package weblogic.servlet.internal;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import javax.annotation.ManagedBean;
import javax.security.auth.login.LoginException;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import weblogic.application.ApplicationAccess;
import weblogic.logging.Loggable;
import weblogic.managedbean.ManagedBeanCreator;
import weblogic.management.DeploymentException;
import weblogic.servlet.HTTPLogger;
import weblogic.servlet.jsp.JspStub;
import weblogic.servlet.security.internal.WebAppSecurity;
import weblogic.servlet.spi.SubjectHandle;
import weblogic.servlet.spi.WebServerRegistry;
import weblogic.t3.srvr.ServerRuntime;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:weblogic/servlet/internal/StubSecurityHelper.class */
public final class StubSecurityHelper {
    private final ServletStubImpl stub;
    private SubjectHandle initAs = null;
    private SubjectHandle destroyAs = null;
    private SubjectHandle runAs = null;
    private String runAsRoleName = null;
    private String runAsIdentity = null;
    private String initAsIdentity = null;
    private String destroyAsIdentity = null;
    private ConcurrentHashMap<String, String> securityRoleMap;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/servlet/internal/StubSecurityHelper$ServletDestroyAction.class */
    public static final class ServletDestroyAction implements PrivilegedAction<Throwable> {
        final Servlet servlet;
        final WebAppServletContext context;

        ServletDestroyAction(Servlet servlet, WebAppServletContext webAppServletContext) {
            this.servlet = servlet;
            this.context = webAppServletContext;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public Throwable run() {
            try {
                this.servlet.destroy();
                try {
                    this.context.getComponentCreator().notifyPreDestroy(this.servlet);
                    return null;
                } catch (Throwable th) {
                    return th;
                }
            } catch (Throwable th2) {
                return th2;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/servlet/internal/StubSecurityHelper$ServletInitAction.class */
    public static final class ServletInitAction implements PrivilegedAction<Throwable> {
        private final ServletStubImpl stub;
        private final Class<?> clazz;
        private Servlet servlet;

        public ServletInitAction(ServletStubImpl servletStubImpl, Class<?> cls) {
            this.servlet = null;
            this.stub = servletStubImpl;
            this.clazz = cls;
            this.servlet = null;
        }

        public ServletInitAction(ServletStubImpl servletStubImpl, Servlet servlet) {
            this.servlet = null;
            this.stub = servletStubImpl;
            this.clazz = null;
            this.servlet = servlet;
        }

        public Servlet getServlet() {
            return this.servlet;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public Throwable run() {
            try {
                newServletInstanceIfNecessary();
                try {
                    this.servlet.init(this.stub);
                    return null;
                } catch (Throwable th) {
                    return th;
                }
            } catch (ClassCastException e) {
                HTTPLogger.logCastingError(this.stub.getContext().getLogContext(), this.stub.getServletName(), e);
                return new ServletException("Servlet class: '" + this.stub.getClassName() + "' does not implement javax.servlet.Servlet");
            } catch (IllegalAccessException e2) {
                HTTPLogger.logIllegalAccessOnInstantiate(this.stub.getContext().getLogContext(), this.stub.getServletName(), e2);
                return new ServletException("Servlet class: '" + this.stub.getClassName() + "' couldn't be instantiated");
            } catch (InstantiationException e3) {
                HTTPLogger.logInstantiateError(this.stub.getContext().getLogContext(), this.stub.getServletName(), e3);
                return new ServletException("Servlet class: '" + this.stub.getClassName() + "' couldn't be instantiated");
            } catch (NoSuchMethodError e4) {
                HTTPLogger.logInstantiateError(this.stub.getContext().getLogContext(), this.stub.getServletName(), e4);
                return new ServletException("Servlet class: '" + this.stub.getClassName() + "' doesn't have a default constructor");
            } catch (Throwable th2) {
                return th2;
            }
        }

        private void newServletInstanceIfNecessary() throws InstantiationException, IllegalAccessException, ClassNotFoundException {
            if (this.servlet != null) {
                return;
            }
            if (this.stub instanceof JspStub) {
                this.servlet = (Servlet) this.clazz.newInstance();
                return;
            }
            ManagedBeanCreator managedBeanCreator = this.stub.getContext().getManagedBeanCreator();
            if (this.clazz == null || !this.clazz.isAnnotationPresent(ManagedBean.class) || managedBeanCreator == null) {
                this.servlet = this.stub.getContext().getComponentCreator().createServletInstance(this.stub.getClassName());
            } else {
                this.servlet = (Servlet) managedBeanCreator.createInstance(this.clazz);
                managedBeanCreator.notifyPostConstruct(this.clazz.getName(), this.servlet);
            }
        }
    }

