package weblogic.servlet.security;

import java.io.IOException;
import java.io.Serializable;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import weblogic.diagnostics.debug.DebugLogger;
import weblogic.security.SimpleCallbackHandler;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.AppContextHandler;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.services.AppContext;
import weblogic.servlet.HTTPLogger;
import weblogic.servlet.internal.HttpServer;
import weblogic.servlet.internal.ServletRequestImpl;
import weblogic.servlet.internal.ServletResponseImpl;
import weblogic.servlet.internal.WebAppServletContext;
import weblogic.servlet.internal.session.SessionContext;
import weblogic.servlet.internal.session.SessionData;
import weblogic.servlet.internal.session.SessionInternal;
import weblogic.servlet.provider.WlsSecurityProvider;
import weblogic.servlet.security.internal.CertSecurityModule;
import weblogic.servlet.security.internal.SecurityModule;
import weblogic.servlet.security.internal.ServletSecurityContext;
import weblogic.servlet.security.internal.WebAppSecurity;
import weblogic.servlet.spi.SecurityProvider;
import weblogic.servlet.spi.SubjectHandle;
import weblogic.servlet.spi.WebServerRegistry;

/* loaded from: input_file:weblogic/servlet/security/ServletAuthentication.class */
public final class ServletAuthentication {
    private static final DebugLogger DEBUG_IA = DebugLogger.getDebugLogger("DebugWebAppIdentityAssertion");
    private static final DebugLogger DEBUG_SEC = DebugLogger.getDebugLogger("DebugWebAppSecurity");
    private static final SecurityProvider provider = WebServerRegistry.getInstance().getSecurityProvider();
    private String usernameField;
    private String passwordField;
    public static final int AUTHENTICATED = 0;
    public static final int FAILED_AUTHENTICATION = 1;
    public static final int NEEDS_CREDENTIALS = 2;

    public ServletAuthentication(String str, String str2) {
        this.usernameField = str;
        this.passwordField = str2;
    }

    public static void done(HttpServletRequest httpServletRequest) {
        logout(httpServletRequest);
    }

    @Deprecated
    public static boolean logout(HttpServletRequest httpServletRequest) {
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        ServletResponseImpl response = originalRequest.getResponse();
        WebAppServletContext context = originalRequest.getContext();
        HttpServer server = context.getServer();
        SessionInternal sessionInternal = getSessionInternal(httpServletRequest, originalRequest);
        if (sessionInternal == null) {
            return false;
        }
        doLogout(context, server, sessionInternal, originalRequest, response);
        return true;
    }

    @Deprecated
    public static boolean logout(HttpSession httpSession) {
        SessionContext context;
        WebAppServletContext servletContext;
        HttpServer server;
        if (httpSession == null) {
            return false;
        }
        SessionInternal sessionInternal = httpSession instanceof SessionInternal ? (SessionInternal) httpSession : null;
        if (sessionInternal == null || (context = sessionInternal.getContext()) == null || (servletContext = context.getServletContext()) == null || (server = servletContext.getServer()) == null) {
            return false;
        }
        doLogout(servletContext, server, sessionInternal, null, null);
        return true;
    }

    private static void doLogout(WebAppServletContext webAppServletContext, HttpServer httpServer, SessionInternal sessionInternal, ServletRequestImpl servletRequestImpl, ServletResponseImpl servletResponseImpl) {
        SessionData sessionInternal2;
        removeAuthenticatedUser(webAppServletContext, sessionInternal);
        String idWithServerInfo = sessionInternal.getIdWithServerInfo();
        WebAppServletContext[] allContexts = httpServer.getServletContextManager().getAllContexts();
        if (allContexts != null) {
            for (WebAppServletContext webAppServletContext2 : allContexts) {
                if (webAppServletContext2 != null && webAppServletContext2 != webAppServletContext && (sessionInternal2 = webAppServletContext2.getSessionContext().getSessionInternal(idWithServerInfo, servletRequestImpl, servletResponseImpl)) != null) {
                    removeAuthenticatedUser(webAppServletContext, sessionInternal2);
                }
            }
        }
        httpServer.getSessionLogin().unregister(sessionInternal.getInternalId());
        popCurrentSubject();
    }

    private static void removeAuthenticatedUser(WebAppServletContext webAppServletContext, SessionInternal sessionInternal) {
        sessionInternal.removeInternalAttribute("weblogic.authuser");
        sessionInternal.removeInternalAttribute("weblogic.authuser.associated.data");
        sessionInternal.removeInternalAttribute(webAppServletContext.getSessionContext().getConfigMgr().getWLSAuthCookieName());
    }

