package weblogic.servlet.security.internal;

import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.config.ServerAuthConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.jsp.PageContext;
import org.eclipse.persistence.jpa.jpql.parser.Expression;
import org.glassfish.tyrus.spi.UpgradeResponse;
import weblogic.diagnostics.debug.DebugLogger;
import weblogic.security.jaspic.servlet.JaspicSecurityModule;
import weblogic.security.jaspic.servlet.JaspicUtilities;
import weblogic.servlet.HTTPLogger;
import weblogic.servlet.internal.ServletNestedRuntimeException;
import weblogic.servlet.internal.ServletRequestImpl;
import weblogic.servlet.internal.session.HTTPSessionLogger;
import weblogic.servlet.spi.ApplicationSecurity;
import weblogic.servlet.spi.SubjectHandle;
import weblogic.utils.StringUtils;
import weblogic.utils.encoders.BASE64Encoder;

/* loaded from: input_file:weblogic/servlet/security/internal/SecurityModule.class */
public abstract class SecurityModule {
    public static final String SESSION_AUTH_USER = "weblogic.authuser";
    public static final String SESSION_AUTH_USER_DATA = "weblogic.authuser.associated.data";
    public static final String SESSION_FORM_URL = "weblogic.formauth.targeturl";
    public static final String SESSION_FORM_URI = "weblogic.formauth.targeturi";
    public static final String SESSION_FORM_METHOD = "weblogic.formauth.method";
    public static final int AUTHENTICATED = 0;
    public static final int FAILED_AUTHENTICATION = 1;
    public static final int NEEDS_CREDENTIALS = 2;
    static final String SESSION_FORM_QUERY = "weblogic.formauth.queryparams";
    static final String SESSION_FORM_BYTEARRAY = "weblogic.formauth.bytearray";
    static final String SESSION_FORM_REQHEADNAMES = "weblogic.formauth.reqheadernames";
    static final String SESSION_FORM_REQHEADVALUES = "weblogic.formauth.reqheadervalues";
    static final String SESSION_POST_COOKIE = "weblogic.formauth.postcookie";
    static final String SESSION_FORM_IMMEDIATE = "weblogic.formauth.immediate";
    public static final String REQUEST_AUTH_RESULT = "weblogic.auth.result";
    public static final int REQUEST_PRE_AUTH = -1;
    private static final String NULL_AUTH_COOKIE = "null";
    private static final String AUTHTYPE_UNSPECIFIED = "Authtype_Unspecified";
    public static final String ASSERTION_AUTH = "ASSERTION";
    public static final String REALM_AUTH = "REALM";
    protected final WebAppSecurity webAppSecurity;
    public String authRealmBanner;
    protected boolean delegateControl;
    private ServletSecurityContext securityContext;
    public static final String WEBFLOW_RESOURCE = "webflow_resource";
    protected static final DebugLogger DEBUG_SEC = DebugLogger.getDebugLogger("DebugWebAppSecurity");
    public static final String ENABLE_DIGEST_DEFAULT_TO_BASIC = "weblogic.servlet.security.enableDigestDefaultToBasicAuth";
    private static final Boolean defaultToBasic = Boolean.valueOf(Boolean.getBoolean(ENABLE_DIGEST_DEFAULT_TO_BASIC));
    public static boolean ignorePluginParamsForCookiePath = Boolean.getBoolean("weblogic.cookies.ignorePluginParamsForCookiePath");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/servlet/security/internal/SecurityModule$SessionRetrievalAction.class */
    public static class SessionRetrievalAction implements PrivilegedAction {
        private final HttpServletRequest request;
        private final boolean flag;
        private SessionSecurityData session = null;

        SessionRetrievalAction(HttpServletRequest httpServletRequest, boolean z) {
            this.request = httpServletRequest;
            this.flag = z;
        }

