebUserDataPermission(servletHttpRequest));
            currentContext.checkPermission(new WebResourcePermission(servletHttpRequest));
            return true;
        } catch (AccessControlException e) {
            httpResponse.sendError(403);
            return false;
        } catch (HttpException e2) {
            httpResponse.sendError(e2.getCode(), e2.getReason());
            return false;
        }
    }

    public Principal obtainUser(String str, HttpRequest httpRequest, HttpResponse httpResponse) throws HttpException, IOException {
        List roles;
        List matches = this.constraintMap.getMatches(str);
        String str2 = null;
        boolean z = false;
        boolean z2 = false;
        if (matches == null || matches.size() <= 0) {
            z = true;
        } else {
            loop0: for (int i = 0; i < matches.size(); i++) {
                Map.Entry entry = (Map.Entry) matches.get(i);
                Object value = entry.getValue();
                String str3 = (String) entry.getKey();
                for (int i2 = 0; i2 < LazyList.size(value); i2++) {
                    SecurityConstraint securityConstraint = (SecurityConstraint) LazyList.get(value, i2);
                    if (securityConstraint.forMethod(httpRequest.getMethod())) {
                        if (str2 != null && !str2.equals(str3)) {
                            break loop0;
                        }
                        str2 = str3;
                        if (securityConstraint.forMethod(httpRequest.getMethod())) {
                            if (securityConstraint.getAuthenticate()) {
                                if (!securityConstraint.isAnyRole() && ((roles = securityConstraint.getRoles()) == null || roles.size() == 0)) {
                                    z2 = true;
                                    break loop0;
                                }
                            } else {
                                z = true;
                            }
                        } else {
                            continue;
                        }
                    }
                }
            }
        }
        UserRealm realm = getRealm();
        Authenticator authenticator = getAuthenticator();
        if (!z && !z2) {
            if (realm == null) {
                log.warn("Realm Not Configured");
                throw new HttpException(500, "Realm Not Configured");
            }
            if (authenticator != null) {
                return authenticator.authenticate(realm, str, httpRequest, httpResponse);
            }
            log.warn(new StringBuffer().append("Mis-configured Authenticator for ").append(httpRequest.getPath()).toString());
            throw new HttpException(500, new StringBuffer().append("Mis-configured Authenticator for ").append(httpRequest.getPath()).toString());
        }
        if (!(authenticator instanceof FormAuthenticator) || !str.endsWith("j_security_check")) {
            ContextManager.setCurrentCaller(this.defaultPrincipal.getSubject());
            return this.defaultPrincipal;
        }
        if (realm != null) {
            return authenticator.authenticate(realm, str, httpRequest, httpResponse);
        }
        log.warn("Realm Not Configured");
        throw new HttpException(500, "Realm Not Configured");
    }

    protected JAASJettyPrincipal generateDefaultPrincipal(Security security) throws GeronimoSecurityException {
        DefaultPrincipal defaultPrincipal = security.getDefaultPrincipal();
        if (defaultPrincipal == null) {
            AutoMapAssistant assistant = security.getAssistant();
            if (assistant != null) {
                try {
                    Set listGBeans = this.kernel.listGBeans(new ObjectName(new StringBuffer().append("geronimo.security:type=SecurityRealm,realm=").append(assistant.getSecurityRealm()).toString()));
                    if (listGBeans.size() < 1 || listGBeans.size() > 1) {
                        throw new GeronimoSecurityException(new StringBuffer().append("Only one auto mapping assistant should match ").append(assistant.getSecurityRealm()).toString());
                    }
                    SecurityRealm securityRealm = (org.apache.geronimo.security.realm.AutoMapAssistant) listGBeans.iterator().next();
                    org.apache.geronimo.security.deploy.Principal obtainDefaultPrincipal = securityRealm.obtainDefaultPrincipal();
                    defaultPrincipal = new DefaultPrincipal();
                    defaultPrincipal.setPrincipal(obtainDefaultPrincipal);
                    defaultPrincipal.setRealmName(securityRealm.getRealmName());
                } catch (MalformedObjectNameException e) {
                    throw new GeronimoSecurityException(new StringBuffer().append("Bad object name geronimo.security:type=SecurityRealm,realm=").append(assistant.getSecurityRealm()).toString());
                }
            }
        }
        if (defaultPrincipal == null) {
            throw new GeronimoSecurityException("Unable to generate default principal");
        }
        return generateDefaultPrincipal(security, defaultPrincipal);
    }

