package weblogic.security.jaspic.servlet;

import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.config.ServerAuthConfig;
import javax.security.auth.message.config.ServerAuthContext;
import javax.security.jacc.PolicyContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import weblogic.security.jaspic.MessageInfoImpl;
import weblogic.servlet.internal.ServletRequestImpl;
import weblogic.servlet.security.internal.ResourceConstraint;
import weblogic.servlet.security.internal.SecurityModule;
import weblogic.servlet.security.internal.ServletSecurityContext;
import weblogic.servlet.security.internal.SessionSecurityData;
import weblogic.servlet.security.internal.WebAppSecurity;
import weblogic.servlet.spi.ApplicationSecurity;
import weblogic.servlet.spi.SubjectHandle;

/* loaded from: input_file:weblogic/security/jaspic/servlet/JaspicSecurityModule.class */
public class JaspicSecurityModule extends SecurityModule {
    private static final String KEY_MUST_AUTHENTICATE = "javax.security.auth.message.MessagePolicy.isMandatory";
    private static final String KEY_CURRENT_USER = "com.oracle.weblogic.servlet.current_subject";
    private static final String MESSAGE_INFO = "__javax.security.auth.message.MessageInfo";
    private ServerAuthSupport samSupport;
    private ServerAuthConfig serverConfig;
    private static final String OPTION_POLICY_CONTEXT = "javax.security.jacc.PolicyContext";

    public JaspicSecurityModule(ServerAuthConfig serverAuthConfig, ServletSecurityContext servletSecurityContext, WebAppSecurity webAppSecurity) {
        super(servletSecurityContext, webAppSecurity, false);
        this.samSupport = new ServerAuthSupport() { // from class: weblogic.security.jaspic.servlet.JaspicSecurityModule.1
            @Override // weblogic.security.jaspic.servlet.ServerAuthSupport
            public String getRealmBanner() {
                return JaspicSecurityModule.this.authRealmBanner;
            }

            @Override // weblogic.security.jaspic.servlet.ServerAuthSupport
            public String getErrorPage(int i) {
                return JaspicSecurityModule.this.getSecurityContext().getErrorPage(i);
            }

            @Override // weblogic.security.jaspic.servlet.ServerAuthSupport
            public boolean isEnforceBasicAuth() {
                return WebAppSecurity.getProvider().getEnforceValidBasicAuthCredentials();
            }
        };
        setAuthRealmBanner(servletSecurityContext.getAuthRealmName());
        this.serverConfig = serverAuthConfig;
    }