    public static boolean invalidateAll(HttpServletRequest httpServletRequest) {
        SessionData sessionInternal;
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        WebAppServletContext context = originalRequest.getContext();
        HttpServer server = context.getServer();
        SessionInternal sessionInternal2 = getSessionInternal(httpServletRequest, originalRequest);
        if (sessionInternal2 == null) {
            return false;
        }
        String idWithServerInfo = sessionInternal2.getIdWithServerInfo();
        sessionInternal2.invalidate();
        WebAppServletContext[] allContexts = server.getServletContextManager().getAllContexts();
        if (allContexts != null) {
            for (WebAppServletContext webAppServletContext : allContexts) {
                if (webAppServletContext != null && webAppServletContext != context && (sessionInternal = webAppServletContext.getSessionContext().getSessionInternal(idWithServerInfo, originalRequest, originalRequest.getResponse())) != null) {
                    webAppServletContext.invalidateSession(sessionInternal);
                }
            }
        }
        originalRequest.getSessionHelper().killOldSession();
        server.getSessionLogin().unregister(sessionInternal2.getInternalId());
        popCurrentSubject();
        return true;
    }

    public static void killCookie(HttpServletRequest httpServletRequest) {
        ServletRequestImpl.getOriginalRequest(httpServletRequest).getSessionHelper().killOldSession();
        popCurrentSubject();
    }

    public static int strong(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        return strong(httpServletRequest, httpServletResponse, ServletRequestImpl.getOriginalRequest(httpServletRequest).getContext().getSecurityRealmName());
    }

    @Deprecated
    public static int strong(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws ServletException, IOException {
        try {
            return assertIdentity(httpServletRequest, httpServletResponse, str);
        } catch (LoginException e) {
            if (!DEBUG_SEC.isDebugEnabled()) {
                return 1;
            }
            DEBUG_SEC.debug("Login failed for request: " + httpServletRequest.toString(), e);
            return 1;
        }
    }

    @Deprecated
    public static int assertIdentity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws ServletException, IOException, LoginException {
        return assertIdentity(httpServletRequest, httpServletResponse, str, null);
    }

    @Deprecated
    public static int assertIdentity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, AppContext appContext) throws ServletException, IOException, LoginException {
        CertSecurityModule.Token findToken;
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        if (originalRequest == null) {
            throw new IllegalArgumentException("The request wrapper doesn't allow access to original request");
        }
        AuthenticatedSubject authenticatedSubject = null;
        try {
            findToken = CertSecurityModule.findToken(httpServletRequest, originalRequest.getConnection(), originalRequest.getContext().getSecurityContext());
        } catch (SecurityException e) {
            if (DEBUG_IA.isDebugEnabled()) {
                DEBUG_IA.debug("Indentity assertion failed", e);
            }
            HTTPLogger.logCertAuthenticationError(httpServletRequest.getRequestURI(), e);
        }
        if (findToken == null) {
            return 2;
        }
        if (DEBUG_IA.isDebugEnabled()) {
            DEBUG_IA.debug("assertIdentity with tokem.type: " + findToken.type + " token.value: " + findToken.value);
        }
        authenticatedSubject = getPrincipalAuthenticator(str).assertIdentity(findToken.type, findToken.value, appContext == null ? WlsSecurityProvider.getContextHandler(httpServletRequest, httpServletResponse) : AppContextHandler.getInstance(appContext));
        if (authenticatedSubject == null || SubjectUtils.isUserAnonymous(authenticatedSubject)) {
            return 1;
        }
        SessionInternal sessionInternal = getSessionInternal(httpServletRequest, originalRequest);
        sessionInternal.setInternalAttribute("weblogic.authuser", authenticatedSubject);
        pushSubject(WlsSecurityProvider.toSubjectHandle(authenticatedSubject));
        SecurityModule.setupAuthCookie(originalRequest.getContext().getSecurityContext(), httpServletRequest, sessionInternal, sessionInternal.getInternalId());
        return 0;
    }

    private static PrincipalAuthenticator getPrincipalAuthenticator(String str) {
        return (PrincipalAuthenticator) AccessController.doPrivileged((PrivilegedAction) new 1(str));
    }

    public int weak(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        return weak(httpServletRequest.getParameter(this.usernameField), httpServletRequest.getParameter(this.passwordField), httpServletRequest, null);
    }

    @Deprecated
    public static int weak(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            return login(str, str2, httpServletRequest, httpServletResponse);
        } catch (LoginException e) {
            return 1;
        }
    }

