package weblogic.servlet.security;

import java.io.IOException;
import java.security.AccessController;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import weblogic.diagnostics.debug.DebugLogger;
import weblogic.security.SimpleCallbackHandler;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.AppContextHandler;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.services.AppContext;
import weblogic.servlet.HTTPLogger;
import weblogic.servlet.internal.HttpServer;
import weblogic.servlet.internal.ServletRequestImpl;
import weblogic.servlet.internal.WebAppServletContext;
import weblogic.servlet.internal.session.RSID;
import weblogic.servlet.internal.session.SessionContext;
import weblogic.servlet.internal.session.SessionData;
import weblogic.servlet.internal.session.SessionInternal;
import weblogic.servlet.security.internal.CertSecurityModule;
import weblogic.servlet.security.internal.SecurityModule;
import weblogic.servlet.security.internal.WebAppContextHandler;
import weblogic.servlet.security.internal.WebAppSecurity;

/* loaded from: input_file:weblogic/servlet/security/ServletAuthentication.class */
public final class ServletAuthentication {
    private static final AuthenticatedSubject KERNELID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static final DebugLogger DEBUG_IA = DebugLogger.getDebugLogger("DebugWebAppIdentityAssertion");
    private static final DebugLogger DEBUG_SEC = DebugLogger.getDebugLogger("DebugWebAppSecurity");
    private String usernameField;
    private String passwordField;
    public static final int AUTHENTICATED = 0;
    public static final int FAILED_AUTHENTICATION = 1;
    public static final int NEEDS_CREDENTIALS = 2;

    public ServletAuthentication(String str, String str2) {
        this.usernameField = str;
        this.passwordField = str2;
    }

    public static void done(HttpServletRequest httpServletRequest) {
        logout(httpServletRequest);
    }

    public static boolean logout(HttpServletRequest httpServletRequest) {
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        WebAppServletContext context = originalRequest.getContext();
        HttpServer server = context.getServer();
        SessionInternal sessionInternal = getSessionInternal(httpServletRequest, originalRequest);
        if (sessionInternal == null) {
            return false;
        }
        sessionInternal.removeInternalAttribute(SecurityModule.SESSION_AUTH_USER);
        sessionInternal.removeInternalAttribute(SecurityModule.getWLSAuthCookieName(sessionInternal));
        String idWithServerInfo = sessionInternal.getIdWithServerInfo();
        WebAppServletContext[] allContexts = server.getServletContextManager().getAllContexts();
        if (allContexts != null) {
            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
            for (WebAppServletContext webAppServletContext : allContexts) {
                try {
                    if (webAppServletContext != null && webAppServletContext != context) {
                        Thread.currentThread().setContextClassLoader(webAppServletContext.getServletClassLoader());
                        SessionData sessionInternal2 = webAppServletContext.getSessionContext().getSessionInternal(idWithServerInfo, originalRequest, originalRequest.getResponse());
                        if (sessionInternal2 != null) {
                            sessionInternal2.removeInternalAttribute(SecurityModule.SESSION_AUTH_USER);
                            sessionInternal2.removeInternalAttribute(SecurityModule.getWLSAuthCookieName(sessionInternal2));
                        }
                    }
                } finally {
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                }
            }
        }
        server.getSessionLogin().unregister(sessionInternal.getInternalId());
        AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(KERNELID);
        if (currentSubject == null || SubjectUtils.isUserAnonymous(currentSubject)) {
            return true;
        }
        SecurityServiceManager.popSubject(KERNELID);
        SecurityServiceManager.pushSubject(KERNELID, SubjectUtils.getAnonymousSubject());
        return true;
    }

    public static boolean logout(HttpSession httpSession) {
        SessionContext context;
        WebAppServletContext servletContext;
        HttpServer server;
        if (httpSession == null) {
            return false;
        }
        SessionInternal sessionInternal = httpSession instanceof SessionInternal ? (SessionInternal) httpSession : null;
        if (sessionInternal == null || (context = sessionInternal.getContext()) == null || (servletContext = context.getServletContext()) == null || (server = servletContext.getServer()) == null) {
            return false;
        }
        sessionInternal.removeInternalAttribute(SecurityModule.SESSION_AUTH_USER);
        sessionInternal.removeInternalAttribute(SecurityModule.getWLSAuthCookieName(sessionInternal));
        String idWithServerInfo = sessionInternal.getIdWithServerInfo();
        WebAppServletContext[] allContexts = server.getServletContextManager().getAllContexts();
        if (allContexts != null) {
            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
            for (WebAppServletContext webAppServletContext : allContexts) {
                try {
                    if (webAppServletContext != null && webAppServletContext != servletContext) {
                        Thread.currentThread().setContextClassLoader(webAppServletContext.getServletClassLoader());
                        SessionData sessionInternal2 = webAppServletContext.getSessionContext().getSessionInternal(idWithServerInfo, null, null);
                        if (sessionInternal2 != null) {
                            sessionInternal2.removeInternalAttribute(SecurityModule.SESSION_AUTH_USER);
                            sessionInternal2.removeInternalAttribute(SecurityModule.getWLSAuthCookieName(sessionInternal2));
                        }
                    }
                } finally {
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                }
            }
        }
        server.getSessionLogin().unregister(sessionInternal.getInternalId());
        AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(KERNELID);
        if (currentSubject == null || SubjectUtils.isUserAnonymous(currentSubject)) {
            return true;
        }
        SecurityServiceManager.popSubject(KERNELID);
        SecurityServiceManager.pushSubject(KERNELID, SubjectUtils.getAnonymousSubject());
        return true;
    }