    public static Map createOptionsMap(ServerAuthSupport serverAuthSupport) {
        HashMap hashMap = new HashMap();
        hashMap.put(ServerAuthSupport.OPTION_SERVER_AUTH_SUPPORT, serverAuthSupport);
        hashMap.put(OPTION_POLICY_CONTEXT, PolicyContext.getContextID());
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // weblogic.servlet.security.internal.SecurityModule
    public boolean checkUserPerm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SessionSecurityData sessionSecurityData, ResourceConstraint resourceConstraint, SubjectHandle subjectHandle, boolean z) throws IOException, ServletException {
        if (getRequestFacade().isRequestForProxyServlet(httpServletRequest)) {
            return true;
        }
        if (wlsAuthCookieMissing(httpServletRequest, sessionSecurityData)) {
            subjectHandle = null;
        }
        MessageInfoImpl messageInfoImpl = new MessageInfoImpl(httpServletRequest, httpServletResponse, createMap(this.webAppSecurity, httpServletRequest, httpServletResponse, subjectHandle, getSecurityContext(), resourceConstraint));
        Subject subject = new Subject();
        try {
            ServerAuthContext authContext = this.serverConfig.getAuthContext(this.serverConfig.getAuthContextID(messageInfoImpl), null, createOptionsMap(this.samSupport));
            if (authContext.validateRequest(messageInfoImpl, subject, null) != AuthStatus.SUCCESS) {
                return false;
            }
            setAuthType(messageInfoImpl, this.webAppSecurity);
            boolean z2 = false;
            String str = (String) messageInfoImpl.getMap().get("javax.servlet.http.registerSession");
            if (str != null && Boolean.valueOf(str).booleanValue()) {
                z2 = true;
            }
            httpServletRequest.setAttribute(MESSAGE_INFO, messageInfoImpl);
            signPrincipals(subject, this.webAppSecurity);
            SubjectHandle subjectHandle2 = this.webAppSecurity.toSubjectHandle(subject);
            if (!subjectHandle2.isAnonymous()) {
                if (z2) {
                    login(httpServletRequest, subjectHandle2, (SessionSecurityData) httpServletRequest.getSession(false));
                } else if (httpServletRequest instanceof ServletRequestImpl) {
                    ((ServletRequestImpl) httpServletRequest).setCurrentSubject(subjectHandle2);
                }
            }
            if (this.webAppSecurity.hasPermission(httpServletRequest, httpServletResponse, subjectHandle2, resourceConstraint)) {
                return true;
            }
            httpServletResponse.sendError(403, getSecurityContext().getErrorPage(403));
            authContext.secureResponse(messageInfoImpl, subject);
            return false;
        } catch (AuthException e) {
            httpServletResponse.setStatus(500);
            throw new ServletException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // weblogic.servlet.security.internal.SecurityModule
    public boolean postInvoke(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SubjectHandle subjectHandle) throws ServletException {
        Subject subject = this.webAppSecurity.toSubject(subjectHandle);
        MessageInfoImpl messageInfoImpl = (MessageInfoImpl) httpServletRequest.getAttribute(MESSAGE_INFO);
        if (messageInfoImpl == null) {
            return false;
        }
        try {
            return AuthStatus.SEND_SUCCESS == this.serverConfig.getAuthContext(this.serverConfig.getAuthContextID(messageInfoImpl), null, createOptionsMap(this.samSupport)).secureResponse(messageInfoImpl, subject);
        } catch (AuthException e) {
            throw new ServletException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // weblogic.servlet.security.internal.SecurityModule
    public HttpServletRequest getWrappedRequest(HttpServletRequest httpServletRequest) throws ServletException {
        MessageInfo messageInfo = (MessageInfo) httpServletRequest.getAttribute(MESSAGE_INFO);
        if (messageInfo == null) {
            return null;
        }
        try {
            HttpServletRequest httpServletRequest2 = (HttpServletRequest) messageInfo.getRequestMessage();
            if (httpServletRequest2 == null) {
                return null;
            }
            if (httpServletRequest.equals(httpServletRequest2)) {
                return null;
            }
            return httpServletRequest2;
        } catch (Exception e) {
            throw new ServletException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // weblogic.servlet.security.internal.SecurityModule
    public HttpServletResponse getWrappedResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        MessageInfo messageInfo = (MessageInfo) httpServletRequest.getAttribute(MESSAGE_INFO);
        if (messageInfo == null) {
            return null;
        }
        try {
            HttpServletResponse httpServletResponse2 = (HttpServletResponse) messageInfo.getResponseMessage();
            if (httpServletResponse2 == null) {
                return null;
            }
            if (httpServletResponse.equals(httpServletResponse2)) {
                return null;
            }
            return httpServletResponse2;
        } catch (Exception e) {
            throw new ServletException(e);
        }
    }

    public static Map<String, Object> createMap(WebAppSecurity webAppSecurity, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SubjectHandle subjectHandle, final ServletSecurityContext servletSecurityContext, ResourceConstraint resourceConstraint) {
        HashMap hashMap = new HashMap();
        if (mustAuthenticate(webAppSecurity, httpServletRequest, httpServletResponse, null, resourceConstraint)) {
            hashMap.put(KEY_MUST_AUTHENTICATE, "true");
        }
        if (subjectHandle != null && !subjectHandle.isAnonymous()) {
            Subject subject = new Subject();
            ((ApplicationSecurity) AccessController.doPrivileged(new PrivilegedAction<ApplicationSecurity>() { // from class: weblogic.security.jaspic.servlet.JaspicSecurityModule.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public ApplicationSecurity run() {
                    return ServletSecurityContext.this.getAppSecurityProvider();
                }
            })).populateSubject(subject, subjectHandle);
            hashMap.put(KEY_CURRENT_USER, subject);
        }
        return hashMap;
    }

    private static boolean mustAuthenticate(WebAppSecurity webAppSecurity, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SubjectHandle subjectHandle, ResourceConstraint resourceConstraint) {
        return !webAppSecurity.hasPermission(httpServletRequest, httpServletResponse, subjectHandle, resourceConstraint);
    }
}