    protected JAASJettyPrincipal generateDefaultPrincipal(Security security, DefaultPrincipal defaultPrincipal) throws GeronimoSecurityException {
        JAASJettyPrincipal jAASJettyPrincipal = new JAASJettyPrincipal("default");
        Subject subject = new Subject();
        RealmPrincipal generateRealmPrincipal = ConfigurationUtil.generateRealmPrincipal(defaultPrincipal.getPrincipal(), defaultPrincipal.getRealmName());
        if (generateRealmPrincipal == null) {
            throw new GeronimoSecurityException("Unable to create realm principal");
        }
        PrimaryRealmPrincipal generatePrimaryRealmPrincipal = ConfigurationUtil.generatePrimaryRealmPrincipal(defaultPrincipal.getPrincipal(), defaultPrincipal.getRealmName());
        if (generatePrimaryRealmPrincipal == null) {
            throw new GeronimoSecurityException("Unable to create primary realm principal");
        }
        subject.getPrincipals().add(generateRealmPrincipal);
        subject.getPrincipals().add(generatePrimaryRealmPrincipal);
        jAASJettyPrincipal.setSubject(subject);
        return jAASJettyPrincipal;
    }

    @Override // org.apache.geronimo.jetty.JettyWebAppContext
    public void doStart() throws WaitingException, Exception {
        super.doStart();
        FormAuthenticator authenticator = getAuthenticator();
        if (authenticator instanceof FormAuthenticator) {
            this.formLoginPath = authenticator.getLoginPage();
            if (this.formLoginPath.indexOf(63) > 0) {
                this.formLoginPath = this.formLoginPath.substring(0, this.formLoginPath.indexOf(63));
            }
        }
        Subject subject = this.defaultPrincipal.getSubject();
        ContextManager.registerSubject(subject);
        SubjectId subjectId = ContextManager.getSubjectId(subject);
        subject.getPrincipals().add(new IdentificationPrincipal(subjectId));
        log.debug(new StringBuffer().append("Default subject ").append(subjectId).append(" for JACC policy '").append(getHttpContext().getPolicyContextID()).append("' registered.").toString());
        try {
            this.factory = PolicyConfigurationFactory.getPolicyConfigurationFactory();
            this.policyConfiguration = this.factory.getPolicyConfiguration(this.policyContextID, true);
            JettyXMLConfiguration[] configurations = getConfigurations();
            for (int i = 0; i < configurations.length; i++) {
                if (configurations[i] instanceof JettyXMLConfiguration) {
                    configurations[i].configure(this.policyConfiguration, this.securityConfig);
                }
            }
            this.policyConfiguration.commit();
        } catch (ClassNotFoundException e) {
        } catch (GeronimoSecurityException e2) {
        } catch (PolicyContextException e3) {
        }
        for (String str : this.roleDesignates.keySet()) {
            Subject subject2 = (Subject) this.roleDesignates.get(str);
            ContextManager.registerSubject(subject2);
            SubjectId subjectId2 = ContextManager.getSubjectId(subject2);
            subject2.getPrincipals().add(new IdentificationPrincipal(subjectId2));
            log.debug(new StringBuffer().append("Role designate ").append(subjectId2).append(" for role '").append(str).append("' for JACC policy '").append(getHttpContext().getPolicyContextID()).append("' registered.").toString());
        }
        log.info(new StringBuffer().append("JettyWebAppJACCContext started with JACC policy '").append(this.policyContextID).append("'").toString());
    }

