package org.apache.catalina.authenticator;

import com.iplanet.ias.security.Audit;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
import java.util.Random;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.catalina.Authenticator;
import org.apache.catalina.Container;
import org.apache.catalina.Context;
import org.apache.catalina.HttpRequest;
import org.apache.catalina.HttpResponse;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.Logger;
import org.apache.catalina.Manager;
import org.apache.catalina.Pipeline;
import org.apache.catalina.Realm;
import org.apache.catalina.Request;
import org.apache.catalina.Response;
import org.apache.catalina.Session;
import org.apache.catalina.Valve;
import org.apache.catalina.core.StandardContext;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.deploy.SecurityConstraint;
import org.apache.catalina.util.DateTool;
import org.apache.catalina.util.LifecycleSupport;
import org.apache.catalina.util.StringManager;
import org.apache.catalina.valves.ValveBase;

/* loaded from: input_file:116286-20/SUNWascmo/reloc/$ASINSTDIR/lib/appserv-rt.jar:org/apache/catalina/authenticator/AuthenticatorBase.class */
public abstract class AuthenticatorBase extends ValveBase implements Authenticator, Lifecycle {
    protected static final String DEFAULT_ALGORITHM = "MD5";
    protected static final int SESSION_ID_BYTES = 16;
    protected static final String info = "org.apache.catalina.authenticator.AuthenticatorBase/1.0";
    protected static final StringManager sm = StringManager.getManager(Constants.Package);
    private static final String constantDateOne = new SimpleDateFormat(DateTool.HttpResponseDateHeader, Locale.US).format(new Date(1));
    protected String algorithm = DEFAULT_ALGORITHM;
    protected boolean cache = true;
    protected Context context = null;
    protected int debug = 0;
    protected MessageDigest digest = null;
    protected String entropy = null;
    protected LifecycleSupport lifecycle = new LifecycleSupport(this);
    protected Random random = null;
    protected String randomClass = "java.security.SecureRandom";
    protected SingleSignOn sso = null;
    protected boolean started = false;

    public String getAlgorithm() {
        return this.algorithm;
    }

    public void setAlgorithm(String str) {
        this.algorithm = str;
    }

    public boolean getCache() {
        return this.cache;
    }

    public void setCache(boolean z) {
        this.cache = z;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Contained
    public Container getContainer() {
        return this.context;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Contained
    public void setContainer(Container container) {
        if (!(container instanceof Context)) {
            throw new IllegalArgumentException(sm.getString("authenticator.notContext"));
        }
        super.setContainer(container);
        this.context = (Context) container;
    }

    public int getDebug() {
        return this.debug;
    }

    public void setDebug(int i) {
        this.debug = i;
    }

    public String getEntropy() {
        if (this.entropy == null) {
            setEntropy(toString());
        }
        return this.entropy;
    }

    public void setEntropy(String str) {
        this.entropy = str;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve
    public String getInfo() {
        return info;
    }

