package org.apache.catalina.authenticator;

import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import java.io.IOException;
import java.security.Principal;
import java.security.SecureRandom;
import java.text.MessageFormat;
import java.util.Random;
import java.util.ResourceBundle;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Auditor;
import org.apache.catalina.Authenticator;
import org.apache.catalina.Container;
import org.apache.catalina.Context;
import org.apache.catalina.HttpRequest;
import org.apache.catalina.HttpResponse;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Pipeline;
import org.apache.catalina.Realm;
import org.apache.catalina.Request;
import org.apache.catalina.Response;
import org.apache.catalina.Session;
import org.apache.catalina.core.StandardHost;
import org.apache.catalina.core.StandardServer;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.deploy.SecurityConstraint;
import org.apache.catalina.valves.ValveBase;
import org.eclipse.persistence.jpa.jpql.parser.Expression;
import org.eclipse.persistence.logging.SessionLog;
import org.glassfish.logging.annotation.LogMessageInfo;
import org.glassfish.web.valve.GlassFishValve;

/* loaded from: input_file:org/apache/catalina/authenticator/AuthenticatorBase.class */
public abstract class AuthenticatorBase extends ValveBase implements Authenticator {
    protected static final Logger log;
    protected static final ResourceBundle rb;

    @LogMessageInfo(message = "Configuration error:  Must be attached to a Context", level = SessionLog.WARNING_LABEL)
    public static final String CONFIG_ERROR_MUST_ATTACH_TO_CONTEXT = "AS-WEB-CORE-00001";

    @LogMessageInfo(message = "Authenticator[{0}]: {1}", level = SessionLog.INFO_LABEL)
    public static final String AUTHENTICATOR_INFO = "AS-WEB-CORE-00002";

    @LogMessageInfo(message = "Exception getting debug value", level = SessionLog.SEVERE_LABEL, cause = "Could not get the method or invoke underlying method", action = "Verify the existence of such method and access permission")
    public static final String GETTING_DEBUG_VALUE_EXCEPTION = "AS-WEB-CORE-00003";

    @LogMessageInfo(message = "Login failed", level = SessionLog.WARNING_LABEL)
    public static final String LOGIN_FAIL = "AS-WEB-CORE-00535";
    protected static final String info = "org.apache.catalina.authenticator.AuthenticatorBase/1.0";
    protected static final int SESSION_ID_BYTES = 16;
    protected static final String AUTH_HEADER_NAME = "WWW-Authenticate";
    protected static final String REALM_NAME = "Authentication required";
    protected boolean alwaysUseSession = false;
    protected boolean cache = true;
    protected boolean changeSessionIdOnAuthentication = true;
    protected Context context = null;
    protected String entropy = null;
    protected boolean disableProxyCaching = true;
    protected Random random = null;
    protected String randomClass = SecureRandom.class.getName();
    protected SingleSignOn sso = null;
    protected boolean securePagesWithPragma = true;
    static final /* synthetic */ boolean $assertionsDisabled;

    public boolean getAlwaysUseSession() {
        return this.alwaysUseSession;
    }

    public void setAlwaysUseSession(boolean z) {
        this.alwaysUseSession = z;
    }

    public boolean getCache() {
        return this.cache;
    }

    public void setCache(boolean z) {
        this.cache = z;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Contained
    public Container getContainer() {
        return this.context;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Contained
    public void setContainer(Container container) {
        if (!(container instanceof Context)) {
            throw new IllegalArgumentException(rb.getString(CONFIG_ERROR_MUST_ATTACH_TO_CONTEXT));
        }
        super.setContainer(container);
        this.context = (Context) container;
        this.securePagesWithPragma = this.context.isSecurePagesWithPragma();
    }

    @Override // org.apache.catalina.valves.ValveBase
    public int getDebug() {
        return this.debug;
    }

