package org.mortbay.jetty.security;

import java.io.IOException;
import java.security.Principal;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.spi.LocationInfo;
import org.mortbay.jetty.Connector;
import org.mortbay.jetty.HttpConnection;
import org.mortbay.jetty.Request;
import org.mortbay.jetty.Response;
import org.mortbay.jetty.handler.HandlerWrapper;
import org.mortbay.jetty.servlet.PathMap;
import org.mortbay.log.Log;
import org.mortbay.util.LazyList;
import org.mortbay.util.StringUtil;

/* loaded from: input_file:hadoop-hdfs-nfs-2.5.1-mapr-1410-SNAPSHOT/share/hadoop/hdfs/lib/jetty-6.1.26.jar:org/mortbay/jetty/security/SecurityHandler.class */
public class SecurityHandler extends HandlerWrapper {
    private UserRealm _userRealm;
    private ConstraintMapping[] _constraintMappings;
    private Authenticator _authenticator;
    public static Principal __NO_USER = new Principal() { // from class: org.mortbay.jetty.security.SecurityHandler.1
        @Override // java.security.Principal
        public String getName() {
            return null;
        }

        @Override // java.security.Principal
        public String toString() {
            return "No User";
        }
    };
    public static Principal __NOBODY = new Principal() { // from class: org.mortbay.jetty.security.SecurityHandler.2
        @Override // java.security.Principal
        public String getName() {
            return "Nobody";
        }

        @Override // java.security.Principal
        public String toString() {
            return getName();
        }
    };
    private String _authMethod = "BASIC";
    private PathMap _constraintMap = new PathMap();
    private NotChecked _notChecked = new NotChecked(this);
    private boolean _checkWelcomeFiles = false;

    /* loaded from: input_file:hadoop-hdfs-nfs-2.5.1-mapr-1410-SNAPSHOT/share/hadoop/hdfs/lib/jetty-6.1.26.jar:org/mortbay/jetty/security/SecurityHandler$NotChecked.class */
    public class NotChecked implements Principal {
        private final SecurityHandler this$0;

        public NotChecked(SecurityHandler securityHandler) {
            this.this$0 = securityHandler;
        }

        @Override // java.security.Principal
        public String getName() {
            return null;
        }

        @Override // java.security.Principal
        public String toString() {
            return "NOT CHECKED";
        }

        public SecurityHandler getSecurityHandler() {
            return this.this$0;
        }
    }

    public Authenticator getAuthenticator() {
        return this._authenticator;
    }

    public void setAuthenticator(Authenticator authenticator) {
        this._authenticator = authenticator;
    }

    public UserRealm getUserRealm() {
        return this._userRealm;
    }

    public void setUserRealm(UserRealm userRealm) {
        this._userRealm = userRealm;
    }

    public ConstraintMapping[] getConstraintMappings() {
        return this._constraintMappings;
    }

    public void setConstraintMappings(ConstraintMapping[] constraintMappingArr) {
        this._constraintMappings = constraintMappingArr;
        if (this._constraintMappings != null) {
            this._constraintMappings = constraintMappingArr;
            this._constraintMap.clear();
            for (int i = 0; i < this._constraintMappings.length; i++) {
                this._constraintMap.put(this._constraintMappings[i].getPathSpec(), LazyList.add(this._constraintMap.get(this._constraintMappings[i].getPathSpec()), this._constraintMappings[i]));
            }
        }
    }

    public String getAuthMethod() {
        return this._authMethod;
    }

    public void setAuthMethod(String str) {
        if (isStarted() && this._authMethod != null && !this._authMethod.equals(str)) {
            throw new IllegalStateException("Handler started");
        }
        this._authMethod = str;
    }

    public boolean hasConstraints() {
        return this._constraintMappings != null && this._constraintMappings.length > 0;
    }

    public boolean isCheckWelcomeFiles() {
        return this._checkWelcomeFiles;
    }

    public void setCheckWelcomeFiles(boolean z) {
        this._checkWelcomeFiles = z;
    }

