package org.mortbay.http.handler;

import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.mortbay.http.HttpException;
import org.mortbay.http.HttpFields;
import org.mortbay.http.HttpRequest;
import org.mortbay.http.HttpResponse;
import org.mortbay.http.PathMap;
import org.mortbay.http.SecurityConstraint;
import org.mortbay.http.UserPrincipal;
import org.mortbay.http.UserRealm;
import org.mortbay.util.B64Code;
import org.mortbay.util.Code;
import org.mortbay.util.StringUtil;

/* loaded from: input_file:org/mortbay/http/handler/SecurityHandler.class */
public class SecurityHandler extends NullHandler {
    public static final String __BASIC_AUTH = "BASIC";
    public static final String __FORM_AUTH = "FORM";
    public static final String __ATTR = "org.mortbay.J.H.SecurityHandler";
    Map _authRealmMap;
    String _realmName;
    UserRealm _realm;
    String _formLoginPage;
    String _formErrorPage;
    FormAuthenticator _formAuthenticator;
    PathMap _constraintMap = new PathMap();
    String _authMethod = __BASIC_AUTH;
    boolean _realmForced = false;

    /* loaded from: input_file:org/mortbay/http/handler/SecurityHandler$FormAuthenticator.class */
    public interface FormAuthenticator {
        public static final String __J_SECURITY_CHECK = "j_security_check";
        public static final String __J_USERNAME = "j_username";
        public static final String __J_PASSWORD = "j_password";

        boolean formAuthenticated(SecurityHandler securityHandler, String str, String str2, HttpRequest httpRequest, HttpResponse httpResponse) throws IOException;
    }

    public UserRealm getUserRealm() {
        return this._realm;
    }

    public String getRealmName() {
        return this._realmName;
    }

    public void setRealmName(String str) {
        if (isStarted()) {
            throw new IllegalStateException("Handler started");
        }
        this._realmName = str;
        this._realmForced = false;
    }

    public void setRealm(String str, UserRealm userRealm) {
        if (isStarted()) {
            throw new IllegalStateException("Handler started");
        }
        this._realmName = str;
        this._realm = userRealm;
        this._realmForced = userRealm != null;
    }

    public String getAuthMethod() {
        return this._authMethod;
    }

    public void setAuthMethod(String str) {
        if (isStarted()) {
            throw new IllegalStateException("Handler started");
        }
        if (!__BASIC_AUTH.equals(str) && !__FORM_AUTH.equals(str)) {
            throw new IllegalArgumentException(new StringBuffer("Not supported: ").append(str).toString());
        }
        this._authMethod = str;
    }

    public String getLoginPage() {
        return this._formLoginPage;
    }

    public void setLoginPage(String str) {
        if (!str.startsWith("/")) {
            str = new StringBuffer("/").append(str).toString();
        }
        this._formLoginPage = str;
    }

    public String getErrorPage() {
        return this._formErrorPage;
    }

    public void setErrorPage(String str) {
        if (!str.startsWith("/")) {
            str = new StringBuffer("/").append(str).toString();
        }
        this._formErrorPage = str;
    }

    public void addSecurityConstraint(String str, SecurityConstraint securityConstraint) {
        List list = (List) this._constraintMap.get(str);
        if (list == null) {
            list = new ArrayList(2);
            this._constraintMap.put(str, list);
        }
        list.add(securityConstraint);
        Code.debug("added ", securityConstraint, " at ", str);
    }

    /* JADX WARN: Code restructure failed: missing block: B:30:0x0121, code lost:
    
        r5._formAuthenticator = (org.mortbay.http.handler.SecurityHandler.FormAuthenticator) r0;
        org.mortbay.util.Code.debug("FormAuthenticator=", r5._formAuthenticator);
     */
    @Override // org.mortbay.http.handler.NullHandler, org.mortbay.http.HttpHandler, org.mortbay.util.LifeCycle
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void start() throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 345
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.mortbay.http.handler.SecurityHandler.start():void");
    }