    public String getRandomClass() {
        return this.randomClass;
    }

    public void setRandomClass(String str) {
        this.randomClass = str;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve
    public int invoke(Request request, Response response) throws IOException, ServletException {
        Session session;
        Principal principal;
        if (!(request instanceof HttpRequest) || !(response instanceof HttpResponse) || !(request.getRequest() instanceof HttpServletRequest) || !(response.getResponse() instanceof HttpServletResponse)) {
            return 1;
        }
        HttpRequest httpRequest = (HttpRequest) request;
        HttpResponse httpResponse = (HttpResponse) response;
        if (this.debug >= 1) {
            log(new StringBuffer().append("Security checking request ").append(((HttpServletRequest) request.getRequest()).getMethod()).append(" ").append(((HttpServletRequest) request.getRequest()).getRequestURI()).toString());
        }
        LoginConfig loginConfig = this.context.getLoginConfig();
        if (this.cache && ((HttpServletRequest) request.getRequest()).getUserPrincipal() == null && (session = getSession(httpRequest)) != null && (principal = session.getPrincipal()) != null) {
            if (this.debug >= 1) {
                log(new StringBuffer().append("We have cached auth type ").append(session.getAuthType()).append(" for principal ").append(session.getPrincipal()).toString());
            }
            httpRequest.setAuthType(session.getAuthType());
            httpRequest.setUserPrincipal(principal);
        }
        String path = this.context.getPath();
        String requestURI = ((HttpServletRequest) request.getRequest()).getRequestURI();
        if (requestURI.startsWith(path) && requestURI.endsWith(Constants.FORM_ACTION) && !authenticate(httpRequest, httpResponse, loginConfig)) {
            if (this.debug < 1) {
                return 2;
            }
            log(" Failed authenticate() test");
            return 2;
        }
        SecurityConstraint findConstraint = findConstraint(httpRequest);
        if (findConstraint == null) {
            if (this.debug < 1) {
                return 1;
            }
            log(" Not subject to any constraint");
            return 1;
        }
        if (this.debug >= 1 && findConstraint != null) {
            log(new StringBuffer().append(" Subject to constraint ").append(findConstraint).toString());
        }
        if (!((HttpServletRequest) httpRequest.getRequest()).isSecure()) {
            HttpServletResponse httpServletResponse = (HttpServletResponse) response.getResponse();
            httpServletResponse.setHeader("Pragma", "No-cache");
            httpServletResponse.setHeader("Cache-Control", "no-cache");
            httpServletResponse.setHeader("Expires", constantDateOne);
        }
        if (this.debug >= 1) {
            log(" Calling checkUserData()");
        }
        if (!checkUserData(httpRequest, httpResponse, findConstraint)) {
            if (this.debug < 1) {
                return 2;
            }
            log(" Failed checkUserData() test");
            return 2;
        }
        if (findConstraint.getAuthConstraint()) {
            if (this.debug >= 1) {
                log(" Calling authenticate()");
            }
            if (!authenticate(httpRequest, httpResponse, loginConfig)) {
                if (this.debug < 1) {
                    return 2;
                }
                log(" Failed authenticate() test");
                return 2;
            }
        }
        if (findConstraint.getAuthConstraint()) {
            if (this.debug >= 1) {
                log(" Calling accessControl()");
            }
            if (!accessControl(httpRequest, httpResponse, findConstraint)) {
                if (Audit.isActive()) {
                    Audit.webInvocation(httpRequest, false);
                }
                if (this.debug < 1) {
                    return 2;
                }
                log(" Failed accessControl() test");
                return 2;
            }
        }
        if (Audit.isActive()) {
            Audit.webInvocation(httpRequest, true);
        }
        if (this.debug < 1) {
            return 1;
        }
        log(" Successfully passed all security constraints");
        return 1;
    }

    protected boolean accessControl(HttpRequest httpRequest, HttpResponse httpResponse, SecurityConstraint securityConstraint) throws IOException {
        if (securityConstraint == null) {
            return true;
        }
        LoginConfig loginConfig = this.context.getLoginConfig();
        if (loginConfig != null && "FORM".equals(loginConfig.getAuthMethod())) {
            String requestURI = ((HttpServletRequest) httpRequest.getRequest()).getRequestURI();
            String stringBuffer = new StringBuffer().append(this.context.getPath()).append(loginConfig.getLoginPage()).toString();
            if (stringBuffer.equals(requestURI)) {
                if (this.debug < 1) {
                    return true;
                }
                log(new StringBuffer().append(" Allow access to login page ").append(stringBuffer).toString());
                return true;
            }
            String stringBuffer2 = new StringBuffer().append(this.context.getPath()).append(loginConfig.getErrorPage()).toString();
            if (stringBuffer2.equals(requestURI)) {
                if (this.debug < 1) {
                    return true;
                }
                log(new StringBuffer().append(" Allow access to error page ").append(stringBuffer2).toString());
                return true;
            }
            if (requestURI.endsWith(Constants.FORM_ACTION)) {
                if (this.debug < 1) {
                    return true;
                }
                log(" Allow access to username/password submission");
                return true;
            }
        }
        Principal userPrincipal = ((HttpServletRequest) httpRequest.getRequest()).getUserPrincipal();
        if (userPrincipal == null) {
            if (this.debug >= 2) {
                log("  No user authenticated, cannot grant access");
            }
            ((HttpServletResponse) httpResponse.getResponse()).sendError(500, sm.getString("authenticator.notAuthenticated"));
            return false;
        }
        Realm realm = this.context.getRealm();
        String[] findAuthRoles = securityConstraint.findAuthRoles();
        if (findAuthRoles == null) {
            findAuthRoles = new String[0];
        }
        if (securityConstraint.getAllRoles()) {
            return true;
        }
        if (findAuthRoles.length == 0 && securityConstraint.getAuthConstraint()) {
            ((HttpServletResponse) httpResponse.getResponse()).sendError(403, sm.getString("authenticator.forbidden"));
            return false;
        }
        for (String str : findAuthRoles) {
            if (realm.hasRole(userPrincipal, str)) {
                return true;
            }
        }
        ((HttpServletResponse) httpResponse.getResponse()).sendError(403, sm.getString("authenticator.forbidden"));
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void associate(String str, Session session) {
        if (this.sso == null) {
            return;
        }
        this.sso.associate(str, session);
    }

    protected abstract boolean authenticate(HttpRequest httpRequest, HttpResponse httpResponse, LoginConfig loginConfig) throws IOException;