    @Override // org.mortbay.jetty.handler.HandlerWrapper, org.mortbay.jetty.handler.AbstractHandler, org.mortbay.component.AbstractLifeCycle
    public void doStart() throws Exception {
        if (this._authenticator == null) {
            if ("BASIC".equalsIgnoreCase(this._authMethod)) {
                this._authenticator = new BasicAuthenticator();
            } else if ("DIGEST".equalsIgnoreCase(this._authMethod)) {
                this._authenticator = new DigestAuthenticator();
            } else if ("CLIENT_CERT".equalsIgnoreCase(this._authMethod)) {
                this._authenticator = new ClientCertAuthenticator();
            } else if ("FORM".equalsIgnoreCase(this._authMethod)) {
                this._authenticator = new FormAuthenticator();
            } else {
                Log.warn(new StringBuffer().append("Unknown Authentication method:").append(this._authMethod).toString());
            }
        }
        super.doStart();
    }

    @Override // org.mortbay.jetty.handler.HandlerWrapper, org.mortbay.jetty.Handler
    public void handle(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i) throws IOException, ServletException {
        Request request = httpServletRequest instanceof Request ? (Request) httpServletRequest : HttpConnection.getCurrentConnection().getRequest();
        Response response = httpServletResponse instanceof Response ? (Response) httpServletResponse : HttpConnection.getCurrentConnection().getResponse();
        UserRealm userRealm = request.getUserRealm();
        try {
            request.setUserRealm(getUserRealm());
            if (i == 1 && !checkSecurityConstraints(str, request, response)) {
                request.setHandled(true);
                if (this._userRealm != null && i == 1) {
                    this._userRealm.disassociate(request.getUserPrincipal());
                }
                request.setUserRealm(userRealm);
                return;
            }
            if (i == 2 && this._checkWelcomeFiles && httpServletRequest.getAttribute("org.mortbay.jetty.welcome") != null) {
                httpServletRequest.removeAttribute("org.mortbay.jetty.welcome");
                if (!checkSecurityConstraints(str, request, response)) {
                    request.setHandled(true);
                    if (this._userRealm != null && i == 1) {
                        this._userRealm.disassociate(request.getUserPrincipal());
                    }
                    request.setUserRealm(userRealm);
                    return;
                }
            }
            if ((this._authenticator instanceof FormAuthenticator) && str.endsWith(FormAuthenticator.__J_SECURITY_CHECK)) {
                this._authenticator.authenticate(getUserRealm(), str, request, response);
                request.setHandled(true);
                if (this._userRealm != null && i == 1) {
                    this._userRealm.disassociate(request.getUserPrincipal());
                }
                request.setUserRealm(userRealm);
                return;
            }
            if (getHandler() != null) {
                getHandler().handle(str, httpServletRequest, httpServletResponse, i);
            }
            if (this._userRealm != null && i == 1) {
                this._userRealm.disassociate(request.getUserPrincipal());
            }
            request.setUserRealm(userRealm);
        } catch (Throwable th) {
            if (this._userRealm != null && i == 1) {
                this._userRealm.disassociate(request.getUserPrincipal());
            }
            request.setUserRealm(userRealm);
            throw th;
        }
    }

    public boolean checkSecurityConstraints(String str, Request request, Response response) throws IOException {
        Object lazyMatches = this._constraintMap.getLazyMatches(str);
        String str2 = null;
        Object obj = null;
        if (lazyMatches == null) {
            request.setUserPrincipal(this._notChecked);
            return true;
        }
        loop0: for (int i = 0; i < LazyList.size(lazyMatches); i++) {
            Map.Entry entry = (Map.Entry) LazyList.get(lazyMatches, i);
            Object value = entry.getValue();
            String str3 = (String) entry.getKey();
            for (int i2 = 0; i2 < LazyList.size(value); i2++) {
                ConstraintMapping constraintMapping = (ConstraintMapping) LazyList.get(value, i2);
                if (constraintMapping.getMethod() == null || constraintMapping.getMethod().equalsIgnoreCase(request.getMethod())) {
                    if (str2 != null && !str2.equals(str3)) {
                        break loop0;
                    }
                    str2 = str3;
                    obj = LazyList.add(obj, constraintMapping.getConstraint());
                }
            }
        }
        return check(obj, this._authenticator, this._userRealm, str, request, response);
    }