    /* loaded from: input_file:weblogic/servlet/internal/StubSecurityHelper$ServletInvokeAnnotatedMethodsAction.class */
    private static final class ServletInvokeAnnotatedMethodsAction implements PrivilegedAction<Throwable> {
        private Servlet s;
        private List<Method> methods;
        private Object[] args;
        private Object[] result;

        public ServletInvokeAnnotatedMethodsAction(Servlet servlet, List<Method> list, Object[] objArr) {
            this.s = servlet;
            this.methods = list;
            this.args = objArr;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public Throwable run() {
            this.result = new Object[this.methods.size()];
            for (int i = 0; i < this.methods.size(); i++) {
                try {
                    this.result[i] = this.methods.get(i).invoke(this.s, this.args);
                } catch (Throwable th) {
                    return th;
                }
            }
            return null;
        }

        public Object[] getResult() {
            return this.result;
        }
    }

    /* loaded from: input_file:weblogic/servlet/internal/StubSecurityHelper$ServletServiceAction.class */
    private static final class ServletServiceAction implements PrivilegedAction<Throwable> {
        private final ServletRequest req;
        private final ServletRequestImpl reqi;
        private final ServletResponse rsp;
        private final Servlet servlet;
        private final ServletStubImpl stub;

        ServletServiceAction(ServletRequest servletRequest, ServletRequestImpl servletRequestImpl, ServletResponse servletResponse, Servlet servlet, ServletStubImpl servletStubImpl) {
            this.req = servletRequest;
            this.reqi = servletRequestImpl;
            this.rsp = servletResponse;
            this.servlet = servlet;
            this.stub = servletStubImpl;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public Throwable run() {
            try {
                if (this.stub == this.reqi.getServletStub() && this.stub.isFutureResponseServlet()) {
                    this.reqi.enableFutureResponse();
                }
                this.reqi.setAsyncSupported(this.stub.isAsyncSupported());
                this.servlet.service(this.req, this.rsp);
                return null;
            } catch (Throwable th) {
                return th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public StubSecurityHelper(ServletStubImpl servletStubImpl) {
        this.stub = servletStubImpl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRunAsRoleName(String str) {
        this.runAsRoleName = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setRunAsIdentity(String str) {
        this.runAsIdentity = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setInitAsIdentity(String str) {
        this.initAsIdentity = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setDestroyAsIdentity(String str) {
        this.destroyAsIdentity = str;
    }

    public final void addRoleLink(String str, String str2) {
        if (this.securityRoleMap == null) {
            this.securityRoleMap = new ConcurrentHashMap<>();
        }
        this.securityRoleMap.put(str, str2);
    }

    public final String getRoleLink(String str) {
        if (this.securityRoleMap == null) {
            return null;
        }
        return this.securityRoleMap.get(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Iterator<String> getRoleNames() {
        if (this.securityRoleMap == null) {
            return null;
        }
        return this.securityRoleMap.keySet().iterator();
    }

    public Servlet createServlet(Class<?> cls) throws ServletException {
        ServletInitAction servletInitAction = new ServletInitAction(this.stub, cls);
        initServletInstance(servletInitAction);
        return servletInitAction.getServlet();
    }

    public Servlet createServlet(Servlet servlet) throws ServletException {
        ServletInitAction servletInitAction = new ServletInitAction(this.stub, servlet);
        initServletInstance(servletInitAction);
        return servletInitAction.getServlet();
    }

    private void initServletInstance(ServletInitAction servletInitAction) throws ServletException {
        Throwable th = (Throwable) getInitAsSubject().run(servletInitAction);
        if (th == null) {
            return;
        }
        if (!(th instanceof ServletException)) {
            throw new ServletException(th);
        }
        throw ((ServletException) th);
    }

    private SubjectHandle getInitAsSubject() {
        return this.initAs != null ? this.initAs : this.runAs != null ? this.runAs : WebAppSecurity.getProvider().getAnonymousSubject();
    }

    public void destroyServlet(Servlet servlet) {
        Throwable th = (Throwable) getDestroyAsSubject().run(new ServletDestroyAction(servlet, this.stub.getContext()));
        if (th != null) {
            HTTPLogger.logServletFailedOnDestroy(this.stub.getContext().getLogContext(), this.stub.getServletName(), th);
        }
    }

    private SubjectHandle getDestroyAsSubject() {
        return this.destroyAs != null ? this.destroyAs : this.runAs != null ? this.runAs : WebAppSecurity.getProvider().getAnonymousSubject();
    }

    public Throwable invokeServlet(ServletRequest servletRequest, HttpServletRequest httpServletRequest, ServletRequestImpl servletRequestImpl, ServletResponse servletResponse, HttpServletResponse httpServletResponse, Servlet servlet) throws ServletException {
        ServletServiceAction servletServiceAction = new ServletServiceAction(servletRequest, servletRequestImpl, servletResponse, servlet, this.stub);
        return this.runAs != null ? (Throwable) this.runAs.run(servletServiceAction) : servletServiceAction.run();
    }