    public static boolean invalidateAll(HttpServletRequest httpServletRequest) {
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        HttpServer server = originalRequest.getContext().getServer();
        SessionInternal sessionInternal = getSessionInternal(httpServletRequest, originalRequest);
        if (sessionInternal == null) {
            return false;
        }
        String idWithServerInfo = sessionInternal.getIdWithServerInfo();
        sessionInternal.invalidate();
        WebAppServletContext[] allContexts = server.getServletContextManager().getAllContexts();
        if (allContexts != null) {
            ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
            for (WebAppServletContext webAppServletContext : allContexts) {
                try {
                    if (webAppServletContext != null) {
                        Thread.currentThread().setContextClassLoader(webAppServletContext.getServletClassLoader());
                        SessionData sessionInternal2 = webAppServletContext.getSessionContext().getSessionInternal(idWithServerInfo, originalRequest, originalRequest.getResponse());
                        if (sessionInternal2 != null) {
                            webAppServletContext.invalidateSession(sessionInternal2);
                        }
                    }
                } finally {
                    Thread.currentThread().setContextClassLoader(contextClassLoader);
                }
            }
        }
        originalRequest.getSessionHelper().killOldSession();
        server.getSessionLogin().unregister(sessionInternal.getInternalId());
        AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(KERNELID);
        if (currentSubject == null || SubjectUtils.isUserAnonymous(currentSubject)) {
            return true;
        }
        SecurityServiceManager.popSubject(KERNELID);
        SecurityServiceManager.pushSubject(KERNELID, SubjectUtils.getAnonymousSubject());
        return true;
    }

    public static void killCookie(HttpServletRequest httpServletRequest) {
        ServletRequestImpl.getOriginalRequest(httpServletRequest).getSessionHelper().killOldSession();
        AuthenticatedSubject currentSubject = SecurityServiceManager.getCurrentSubject(KERNELID);
        if (currentSubject == null || SubjectUtils.isUserAnonymous(currentSubject)) {
            return;
        }
        SecurityServiceManager.popSubject(KERNELID);
        SecurityServiceManager.pushSubject(KERNELID, SubjectUtils.getAnonymousSubject());
    }

    public static int strong(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        return strong(httpServletRequest, httpServletResponse, ServletRequestImpl.getOriginalRequest(httpServletRequest).getContext().getSecurityRealmName());
    }

    public static int strong(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws ServletException, IOException {
        try {
            return assertIdentity(httpServletRequest, httpServletResponse, str);
        } catch (LoginException e) {
            if (!DEBUG_SEC.isDebugEnabled()) {
                return 1;
            }
            DEBUG_SEC.debug("Login failed for request: " + httpServletRequest.toString(), e);
            return 1;
        }
    }

    public static int assertIdentity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws ServletException, IOException, LoginException {
        return assertIdentity(httpServletRequest, httpServletResponse, str, null);
    }