    @Override // org.mortbay.http.handler.NullHandler, org.mortbay.http.HttpHandler
    public void handle(String str, String str2, HttpRequest httpRequest, HttpResponse httpResponse) throws HttpException, IOException {
        List matches = this._constraintMap.getMatches(str);
        if (matches != null) {
            Code.debug("Security Constraint on ", str, " against ", matches);
            int i = 0;
            while (true) {
                if (i >= matches.size()) {
                    break;
                }
                Map.Entry entry = (Map.Entry) matches.get(i);
                if (Code.verbose()) {
                    Code.debug("Check ", str, " against ", entry);
                }
                List list = (List) entry.getValue();
                for (int i2 = 0; i2 < list.size(); i2++) {
                    SecurityConstraint securityConstraint = (SecurityConstraint) list.get(i2);
                    if (securityConstraint.forMethod(httpRequest.getMethod())) {
                        if (!securityConstraint.isAuthenticated() && !securityConstraint.hasDataConstraint()) {
                            httpResponse.sendError(HttpResponse.__403_Forbidden);
                            return;
                        }
                        if (securityConstraint.isAuthenticated() && !securityConstraint.hasRole(SecurityConstraint.NONE) && !authenticatedInRole(str, str2, httpRequest, httpResponse, securityConstraint.roles())) {
                            return;
                        }
                        if (securityConstraint.hasDataConstraint() && !"https".equalsIgnoreCase(httpRequest.getScheme())) {
                            httpResponse.sendError(HttpResponse.__403_Forbidden);
                            return;
                        }
                    }
                }
                i++;
            }
        }
        if (this._formAuthenticator == null || !str.endsWith(FormAuthenticator.__J_SECURITY_CHECK)) {
            return;
        }
        Code.debug("FORM j_security_check");
        this._formAuthenticator.formAuthenticated(this, str, str2, httpRequest, httpResponse);
    }

    private boolean authenticatedInRole(String str, String str2, HttpRequest httpRequest, HttpResponse httpResponse, Iterator it) throws IOException {
        boolean z = false;
        if (__BASIC_AUTH.equals(this._authMethod)) {
            z = basicAuthenticated(httpRequest, httpResponse);
        } else if (!__FORM_AUTH.equals(this._authMethod)) {
            httpResponse.setField(HttpFields.__WwwAuthenticate, new StringBuffer().append("basic realm=\"").append(this._realmName).append("\"").toString());
            httpResponse.sendError(HttpResponse.__401_Unauthorized);
        } else {
            if (this._formAuthenticator == null) {
                httpResponse.sendError(HttpResponse.__500_Internal_Server_Error);
                return false;
            }
            z = this._formAuthenticator.formAuthenticated(this, str, str2, httpRequest, httpResponse);
        }
        if (!z) {
            return false;
        }
        boolean z2 = false;
        Principal userPrincipal = httpRequest.getUserPrincipal();
        if (userPrincipal != null && (userPrincipal instanceof UserPrincipal)) {
            UserPrincipal userPrincipal2 = (UserPrincipal) userPrincipal;
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (userPrincipal2.isUserInRole(it.next().toString())) {
                    z2 = true;
                    break;
                }
            }
        }
        if (z2) {
            return z && z2;
        }
        Code.warning(new StringBuffer("AUTH FAILURE: role for ").append(httpRequest.getUserPrincipal().getName()).toString());
        if (!__BASIC_AUTH.equals(this._authMethod)) {
            httpResponse.sendError(HttpResponse.__403_Forbidden);
            return false;
        }
        httpResponse.setField(HttpFields.__WwwAuthenticate, new StringBuffer().append("basic realm=\"").append(this._realmName).append("\"").toString());
        httpResponse.sendError(HttpResponse.__401_Unauthorized);
        return false;
    }

    private boolean basicAuthenticated(HttpRequest httpRequest, HttpResponse httpResponse) throws IOException {
        String field = httpRequest.getField(HttpFields.__Authorization);
        if (field != null) {
            Code.debug(new StringBuffer("Credentials: ").append(field).toString());
            String decode = B64Code.decode(field.substring(field.indexOf(32) + 1), StringUtil.__ISO_8859_1);
            int indexOf = decode.indexOf(58);
            String substring = decode.substring(0, indexOf);
            String substring2 = decode.substring(indexOf + 1);
            if (this._realm != null) {
                UserPrincipal user = this._realm.getUser(substring);
                if (user != null && user.authenticate(substring2, httpRequest)) {
                    httpRequest.setAttribute(HttpRequest.__AuthType, __BASIC_AUTH);
                    httpRequest.setAttribute(HttpRequest.__AuthUser, substring);
                    httpRequest.setAttribute(UserPrincipal.__ATTR, user);
                    return true;
                }
                Code.warning(new StringBuffer("AUTH FAILURE: user ").append(substring).toString());
            }
        }
        Code.debug(new StringBuffer("Unauthorized in ").append(this._realmName).toString());
        httpResponse.setField(HttpFields.__WwwAuthenticate, new StringBuffer().append("basic realm=\"").append(this._realmName).append("\"").toString());
        httpResponse.sendError(HttpResponse.__401_Unauthorized);
        return false;
    }

    public synchronized void addUser(String str, String str2) {
        Code.warning("addUser deprecated, use HttpServer.addRealm()");
    }
}