        public SessionSecurityData getUserSession() {
            return this.session;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            try {
                this.session = (SessionSecurityData) this.request.getSession(this.flag);
                return null;
            } catch (Throwable th) {
                return th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityModule(WebAppSecurity webAppSecurity, ServletSecurityContext servletSecurityContext) {
        this.authRealmBanner = null;
        this.delegateControl = false;
        this.webAppSecurity = webAppSecurity;
        this.securityContext = servletSecurityContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityModule(ServletSecurityContext servletSecurityContext, WebAppSecurity webAppSecurity, boolean z) {
        this(webAppSecurity, servletSecurityContext);
        this.delegateControl = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ServletSecurityContext getSecurityContext() {
        return this.securityContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ServletObjectsFacade getRequestFacade() {
        return this.securityContext.getRequestFacade();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isReloginEnabled() {
        return this.securityContext.isReloginEnabled();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean checkAccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SessionSecurityData sessionSecurityData, ResourceConstraint resourceConstraint, boolean z) throws IOException, ServletException {
        if (this.webAppSecurity.checkTransport(resourceConstraint, httpServletRequest, httpServletResponse)) {
            return checkUserPerm(httpServletRequest, httpServletResponse, sessionSecurityData, resourceConstraint, getCurrentUser(getSecurityContext(), httpServletRequest, sessionSecurityData), z);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean postCheckAccess(HttpServletResponse httpServletResponse) throws IOException {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpServletRequest getWrappedRequest(HttpServletRequest httpServletRequest) throws ServletException {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpServletResponse getWrappedResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract boolean checkUserPerm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SessionSecurityData sessionSecurityData, ResourceConstraint resourceConstraint, SubjectHandle subjectHandle, boolean z) throws IOException, ServletException;

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean postInvoke(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SubjectHandle subjectHandle) throws ServletException {
        return true;
    }

    public static SubjectHandle getCurrentUser(ServletSecurityContext servletSecurityContext, HttpServletRequest httpServletRequest) {
        SubjectHandle findUserFromRequest = findUserFromRequest(httpServletRequest);
        return findUserFromRequest != null ? findUserFromRequest : getCurrentUser(servletSecurityContext, httpServletRequest, (SessionSecurityData) httpServletRequest.getSession(false));
    }

    public static SubjectHandle getCurrentUser(ServletSecurityContext servletSecurityContext, HttpServletRequest httpServletRequest, SessionSecurityData sessionSecurityData) {
        SubjectHandle findUserFromRequest = findUserFromRequest(httpServletRequest);
        if (findUserFromRequest != null) {
            return findUserFromRequest;
        }
        SessionRegistry sessionRegistry = servletSecurityContext.getSessionRegistry();
        String str = null;
        try {
            if (sessionSecurityData != null) {
                String internalId = sessionSecurityData.getInternalId();
                findUserFromRequest = sessionRegistry.getUser(internalId);
                if (findUserFromRequest == null) {
                    ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
                    if (originalRequest != null) {
                        str = originalRequest.getIncomingSessionCookieValue();
                    }
                    if (str != null) {
                        findUserFromRequest = sessionRegistry.getUser(str);
                    }
                }
                if (findUserFromRequest != null) {
                    sessionSecurityData.setInternalAttribute(SESSION_AUTH_USER, WebAppSecurity.getProvider().unwrapSubject(findUserFromRequest));
                    if (findUserFromRequest.getAssociatedData() != null) {
                        sessionSecurityData.setInternalAttribute(SESSION_AUTH_USER_DATA, findUserFromRequest.getAssociatedData());
                    }
                } else {
                    Object internalAttribute = sessionSecurityData.getInternalAttribute(SESSION_AUTH_USER);
                    Object internalAttribute2 = sessionSecurityData.getInternalAttribute(SESSION_AUTH_USER_DATA);
                    if (internalAttribute != null) {
                        findUserFromRequest = WebAppSecurity.getProvider().wrapSubject(internalAttribute, internalAttribute2);
                        sessionRegistry.setUser(internalId, findUserFromRequest);
                    }
                }
                String wLSAuthCookieName = servletSecurityContext.getWLSAuthCookieName();
                String str2 = (String) sessionSecurityData.getInternalAttribute(wLSAuthCookieName);
                if (str2 == null) {
                    String cookieId = sessionRegistry.getCookieId(internalId);
                    if (cookieId != null) {
                        sessionSecurityData.setInternalAttribute(wLSAuthCookieName, cookieId);
                    }
                } else {
                    sessionRegistry.addCookieId(internalId, str2);
                }
            } else {
                String requestedSessionId = httpServletRequest.getRequestedSessionId();
                if (requestedSessionId != null) {
                    findUserFromRequest = sessionRegistry.getUser(requestedSessionId);
                }
            }
        } catch (IllegalStateException e) {
            HTTPSessionLogger.logSessionExpired(sessionSecurityData == null ? "null" : sessionSecurityData.getInternalId(), e);
        }
        return findUserFromRequest;
    }