    public Object[] invokeAnnotatedMethods(Servlet servlet, List<Method> list, Object... objArr) throws IllegalAccessException, IllegalArgumentException, InvocationTargetException {
        if (list == null || list.size() == 0) {
            return new Object[0];
        }
        SubjectHandle subjectHandle = (SubjectHandle) AccessController.doPrivileged(new PrivilegedAction<SubjectHandle>() { // from class: weblogic.servlet.internal.StubSecurityHelper.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public SubjectHandle run() {
                return WebAppSecurity.getProvider().getCurrentSubject();
            }
        });
        if (subjectHandle == null) {
            subjectHandle = WebAppSecurity.getProvider().getAnonymousSubject();
        }
        ServletInvokeAnnotatedMethodsAction servletInvokeAnnotatedMethodsAction = new ServletInvokeAnnotatedMethodsAction(servlet, list, objArr);
        Throwable th = (Throwable) subjectHandle.run(servletInvokeAnnotatedMethodsAction);
        if (th == null) {
            return servletInvokeAnnotatedMethodsAction.getResult();
        }
        if (th instanceof IllegalAccessException) {
            throw ((IllegalAccessException) th);
        }
        if (th instanceof IllegalArgumentException) {
            throw ((IllegalArgumentException) th);
        }
        if (th instanceof InvocationTargetException) {
            throw ((InvocationTargetException) th);
        }
        if (th instanceof RuntimeException) {
            throw ((RuntimeException) th);
        }
        if (th instanceof Error) {
            throw ((Error) th);
        }
        throw new RuntimeException(th);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void resolveSubjects(WebAppSecurity webAppSecurity) throws DeploymentException {
        resolveInitAsSubject(webAppSecurity);
        resolveDestroyAsSubject(webAppSecurity);
        resolveRunAsSubject(webAppSecurity);
    }

    private void resolveInitAsSubject(WebAppSecurity webAppSecurity) throws DeploymentException {
        if (this.initAsIdentity == null) {
            return;
        }
        this.initAs = resolveSubject(webAppSecurity, this.initAsIdentity);
        checkDeployUserPrivileges(this.initAs, "init-as");
    }

    private void resolveDestroyAsSubject(WebAppSecurity webAppSecurity) throws DeploymentException {
        if (this.destroyAsIdentity == null) {
            return;
        }
        this.destroyAs = resolveSubject(webAppSecurity, this.destroyAsIdentity);
        checkDeployUserPrivileges(this.destroyAs, "destroy-as");
    }

    private void resolveRunAsSubject(WebAppSecurity webAppSecurity) throws DeploymentException {
        if (this.runAsRoleName == null) {
            return;
        }
        this.runAsIdentity = webAppSecurity.getRunAsPrincipalName(this.runAsIdentity, this.runAsRoleName);
        if (this.runAsIdentity == null) {
            return;
        }
        this.runAs = resolveSubject(webAppSecurity, this.runAsIdentity);
        checkDeployUserPrivileges(this.runAs, "run-as");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String getRunAsRoleName() {
        return this.runAsRoleName;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String getRunAsIdentity() {
        return this.runAsIdentity;
    }

    private SubjectHandle resolveSubject(WebAppSecurity webAppSecurity, String str) throws DeploymentException {
        try {
            return webAppSecurity.getAppSecurityProvider().impersonate(str, this.stub.getContext().getSecurityRealmName(), null, null);
        } catch (LoginException e) {
            Loggable logRunAsUserCouldNotBeResolvedLoggable = HTTPLogger.logRunAsUserCouldNotBeResolvedLoggable(str, this.stub.getServletName(), this.stub.getContext().getContextPath(), e);
            logRunAsUserCouldNotBeResolvedLoggable.log();
            throw new DeploymentException(logRunAsUserCouldNotBeResolvedLoggable.getMessage());
        }
    }

    private void checkDeployUserPrivileges(SubjectHandle subjectHandle, String str) throws DeploymentException {
        if (subjectHandle != null) {
            ApplicationAccess.getApplicationAccess().getCurrentApplicationContext();
            SubjectHandle deploymentInitiator = WebServerRegistry.getInstance().getContainerSupportProvider().getDeploymentInitiator(this.stub.getContext());
            if (deploymentInitiator != null) {
                if (!(ServerRuntime.theOne().getStateVal() == 1 && deploymentInitiator.isAnonymous()) && WebAppSecurity.getProvider().isAdminPrivilegeEscalation(deploymentInitiator, subjectHandle)) {
                    throw new DeploymentException("The " + str + " user : " + subjectHandle + " has higher privileges than the deployment user : " + deploymentInitiator + ". Hence this deployment user cannot perform the current deployment action. Try the deployment action with admin privileged user.");
                }
            }
        }
    }
}