    @Override // org.apache.geronimo.jetty.JettyWebAppContext
    public void doStop() throws WaitingException, Exception {
        super.doStop();
        log.debug(new StringBuffer().append("Default subject ").append(ContextManager.getSubjectId(this.defaultPrincipal.getSubject())).append(" for JACC policy ").append(getHttpContext().getPolicyContextID()).append("' unregistered.").toString());
        ContextManager.unregisterSubject(this.defaultPrincipal.getSubject());
        for (String str : this.roleDesignates.keySet()) {
            Subject subject = (Subject) this.roleDesignates.get(str);
            ContextManager.unregisterSubject(subject);
            log.debug(new StringBuffer().append("Role designate ").append(ContextManager.getSubjectId(subject)).append(" for role '").append(str).append("' for JACC policy '").append(getHttpContext().getPolicyContextID()).append("' unregistered.").toString());
        }
        if (this.policyConfiguration != null) {
            this.policyConfiguration.delete();
        }
        log.info(new StringBuffer().append("JettyWebAppJACCContext with JACC policy '").append(this.policyContextID).append("' stopped").toString());
    }

    @Override // org.apache.geronimo.jetty.JettyWebAppContext
    public void doFail() {
        super.doFail();
        try {
            if (this.policyConfiguration != null) {
                this.policyConfiguration.delete();
            }
        } catch (PolicyContextException e) {
        }
        log.info("JettyWebAppJACCContext failed");
    }

    public static GBeanInfo getGBeanInfo() {
        return GBEAN_INFO;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        Class cls3;
        Class cls4;
        Class cls5;
        if (class$org$apache$geronimo$jetty$JettyWebAppJACCContext == null) {
            cls = class$("org.apache.geronimo.jetty.JettyWebAppJACCContext");
            class$org$apache$geronimo$jetty$JettyWebAppJACCContext = cls;
        } else {
            cls = class$org$apache$geronimo$jetty$JettyWebAppJACCContext;
        }
        log = LogFactory.getLog(cls);
        if (class$org$apache$geronimo$jetty$JettyWebAppJACCContext == null) {
            cls2 = class$("org.apache.geronimo.jetty.JettyWebAppJACCContext");
            class$org$apache$geronimo$jetty$JettyWebAppJACCContext = cls2;
        } else {
            cls2 = class$org$apache$geronimo$jetty$JettyWebAppJACCContext;
        }
        GBeanInfoBuilder gBeanInfoBuilder = new GBeanInfoBuilder("Jetty JACC WebApplication Context", cls2, JettyWebAppContext.GBEAN_INFO);
        if (class$org$apache$geronimo$kernel$Kernel == null) {
            cls3 = class$("org.apache.geronimo.kernel.Kernel");
            class$org$apache$geronimo$kernel$Kernel = cls3;
        } else {
            cls3 = class$org$apache$geronimo$kernel$Kernel;
        }
        gBeanInfoBuilder.addAttribute("kernel", cls3, false);
        if (class$java$lang$String == null) {
            cls4 = class$("java.lang.String");
            class$java$lang$String = cls4;
        } else {
            cls4 = class$java$lang$String;
        }
        gBeanInfoBuilder.addAttribute("policyContextID", cls4, true);
        if (class$org$apache$geronimo$security$deploy$Security == null) {
            cls5 = class$("org.apache.geronimo.security.deploy.Security");
            class$org$apache$geronimo$security$deploy$Security = cls5;
        } else {
            cls5 = class$org$apache$geronimo$security$deploy$Security;
        }
        gBeanInfoBuilder.addAttribute("securityConfig", cls5, true);
        gBeanInfoBuilder.setConstructor(new String[]{"kernel", "uri", "componentContext", "userTransaction", "classLoader", "webClassPath", "contextPriorityClassLoader", "configurationBaseUrl", "unshareableResources", "applicationManagedSecurityResources", "policyContextID", "securityConfig", "TransactionContextManager", "TrackedConnectionAssociator", "JettyContainer"});
        GBEAN_INFO = gBeanInfoBuilder.getBeanInfo();
    }
}