    private static SubjectHandle findUserFromRequest(HttpServletRequest httpServletRequest) {
        SubjectHandle subjectHandle = null;
        if (httpServletRequest instanceof ServletRequestImpl) {
            subjectHandle = ((ServletRequestImpl) httpServletRequest).getCurrentSubject();
        }
        return subjectHandle;
    }

    public static SubjectHandle checkAuthenticate(ServletSecurityContext servletSecurityContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Object obj, boolean z) {
        try {
            return checkAuthenticate(servletSecurityContext, httpServletRequest, httpServletResponse, str, obj);
        } catch (LoginException e) {
            if (DEBUG_SEC.isDebugEnabled()) {
                DEBUG_SEC.debug("Login failed for request: " + httpServletRequest.toString(), e);
            }
            if (!z) {
                return null;
            }
            recordErrorPageAttributes(httpServletRequest, e);
            return null;
        }
    }

    static void recordErrorPageAttributes(HttpServletRequest httpServletRequest, LoginException loginException) {
        httpServletRequest.setAttribute(RequestDispatcher.ERROR_EXCEPTION_TYPE, loginException.getClass());
        httpServletRequest.setAttribute(RequestDispatcher.ERROR_EXCEPTION, loginException);
        httpServletRequest.setAttribute(RequestDispatcher.ERROR_MESSAGE, loginException.getMessage());
        SessionSecurityData sessionSecurityData = (SessionSecurityData) httpServletRequest.getSession(false);
        if (sessionSecurityData != null) {
            String str = (String) sessionSecurityData.getInternalAttribute(SESSION_FORM_URI);
            httpServletRequest.setAttribute(RequestDispatcher.ERROR_REQUEST_URI, str == null ? httpServletRequest.getRequestURI() : str);
        }
        httpServletRequest.setAttribute(PageContext.EXCEPTION, loginException);
        httpServletRequest.setAttribute(RequestDispatcher.ERROR_STATUS_CODE, 403);
    }

    public static SubjectHandle checkAuthenticate(final ServletSecurityContext servletSecurityContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Object obj) throws LoginException {
        SessionSecurityData sessionSecurityData = (SessionSecurityData) httpServletRequest.getSession(false);
        SubjectHandle currentUser = getCurrentUser(servletSecurityContext, httpServletRequest, sessionSecurityData);
        if (currentUser != null) {
            if ((str == null || str.equals(currentUser.getUsername())) && !isReAuthenticateRequired(servletSecurityContext, sessionSecurityData)) {
                return currentUser;
            }
            logout(servletSecurityContext, sessionSecurityData);
        }
        if (str == null) {
            return null;
        }
        SubjectHandle authenticateAndSaveCredential = ((ApplicationSecurity) AccessController.doPrivileged(new PrivilegedAction<ApplicationSecurity>() { // from class: weblogic.servlet.security.internal.SecurityModule.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public ApplicationSecurity run() {
                return ServletSecurityContext.this.getAppSecurityProvider();
            }
        })).authenticateAndSaveCredential(str, obj, servletSecurityContext.getSecurityRealmName(), httpServletRequest, httpServletResponse);
        if (DEBUG_SEC.isDebugEnabled()) {
            DEBUG_SEC.debug(servletSecurityContext.getLogContext() + " authenticated user: " + getUsername(authenticateAndSaveCredential));
        }
        return authenticateAndSaveCredential;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getUsername(SubjectHandle subjectHandle) {
        return subjectHandle == null ? "anonymous" : subjectHandle.getUsername();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setAuthRealmBanner(String str) {
        this.authRealmBanner = "Basic realm=\"" + str + "\"";
    }

    public static String constructAuthRealmBanner(String str) {
        return "Basic realm=\"" + str + "\"";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void logout(ServletSecurityContext servletSecurityContext, SessionSecurityData sessionSecurityData) {
        if (sessionSecurityData == null) {
            return;
        }
        servletSecurityContext.getSessionRegistry().unregister(sessionSecurityData.getInternalId());
        sessionSecurityData.removeInternalAttribute(SESSION_AUTH_USER);
        sessionSecurityData.removeInternalAttribute(SESSION_AUTH_USER_DATA);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void login(HttpServletRequest httpServletRequest, SubjectHandle subjectHandle, SessionSecurityData sessionSecurityData) {
        if (subjectHandle == null || subjectHandle.isAnonymous() || subjectHandle.isKernel()) {
            return;
        }
        if (sessionSecurityData == null) {
            sessionSecurityData = getUserSession(httpServletRequest, true);
        } else if (!((HttpSession) sessionSecurityData).isNew() && this.webAppSecurity.isChangeSessionIdOnReauthentication()) {
            getRequestFacade().updateSessionId(httpServletRequest);
        }
        sessionSecurityData.setInternalAttribute(SESSION_AUTH_USER, WebAppSecurity.getProvider().unwrapSubject(subjectHandle));
        String internalId = sessionSecurityData.getInternalId();
        this.securityContext.getSessionRegistry().setUser(internalId, subjectHandle);
        setupAuthCookie(this.securityContext, httpServletRequest, sessionSecurityData, internalId, true);
    }

