package org.eclipse.jetty.security;

import java.io.IOException;
import java.security.Principal;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.authentication.DeferredAuthentication;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Response;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.handler.HandlerWrapper;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;

/* loaded from: input_file:dependencies/plugins/org.eclipse.jetty.security_9.4.11.v20180605.jar:org/eclipse/jetty/security/SecurityHandler.class */
public abstract class SecurityHandler extends HandlerWrapper implements Authenticator.AuthConfiguration {
    private Authenticator _authenticator;
    private String _realmName;
    private String _authMethod;
    private LoginService _loginService;
    private IdentityService _identityService;
    private static final Logger LOG = Log.getLogger((Class<?>) SecurityHandler.class);
    public static final Principal __NO_USER = new Principal() { // from class: org.eclipse.jetty.security.SecurityHandler.1
        @Override // java.security.Principal
        public String getName() {
            return null;
        }

        @Override // java.security.Principal
        public String toString() {
            return "No User";
        }
    };
    public static final Principal __NOBODY = new Principal() { // from class: org.eclipse.jetty.security.SecurityHandler.2
        @Override // java.security.Principal
        public String getName() {
            return "Nobody";
        }

        @Override // java.security.Principal
        public String toString() {
            return getName();
        }
    };
    private boolean _checkWelcomeFiles = false;
    private Authenticator.Factory _authenticatorFactory = new DefaultAuthenticatorFactory();
    private final Map<String, String> _initParameters = new HashMap();
    private boolean _renewSession = true;

    /* loaded from: input_file:dependencies/plugins/org.eclipse.jetty.security_9.4.11.v20180605.jar:org/eclipse/jetty/security/SecurityHandler$NotChecked.class */
    public class NotChecked implements Principal {
        public NotChecked() {
        }

        @Override // java.security.Principal
        public String getName() {
            return null;
        }

        @Override // java.security.Principal
        public String toString() {
            return "NOT CHECKED";
        }

        public SecurityHandler getSecurityHandler() {
            return SecurityHandler.this;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityHandler() {
        addBean(this._authenticatorFactory);
    }

    @Override // org.eclipse.jetty.security.Authenticator.AuthConfiguration
    public IdentityService getIdentityService() {
        return this._identityService;
    }

    public void setIdentityService(IdentityService identityService) {
        if (isStarted()) {
            throw new IllegalStateException("Started");
        }
        updateBean(this._identityService, identityService);
        this._identityService = identityService;
    }

    @Override // org.eclipse.jetty.security.Authenticator.AuthConfiguration
    public LoginService getLoginService() {
        return this._loginService;
    }

    public void setLoginService(LoginService loginService) {
        if (isStarted()) {
            throw new IllegalStateException("Started");
        }
        updateBean(this._loginService, loginService);
        this._loginService = loginService;
    }

    public Authenticator getAuthenticator() {
        return this._authenticator;
    }

    public void setAuthenticator(Authenticator authenticator) {
        if (isStarted()) {
            throw new IllegalStateException("Started");
        }
        updateBean(this._authenticator, authenticator);
        this._authenticator = authenticator;
        if (this._authenticator != null) {
            this._authMethod = this._authenticator.getAuthMethod();
        }
    }

    public Authenticator.Factory getAuthenticatorFactory() {
        return this._authenticatorFactory;
    }

    public void setAuthenticatorFactory(Authenticator.Factory factory) {
        if (isRunning()) {
            throw new IllegalStateException("running");
        }
        updateBean(this._authenticatorFactory, factory);
        this._authenticatorFactory = factory;
    }

    @Override // org.eclipse.jetty.security.Authenticator.AuthConfiguration
    public String getRealmName() {
        return this._realmName;
    }

    public void setRealmName(String str) {
        if (isRunning()) {
            throw new IllegalStateException("running");
        }
        this._realmName = str;
    }

    @Override // org.eclipse.jetty.security.Authenticator.AuthConfiguration
    public String getAuthMethod() {
        return this._authMethod;
    }

    public void setAuthMethod(String str) {
        if (isRunning()) {
            throw new IllegalStateException("running");
        }
        this._authMethod = str;
    }

    public boolean isCheckWelcomeFiles() {
        return this._checkWelcomeFiles;
    }

    public void setCheckWelcomeFiles(boolean z) {
        if (isRunning()) {
            throw new IllegalStateException("running");
        }
        this._checkWelcomeFiles = z;
    }

    @Override // org.eclipse.jetty.security.Authenticator.AuthConfiguration
    public String getInitParameter(String str) {
        return this._initParameters.get(str);
    }