    private boolean check(Object obj, Authenticator authenticator, UserRealm userRealm, String str, Request request, Response response) throws IOException {
        int i = 0;
        Object obj2 = null;
        boolean z = false;
        boolean z2 = false;
        for (int i2 = 0; i2 < LazyList.size(obj); i2++) {
            Constraint constraint = (Constraint) LazyList.get(obj, i2);
            if (i <= -1 || !constraint.hasDataConstraint()) {
                i = -1;
            } else if (constraint.getDataConstraint() > i) {
                i = constraint.getDataConstraint();
            }
            if (!z && 0 == 0) {
                if (!constraint.getAuthenticate()) {
                    z = true;
                } else if (constraint.isAnyRole()) {
                    obj2 = "*";
                } else {
                    String[] roles = constraint.getRoles();
                    if (roles == null || roles.length == 0) {
                        z2 = true;
                        break;
                    }
                    if (obj2 != "*") {
                        int length = roles.length;
                        while (true) {
                            int i3 = length;
                            length--;
                            if (i3 > 0) {
                                obj2 = LazyList.add(obj2, roles[length]);
                            }
                        }
                    }
                }
            }
        }
        if (z2 && (!(authenticator instanceof FormAuthenticator) || !((FormAuthenticator) authenticator).isLoginOrErrorPage(str))) {
            response.sendError(403);
            return false;
        }
        if (i > 0) {
            Connector connector = HttpConnection.getCurrentConnection().getConnector();
            switch (i) {
                case 1:
                    if (!connector.isIntegral(request)) {
                        if (connector.getConfidentialPort() <= 0) {
                            response.sendError(403, null);
                            return false;
                        }
                        String stringBuffer = new StringBuffer().append(connector.getIntegralScheme()).append("://").append(request.getServerName()).append(":").append(connector.getIntegralPort()).append(request.getRequestURI()).toString();
                        if (request.getQueryString() != null) {
                            stringBuffer = new StringBuffer().append(stringBuffer).append(LocationInfo.NA).append(request.getQueryString()).toString();
                        }
                        response.setContentLength(0);
                        response.sendRedirect(response.encodeRedirectURL(stringBuffer));
                        return false;
                    }
                    break;
                case 2:
                    if (!connector.isConfidential(request)) {
                        if (connector.getConfidentialPort() <= 0) {
                            response.sendError(403, null);
                            return false;
                        }
                        String stringBuffer2 = new StringBuffer().append(connector.getConfidentialScheme()).append("://").append(request.getServerName()).append(":").append(connector.getConfidentialPort()).append(request.getRequestURI()).toString();
                        if (request.getQueryString() != null) {
                            stringBuffer2 = new StringBuffer().append(stringBuffer2).append(LocationInfo.NA).append(request.getQueryString()).toString();
                        }
                        response.setContentLength(0);
                        response.sendRedirect(response.encodeRedirectURL(stringBuffer2));
                        return false;
                    }
                    break;
                default:
                    response.sendError(403, null);
                    return false;
            }
        }
        if (z || obj2 == null) {
            request.setUserPrincipal(this._notChecked);
            return true;
        }
        if (userRealm == null) {
            Log.warn(new StringBuffer().append("Request ").append(request.getRequestURI()).append(" failed - no realm").toString());
            response.sendError(500, "No realm");
            return false;
        }
        Principal principal = null;
        if (request.getAuthType() != null && request.getRemoteUser() != null) {
            principal = request.getUserPrincipal();
            if (principal == null) {
                principal = userRealm.authenticate(request.getRemoteUser(), null, request);
            }
            if (principal == null && authenticator != null) {
                principal = authenticator.authenticate(userRealm, str, request, response);
            }
        } else if (authenticator != null) {
            principal = authenticator.authenticate(userRealm, str, request, response);
        } else {
            Log.warn(new StringBuffer().append("Mis-configured Authenticator for ").append(request.getRequestURI()).toString());
            response.sendError(500, "Configuration error");
        }
        if (principal == null) {
            return false;
        }
        if (principal == __NOBODY || obj2 == "*") {
            return true;
        }
        boolean z3 = false;
        int size = LazyList.size(obj2);
        while (true) {
            int i4 = size;
            size--;
            if (i4 > 0) {
                if (userRealm.isUserInRole(principal, (String) LazyList.get(obj2, size))) {
                    z3 = true;
                }
            }
        }
        if (z3) {
            return true;
        }
        Log.warn(new StringBuffer().append("AUTH FAILURE: incorrect role for ").append(StringUtil.printable(principal.getName())).toString());
        response.sendError(403, "User not in required role");
        return false;
    }
}