    @Override // org.apache.catalina.valves.ValveBase
    public void setDebug(int i) {
        this.debug = i;
    }

    public String getEntropy() {
        if (this.entropy == null) {
            setEntropy(toString());
        }
        return this.entropy;
    }

    public void setEntropy(String str) {
        this.entropy = str;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve, org.glassfish.web.valve.GlassFishValve
    public String getInfo() {
        return info;
    }

    public String getRandomClass() {
        return this.randomClass;
    }

    public void setRandomClass(String str) {
        this.randomClass = str;
    }

    public boolean getDisableProxyCaching() {
        return this.disableProxyCaching;
    }

    public void setDisableProxyCaching(boolean z) {
        this.disableProxyCaching = z;
    }

    public boolean isSecurePagesWithPragma() {
        return this.securePagesWithPragma;
    }

    public void setSecurePagesWithPragma(boolean z) {
        this.securePagesWithPragma = z;
    }

    public boolean isChangeSessionIdOnAuthentication() {
        return this.changeSessionIdOnAuthentication;
    }

    public void setChangeSessionIdOnAuthentication(boolean z) {
        this.changeSessionIdOnAuthentication = z;
    }

    public SingleSignOn getSingleSignOn() {
        return this.sso;
    }

    public void setSingleSignOn(SingleSignOn singleSignOn) {
        this.sso = singleSignOn;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.glassfish.web.valve.GlassFishValve
    public int invoke(Request request, Response response) throws IOException, ServletException {
        Session session;
        Principal principal;
        if (!this.context.getAvailable()) {
            try {
                ((HttpServletResponse) response.getResponse()).sendError(503);
                return 2;
            } catch (IOException e) {
                return 2;
            } catch (IllegalStateException e2) {
                return 2;
            }
        }
        HttpRequest httpRequest = (HttpRequest) request;
        HttpResponse httpResponse = (HttpResponse) response;
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "Security checking request " + ((HttpServletRequest) request.getRequest()).getMethod() + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + ((HttpServletRequest) request.getRequest()).getRequestURI());
        }
        LoginConfig loginConfig = this.context.getLoginConfig();
        if (this.cache && ((HttpServletRequest) request.getRequest()).getUserPrincipal() == null && (session = getSession(httpRequest)) != null && (principal = session.getPrincipal()) != null) {
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, "We have cached auth type " + session.getAuthType() + " for principal " + session.getPrincipal());
            }
            httpRequest.setAuthType(session.getAuthType());
            httpRequest.setUserPrincipal(principal);
        }
        Realm realm = this.context.getRealm();
        SecurityConstraint[] findSecurityConstraints = realm.findSecurityConstraints(httpRequest, this.context);
        if (findSecurityConstraints == null) {
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, " Not subject to any constraint");
            }
            return processSecurityCheck(httpRequest, httpResponse, loginConfig);
        }
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, " Calling hasUserDataPermission()");
        }
        if (!realm.hasUserDataPermission(httpRequest, httpResponse, findSecurityConstraints)) {
            if (!log.isLoggable(Level.FINE)) {
                return 2;
            }
            log.log(Level.FINE, " Failed hasUserDataPermission() test");
            return 2;
        }
        int preAuthenticateCheck = realm.preAuthenticateCheck(httpRequest, httpResponse, findSecurityConstraints, this.disableProxyCaching, this.securePagesWithPragma, this.sso != null);
        if (preAuthenticateCheck == 0) {
            return processSecurityCheck(httpRequest, httpResponse, loginConfig);
        }
        if (preAuthenticateCheck == 1) {
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, " Calling authenticate()");
            }
            if (!realm.invokeAuthenticateDelegate(httpRequest, httpResponse, this.context, this, false)) {
                if (!log.isLoggable(Level.FINE)) {
                    return 2;
                }
                log.log(Level.FINE, " Failed authenticate() test");
                return 2;
            }
        } else if (preAuthenticateCheck == -1) {
            return 2;
        }
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, " Calling accessControl()");
        }
        if (!realm.hasResourcePermission(httpRequest, httpResponse, findSecurityConstraints, this.context)) {
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, " Failed accessControl() test");
            }
            Auditor[] auditors = this.context.getAuditors();
            if (auditors == null) {
                return 2;
            }
            for (Auditor auditor : auditors) {
                auditor.webInvocation(httpRequest, false);
            }
            return 2;
        }
        Auditor[] auditors2 = this.context.getAuditors();
        if (auditors2 != null) {
            boolean z = true;
            for (Auditor auditor2 : auditors2) {
                try {
                    auditor2.webInvocation(httpRequest, true);
                } catch (Exception e3) {
                    z = false;
                }
            }
            if (!z) {
                return 2;
            }
        }
        if (!log.isLoggable(Level.FINE)) {
            return 1;
        }
        log.log(Level.FINE, "Successfully passed all security constraints");
        return 1;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.glassfish.web.valve.GlassFishValve
    public void postInvoke(Request request, Response response) throws IOException, ServletException {
        Realm realm = this.context.getRealm();
        HttpRequest httpRequest = (HttpRequest) request;
        HttpResponse httpResponse = (HttpResponse) response;
        if (realm != null) {
            realm.invokePostAuthenticateDelegate(httpRequest, httpResponse, this.context);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void associate(String str, long j, Session session) {
        if (this.sso == null) {
            return;
        }
        this.sso.associate(str, j, session);
    }

