package org.apache.tomcat.security;

import java.security.Principal;
import java.util.Enumeration;
import javax.servlet.Servlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.tomcat.core.Context;
import org.apache.tomcat.core.InterceptorException;
import org.apache.tomcat.core.ServiceInterceptor;
import org.apache.tomcat.deployment.AuthorizationConstraint;
import org.apache.tomcat.deployment.LoginConfiguration;
import org.apache.tomcat.deployment.SecurityConstraint;
import org.apache.tomcat.deployment.SecurityRole;
import org.apache.tomcat.deployment.UserDataConstraint;
import org.apache.tomcat.deployment.WebApplicationDescriptor;
import org.apache.tomcat.deployment.WebResourceCollection;

/* loaded from: input_file:org/apache/tomcat/security/SecurityInterceptor.class */
public final class SecurityInterceptor implements ServiceInterceptor {
    private void accessControl(Context context, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthorizationConstraint authorizationConstraint) throws InterceptorException {
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        RealmConnector realmConnector = null;
        Enumeration securityRoles = authorizationConstraint.getSecurityRoles();
        while (securityRoles.hasMoreElements() && !realmConnector.hasRole(userPrincipal, ((SecurityRole) securityRoles.nextElement()).getName())) {
        }
    }

    private void authenticate(Context context, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, LoginConfiguration loginConfiguration) throws InterceptorException {
        String authenticationMethod = loginConfiguration.getAuthenticationMethod();
        if (authenticationMethod == null) {
            authenticationMethod = "BASIC";
        }
        if (authenticationMethod.equals("BASIC")) {
            authenticateBasic(context, httpServletRequest, httpServletResponse, loginConfiguration);
        }
    }

    private void authenticateBasic(Context context, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, LoginConfiguration loginConfiguration) throws InterceptorException {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || findPrincipalBasic(header, null) == null) {
            String realmName = loginConfiguration.getRealmName();
            if (realmName == null) {
                realmName = new StringBuffer(String.valueOf(httpServletRequest.getServerName())).append(":").append(httpServletRequest.getServerPort()).toString();
            }
            httpServletResponse.setHeader("WWW-Authenticate", new StringBuffer("Basic \"").append(realmName).append("\"").toString());
            httpServletResponse.setStatus(401);
        }
    }

    private SecurityConstraint findConstraint(HttpServletRequest httpServletRequest, WebApplicationDescriptor webApplicationDescriptor) {
        Enumeration securityConstraints;
        if (webApplicationDescriptor == null || (securityConstraints = webApplicationDescriptor.getSecurityConstraints()) == null) {
            return null;
        }
        while (securityConstraints.hasMoreElements()) {
            SecurityConstraint securityConstraint = (SecurityConstraint) securityConstraints.nextElement();
            Enumeration webResourceCollections = securityConstraint.getWebResourceCollections();
            while (webResourceCollections.hasMoreElements()) {
                if (matchCollection(httpServletRequest, (WebResourceCollection) webResourceCollections.nextElement())) {
                    return securityConstraint;
                }
            }
        }
        return null;
    }

    private Principal findPrincipalBasic(String str, RealmConnector realmConnector) {
        String trim;
        int indexOf;
        if (str != null && str.startsWith("Basic ") && (indexOf = (trim = str.substring(6).trim()).indexOf(58)) >= 0) {
            return realmConnector.authenticate(trim.substring(0, indexOf), trim.substring(indexOf + 1));
        }
        return null;
    }

    private boolean matchCollection(HttpServletRequest httpServletRequest, WebResourceCollection webResourceCollection) {
        String method = httpServletRequest.getMethod();
        int i = 0;
        boolean z = false;
        Enumeration httpMethods = webResourceCollection.getHttpMethods();
        while (true) {
            if (!httpMethods.hasMoreElements()) {
                break;
            }
            i++;
            if (method.equals((String) httpMethods.nextElement())) {
                z = true;
                break;
            }
        }
        if (!z && i > 0) {
            return false;
        }
        String servletPath = httpServletRequest.getServletPath();
        if (servletPath == null) {
            servletPath = "";
        }
        if (httpServletRequest.getPathInfo() != null) {
            servletPath = new StringBuffer(String.valueOf(servletPath)).append(httpServletRequest.getPathInfo()).toString();
        }
        Enumeration urlPatterns = webResourceCollection.getUrlPatterns();
        while (urlPatterns.hasMoreElements()) {
            if (matchPattern(servletPath, (String) urlPatterns.nextElement())) {
                return true;
            }
        }
        return false;
    }

    private boolean matchPattern(String str, String str2) {
        if (str == null || str.length() == 0) {
            str = "/";
        }
        if (str2 == null || str2.length() == 0) {
            str2 = "/";
        }
        if (str.equals(str2) || str2.equals("/")) {
            return true;
        }
        if (!str2.startsWith("/") || !str2.endsWith("/*")) {
            if (!str2.startsWith("*.")) {
                return false;
            }
            int lastIndexOf = str.lastIndexOf(47);
            return lastIndexOf >= 0 && str.lastIndexOf(46) > lastIndexOf && str.endsWith(str2.substring(1));
        }
        String substring = str2.substring(0, str2.length() - 2);
        if (substring.length() == 0) {
            return true;
        }
        if (str.endsWith("/")) {
            str = str.substring(0, str.length() - 1);
        }
        while (!substring.equals(str)) {
            int lastIndexOf2 = str.lastIndexOf(47);
            if (lastIndexOf2 <= 0) {
                return false;
            }
            str = str.substring(0, lastIndexOf2);
        }
        return true;
    }

    @Override // org.apache.tomcat.core.ServiceInterceptor
    public void postInvoke(Context context, Servlet servlet, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InterceptorException {
    }

    @Override // org.apache.tomcat.core.ServiceInterceptor
    public void preInvoke(Context context, Servlet servlet, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InterceptorException {
        SecurityConstraint findConstraint;
        WebApplicationDescriptor webApplicationDescriptor = null;
        if (0 == 0 || (findConstraint = findConstraint(httpServletRequest, null)) == null) {
            return;
        }
        userData(httpServletRequest, httpServletResponse, findConstraint.getUserDataConstraint());
        authenticate(context, httpServletRequest, httpServletResponse, webApplicationDescriptor.getLoginConfiguration());
        accessControl(context, httpServletRequest, httpServletResponse, findConstraint.getAuthorizationConstraint());
    }

    private void userData(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, UserDataConstraint userDataConstraint) throws InterceptorException {
        String transportGuarantee;
        if (userDataConstraint == null || (transportGuarantee = userDataConstraint.getTransportGuarantee()) == null || transportGuarantee.equals("NONE")) {
            return;
        }
        httpServletRequest.isSecure();
    }
}
