package com.sun.server.http.security;

import com.sun.server.ServletManager;
import com.sun.server.http.AccessConfigException;
import com.sun.server.http.HttpService;
import com.sun.server.http.HttpServiceParameters;
import com.sun.server.http.PageCompileServlet;
import com.sun.server.http.pagecompile.FilterHttpServletRequest;
import com.sun.server.realm.BadRealmException;
import com.sun.server.realm.Guard;
import com.sun.server.realm.NoSuchAclException;
import com.sun.server.realm.NoSuchGroupException;
import com.sun.server.realm.NoSuchRealmException;
import com.sun.server.realm.NoSuchUserException;
import com.sun.server.realm.Realm;
import com.sun.server.realm.ResourceManager;
import com.sun.server.realm.util.FileAcl;
import com.sun.server.realm.util.HostAclEntryImpl;
import com.sun.server.realm.util.HostImpl;
import com.sun.server.security.acl.PermissionImpl;
import com.sun.server.util.ErrorMessages;
import com.sun.server.util.ExProperties;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.MalformedURLException;
import java.security.Principal;
import java.security.acl.Acl;
import java.security.acl.AclEntry;
import java.security.acl.Permission;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.NoSuchElementException;
import java.util.Properties;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import sun.servlet.http.HttpRequest;

/* loaded from: input_file:com/sun/server/http/security/HttpSecurity.class */
public class HttpSecurity {
    private HttpService service;
    private String serviceRoot;
    private ExProperties configProperties;
    private HttpServiceParameters params;
    private Hashtable permissionCache;
    private Properties servletProps;
    private ResourceManager resourceManager;
    private static final String ACL_PROPERTY_GROUP = "acl";

    public HttpSecurity(HttpService httpService) throws IOException {
        ServletManager servletManager = httpService.getServletManager();
        HttpServiceParameters httpServiceParameters = (HttpServiceParameters) httpService.getParameters();
        this.service = httpService;
        this.resourceManager = new ResourceManager();
        this.params = httpServiceParameters;
        this.permissionCache = new Hashtable();
        this.serviceRoot = httpServiceParameters.getServiceRoot();
        this.configProperties = httpService.getConfiguration().getGroupProperties("acl");
        this.servletProps = servletManager.getServletProperties();
    }

    public boolean checkAccess(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Guard protection;
        if (!this.params.getEnableAcls()) {
            return true;
        }
        if (str.equals("file") || str.equals("ssinclude") || str.equals("sessionFile") || str.equals(PageCompileServlet.kPageCompileName)) {
            String resolveName = resolveName(httpServletRequest);
            if (resolveName == null) {
                throw new MalformedURLException("Forbidden path");
            }
            protection = this.resourceManager.getProtection(resolveName);
        } else {
            if (str.equals("invoker") && httpServletRequest.getPathInfo() != null) {
                str = httpServletRequest.getPathInfo().substring(1);
            }
            protection = getServletProtection(str);
        }
        if (protection != null) {
            if (checkResourceAccess(httpServletRequest, httpServletResponse, protection)) {
                log("access check passed");
                return true;
            }
            log(1, new StringBuffer("Authorization denied for ").append(protection.getRealm()).append(" ").append(httpServletRequest.getRemoteUser()).toString());
            return false;
        }
        if ((!httpServletRequest.getMethod().equals("PUT") && !httpServletRequest.getMethod().equals("DELETE")) || str.equals("error")) {
            return true;
        }
        httpServletResponse.sendError(403);
        return false;
    }

    public void updateProperties(ExProperties exProperties) throws IOException {
        this.configProperties.replace(exProperties);
        try {
            parseConfiguration();
        } catch (FileNotFoundException e) {
            ErrorMessages.error(e.getMessage());
            log(e.getMessage());
        } catch (Exception e2) {
            ErrorMessages.error("ACL configuration error", e2);
            throw new IOException(new StringBuffer("ACL configuration error: ").append(e2.toString()).toString());
        }
    }

    public synchronized String getAclConfig(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        Enumeration<Object> keys = this.configProperties.keys();
        StringBuffer stringBuffer2 = new StringBuffer("resources=");
        String str2 = "";
        String str3 = "";
        while (keys.hasMoreElements()) {
            String str4 = (String) keys.nextElement();
            StringTokenizer stringTokenizer = new StringTokenizer((String) this.configProperties.get(str4), ":");
            String str5 = (String) stringTokenizer.nextElement();
            String str6 = (String) stringTokenizer.nextElement();
            String str7 = (String) stringTokenizer.nextElement();
            if (str != null && str.equals(str6)) {
                stringBuffer2.append(str2).append(str4);
                str2 = ",";
                stringBuffer.append(str3);
                stringBuffer.append(str4).append(".scheme=").append(str5);
                str3 = "\n";
                stringBuffer.append(str3);
                stringBuffer.append(str4).append(".acl=").append(str7);
            }
        }
        stringBuffer2.append(str3).append((Object) stringBuffer);
        return stringBuffer2.toString();
    }

