package com.sun.web.security;

import com.sun.enterprise.Switch;
import com.sun.enterprise.deployment.WebBundleDescriptor;
import com.sun.enterprise.security.SecurityContext;
import com.sun.enterprise.security.acl.Role;
import com.sun.enterprise.security.acl.RoleMapper;
import java.io.ByteArrayInputStream;
import java.security.Principal;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.net.ssl.SSLSocket;
import javax.servlet.http.HttpServletRequest;
import org.apache.tomcat.core.Context;
import org.apache.tomcat.core.DefaultRequestSecurityProvider;
import org.apache.tomcat.core.HttpServletRequestFacade;
import org.apache.tomcat.deployment.SecurityRoleReference;
import org.apache.tomcat.service.http.HttpRequestAdapter;

/* loaded from: input_file:com/sun/web/security/RequestSecurityProviderImpl.class */
public final class RequestSecurityProviderImpl extends DefaultRequestSecurityProvider {
    private static RequestSecurityProviderImpl requestSecurityProvider = null;
    static Class class$com$sun$web$security$RequestSecurityProviderImpl;

    private RequestSecurityProviderImpl() {
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    private static X509Certificate[] convert(javax.security.cert.X509Certificate[] x509CertificateArr) throws Exception {
        if (x509CertificateArr == null) {
            return null;
        }
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        for (int i = 0; i < x509CertificateArr.length; i++) {
            x509CertificateArr2[i] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(x509CertificateArr[i].getEncoded()));
        }
        return x509CertificateArr2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Certificate[] getCertChain(HttpServletRequest httpServletRequest) {
        if ((httpServletRequest instanceof HttpServletRequestFacade) && (((HttpServletRequestFacade) httpServletRequest).getRealRequest().getRequestAdapter() instanceof HttpRequestAdapter)) {
            HttpRequestAdapter httpRequestAdapter = (HttpRequestAdapter) ((HttpServletRequestFacade) httpServletRequest).getRealRequest().getRequestAdapter();
            if (httpRequestAdapter.getSocket() instanceof SSLSocket) {
                try {
                    return convert(((SSLSocket) httpRequestAdapter.getSocket()).getSession().getPeerCertificateChain());
                } catch (Exception unused) {
                }
            }
        }
        return new X509Certificate[0];
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v0, types: [java.lang.Throwable] */
    public static DefaultRequestSecurityProvider getInstance() {
        Class class$;
        if (requestSecurityProvider == null) {
            if (class$com$sun$web$security$RequestSecurityProviderImpl != null) {
                class$ = class$com$sun$web$security$RequestSecurityProviderImpl;
            } else {
                class$ = class$("com.sun.web.security.RequestSecurityProviderImpl");
                class$com$sun$web$security$RequestSecurityProviderImpl = class$;
            }
            synchronized (class$) {
                requestSecurityProvider = new RequestSecurityProviderImpl();
            }
        }
        return requestSecurityProvider;
    }

    private String getRoleRef(Context context, String str, String str2) {
        SecurityRoleReference securityRoleReferenceByName;
        WebBundleDescriptor webBundleDescriptor = (WebBundleDescriptor) Switch.getSwitch().getDescriptorFor(context);
        if (webBundleDescriptor == null || (securityRoleReferenceByName = webBundleDescriptor.getSecurityRoleReferenceByName(str, str2)) == null) {
            return null;
        }
        return securityRoleReferenceByName.getSecurityRoleLink().getName();
    }

    @Override // org.apache.tomcat.core.DefaultRequestSecurityProvider, org.apache.tomcat.core.RequestSecurityProvider
    public Principal getUserPrincipal(Context context, HttpServletRequest httpServletRequest) {
        SecurityContext current = SecurityContext.getCurrent();
        if (current != null) {
            return current.getCallerPrincipal();
        }
        return null;
    }

    @Override // org.apache.tomcat.core.DefaultRequestSecurityProvider, org.apache.tomcat.core.RequestSecurityProvider
    public boolean isSecure(Context context, HttpServletRequest httpServletRequest) {
        if ((httpServletRequest instanceof HttpServletRequestFacade) && (((HttpServletRequestFacade) httpServletRequest).getRealRequest().getRequestAdapter() instanceof HttpRequestAdapter)) {
            return ((HttpRequestAdapter) ((HttpServletRequestFacade) httpServletRequest).getRealRequest().getRequestAdapter()).getSocket() instanceof SSLSocket;
        }
        return false;
    }

    @Override // org.apache.tomcat.core.DefaultRequestSecurityProvider, org.apache.tomcat.core.RequestSecurityProvider
    public boolean isUserInRole(Context context, HttpServletRequest httpServletRequest, String str) {
        String roleRef;
        RoleMapper roleMapper;
        if (str == null) {
            throw new IllegalArgumentException("Argument is null.");
        }
        String str2 = (String) httpServletRequest.getAttribute("org.apache.tomcat.servlet.resolved");
        if (str2 == null || (roleRef = getRoleRef(context, str2, str)) == null || (roleMapper = RoleMapper.getRoleMapper(AccessControlInfo.getInstance(context).getApplicationName())) == null) {
            return false;
        }
        Enumeration currentRoles = roleMapper.getCurrentRoles();
        while (currentRoles.hasMoreElements()) {
            if (((Role) currentRoles.nextElement()).getName().equals(roleRef)) {
                return true;
            }
        }
        return false;
    }
}