    @Deprecated
    public static int login(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws LoginException {
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        if (httpServletResponse == null) {
            httpServletResponse = originalRequest.getResponse();
        }
        ServletSecurityContext securityContext = originalRequest.getContext().getSecurityContext();
        SubjectHandle checkAuthenticate = SecurityModule.checkAuthenticate(securityContext, httpServletRequest, httpServletResponse, str, str2);
        if (checkAuthenticate == null) {
            return 1;
        }
        SessionInternal sessionInternal = getSessionInternal(httpServletRequest, originalRequest);
        securityContext.getSessionRegistry().setUser(sessionInternal.getInternalId(), checkAuthenticate);
        sessionInternal.setInternalAttribute("weblogic.authuser", provider.unwrapSubject(checkAuthenticate));
        pushSubject(checkAuthenticate);
        SecurityModule.setupAuthCookie(originalRequest.getContext().getSecurityContext(), httpServletRequest, sessionInternal, sessionInternal.getInternalId());
        return 0;
    }

    @Deprecated
    public static int weak(String str, String str2, HttpSession httpSession) {
        if (httpSession == null || !(httpSession instanceof SessionInternal)) {
            return 1;
        }
        SessionInternal sessionInternal = (SessionInternal) httpSession;
        WebAppServletContext servletContext = sessionInternal.getContext().getServletContext();
        HttpServer server = servletContext.getServer();
        servletContext.getSecurityRealmName();
        try {
            SubjectHandle authenticate = getSecurityManager(servletContext).getAppSecurityProvider().authenticate(new SimpleCallbackHandler(str, str2), servletContext.getSecurityRealmName(), (HttpServletRequest) null, (HttpServletResponse) null);
            if (authenticate == null) {
                return 1;
            }
            server.getSessionLogin().setUser(sessionInternal.getInternalId(), authenticate);
            sessionInternal.setInternalAttribute("weblogic.authuser", provider.unwrapSubject(authenticate));
            pushSubject(authenticate);
            return 0;
        } catch (LoginException e) {
            if (!DEBUG_SEC.isDebugEnabled()) {
                return 1;
            }
            DEBUG_SEC.debug("Login failed", e);
            return 1;
        }
    }

    @Deprecated
    public static int authObject(String str, Object obj, HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(true);
        if (session == null) {
            return 1;
        }
        return authObject(str, obj, session, httpServletRequest);
    }

    @Deprecated
    public static int authObject(String str, Object obj, HttpSession httpSession, HttpServletRequest httpServletRequest) {
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        WebAppServletContext context = originalRequest.getContext();
        SubjectHandle checkAuthenticate = SecurityModule.checkAuthenticate(context.getSecurityContext(), httpServletRequest, originalRequest.getResponse(), str, obj, false);
        if (checkAuthenticate == null) {
            return 1;
        }
        SessionInternal sessionInternal = (httpSession == null || !(httpSession instanceof SessionInternal)) ? getSessionInternal(httpServletRequest, originalRequest) : (SessionInternal) httpSession;
        context.getServer().getSessionLogin().setUser(sessionInternal.getInternalId(), checkAuthenticate);
        sessionInternal.setInternalAttribute("weblogic.authuser", provider.unwrapSubject(checkAuthenticate));
        pushSubject(checkAuthenticate);
        return 0;
    }

    public static int authenticate(CallbackHandler callbackHandler, HttpServletRequest httpServletRequest) {
        try {
            return login(callbackHandler, httpServletRequest);
        } catch (LoginException e) {
            if (!DEBUG_SEC.isDebugEnabled()) {
                return 1;
            }
            DEBUG_SEC.debug("Login failed for request: " + httpServletRequest.toString(), e);
            return 1;
        }
    }

    public static int login(CallbackHandler callbackHandler, HttpServletRequest httpServletRequest) throws LoginException {
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        SubjectHandle authenticate = getSecurityManager(originalRequest.getContext()).getAppSecurityProvider().authenticate(callbackHandler, originalRequest.getContext().getSecurityRealmName(), httpServletRequest, originalRequest.getResponse());
        if (authenticate == null) {
            return 1;
        }
        SessionInternal sessionInternal = getSessionInternal(httpServletRequest, originalRequest);
        if (sessionInternal != null) {
            if (originalRequest.getContext().getSecurityContext().getSessionRegistry() != null) {
                originalRequest.getContext().getSecurityContext().getSessionRegistry().setUser(sessionInternal.getInternalId(), authenticate);
            }
            sessionInternal.setInternalAttribute("weblogic.authuser", provider.unwrapSubject(authenticate));
        } else {
            String requestedSessionId = httpServletRequest.getRequestedSessionId();
            if (requestedSessionId != null && authenticate != null && !authenticate.isAnonymous() && !authenticate.isKernel()) {
                originalRequest.getContext().getSecurityContext().getSessionRegistry().setUser(SessionData.getID(requestedSessionId), authenticate);
            }
        }
        pushSubject(authenticate);
        SecurityModule.setupAuthCookie(originalRequest.getContext().getSecurityContext(), httpServletRequest, sessionInternal, sessionInternal.getInternalId());
        return 0;
    }