    public synchronized void addConfig(String str, String str2, Realm realm, String str3) throws IOException, BadRealmException, AccessConfigException, NoSuchSchemeException, NoSuchRealmException, NoSuchAclException {
        addAccessConfiguration(str, str2, realm, str3);
        if (str.endsWith(File.separator) && !str.equals(File.separator)) {
            str = str.substring(0, str.length() - 1);
        }
        this.configProperties.put(str, new StringBuffer(String.valueOf(str2)).append(":").append(realm).append(":").append(str3).toString());
        saveAclConfig();
    }

    public synchronized void deleteConfig(String str) throws AccessConfigException {
        try {
            this.configProperties.remove(str);
            this.resourceManager.unprotect(checkIfExists(str));
            saveAclConfig();
        } catch (Exception e) {
            throw new AccessConfigException(e.getMessage());
        }
    }

    synchronized void saveAclConfig() throws AccessConfigException {
        try {
            this.service.getConfiguration().setGroupProperties("acl", this.configProperties);
        } catch (Exception e) {
            throw new AccessConfigException(e.getMessage());
        }
    }

    private boolean checkHostAuthz(HttpServletRequest httpServletRequest, Acl acl) {
        Permission permissionImpl;
        String method = httpServletRequest.getMethod();
        if (this.permissionCache.containsKey(method)) {
            permissionImpl = (Permission) this.permissionCache.get(method);
        } else {
            permissionImpl = new PermissionImpl(method);
            this.permissionCache.put(method, permissionImpl);
        }
        return acl.checkPermission(new HostImpl(httpServletRequest.getRemoteHost()), permissionImpl) || acl.checkPermission(new HostImpl(httpServletRequest.getRemoteAddr()), permissionImpl);
    }

    private boolean checkAuthz(Principal principal, HttpServletRequest httpServletRequest, Acl acl) {
        Permission permissionImpl;
        String method = httpServletRequest.getMethod();
        if (this.permissionCache.containsKey(method)) {
            permissionImpl = (Permission) this.permissionCache.get(method);
        } else {
            permissionImpl = new PermissionImpl(method);
            this.permissionCache.put(method, permissionImpl);
        }
        boolean z = false;
        Enumeration<AclEntry> entries = acl.entries();
        while (true) {
            if (!entries.hasMoreElements()) {
                break;
            }
            if (entries.nextElement() instanceof HostAclEntryImpl) {
                z = true;
                break;
            }
        }
        if (!z || acl.checkPermission(new HostImpl(httpServletRequest.getRemoteHost()), permissionImpl) || acl.checkPermission(new HostImpl(httpServletRequest.getRemoteAddr()), permissionImpl)) {
            return acl.checkPermission(principal, permissionImpl);
        }
        return false;
    }

    private boolean checkResourceAccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Guard guard) {
        try {
            guard.getRealm();
            Object acl = guard.getAcl();
            if (checkAccessConfiguration(httpServletRequest, httpServletResponse, guard)) {
                return true;
            }
            if ((acl instanceof FileAcl) && ((FileAcl) acl).hasOnlyHostEntries()) {
                httpServletResponse.sendError(403);
                return false;
            }
            httpServletResponse.sendError(401);
            return false;
        } catch (Exception unused) {
            return false;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private boolean checkAccessConfiguration(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Guard guard) {
        try {
            guard.getRealm();
            Acl acl = guard.getAcl();
            if (acl instanceof FileAcl) {
                FileAcl fileAcl = (FileAcl) acl;
                if (fileAcl.hasOnlyHostEntries()) {
                    return checkHostAuthz(httpServletRequest, acl);
                }
                if (fileAcl.checkPermissionsForAllUsers(httpServletRequest.getMethod(), true)) {
                    return true;
                }
            }
            HttpAuthenticator httpAuthenticator = (HttpAuthenticator) guard.getAuthenticator();
            Principal authenticatedPrincipal = httpAuthenticator.getAuthenticatedPrincipal(httpServletRequest, httpServletResponse);
            if (httpServletRequest instanceof FilterHttpServletRequest) {
                FilterHttpServletRequest filterHttpServletRequest = (FilterHttpServletRequest) httpServletRequest;
                filterHttpServletRequest.setAuthType(httpAuthenticator.getScheme());
                filterHttpServletRequest.setRemoteUser(authenticatedPrincipal.getName());
            } else {
                ((HttpRequest) httpServletRequest).setAuthType(httpAuthenticator.getScheme());
                ((HttpRequest) httpServletRequest).setRemoteUser(authenticatedPrincipal.getName());
            }
            log(1, new StringBuffer("authenticated user ").append(httpServletRequest.getRemoteUser()).toString());
            return checkAuthz(authenticatedPrincipal, httpServletRequest, guard.getAcl());
        } catch (Exception e) {
            log(1, e.getMessage());
            return false;
        }
    }