    public static void setupAuthCookie(ServletSecurityContext servletSecurityContext, HttpServletRequest httpServletRequest, SessionSecurityData sessionSecurityData, String str) {
        setupAuthCookie(servletSecurityContext, httpServletRequest, sessionSecurityData, str, false);
    }

    public static void setupAuthCookie(ServletSecurityContext servletSecurityContext, HttpServletRequest httpServletRequest, SessionSecurityData sessionSecurityData, String str, boolean z) {
        if (servletSecurityContext.isAuthCookieEnabled() && httpServletRequest.isSecure()) {
            String cookieId = servletSecurityContext.getSessionRegistry().getCookieId(str);
            String wLSAuthCookieName = servletSecurityContext.getWLSAuthCookieName();
            if (!z && cookieId != null) {
                sessionSecurityData.setInternalAttribute(wLSAuthCookieName, cookieId);
                return;
            }
            if (cookieId == null) {
                cookieId = (String) sessionSecurityData.getInternalAttribute(wLSAuthCookieName);
                if (!z && cookieId != null) {
                    servletSecurityContext.getSessionRegistry().addCookieId(str, cookieId);
                    return;
                }
            }
            boolean z2 = cookieId != null;
            String generateNewId = generateNewId(servletSecurityContext);
            sessionSecurityData.setInternalAttribute(wLSAuthCookieName, generateNewId);
            if (z && z2) {
                servletSecurityContext.removeAllWlsAuthCookies(httpServletRequest, sessionSecurityData, str, wLSAuthCookieName);
            }
            Cookie cookie = new Cookie(wLSAuthCookieName, generateNewId);
            cookie.setSecure(true);
            cookie.setMaxAge(-1);
            if (ignorePluginParamsForCookiePath) {
                cookie.setPath(servletSecurityContext.getCookiePath());
            } else {
                cookie.setPath(servletSecurityContext.getRequestFacade().processProxyPathHeaders(httpServletRequest, servletSecurityContext.getCookiePath()));
            }
            String cookieDomain = servletSecurityContext.getCookieDomain();
            if (cookieDomain != null) {
                cookie.setDomain(cookieDomain);
            }
            servletSecurityContext.getRequestFacade().addResponseCookie(httpServletRequest, cookie);
            servletSecurityContext.getSessionRegistry().addCookieId(str, generateNewId);
        }
    }

    private static String generateNewId(ServletSecurityContext servletSecurityContext) {
        BASE64Encoder bASE64Encoder = new BASE64Encoder();
        int wLSAuthCookieIdLength = servletSecurityContext.getWLSAuthCookieIdLength();
        return bASE64Encoder.encodeBuffer(WebAppSecurity.getProvider().getRandomBytesFromSalt(wLSAuthCookieIdLength)).substring(0, wLSAuthCookieIdLength).replace('/', '.').replace('+', '-').replace('=', '_');
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean needToCheckAuthCookie(HttpServletRequest httpServletRequest, ServletSecurityContext servletSecurityContext, SessionSecurityData sessionSecurityData) {
        return httpServletRequest.isSecure() && servletSecurityContext.isAuthCookieEnabled() && servletSecurityContext.isSessionCookiesEnabled() && getAuthCookieId(sessionSecurityData, servletSecurityContext.getWLSAuthCookieName()) != null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean wlsAuthCookieMissing(HttpServletRequest httpServletRequest, SessionSecurityData sessionSecurityData) {
        String wLSAuthCookieName;
        String authCookieId;
        if (!getSecurityContext().isAuthCookieEnabled() || !httpServletRequest.isSecure() || !getSecurityContext().isSessionCookiesEnabled() || (authCookieId = getAuthCookieId(sessionSecurityData, (wLSAuthCookieName = this.securityContext.getWLSAuthCookieName()))) == null || authCookieId == "null") {
            return false;
        }
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (cookie.getName().equals(wLSAuthCookieName) && cookie.getValue().equals(authCookieId)) {
                    return false;
                }
            }
        }
        Cookie responseCookie = getRequestFacade().getResponseCookie(httpServletRequest, wLSAuthCookieName);
        return responseCookie == null || !responseCookie.getValue().equals(authCookieId);
    }