    @Override // org.eclipse.jetty.security.Authenticator.AuthConfiguration
    public Set<String> getInitParameterNames() {
        return this._initParameters.keySet();
    }

    public String setInitParameter(String str, String str2) {
        if (isRunning()) {
            throw new IllegalStateException("running");
        }
        return this._initParameters.put(str, str2);
    }

    protected LoginService findLoginService() throws Exception {
        Collection beans = getServer().getBeans(LoginService.class);
        LoginService loginService = null;
        String realmName = getRealmName();
        if (realmName != null) {
            Iterator it = beans.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                LoginService loginService2 = (LoginService) it.next();
                if (loginService2.getName() != null && loginService2.getName().equals(realmName)) {
                    loginService = loginService2;
                    break;
                }
            }
        } else if (beans.size() == 1) {
            loginService = (LoginService) beans.iterator().next();
        }
        return loginService;
    }

    protected IdentityService findIdentityService() {
        return (IdentityService) getServer().getBean(IdentityService.class);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.jetty.server.handler.AbstractHandler, org.eclipse.jetty.util.component.ContainerLifeCycle, org.eclipse.jetty.util.component.AbstractLifeCycle
    public void doStart() throws Exception {
        ContextHandler.Context currentContext = ContextHandler.getCurrentContext();
        if (currentContext != null) {
            Enumeration<String> initParameterNames = currentContext.getInitParameterNames();
            while (initParameterNames != null && initParameterNames.hasMoreElements()) {
                String nextElement = initParameterNames.nextElement();
                if (nextElement.startsWith("org.eclipse.jetty.security.") && getInitParameter(nextElement) == null) {
                    setInitParameter(nextElement, currentContext.getInitParameter(nextElement));
                }
            }
        }
        if (this._loginService == null) {
            setLoginService(findLoginService());
            if (this._loginService != null) {
                unmanage(this._loginService);
            }
        }
        if (this._identityService == null) {
            if (this._loginService != null) {
                setIdentityService(this._loginService.getIdentityService());
            }
            if (this._identityService == null) {
                setIdentityService(findIdentityService());
            }
            if (this._identityService != null) {
                unmanage(this._identityService);
            } else if (this._realmName != null) {
                setIdentityService(new DefaultIdentityService());
                manage(this._identityService);
            }
        }
        if (this._loginService != null) {
            if (this._loginService.getIdentityService() == null) {
                this._loginService.setIdentityService(this._identityService);
            } else if (this._loginService.getIdentityService() != this._identityService) {
                throw new IllegalStateException("LoginService has different IdentityService to " + this);
            }
        }
        Authenticator.Factory authenticatorFactory = getAuthenticatorFactory();
        if (this._authenticator == null && authenticatorFactory != null && this._identityService != null) {
            setAuthenticator(authenticatorFactory.getAuthenticator(getServer(), ContextHandler.getCurrentContext(), this, this._identityService, this._loginService));
        }
        if (this._authenticator != null) {
            this._authenticator.setConfiguration(this);
        } else if (this._realmName != null) {
            LOG.warn("No Authenticator for " + this, new Object[0]);
            throw new IllegalStateException("No Authenticator");
        }
        super.doStart();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.jetty.server.handler.AbstractHandler, org.eclipse.jetty.util.component.ContainerLifeCycle, org.eclipse.jetty.util.component.AbstractLifeCycle
    public void doStop() throws Exception {
        if (!isManaged(this._identityService)) {
            removeBean(this._identityService);
            this._identityService = null;
        }
        if (!isManaged(this._loginService)) {
            removeBean(this._loginService);
            this._loginService = null;
        }
        super.doStop();
    }

    protected boolean checkSecurity(Request request) {
        switch (request.getDispatcherType()) {
            case REQUEST:
            case ASYNC:
                return true;
            case FORWARD:
                if (!isCheckWelcomeFiles() || request.getAttribute("org.eclipse.jetty.server.welcome") == null) {
                    return false;
                }
                request.removeAttribute("org.eclipse.jetty.server.welcome");
                return true;
            default:
                return false;
        }
    }

    @Override // org.eclipse.jetty.security.Authenticator.AuthConfiguration
    public boolean isSessionRenewedOnAuthentication() {
        return this._renewSession;
    }

    public void setSessionRenewedOnAuthentication(boolean z) {
        this._renewSession = z;
    }