    public abstract boolean authenticate(HttpRequest httpRequest, HttpResponse httpResponse, LoginConfig loginConfig) throws IOException;

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized String generateSessionId() {
        byte[] bArr = new byte[16];
        getRandom().nextBytes(bArr);
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < bArr.length; i++) {
            byte b = (byte) ((bArr[i] & 240) >> 4);
            byte b2 = (byte) (bArr[i] & 15);
            if (b < 10) {
                sb.append((char) (48 + b));
            } else {
                sb.append((char) (65 + (b - 10)));
            }
            if (b2 < 10) {
                sb.append((char) (48 + b2));
            } else {
                sb.append((char) (65 + (b2 - 10)));
            }
        }
        return sb.toString();
    }

    protected synchronized Random getRandom() {
        if (this.random == null) {
            try {
                this.random = (Random) Class.forName(this.randomClass).newInstance();
                long currentTimeMillis = System.currentTimeMillis();
                for (int i = 0; i < getEntropy().toCharArray().length; i++) {
                    currentTimeMillis ^= ((byte) r0[i]) << ((i % 8) * 8);
                }
                this.random.setSeed(currentTimeMillis);
            } catch (Exception e) {
                this.random = new Random();
            }
        }
        return this.random;
    }

    protected Session getSession(HttpRequest httpRequest) {
        return getSession(httpRequest, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Session getSession(HttpRequest httpRequest, boolean z) {
        return httpRequest.getSessionInternal(z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void log(String str) {
        org.apache.catalina.Logger logger = this.context.getLogger();
        if (logger != null) {
            logger.log("Authenticator[" + this.context.getPath() + "]: " + str);
        } else if (log.isLoggable(Level.INFO)) {
            log.log(Level.INFO, AUTHENTICATOR_INFO, new Object[]{this.context.getPath(), str});
        }
    }

    protected void log(String str, Throwable th) {
        org.apache.catalina.Logger logger = this.context.getLogger();
        if (logger != null) {
            logger.log("Authenticator[" + this.context.getPath() + "]: " + str, th, 2);
        } else {
            log.log(Level.WARNING, MessageFormat.format(rb.getString(AUTHENTICATOR_INFO), this.context.getPath(), str), th);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void register(HttpRequest httpRequest, HttpResponse httpResponse, Principal principal, String str, String str2, char[] cArr) {
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, "Authenticated '" + (principal != null ? principal.getName() : "[null principal]") + "' with type '" + str + Expression.QUOTE);
        }
        httpRequest.setAuthType(str);
        httpRequest.setUserPrincipal(principal);
        Session session = getSession(httpRequest, false);
        if (session != null && this.changeSessionIdOnAuthentication) {
            httpRequest.changeSessionId();
        } else if (this.alwaysUseSession) {
            session = getSession(httpRequest, true);
        }
        if (this.cache && session != null) {
            session.setAuthType(str);
            session.setPrincipal(principal);
            if (str2 != null) {
                session.setNote(Constants.SESS_USERNAME_NOTE, str2);
            } else {
                session.removeNote(Constants.SESS_USERNAME_NOTE);
            }
            if (cArr != null) {
                session.setNote(Constants.SESS_PASSWORD_NOTE, cArr);
            } else {
                session.removeNote(Constants.SESS_PASSWORD_NOTE);
            }
        }
        if (this.sso == null) {
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) httpRequest.getRequest();
        HttpServletResponse httpServletResponse = (HttpServletResponse) httpResponse.getResponse();
        String generateSessionId = httpRequest.generateSessionId();
        if (generateSessionId == null) {
            generateSessionId = generateSessionId();
        }
        Cookie cookie = new Cookie(Constants.SINGLE_SIGN_ON_COOKIE, generateSessionId);
        cookie.setMaxAge(-1);
        cookie.setPath("/");
        StandardHost standardHost = (StandardHost) this.context.getParent();
        if (standardHost != null) {
            standardHost.configureSingleSignOnCookieSecure(cookie, httpServletRequest);
            standardHost.configureSingleSignOnCookieHttpOnly(cookie);
        } else {
            cookie.setSecure(httpServletRequest.isSecure());
        }
        httpServletResponse.addCookie(cookie);
        String realmName = this.context.getRealm().getRealmName();
        if (!$assertionsDisabled && realmName == null) {
            throw new AssertionError();
        }
        this.sso.register(generateSessionId, principal, str, str2, cArr, realmName);
        httpRequest.setNote(Constants.REQ_SSOID_NOTE, generateSessionId);
        if (this.sso.isVersioningSupported()) {
            httpRequest.setNote(Constants.REQ_SSO_VERSION_NOTE, 0L);
        }
    }