    private String getAuthCookieId(SessionSecurityData sessionSecurityData, String str) {
        if (sessionSecurityData == null) {
            return null;
        }
        String cookieId = getSecurityContext().getSessionRegistry().getCookieId(sessionSecurityData.getInternalId());
        if (cookieId == null) {
            cookieId = (String) sessionSecurityData.getInternalAttribute(str);
        } else {
            sessionSecurityData.setInternalAttribute(str, cookieId);
        }
        return cookieId;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setAuthCookieForReAuth(ServletSecurityContext servletSecurityContext, SessionSecurityData sessionSecurityData, SecurityModule securityModule) {
        if (!this.webAppSecurity.isLastSecurityModule(securityModule) || sessionSecurityData == null) {
            return;
        }
        servletSecurityContext.getSessionRegistry().addCookieId(sessionSecurityData.getInternalId(), "null");
        sessionSecurityData.setInternalAttribute(servletSecurityContext.getWLSAuthCookieName(), "null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean isReAuthenticateRequired(ServletSecurityContext servletSecurityContext, SessionSecurityData sessionSecurityData) {
        return sessionSecurityData != null && servletSecurityContext.getSessionRegistry().getCookieId(sessionSecurityData.getInternalId()) == "null";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void sendForbiddenResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (this.delegateControl) {
            return;
        }
        sendError(httpServletResponse, 403);
    }

    private void sendError(HttpServletResponse httpServletResponse, int i) throws IOException {
        httpServletResponse.sendError(i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void sendUnauthorizedResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (this.delegateControl) {
            return;
        }
        sendError(httpServletResponse, 401);
    }

    public void sendError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (this.delegateControl) {
            return;
        }
        httpServletResponse.setHeader(UpgradeResponse.WWW_AUTHENTICATE, this.authRealmBanner);
        sendUnauthorizedResponse(httpServletRequest, httpServletResponse);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isForbidden(ResourceConstraint resourceConstraint) {
        return this.webAppSecurity.isFullSecurityDelegationRequired() && resourceConstraint != null && resourceConstraint.isForbidden();
    }

    public static final SessionSecurityData getUserSession(HttpServletRequest httpServletRequest, boolean z) {
        if (!((SubjectHandle) AccessController.doPrivileged(new PrivilegedAction<SubjectHandle>() { // from class: weblogic.servlet.security.internal.SecurityModule.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public SubjectHandle run() {
                return WebAppSecurity.getProvider().getCurrentSubject();
            }
        })).isKernel()) {
            return (SessionSecurityData) httpServletRequest.getSession(z);
        }
        SessionRetrievalAction sessionRetrievalAction = new SessionRetrievalAction(httpServletRequest, z);
        Throwable th = (Throwable) WebAppSecurity.getProvider().getAnonymousSubject().run(sessionRetrievalAction);
        if (th == null) {
            return sessionRetrievalAction.getUserSession();
        }
        if (th instanceof ServletNestedRuntimeException) {
            throw ((ServletNestedRuntimeException) th);
        }
        HTTPSessionLogger.logUnexpectedError(th.getMessage(), th);
        throw new ServletNestedRuntimeException("Failed to retrieve session: " + th.getMessage(), th);
    }

    private static String[] validateAuthMethods(String str) {
        if (str == null) {
            throw new IllegalArgumentException("NULL auth-method list");
        }
        String[] splitCompletely = StringUtils.splitCompletely(str, ", ");
        for (int i = 0; i < splitCompletely.length; i++) {
            if (!splitCompletely[i].equals("BASIC") && !splitCompletely[i].equals("FORM") && !splitCompletely[i].equals("CLIENT_CERT") && !splitCompletely[i].equals("DIGEST") && !splitCompletely[i].equals(ASSERTION_AUTH) && !splitCompletely[i].equals("BASIC_ENFORCE") && !splitCompletely[i].equals("BASIC_PLAIN")) {
                throw new IllegalArgumentException("Invalid auth-method list - " + str);
            }
            if ((splitCompletely[i].equals("BASIC") || splitCompletely[i].equals("BASIC_ENFORCE") || splitCompletely[i].equals("BASIC_PLAIN") || splitCompletely[i].equals("FORM")) && i != splitCompletely.length - 1) {
                throw new IllegalArgumentException("Invalid auth-method list - '" + splitCompletely[i] + " ' has to be at the end in '" + str + Expression.QUOTE);
            }
        }
        return splitCompletely;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecurityModule createModule(ServletSecurityContext servletSecurityContext, WebAppSecurity webAppSecurity, boolean z) {
        ServerAuthConfig serverAuthConfig = JaspicUtilities.getServerAuthConfig(servletSecurityContext, "HttpServlet", getAppContextId(servletSecurityContext), webAppSecurity.getJaspicListener());
        return (!webAppSecurity.isJaspicEnabled() || serverAuthConfig == null || z) ? createModule(servletSecurityContext, webAppSecurity, false, getAuthMethod(webAppSecurity)) : new JaspicSecurityModule(serverAuthConfig, servletSecurityContext, webAppSecurity);
    }