    @Override // org.eclipse.jetty.server.handler.HandlerWrapper, org.eclipse.jetty.server.handler.AbstractHandler, org.eclipse.jetty.server.Handler
    public void handle(String str, Request request, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        Response response = request.getResponse();
        Handler handler = getHandler();
        if (handler == null) {
            return;
        }
        Authenticator authenticator = this._authenticator;
        if (!checkSecurity(request)) {
            handler.handle(str, request, httpServletRequest, httpServletResponse);
            return;
        }
        if (authenticator != null) {
            authenticator.prepareRequest(request);
        }
        RoleInfo prepareConstraintInfo = prepareConstraintInfo(str, request);
        if (!checkUserDataPermissions(str, request, response, prepareConstraintInfo)) {
            if (request.isHandled()) {
                return;
            }
            httpServletResponse.sendError(403);
            request.setHandled(true);
            return;
        }
        boolean isAuthMandatory = isAuthMandatory(request, response, prepareConstraintInfo);
        if (isAuthMandatory && authenticator == null) {
            LOG.warn("No authenticator for: " + prepareConstraintInfo, new Object[0]);
            if (request.isHandled()) {
                return;
            }
            httpServletResponse.sendError(403);
            request.setHandled(true);
            return;
        }
        Object obj = null;
        try {
            try {
                Authentication authentication = request.getAuthentication();
                if (authentication == null || authentication == Authentication.NOT_CHECKED) {
                    authentication = authenticator == null ? Authentication.UNAUTHENTICATED : authenticator.validateRequest(httpServletRequest, httpServletResponse, isAuthMandatory);
                }
                if (authentication instanceof Authentication.Wrapped) {
                    httpServletRequest = ((Authentication.Wrapped) authentication).getHttpServletRequest();
                    httpServletResponse = ((Authentication.Wrapped) authentication).getHttpServletResponse();
                }
                if (authentication instanceof Authentication.ResponseSent) {
                    request.setHandled(true);
                } else if (authentication instanceof Authentication.User) {
                    Authentication.User user = (Authentication.User) authentication;
                    request.setAuthentication(authentication);
                    if (this._identityService != null) {
                        obj = this._identityService.associate(user.getUserIdentity());
                    }
                    if (isAuthMandatory && !checkWebResourcePermissions(str, request, response, prepareConstraintInfo, user.getUserIdentity())) {
                        httpServletResponse.sendError(403, "!role");
                        request.setHandled(true);
                        if (this._identityService != null) {
                            this._identityService.disassociate(obj);
                            return;
                        }
                        return;
                    }
                    handler.handle(str, request, httpServletRequest, httpServletResponse);
                    if (authenticator != null) {
                        authenticator.secureResponse(httpServletRequest, httpServletResponse, isAuthMandatory, user);
                    }
                } else if (authentication instanceof Authentication.Deferred) {
                    DeferredAuthentication deferredAuthentication = (DeferredAuthentication) authentication;
                    request.setAuthentication(authentication);
                    try {
                        handler.handle(str, request, httpServletRequest, httpServletResponse);
                        obj = deferredAuthentication.getPreviousAssociation();
                        if (authenticator != null) {
                            Authentication authentication2 = request.getAuthentication();
                            if (authentication2 instanceof Authentication.User) {
                                authenticator.secureResponse(httpServletRequest, httpServletResponse, isAuthMandatory, (Authentication.User) authentication2);
                            } else {
                                authenticator.secureResponse(httpServletRequest, httpServletResponse, isAuthMandatory, null);
                            }
                        }
                    } catch (Throwable th) {
                        deferredAuthentication.getPreviousAssociation();
                        throw th;
                    }
                } else {
                    request.setAuthentication(authentication);
                    if (this._identityService != null) {
                        obj = this._identityService.associate(null);
                    }
                    handler.handle(str, request, httpServletRequest, httpServletResponse);
                    if (authenticator != null) {
                        authenticator.secureResponse(httpServletRequest, httpServletResponse, isAuthMandatory, null);
                    }
                }
                if (this._identityService != null) {
                    this._identityService.disassociate(obj);
                }
            } catch (ServerAuthException e) {
                httpServletResponse.sendError(500, e.getMessage());
                if (this._identityService != null) {
                    this._identityService.disassociate(null);
                }
            }
        } catch (Throwable th2) {
            if (this._identityService != null) {
                this._identityService.disassociate(null);
            }
            throw th2;
        }
    }

    public static SecurityHandler getCurrentSecurityHandler() {
        ContextHandler.Context currentContext = ContextHandler.getCurrentContext();
        if (currentContext == null) {
            return null;
        }
        return (SecurityHandler) currentContext.getContextHandler().getChildHandlerByClass(SecurityHandler.class);
    }

    public void logout(Authentication.User user) {
        LOG.debug("logout {}", user);
        LoginService loginService = getLoginService();
        if (loginService != null) {
            loginService.logout(user.getUserIdentity());
        }
        IdentityService identityService = getIdentityService();
        if (identityService != null) {
            identityService.disassociate(null);
        }
    }

    protected abstract RoleInfo prepareConstraintInfo(String str, Request request);

    protected abstract boolean checkUserDataPermissions(String str, Request request, Response response, RoleInfo roleInfo) throws IOException;

    protected abstract boolean isAuthMandatory(Request request, Response response, Object obj);

    protected abstract boolean checkWebResourcePermissions(String str, Request request, Response response, Object obj, UserIdentity userIdentity) throws IOException;
}