    public static int assertIdentity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, AppContext appContext) throws ServletException, IOException, LoginException {
        CertSecurityModule.Token findToken;
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        if (originalRequest == null) {
            throw new IllegalArgumentException("The request wrapper doesn't allow access to original request");
        }
        PrincipalAuthenticator principalAuthenticator = (PrincipalAuthenticator) SecurityServiceManager.getSecurityService(KERNELID, str, SecurityService.ServiceType.AUTHENTICATION);
        AuthenticatedSubject authenticatedSubject = null;
        try {
            findToken = CertSecurityModule.findToken(httpServletRequest, originalRequest.getConnection(), originalRequest.getContext(), principalAuthenticator);
        } catch (SecurityException e) {
            if (DEBUG_IA.isDebugEnabled()) {
                DEBUG_IA.debug("Indentity assertion failed", e);
            }
            HTTPLogger.logCertAuthenticationError(httpServletRequest.getRequestURI(), e);
        }
        if (findToken == null) {
            return 2;
        }
        if (DEBUG_IA.isDebugEnabled()) {
            DEBUG_IA.debug("assertIdentity with tokem.type: " + findToken.type + " token.value: " + findToken.value);
        }
        authenticatedSubject = principalAuthenticator.assertIdentity(findToken.type, findToken.value, appContext == null ? WebAppSecurity.getContextHandler(httpServletRequest, httpServletResponse) : AppContextHandler.getInstance(appContext));
        if (authenticatedSubject == null || SubjectUtils.isUserAnonymous(authenticatedSubject)) {
            return 1;
        }
        SessionInternal sessionInternal = getSessionInternal(httpServletRequest, originalRequest);
        sessionInternal.setInternalAttribute(SecurityModule.SESSION_AUTH_USER, authenticatedSubject);
        SecurityServiceManager.pushSubject(KERNELID, authenticatedSubject);
        SecurityModule.setupAuthCookie(originalRequest.getContext().getServer(), httpServletRequest, sessionInternal, sessionInternal.getInternalId());
        return 0;
    }

    public int weak(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        return weak(httpServletRequest.getParameter(this.usernameField), httpServletRequest.getParameter(this.passwordField), httpServletRequest);
    }

    public static int weak(String str, String str2, HttpServletRequest httpServletRequest) {
        return weak(str, str2, httpServletRequest, null);
    }

    public static int weak(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            return login(str, str2, httpServletRequest, httpServletResponse);
        } catch (LoginException e) {
            return 1;
        }
    }

    public static int login(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws LoginException {
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        if (httpServletResponse == null) {
            httpServletResponse = originalRequest.getResponse();
        }
        WebAppServletContext context = originalRequest.getContext();
        AuthenticatedSubject checkAuthenticate = SecurityModule.checkAuthenticate(str, str2, httpServletRequest, httpServletResponse, context);
        if (checkAuthenticate == null) {
            return 1;
        }
        SessionInternal sessionInternal = getSessionInternal(httpServletRequest, originalRequest);
        context.getServer().getSessionLogin().setUser(sessionInternal.getInternalId(), checkAuthenticate);
        sessionInternal.setInternalAttribute(SecurityModule.SESSION_AUTH_USER, checkAuthenticate);
        SecurityServiceManager.pushSubject(KERNELID, checkAuthenticate);
        SecurityModule.setupAuthCookie(originalRequest.getContext().getServer(), httpServletRequest, sessionInternal, sessionInternal.getInternalId());
        return 0;
    }

    public static int weak(String str, String str2, HttpSession httpSession) {
        if (httpSession == null || !(httpSession instanceof SessionInternal)) {
            return 1;
        }
        SessionInternal sessionInternal = (SessionInternal) httpSession;
        WebAppServletContext servletContext = sessionInternal.getContext().getServletContext();
        HttpServer server = servletContext.getServer();
        try {
            AuthenticatedSubject authenticate = ((PrincipalAuthenticator) SecurityServiceManager.getSecurityService(KERNELID, servletContext.getSecurityRealmName(), SecurityService.ServiceType.AUTHENTICATION)).authenticate(new SimpleCallbackHandler(str, str2));
            if (authenticate == null) {
                return 1;
            }
            server.getSessionLogin().setUser(sessionInternal.getInternalId(), authenticate);
            sessionInternal.setInternalAttribute(SecurityModule.SESSION_AUTH_USER, authenticate);
            SecurityServiceManager.pushSubject(KERNELID, authenticate);
            return 0;
        } catch (LoginException e) {
            if (!DEBUG_SEC.isDebugEnabled()) {
                return 1;
            }
            DEBUG_SEC.debug("Login failed", e);
            return 1;
        }
    }

    public static int authObject(String str, Object obj, HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(true);
        if (session == null) {
            return 1;
        }
        return authObject(str, obj, session, httpServletRequest);
    }

    public static int authObject(String str, Object obj, HttpSession httpSession, HttpServletRequest httpServletRequest) {
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        WebAppServletContext context = originalRequest.getContext();
        AuthenticatedSubject checkAuthenticate = SecurityModule.checkAuthenticate(str, obj, httpServletRequest, originalRequest.getResponse(), context, false);
        if (checkAuthenticate == null) {
            return 1;
        }
        SessionInternal sessionInternal = (httpSession == null || !(httpSession instanceof SessionInternal)) ? getSessionInternal(httpServletRequest, originalRequest) : (SessionInternal) httpSession;
        context.getServer().getSessionLogin().setUser(sessionInternal.getInternalId(), checkAuthenticate);
        sessionInternal.setInternalAttribute(SecurityModule.SESSION_AUTH_USER, checkAuthenticate);
        SecurityServiceManager.pushSubject(KERNELID, checkAuthenticate);
        return 0;
    }