    private static String getAuthMethod(WebAppSecurity webAppSecurity) {
        String authMethod = webAppSecurity.getAuthMethod();
        if (authMethod == null || authMethod.length() < 1) {
            authMethod = "BASIC";
        }
        return authMethod;
    }

    public static String getAppContextId(ServletSecurityContext servletSecurityContext) {
        return servletSecurityContext.getServletContext().getVirtualServerName() + " " + servletSecurityContext.getServletContext().getContextPath();
    }

    public static void signPrincipals(Subject subject, WebAppSecurity webAppSecurity) {
        webAppSecurity.getJaspicSecurityServices().signPrincipals(subject.getPrincipals());
    }

    public static void setAuthType(MessageInfo messageInfo, WebAppSecurity webAppSecurity) {
        String str = (String) messageInfo.getMap().get("javax.servlet.http.authType");
        if (str != null) {
            webAppSecurity.setAuthMethod(str);
        } else if (webAppSecurity.getCachedAuthType() != null) {
            webAppSecurity.setAuthMethod(webAppSecurity.getCachedAuthType());
        } else {
            webAppSecurity.setAuthMethod(AUTHTYPE_UNSPECIFIED);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecurityModule createModule(ServletSecurityContext servletSecurityContext, WebAppSecurity webAppSecurity, boolean z, String str) {
        SecurityModule certSecurityModule;
        if (str.equals("BASIC")) {
            certSecurityModule = new BasicSecurityModule(servletSecurityContext, webAppSecurity, z);
        } else if (str.equals("FORM")) {
            certSecurityModule = new FormSecurityModule(servletSecurityContext, webAppSecurity);
        } else if (str.equals("CLIENT_CERT")) {
            certSecurityModule = new CertSecurityModule(servletSecurityContext, webAppSecurity, z, false);
        } else if (!str.equals("DIGEST")) {
            certSecurityModule = str.equals(ASSERTION_AUTH) ? new CertSecurityModule(servletSecurityContext, webAppSecurity, z, true) : (str.equals("BASIC_ENFORCE") || str.equals("BASIC_PLAIN")) ? new Basic2SecurityModule(servletSecurityContext, webAppSecurity, z, str) : str.equals(REALM_AUTH) ? new ChainedSecurityModule(servletSecurityContext, webAppSecurity, validateAuthMethods(servletSecurityContext.getRealmAuthMethods())) : new ChainedSecurityModule(servletSecurityContext, webAppSecurity, validateAuthMethods(str));
        } else {
            if (!defaultToBasic.booleanValue()) {
                throw new IllegalArgumentException(HTTPLogger.logDigestAuthNotImplementedLoggable(servletSecurityContext.getLogContext()).getMessageText());
            }
            HTTPLogger.logDigestAuthNotSupported(servletSecurityContext.getLogContext());
            certSecurityModule = new BasicSecurityModule(servletSecurityContext, webAppSecurity, z);
        }
        certSecurityModule.setAuthRealmBanner(servletSecurityContext.getAuthRealmName());
        if (DEBUG_SEC.isDebugEnabled()) {
            DEBUG_SEC.debug(servletSecurityContext + " creating " + certSecurityModule);
        }
        return certSecurityModule;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isAuthorized(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ResourceConstraint resourceConstraint, boolean z) throws IOException, ServletException {
        SessionSecurityData userSession = getUserSession(httpServletRequest, false);
        boolean checkAccess = checkAccess(httpServletRequest, httpServletResponse, userSession, resourceConstraint, z);
        if (checkAccess && userSession != null) {
            getSecurityContext().registerContextPath(getUserSession(httpServletRequest, false).getInternalId());
        }
        return checkAccess;
    }
}