    public static void generateNewSessionID(HttpServletRequest httpServletRequest) {
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        originalRequest.getSessionHelper().updateSessionId();
        SessionInternal sessionInternal = getSessionInternal(httpServletRequest, originalRequest);
        SecurityModule.setupAuthCookie(originalRequest.getContext().getSecurityContext(), httpServletRequest, sessionInternal, sessionInternal.getInternalId());
    }

    public static Cookie getSessionCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        return originalRequest.getResponse().getCookie(originalRequest.getContext().getSessionContext().getConfigMgr().getCookieName());
    }

    public static void runAs(Subject subject, HttpServletRequest httpServletRequest) {
        runAs(AuthenticatedSubject.getFromSubject(subject), httpServletRequest);
    }

    public static void runAs(Subject subject, Map<String, Serializable> map, HttpServletRequest httpServletRequest) {
        runAs(AuthenticatedSubject.getFromSubject(subject), map, httpServletRequest);
    }

    public static void runAs(AuthenticatedSubject authenticatedSubject, HttpServletRequest httpServletRequest) {
        runAs(authenticatedSubject, (Map<String, Serializable>) null, httpServletRequest);
    }

    public static void runAs(AuthenticatedSubject authenticatedSubject, Map<String, Serializable> map, HttpServletRequest httpServletRequest) {
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        WebAppServletContext context = originalRequest.getContext();
        SessionInternal sessionInternal = getSessionInternal(httpServletRequest, originalRequest);
        SubjectHandle subjectHandle = WlsSecurityProvider.toSubjectHandle(authenticatedSubject, map);
        sessionInternal.setInternalAttribute("weblogic.authuser", authenticatedSubject);
        if (subjectHandle.getAssociatedData() != null) {
            sessionInternal.setInternalAttribute("weblogic.authuser.associated.data", subjectHandle.getAssociatedData());
        }
        if (context.getSecurityContext().getSessionRegistry() != null) {
            context.getSecurityContext().getSessionRegistry().setUser(sessionInternal.getInternalId(), subjectHandle);
        }
        pushSubject(subjectHandle);
        SecurityModule.setupAuthCookie(context.getSecurityContext(), httpServletRequest, sessionInternal, sessionInternal.getInternalId());
    }

    public static Map<String, Serializable> getUserAssociatedData(HttpServletRequest httpServletRequest) {
        Map<String, Serializable> map = null;
        SubjectHandle currentUser = SecurityModule.getCurrentUser(ServletRequestImpl.getOriginalRequest(httpServletRequest).getContext().getSecurityContext(), httpServletRequest);
        if (currentUser != null) {
            map = currentUser.getAssociatedData();
        }
        return map;
    }

    public static String getTargetURLForFormAuthentication(HttpSession httpSession) {
        return httpSession.getServletContext().getConfigManager().isServletAuthFromURL() ? (String) ((SessionInternal) httpSession).getInternalAttribute(AuthFilter.TARGET_URL) : (String) ((SessionInternal) httpSession).getInternalAttribute("weblogic.formauth.targeturi");
    }

    public static String getTargetURIForFormAuthentication(HttpSession httpSession) {
        return (String) ((SessionInternal) httpSession).getInternalAttribute("weblogic.formauth.targeturi");
    }

    private static SessionInternal getSessionInternal(HttpServletRequest httpServletRequest, ServletRequestImpl servletRequestImpl) {
        SessionInternal session = httpServletRequest.getSession(true);
        SessionInternal session2 = session instanceof SessionInternal ? session : servletRequestImpl.getSession(false);
        if (session2 == null) {
            throw new AssertionError("Internal type of session is not available.");
        }
        return session2;
    }

    private static WebAppSecurity getSecurityManager(WebAppServletContext webAppServletContext) {
        return (WebAppSecurity) AccessController.doPrivileged((PrivilegedAction) new 2(webAppServletContext));
    }

    private static void popCurrentSubject() {
        AccessController.doPrivileged((PrivilegedAction) new 3());
    }

    private static void pushSubject(SubjectHandle subjectHandle) {
        AccessController.doPrivileged((PrivilegedAction) new 4(subjectHandle));
    }
}