    protected boolean checkUserData(HttpRequest httpRequest, HttpResponse httpResponse, SecurityConstraint securityConstraint) throws IOException {
        if (securityConstraint == null) {
            if (this.debug < 2) {
                return true;
            }
            log("  No applicable security constraint defined");
            return true;
        }
        String userConstraint = securityConstraint.getUserConstraint();
        if (userConstraint == null) {
            if (this.debug < 2) {
                return true;
            }
            log("  No applicable user data constraint defined");
            return true;
        }
        if (userConstraint.equals("NONE")) {
            if (this.debug < 2) {
                return true;
            }
            log("  User data constraint has no restrictions");
            return true;
        }
        if (httpRequest.getRequest().isSecure()) {
            if (this.debug < 2) {
                return true;
            }
            log("  User data constraint already satisfied");
            return true;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) httpRequest.getRequest();
        HttpServletResponse httpServletResponse = (HttpServletResponse) httpResponse.getResponse();
        int redirectPort = httpRequest.getConnector().getRedirectPort();
        if (redirectPort <= 0) {
            if (this.debug >= 2) {
                log("  SSL redirect is disabled");
            }
            httpServletResponse.sendError(403, httpServletRequest.getRequestURI());
            return false;
        }
        String serverName = httpServletRequest.getServerName();
        StringBuffer stringBuffer = new StringBuffer(httpServletRequest.getRequestURI());
        String requestedSessionId = httpServletRequest.getRequestedSessionId();
        if (requestedSessionId != null && httpServletRequest.isRequestedSessionIdFromURL()) {
            stringBuffer.append(";jsessionid=");
            stringBuffer.append(requestedSessionId);
        }
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null) {
            stringBuffer.append('?');
            stringBuffer.append(queryString);
        }
        try {
            URL url = new URL("https", serverName, redirectPort, stringBuffer.toString());
            if (this.debug >= 2) {
                log(new StringBuffer().append("  Redirecting to ").append(url.toString()).toString());
            }
            httpServletResponse.sendRedirect(url.toString());
            return false;
        } catch (MalformedURLException e) {
            if (this.debug >= 2) {
                log("  Cannot create new URL", e);
            }
            httpServletResponse.sendError(500, httpServletRequest.getRequestURI());
            return false;
        }
    }

    protected SecurityConstraint findConstraint(HttpRequest httpRequest) {
        SecurityConstraint[] findConstraints = this.context.findConstraints();
        if (findConstraints == null || findConstraints.length == 0) {
            if (this.debug < 2) {
                return null;
            }
            log("  No applicable constraints defined");
            return null;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) httpRequest.getRequest();
        String requestURI = httpServletRequest.getRequestURI();
        String contextPath = httpServletRequest.getContextPath();
        if (contextPath.length() > 0) {
            requestURI = requestURI.substring(contextPath.length());
        }
        String method = httpServletRequest.getMethod();
        for (int i = 0; i < findConstraints.length; i++) {
            if (this.debug >= 2) {
                log(new StringBuffer().append("  Checking constraint '").append(findConstraints[i]).append("' against ").append(method).append(" ").append(requestURI).append(" --> ").append(findConstraints[i].included(requestURI, method)).toString());
            }
            if (findConstraints[i].included(requestURI, method)) {
                return findConstraints[i];
            }
        }
        if (this.debug < 2) {
            return null;
        }
        log("  No applicable constraint located");
        return null;
    }

    protected synchronized String generateSessionId() {
        getRandom();
        byte[] bArr = new byte[16];
        getRandom().nextBytes(bArr);
        byte[] digest = getDigest().digest(bArr);
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < digest.length; i++) {
            byte b = (byte) ((digest[i] & 240) >> 4);
            byte b2 = (byte) (digest[i] & 15);
            if (b < 10) {
                stringBuffer.append((char) (48 + b));
            } else {
                stringBuffer.append((char) (65 + (b - 10)));
            }
            if (b2 < 10) {
                stringBuffer.append((char) (48 + b2));
            } else {
                stringBuffer.append((char) (65 + (b2 - 10)));
            }
        }
        return stringBuffer.toString();
    }

    protected synchronized MessageDigest getDigest() {
        if (this.digest == null) {
            try {
                this.digest = MessageDigest.getInstance(this.algorithm);
            } catch (NoSuchAlgorithmException e) {
                try {
                    this.digest = MessageDigest.getInstance(DEFAULT_ALGORITHM);
                } catch (NoSuchAlgorithmException e2) {
                    this.digest = null;
                }
            }
        }
        return this.digest;
    }

    protected synchronized Random getRandom() {
        if (this.random == null) {
            try {
                this.random = (Random) Class.forName(this.randomClass).newInstance();
                long currentTimeMillis = System.currentTimeMillis();
                for (int i = 0; i < getEntropy().toCharArray().length; i++) {
                    currentTimeMillis ^= ((byte) r0[i]) << ((i % 8) * 8);
                }
                this.random.setSeed(currentTimeMillis);
            } catch (Exception e) {
                this.random = new Random();
            }
        }
        return this.random;
    }