    private void addAccessConfiguration(String str, String str2, Realm realm, String str3) throws IOException, BadRealmException, AccessConfigException, NoSuchSchemeException, NoSuchRealmException, NoSuchAclException {
        if (str2 == null || realm == null || str3 == null) {
            throw new AccessConfigException("AclConfig: syntax error");
        }
        String checkIfExists = checkIfExists(str);
        log(new StringBuffer("Protecting ").append(checkIfExists).toString());
        HttpAuthenticator authentication = getAuthentication(realm, str2);
        Acl acl = realm.getAcl(str3);
        if (acl == null) {
            throw new AccessConfigException(new StringBuffer(String.valueOf(str3)).append(" syntax error").toString());
        }
        this.resourceManager.protect(checkIfExists, new Guard(realm, authentication, acl));
    }

    private String checkIfExists(String str) throws FileNotFoundException {
        if (!str.startsWith("Servlet.")) {
            String str2 = str.toString();
            str = getCanonicalName(this.params.getDocRoot(), str);
            if (str == null) {
                throw new FileNotFoundException(new StringBuffer("Cannot find protected file ").append(str2).toString());
            }
            if (!new File(str).exists()) {
                throw new FileNotFoundException(new StringBuffer("Protected file ").append(str).append(" does not exist").toString());
            }
        }
        return (!str.endsWith("/") || str.equals("/")) ? str : str.substring(0, str.length() - 1);
    }

    private void parseConfiguration() throws AccessConfigException, IOException, BadRealmException, NoSuchRealmException, NoSuchGroupException, NoSuchUserException, AccessConfigException, NoSuchSchemeException, NoSuchAclException {
        Enumeration<?> propertyNames = this.configProperties.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            try {
                StringTokenizer stringTokenizer = new StringTokenizer((String) this.configProperties.get(str), ":");
                addAccessConfiguration(str, stringTokenizer.nextToken(), Realm.get(stringTokenizer.nextToken()), stringTokenizer.nextToken());
            } catch (NoSuchElementException e) {
                ErrorMessages.error("ACL Configuration syntax error", e);
                throw e;
            }
        }
    }

    private Guard getServletProtection(String str) {
        Guard protection = this.resourceManager.getProtection(new StringBuffer("Servlet.").append(str).toString());
        if (protection == null) {
            protection = this.resourceManager.getProtection(new StringBuffer("Servlet.").append(this.servletProps.getProperty(new StringBuffer("servlet.").append(str).append(".code").toString())).toString());
        }
        return protection;
    }

    private String resolveName(HttpServletRequest httpServletRequest) {
        String pathTranslated = httpServletRequest.getPathTranslated();
        if (pathTranslated == null) {
            return pathTranslated;
        }
        if (pathTranslated.endsWith(File.separator)) {
            pathTranslated = new StringBuffer(String.valueOf(pathTranslated)).append(this.params.getWelcome()).toString();
        }
        try {
            pathTranslated = new File(pathTranslated).getCanonicalPath();
        } catch (IOException unused) {
        }
        return pathTranslated;
    }

    private static String getCanonicalName(String str, String str2) {
        File file = new File(str2);
        if (!file.isAbsolute()) {
            file = new File(str, str2.replace('/', File.separatorChar));
        }
        try {
            return file.getCanonicalPath();
        } catch (IOException unused) {
            return null;
        }
    }

    private HttpAuthenticator getAuthentication(Realm realm, String str) throws NoSuchSchemeException {
        HttpAuthenticator sSLAuthentication;
        if (str == null) {
            throw new NoSuchSchemeException(new StringBuffer("Unsupported scheme: ").append(str).toString());
        }
        if (str.equalsIgnoreCase("Basic")) {
            sSLAuthentication = new BasicAuthentication(realm);
        } else if (str.equalsIgnoreCase("Digest")) {
            sSLAuthentication = new DigestAuthentication(realm);
        } else {
            if (!str.equalsIgnoreCase("SSL")) {
                throw new NoSuchSchemeException(new StringBuffer("Unsupported scheme: ").append(str).toString());
            }
            sSLAuthentication = getSSLAuthentication(realm);
        }
        return sSLAuthentication;
    }

    private HttpAuthenticator getSSLAuthentication(Realm realm) {
        return new SSLAuthentication(realm);
    }

    private void log(String str) {
        log(3, str);
    }

    private void log(int i, String str) {
        if (this.service.getEventLog() != null) {
            this.service.getEventLog().write(i, str);
        }
    }
}
