package weblogic.servlet.internal;

import java.security.PrivilegedAction;
import java.util.Iterator;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.login.LoginException;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import weblogic.application.ApplicationAccess;
import weblogic.application.ApplicationContextInternal;
import weblogic.logging.Loggable;
import weblogic.management.DeploymentException;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.servlet.HTTPLogger;
import weblogic.servlet.jsp.JspStub;
import weblogic.servlet.security.internal.WebAppSecurity;

/* loaded from: input_file:weblogic/servlet/internal/StubSecurityHelper.class */
public final class StubSecurityHelper {
    private final ServletStubImpl stub;
    private PrincipalAuthenticator pa = null;
    private AuthenticatedSubject initAs = null;
    private AuthenticatedSubject destroyAs = null;
    private AuthenticatedSubject runAs = null;
    private String runAsIdentity = null;
    private ConcurrentHashMap securityRoleMap;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/servlet/internal/StubSecurityHelper$ServletDestroyAction.class */
    public static final class ServletDestroyAction implements PrivilegedAction {
        final Servlet servlet;
        final WebAppServletContext context;

        ServletDestroyAction(Servlet servlet, WebAppServletContext webAppServletContext) {
            this.servlet = servlet;
            this.context = webAppServletContext;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            try {
                this.servlet.destroy();
                try {
                    this.context.getComponentCreator().notifyPreDestroy(this.servlet);
                    return null;
                } catch (Throwable th) {
                    return th;
                }
            } catch (Throwable th2) {
                return th2;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/servlet/internal/StubSecurityHelper$ServletInitAction.class */
    public static final class ServletInitAction implements PrivilegedAction {
        private final ServletStubImpl stub;
        private final Class clazz;
        private Servlet servlet = null;

        public ServletInitAction(ServletStubImpl servletStubImpl, Class cls) {
            this.stub = servletStubImpl;
            this.clazz = cls;
        }

        public Servlet getServlet() {
            return this.servlet;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            try {
                if (this.stub instanceof JspStub) {
                    this.servlet = (Servlet) this.clazz.newInstance();
                } else {
                    this.servlet = this.stub.getContext().getComponentCreator().createServletInstance(this.stub.getClassName());
                }
                try {
                    this.servlet.init(this.stub);
                    return null;
                } catch (Throwable th) {
                    return th;
                }
            } catch (ClassCastException e) {
                HTTPLogger.logCastingError(this.stub.getContext().getLogContext(), this.stub.getServletName(), e);
                return new ServletException("Servlet class: '" + this.stub.getClassName() + "' does not implement javax.servlet.Servlet");
            } catch (IllegalAccessException e2) {
                HTTPLogger.logIllegalAccessOnInstantiate(this.stub.getContext().getLogContext(), this.stub.getServletName(), e2);
                return new ServletException("Servlet class: '" + this.stub.getClassName() + "' couldn't be instantiated");
            } catch (InstantiationException e3) {
                HTTPLogger.logInstantiateError(this.stub.getContext().getLogContext(), this.stub.getServletName(), e3);
                return new ServletException("Servlet class: '" + this.stub.getClassName() + "' couldn't be instantiated");
            } catch (NoSuchMethodError e4) {
                HTTPLogger.logInstantiateError(this.stub.getContext().getLogContext(), this.stub.getServletName(), e4);
                return new ServletException("Servlet class: '" + this.stub.getClassName() + "' doesn't have a default constructor");
            } catch (Throwable th2) {
                return th2;
            }
        }
    }

    /* loaded from: input_file:weblogic/servlet/internal/StubSecurityHelper$ServletServiceAction.class */
    private static final class ServletServiceAction implements PrivilegedAction {
        private final ServletRequest req;
        private final ServletRequestImpl reqi;
        private final ServletResponse rsp;
        private final Servlet servlet;
        private final ServletStubImpl stub;

        ServletServiceAction(ServletRequest servletRequest, ServletRequestImpl servletRequestImpl, ServletResponse servletResponse, Servlet servlet, ServletStubImpl servletStubImpl) {
            this.req = servletRequest;
            this.reqi = servletRequestImpl;
            this.rsp = servletResponse;
            this.servlet = servlet;
            this.stub = servletStubImpl;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            try {
                if (this.stub == this.reqi.getServletStub() && this.stub.isFutureResponseServlet()) {
                    this.reqi.enableFutureResponse();
                }
                this.servlet.service(this.req, this.rsp);
                return null;
            } catch (Throwable th) {
                return th;
            }
        }
    }

    public StubSecurityHelper(ServletStubImpl servletStubImpl) {
        this.stub = servletStubImpl;
    }

    public final void addRoleLink(String str, String str2) {
        if (this.securityRoleMap == null) {
            this.securityRoleMap = new ConcurrentHashMap();
        }
        this.securityRoleMap.put(str, str2);
    }

    public final String getRoleLink(String str) {
        if (this.securityRoleMap == null) {
            return null;
        }
        return (String) this.securityRoleMap.get(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final Iterator getRoleNames() {
        if (this.securityRoleMap == null) {
            return null;
        }
        return this.securityRoleMap.keySet().iterator();
    }

    public Servlet createServlet(Class cls) throws ServletException {
        ServletInitAction servletInitAction = new ServletInitAction(this.stub, cls);
        Throwable th = (Throwable) SecurityServiceManager.runAs(WebAppConfigManager.KERNEL_ID, getInitAsSubject(), servletInitAction);
        if (th instanceof ServletException) {
            throw ((ServletException) th);
        }
        if (th instanceof Throwable) {
            throw new ServletException(th);
        }
        return servletInitAction.getServlet();
    }