    protected Session getSession(HttpRequest httpRequest) {
        return getSession(httpRequest, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Session getSession(HttpRequest httpRequest, boolean z) {
        Manager manager;
        HttpSession session = ((HttpServletRequest) httpRequest.getRequest()).getSession(z);
        if (session == null || (manager = this.context.getManager()) == null) {
            return null;
        }
        try {
            return manager.findSession(session.getId());
        } catch (IOException e) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void log(String str) {
        Logger logger = this.context.getLogger();
        if (logger != null) {
            logger.log(new StringBuffer().append("Authenticator[").append(this.context.getPath()).append("]: ").append(str).toString());
        } else {
            System.out.println(new StringBuffer().append("Authenticator[").append(this.context.getPath()).append("]: ").append(str).toString());
        }
    }

    protected void log(String str, Throwable th) {
        Logger logger = this.context.getLogger();
        if (logger != null) {
            logger.log(new StringBuffer().append("Authenticator[").append(this.context.getPath()).append("]: ").append(str).toString(), th);
        } else {
            System.out.println(new StringBuffer().append("Authenticator[").append(this.context.getPath()).append("]: ").append(str).toString());
            th.printStackTrace(System.out);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void register(HttpRequest httpRequest, HttpResponse httpResponse, Principal principal, String str, String str2, String str3) {
        Session session;
        if (this.debug >= 1) {
            log(new StringBuffer().append("Authenticated '").append(principal.getName()).append("' with type '").append(str).append("'").toString());
        }
        httpRequest.setAuthType(str);
        httpRequest.setUserPrincipal(principal);
        if (this.cache && (session = getSession(httpRequest, false)) != null) {
            session.setAuthType(str);
            session.setPrincipal(principal);
            if (str2 != null) {
                session.setNote(Constants.SESS_USERNAME_NOTE, str2);
            } else {
                session.removeNote(Constants.SESS_USERNAME_NOTE);
            }
            if (str3 != null) {
                session.setNote(Constants.SESS_PASSWORD_NOTE, str3);
            } else {
                session.removeNote(Constants.SESS_PASSWORD_NOTE);
            }
        }
        if (this.sso == null) {
            return;
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) httpResponse.getResponse();
        String generateSessionId = generateSessionId();
        Cookie cookie = new Cookie(Constants.SINGLE_SIGN_ON_COOKIE, generateSessionId);
        cookie.setMaxAge(-1);
        cookie.setPath("/");
        httpServletResponse.addCookie(cookie);
        this.sso.register(generateSessionId, principal, str, str2, str3);
        httpRequest.setNote(Constants.REQ_SSOID_NOTE, generateSessionId);
    }

    @Override // org.apache.catalina.Lifecycle
    public void addLifecycleListener(LifecycleListener lifecycleListener) {
        this.lifecycle.addLifecycleListener(lifecycleListener);
    }

    @Override // org.apache.catalina.Lifecycle
    public void removeLifecycleListener(LifecycleListener lifecycleListener) {
        this.lifecycle.removeLifecycleListener(lifecycleListener);
    }

    @Override // org.apache.catalina.Lifecycle
    public void start() throws LifecycleException {
        if (this.started) {
            throw new LifecycleException(sm.getString("authenticator.alreadyStarted"));
        }
        this.lifecycle.fireLifecycleEvent("start", null);
        if (this.context instanceof StandardContext) {
            setDebug(((StandardContext) this.context).getDebug());
        }
        this.started = true;
        Container parent = this.context.getParent();
        while (this.sso == null && parent != null) {
            if (parent instanceof Pipeline) {
                Valve[] valves = ((Pipeline) parent).getValves();
                int i = 0;
                while (true) {
                    if (i >= valves.length) {
                        break;
                    }
                    if (valves[i] instanceof SingleSignOn) {
                        this.sso = (SingleSignOn) valves[i];
                        break;
                    }
                    i++;
                }
                if (this.sso == null) {
                    parent = parent.getParent();
                }
            } else {
                parent = parent.getParent();
            }
        }
        if (this.debug >= 1) {
            if (this.sso != null) {
                log(new StringBuffer().append("Found SingleSignOn Valve at ").append(this.sso).toString());
            } else {
                log("No SingleSignOn Valve is present");
            }
        }
    }

    @Override // org.apache.catalina.Lifecycle
    public void stop() throws LifecycleException {
        if (!this.started) {
            throw new LifecycleException(sm.getString("authenticator.notStarted"));
        }
        this.lifecycle.fireLifecycleEvent("stop", null);
        this.started = false;
        this.sso = null;
    }
}
