package com.sun.web.security;

import com.sun.enterprise.security.SecurityContext;
import com.sun.enterprise.security.acl.Resource;
import com.sun.enterprise.security.acl.WebResource;
import com.sun.web.server.WebServer;
import java.security.AccessController;
import java.security.PrivilegedAction;
import javax.servlet.Servlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpUtils;
import org.apache.tomcat.core.Constants;
import org.apache.tomcat.core.Context;
import org.apache.tomcat.core.HttpServletRequestFacade;
import org.apache.tomcat.core.InterceptorException;
import org.apache.tomcat.core.Request;
import org.apache.tomcat.core.ServiceInterceptor;

/* loaded from: input_file:com/sun/web/security/SecurityInterceptor.class */
public class SecurityInterceptor implements ServiceInterceptor {
    public static final boolean debug = false;
    private LogHandler logHandler = new LogHandler();
    private static SecurityInterceptor defaultInterceptor = null;
    static Class class$com$sun$web$security$SecurityInterceptor;

    private SecurityInterceptor() {
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v0, types: [java.lang.Throwable] */
    public static SecurityInterceptor getInstance() {
        Class class$;
        if (defaultInterceptor == null) {
            if (class$com$sun$web$security$SecurityInterceptor != null) {
                class$ = class$com$sun$web$security$SecurityInterceptor;
            } else {
                class$ = class$("com.sun.web.security.SecurityInterceptor");
                class$com$sun$web$security$SecurityInterceptor = class$;
            }
            synchronized (class$) {
                defaultInterceptor = new SecurityInterceptor();
            }
        }
        return defaultInterceptor;
    }

    private Resource getResource(Context context, HttpServletRequest httpServletRequest) {
        return new WebResource(AccessControlInfo.getInstance(context).getApplicationName(), httpServletRequest.getRequestURI(), httpServletRequest.getMethod());
    }

    @Override // org.apache.tomcat.core.ServiceInterceptor
    public void postInvoke(Context context, Servlet servlet, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InterceptorException {
        this.logHandler.logRequest(context, httpServletRequest, httpServletResponse);
    }

    @Override // org.apache.tomcat.core.ServiceInterceptor
    public void preInvoke(Context context, Servlet servlet, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws InterceptorException {
        String str;
        String str2;
        SecurityContext.setCurrent(null);
        Resource resource = getResource(context, httpServletRequest);
        String str3 = (String) DataConstraint.getInstance().getConstraint(resource);
        AccessController.doPrivileged(new PrivilegedAction(context) { // from class: com.sun.web.security.SecurityInterceptor.1
            private final Context val$context;

            {
                this.val$context = context;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                Thread.currentThread().setContextClassLoader(this.val$context.getContainer().getLoader());
                return null;
            }
        });
        if (str3 == null) {
            str3 = "UNKNOWN";
        }
        setSSLAttributes(httpServletRequest);
        try {
            if (httpServletRequest.isSecure()) {
                if ("NONE".equalsIgnoreCase(str3) && !HttpUtils.getRequestURL(httpServletRequest).toString().endsWith("/j_security_check")) {
                    str = "";
                    String stringBuffer = new StringBuffer("http://").append(httpServletRequest.getServerName()).append(WebServer.getWebPort() != 80 ? new StringBuffer(String.valueOf(str)).append(":").append(WebServer.getWebPort()).toString() : "").append(resource.getName()).toString();
                    String queryString = httpServletRequest.getQueryString();
                    httpServletResponse.sendRedirect(httpServletResponse.encodeURL(new StringBuffer(String.valueOf(stringBuffer)).append(queryString == null ? "" : new StringBuffer("?").append(queryString).toString()).toString()));
                    return;
                }
            } else if ("INTEGRAL".equalsIgnoreCase(str3) || "CONFIDENTIAL".equalsIgnoreCase(str3)) {
                str2 = "";
                String stringBuffer2 = new StringBuffer("https://").append(httpServletRequest.getServerName()).append(WebServer.getSecurePort() != 443 ? new StringBuffer(String.valueOf(str2)).append(":").append(WebServer.getSecurePort()).toString() : "").append(resource.getName()).toString();
                String queryString2 = httpServletRequest.getQueryString();
                httpServletResponse.sendRedirect(httpServletResponse.encodeURL(new StringBuffer(String.valueOf(stringBuffer2)).append(queryString2 == null ? "" : new StringBuffer("?").append(queryString2).toString()).toString()));
                return;
            }
            SecurityHandler httpSecurityHandler = HttpSecurityHandler.getInstance(context);
            if (!httpSecurityHandler.authenticateRequest(httpServletRequest, httpServletResponse)) {
                this.logHandler.logError(context, httpServletRequest, httpServletResponse);
                throw new SecurityException("Client could not be authenticated.");
            }
            if (httpSecurityHandler.authorizeRequest(httpServletRequest, httpServletResponse)) {
                return;
            }
            this.logHandler.logError(context, httpServletRequest, httpServletResponse);
            throw new SecurityException("Client could not be authorized.");
        } catch (Exception e) {
            throw new InterceptorException(e);
        }
    }

    public static void setSSLAttributes(HttpServletRequest httpServletRequest) {
        if (httpServletRequest.isSecure()) {
            Request realRequest = ((HttpServletRequestFacade) httpServletRequest).getRealRequest();
            realRequest.getRequestAdapter().setScheme(Constants.Request.HTTPS);
            realRequest.setAttribute(Constants.X509CERT_CHAIN, RequestSecurityProviderImpl.getCertChain(httpServletRequest));
        }
    }
}