    private AuthenticatedSubject getInitAsSubject() {
        return this.initAs != null ? this.initAs : this.runAs != null ? this.runAs : SubjectUtils.getAnonymousSubject();
    }

    public void destroyServlet(Servlet servlet) {
        Throwable th = (Throwable) SecurityServiceManager.runAs(WebAppConfigManager.KERNEL_ID, getDestroyAsSubject(), new ServletDestroyAction(servlet, this.stub.getContext()));
        if (th != null) {
            HTTPLogger.logServletFailedOnDestroy(this.stub.getContext().getLogContext(), this.stub.getServletName(), th);
        }
    }

    private AuthenticatedSubject getDestroyAsSubject() {
        return this.destroyAs != null ? this.destroyAs : this.runAs != null ? this.runAs : SubjectUtils.getAnonymousSubject();
    }

    private PrincipalAuthenticator getPrincipalAuthenticator() {
        if (this.pa != null) {
            return this.pa;
        }
        this.pa = (PrincipalAuthenticator) SecurityServiceManager.getSecurityService(WebAppConfigManager.KERNEL_ID, this.stub.getContext().getSecurityRealmName(), SecurityService.ServiceType.AUTHENTICATION);
        return this.pa;
    }

    public Throwable invokeServlet(ServletRequest servletRequest, HttpServletRequest httpServletRequest, ServletRequestImpl servletRequestImpl, ServletResponse servletResponse, HttpServletResponse httpServletResponse, Servlet servlet) throws ServletException {
        ServletServiceAction servletServiceAction = new ServletServiceAction(servletRequest, servletRequestImpl, servletResponse, servlet, this.stub);
        if (this.runAsIdentity == null) {
            return (Throwable) servletServiceAction.run();
        }
        try {
            return (Throwable) SecurityServiceManager.runAs(WebAppConfigManager.KERNEL_ID, getPrincipalAuthenticator().impersonateIdentity(this.runAsIdentity, WebAppSecurity.getContextHandler(httpServletRequest, httpServletResponse)), servletServiceAction);
        } catch (LoginException e) {
            HTTPLogger.logRunAsUserCouldNotBeResolvedLoggable(this.runAsIdentity, this.stub.getServletName(), this.stub.getContext().getContextPath(), e).log();
            throw new ServletException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String getRunAsIdentity() {
        return this.runAsIdentity;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void setRunAsIdentity(String str) throws DeploymentException {
        try {
            this.runAsIdentity = str;
            this.runAs = getPrincipalAuthenticator().impersonateIdentity(str);
            checkDeployUserPrivileges(this.runAs, "run-as");
        } catch (LoginException e) {
            Loggable logRunAsUserCouldNotBeResolvedLoggable = HTTPLogger.logRunAsUserCouldNotBeResolvedLoggable(str, this.stub.getServletName(), this.stub.getContext().getContextPath(), e);
            logRunAsUserCouldNotBeResolvedLoggable.log();
            throw new DeploymentException(logRunAsUserCouldNotBeResolvedLoggable.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void setInitAsIdentity(String str) throws DeploymentException {
        try {
            this.initAs = getPrincipalAuthenticator().impersonateIdentity(str);
            checkDeployUserPrivileges(this.initAs, "init-as");
        } catch (LoginException e) {
            Loggable logRunAsUserCouldNotBeResolvedLoggable = HTTPLogger.logRunAsUserCouldNotBeResolvedLoggable(str, this.stub.getServletName(), this.stub.getContext().getContextPath(), e);
            logRunAsUserCouldNotBeResolvedLoggable.log();
            throw new DeploymentException(logRunAsUserCouldNotBeResolvedLoggable.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void setDestroyAsIdentity(String str) throws DeploymentException {
        try {
            this.destroyAs = getPrincipalAuthenticator().impersonateIdentity(str);
            checkDeployUserPrivileges(this.destroyAs, "destroy-as");
        } catch (LoginException e) {
            Loggable logRunAsUserCouldNotBeResolvedLoggable = HTTPLogger.logRunAsUserCouldNotBeResolvedLoggable(str, this.stub.getServletName(), this.stub.getContext().getContextPath(), e);
            logRunAsUserCouldNotBeResolvedLoggable.log();
            throw new DeploymentException(logRunAsUserCouldNotBeResolvedLoggable.getMessage());
        }
    }

    private void checkDeployUserPrivileges(AuthenticatedSubject authenticatedSubject, String str) throws DeploymentException {
        ApplicationContextInternal currentApplicationContext;
        AuthenticatedSubject deploymentInitiator;
        if (!SubjectUtils.isUserAnAdministrator(authenticatedSubject) || (deploymentInitiator = (currentApplicationContext = ApplicationAccess.getApplicationAccess().getCurrentApplicationContext()).getDeploymentInitiator()) == null) {
            return;
        }
        if ((!currentApplicationContext.isStaticDeploymentOperation() || !SubjectUtils.isUserAnonymous(deploymentInitiator)) && !SubjectUtils.isUserAnAdministrator(deploymentInitiator)) {
            throw new DeploymentException("The " + str + " user : " + authenticatedSubject + " has higher privileges than the deployment user : " + deploymentInitiator + ". Hence this deployment user cannot perform the current deployment action. Try the deployment action with admin privileged user.");
        }
    }
}