    @Override // org.apache.catalina.Authenticator
    public void login(String str, char[] cArr, HttpRequest httpRequest) throws ServletException {
        register(httpRequest, (HttpResponse) httpRequest.getResponse(), doLogin(httpRequest, str, cArr), getAuthMethod(), str, cArr);
    }

    protected abstract String getAuthMethod();

    protected Principal doLogin(HttpRequest httpRequest, String str, char[] cArr) throws ServletException {
        Principal authenticate = this.context.getRealm().authenticate(str, cArr);
        if (authenticate == null) {
            throw new ServletException(rb.getString(LOGIN_FAIL));
        }
        return authenticate;
    }

    @Override // org.apache.catalina.Authenticator
    public void logout(HttpRequest httpRequest) throws ServletException {
        Session session = getSession(httpRequest);
        if (session != null) {
            session.setPrincipal(null);
            session.setAuthType(null);
        }
        register(httpRequest, (HttpResponse) httpRequest.getResponse(), null, null, null, null);
    }

    private int processSecurityCheck(HttpRequest httpRequest, HttpResponse httpResponse, LoginConfig loginConfig) throws IOException {
        String path = this.context.getPath();
        String decodedRequestURI = httpRequest.getDecodedRequestURI();
        if (!decodedRequestURI.startsWith(path) || !decodedRequestURI.endsWith("/j_security_check") || authenticate(httpRequest, httpResponse, loginConfig)) {
            return 1;
        }
        if (!log.isLoggable(Level.FINE)) {
            return 2;
        }
        log.log(Level.FINE, " Failed authenticate() test ??" + decodedRequestURI);
        return 2;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Lifecycle
    public void start() throws LifecycleException {
        if (this.started) {
            return;
        }
        super.start();
        if ("org.apache.catalina.core.StandardContext".equals(this.context.getClass().getName())) {
            try {
                setDebug(((Integer) this.context.getClass().getMethod("getDebug", new Class[0]).invoke(this.context, new Object[0])).intValue());
            } catch (Exception e) {
                log.log(Level.SEVERE, GETTING_DEBUG_VALUE_EXCEPTION, (Throwable) e);
            }
        }
        Container parent = this.context.getParent();
        while (this.sso == null && parent != null) {
            if (parent instanceof Pipeline) {
                GlassFishValve[] valves = ((Pipeline) parent).getValves();
                int i = 0;
                while (true) {
                    if (i >= valves.length) {
                        break;
                    }
                    if (valves[i] instanceof SingleSignOn) {
                        this.sso = (SingleSignOn) valves[i];
                        break;
                    }
                    i++;
                }
                if (this.sso == null) {
                    parent = parent.getParent();
                }
            } else {
                parent = parent.getParent();
            }
        }
        if (log.isLoggable(Level.FINE)) {
            if (this.sso != null) {
                log.log(Level.FINE, "Found SingleSignOn Valve at " + this.sso);
            } else {
                log.log(Level.FINE, "No SingleSignOn Valve is present");
            }
        }
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Lifecycle
    public void stop() throws LifecycleException {
        if (this.started) {
            this.sso = null;
            super.stop();
        }
    }

    public void setRealmName(String str) {
    }

    public String getRealmName() {
        return null;
    }

    static {
        $assertionsDisabled = !AuthenticatorBase.class.desiredAssertionStatus();
        log = StandardServer.log;
        rb = log.getResourceBundle();
    }
}
