package weblogic.servlet.security.internal;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.servlet.internal.ServletRequestImpl;
import weblogic.servlet.internal.WebAppServletContext;
import weblogic.servlet.internal.session.SessionInternal;
import weblogic.utils.StringUtils;
import weblogic.utils.encoders.BASE64Decoder;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:weblogic/servlet/security/internal/BasicSecurityModule.class */
public class BasicSecurityModule extends SecurityModule {
    public BasicSecurityModule(WebAppServletContext webAppServletContext, WebAppSecurity webAppSecurity, boolean z) {
        super(webAppServletContext, webAppSecurity, z);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // weblogic.servlet.security.internal.SecurityModule
    public boolean checkUserPerm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SessionInternal sessionInternal, ResourceConstraint resourceConstraint, AuthenticatedSubject authenticatedSubject, boolean z) throws IOException, ServletException {
        boolean hasPermission = this.webAppSecurity.hasPermission(httpServletRequest, httpServletResponse, authenticatedSubject, resourceConstraint);
        if (hasPermission) {
            if (!checkAuthCookie(getHttpServer(), httpServletRequest, sessionInternal)) {
                if (DEBUG_SEC.isDebugEnabled()) {
                    DEBUG_SEC.debug("AuthCookie not found - permission denied for " + httpServletRequest);
                }
                handleFailure(httpServletRequest, httpServletResponse, false);
                return false;
            }
            if (ServletRequestImpl.getOriginalRequest(httpServletRequest).getServletStub().isProxyServlet() || !enforceValidBasicAuthCredentials()) {
                return true;
            }
            if (authenticatedSubject != null && !SubjectUtils.isUserAnonymous(authenticatedSubject)) {
                return true;
            }
        }
        boolean z2 = this.webAppSecurity.isFullSecurityDelegationRequired() && resourceConstraint != null && resourceConstraint.isForbidden();
        String[] splitAuthHeader = splitAuthHeader(httpServletRequest);
        if (splitAuthHeader == null) {
            if (hasPermission) {
                return true;
            }
            if (z2 || !(authenticatedSubject == null || isReloginEnabled())) {
                sendForbiddenResponse(httpServletRequest, httpServletResponse);
                return false;
            }
            handleFailure(httpServletRequest, httpServletResponse, z);
            return false;
        }
        AuthenticatedSubject checkAuthenticate = checkAuthenticate(splitAuthHeader[0], splitAuthHeader[1], httpServletRequest, httpServletResponse, getServletContext(), false);
        if (checkAuthenticate == null) {
            if (z2 || !(authenticatedSubject == null || isReloginEnabled())) {
                sendForbiddenResponse(httpServletRequest, httpServletResponse);
                return false;
            }
            handleFailure(httpServletRequest, httpServletResponse, z);
            return false;
        }
        if (!this.webAppSecurity.hasPermission(httpServletRequest, httpServletResponse, checkAuthenticate, resourceConstraint)) {
            if (z2 || !isReloginEnabled()) {
                sendForbiddenResponse(httpServletRequest, httpServletResponse);
                return false;
            }
            handleFailure(httpServletRequest, httpServletResponse, z);
            return false;
        }
        if (checkAuthCookie(getHttpServer(), httpServletRequest, sessionInternal)) {
            if (DEBUG_SEC.isDebugEnabled()) {
                DEBUG_SEC.debug(this.webAppSecurity.getContextLog() + ": user: " + getUsername(checkAuthenticate) + " has permissions to access " + httpServletRequest);
            }
            login(httpServletRequest, checkAuthenticate, sessionInternal);
            return true;
        }
        if (DEBUG_SEC.isDebugEnabled()) {
            DEBUG_SEC.debug("AuthCookie not found - permission denied for " + httpServletRequest);
        }
        handleFailure(httpServletRequest, httpServletResponse, false);
        return false;
    }

    protected boolean enforceValidBasicAuthCredentials() {
        WebAppSecurity webAppSecurity = this.webAppSecurity;
        return WebAppSecurity.getEnforceValidBasicAuthCredentials();
    }

    private void handleFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, ServletException {
        if (z && this.webAppSecurity.hasAuthFilters()) {
            invokeAuthFilterChain(httpServletRequest, httpServletResponse);
        } else {
            sendError(httpServletRequest, httpServletResponse);
        }
    }

    private static final String[] splitAuthHeader(HttpServletRequest httpServletRequest) throws IOException {
        String[] split;
        String authorization = ServletRequestImpl.getOriginalRequest(httpServletRequest).getRequestHeaders().getAuthorization();
        if (authorization == null) {
            return null;
        }
        String[] split2 = StringUtils.split(authorization, ' ');
        if (split2[0].equals("Basic") && (split = StringUtils.split(new String(new BASE64Decoder().decodeBuffer(split2[1])), ':')) != null && split.length >= 2) {
            return new String[]{split[0], split[1]};
        }
        return null;
    }
}