    public static int authenticate(CallbackHandler callbackHandler, HttpServletRequest httpServletRequest) {
        try {
            return login(callbackHandler, httpServletRequest);
        } catch (LoginException e) {
            if (!DEBUG_SEC.isDebugEnabled()) {
                return 1;
            }
            DEBUG_SEC.debug("Login failed for request: " + httpServletRequest.toString(), e);
            return 1;
        }
    }

    public static int login(CallbackHandler callbackHandler, HttpServletRequest httpServletRequest) throws LoginException {
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        AuthenticatedSubject authenticate = ((PrincipalAuthenticator) SecurityServiceManager.getSecurityService(KERNELID, originalRequest.getContext().getSecurityRealmName(), SecurityService.ServiceType.AUTHENTICATION)).authenticate(callbackHandler, new WebAppContextHandler(httpServletRequest, originalRequest.getResponse()));
        if (authenticate == null) {
            return 1;
        }
        SessionInternal sessionInternal = getSessionInternal(httpServletRequest, originalRequest);
        HttpServer server = originalRequest.getContext().getServer();
        if (sessionInternal != null) {
            if (server != null) {
                server.getSessionLogin().setUser(sessionInternal.getInternalId(), authenticate);
            }
            sessionInternal.setInternalAttribute(SecurityModule.SESSION_AUTH_USER, authenticate);
        } else {
            String requestedSessionId = httpServletRequest.getRequestedSessionId();
            if (requestedSessionId != null && authenticate != null && !SubjectUtils.isUserAnonymous(authenticate) && !SecurityServiceManager.isKernelIdentity(authenticate)) {
                server.getSessionLogin().setUser(RSID.getID(requestedSessionId), authenticate);
            }
        }
        SecurityServiceManager.pushSubject(KERNELID, authenticate);
        SecurityModule.setupAuthCookie(server, httpServletRequest, sessionInternal, sessionInternal.getInternalId());
        return 0;
    }

    public static void generateNewSessionID(HttpServletRequest httpServletRequest) {
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        originalRequest.getSessionHelper().updateSessionId();
        SessionInternal sessionInternal = getSessionInternal(httpServletRequest, originalRequest);
        SecurityModule.setupAuthCookie(originalRequest.getContext().getServer(), httpServletRequest, sessionInternal, sessionInternal.getInternalId());
    }

    public static Cookie getSessionCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        return originalRequest.getResponse().getCookie(originalRequest.getContext().getSessionContext().getConfigMgr().getCookieName());
    }

    public static void runAs(Subject subject, HttpServletRequest httpServletRequest) {
        runAs(AuthenticatedSubject.getFromSubject(subject), httpServletRequest);
    }

    public static void runAs(AuthenticatedSubject authenticatedSubject, HttpServletRequest httpServletRequest) {
        ServletRequestImpl originalRequest = ServletRequestImpl.getOriginalRequest(httpServletRequest);
        HttpServer server = originalRequest.getContext().getServer();
        SessionInternal sessionInternal = getSessionInternal(httpServletRequest, originalRequest);
        sessionInternal.setInternalAttribute(SecurityModule.SESSION_AUTH_USER, authenticatedSubject);
        if (server != null) {
            server.getSessionLogin().setUser(sessionInternal.getInternalId(), authenticatedSubject);
        }
        SecurityServiceManager.pushSubject(KERNELID, authenticatedSubject);
        SecurityModule.setupAuthCookie(server, httpServletRequest, sessionInternal, sessionInternal.getInternalId());
    }

    public static String getTargetURLForFormAuthentication(HttpSession httpSession) {
        return ((WebAppServletContext) httpSession.getServletContext()).getConfigManager().isServletAuthFromURL() ? (String) ((SessionInternal) httpSession).getInternalAttribute("weblogic.formauth.targeturl") : (String) ((SessionInternal) httpSession).getInternalAttribute(SecurityModule.SESSION_FORM_URI);
    }

    public static String getTargetURIForFormAuthentication(HttpSession httpSession) {
        return (String) ((SessionInternal) httpSession).getInternalAttribute(SecurityModule.SESSION_FORM_URI);
    }

    private static SessionInternal getSessionInternal(HttpServletRequest httpServletRequest, ServletRequestImpl servletRequestImpl) {
        HttpSession session = httpServletRequest.getSession(true);
        SessionInternal sessionInternal = session instanceof SessionInternal ? (SessionInternal) session : (SessionInternal) servletRequestImpl.getSession(false);
        if (sessionInternal == null) {
            throw new AssertionError("Internal type of session is not available.");
        }
        return sessionInternal;
    }
}
