package weblogic.servlet.security.internal;

import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import weblogic.apache.org.apache.velocity.servlet.VelocityServlet;
import weblogic.diagnostics.instrumentation.DelegatingMonitor;
import weblogic.diagnostics.instrumentation.InstrumentationSupport;
import weblogic.diagnostics.instrumentation.JoinPoint;
import weblogic.diagnostics.instrumentation.PointcutHandlingInfo;
import weblogic.diagnostics.instrumentation.ValueHandlingInfo;
import weblogic.diagnostics.instrumentation.engine.base.InstrumentationEngineConstants;
import weblogic.j2ee.descriptor.LoginConfigBean;
import weblogic.management.DeploymentException;
import weblogic.security.SubjectUtils;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.service.PrincipalAuthenticator;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityService;
import weblogic.security.service.SecurityServiceManager;
import weblogic.servlet.HTTPLogger;
import weblogic.servlet.internal.RequestDispatcherImpl;
import weblogic.servlet.internal.WebAppServletContext;

/* loaded from: input_file:weblogic/servlet/security/internal/ServletSecurityManager.class */
public final class ServletSecurityManager {
    private final WebAppSecurity webAppSecurity;
    private final WebAppServletContext context;
    private final boolean jaccEnabled = SecurityServiceManager.isJACCEnabled();
    private SecurityModule delegateModule;
    static final long serialVersionUID = -6466139857456605732L;
    public static final String _WLDF$INST_VERSION = "9.0.0";
    static /* synthetic */ Class _WLDF$INST_FLD_class = Class.forName("weblogic.servlet.security.internal.ServletSecurityManager");
    public static final DelegatingMonitor _WLDF$INST_FLD_Servlet_Check_Access_Around_Medium = (DelegatingMonitor) InstrumentationSupport.getMonitor(_WLDF$INST_FLD_class, "Servlet_Check_Access_Around_Medium");
    public static final JoinPoint _WLDF$INST_JPFLD_0 = InstrumentationSupport.createJoinPoint(_WLDF$INST_FLD_class, "ServletSecurityManager.java", "weblogic.servlet.security.internal.ServletSecurityManager", "checkAccess", "(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;Z)Z", 57, InstrumentationSupport.makeMap(new String[]{"Servlet_Check_Access_Around_Medium"}, new PointcutHandlingInfo[]{InstrumentationSupport.createPointcutHandlingInfo(null, InstrumentationSupport.createValueHandlingInfo(InstrumentationEngineConstants.WLDF_LOCALHOLDER_RETURN_FIELDNAME, null, false, true), new ValueHandlingInfo[]{InstrumentationSupport.createValueHandlingInfo(VelocityServlet.REQUEST, "weblogic.diagnostics.instrumentation.gathering.ServletRequestRenderer", false, true), null, null})}), false);
    private static final AuthenticatedSubject KERNEL_ID = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/servlet/security/internal/ServletSecurityManager$AuthFilterAction.class */
    public static class AuthFilterAction implements PrivilegedAction {
        private HttpServletRequest request;
        private HttpServletResponse response;
        private RequestDispatcherImpl dispatcher;

        AuthFilterAction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestDispatcherImpl requestDispatcherImpl) {
            this.request = httpServletRequest;
            this.response = httpServletResponse;
            this.dispatcher = requestDispatcherImpl;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            try {
                this.dispatcher.include(this.request, this.response);
                return null;
            } catch (Throwable th) {
                return th;
            }
        }
    }

    public ServletSecurityManager(WebAppServletContext webAppServletContext) throws DeploymentException {
        this.context = webAppServletContext;
        if (!this.jaccEnabled || webAppServletContext.isInternalApp() || this.context.getDocroot() == null) {
            this.webAppSecurity = new WebAppSecurityWLS(webAppServletContext);
        } else {
            this.webAppSecurity = new WebAppSecurityJacc(webAppServletContext);
        }
        this.delegateModule = SecurityModule.createModule(this.context, this.webAppSecurity);
    }

    public PrincipalAuthenticator getPrincipalAuthenticator() {
        return (PrincipalAuthenticator) SecurityServiceManager.getSecurityService(KERNEL_ID, this.context.getSecurityRealmName(), SecurityService.ServiceType.AUTHENTICATION);
    }

    /*  JADX ERROR: NullPointerException in pass: RegionMakerVisitor
        java.lang.NullPointerException
        */
    /* JADX WARN: Finally extract failed */
    /* JADX WARN: Type inference failed for: r1v21, types: [weblogic.diagnostics.instrumentation.DynamicJoinPoint, weblogic.diagnostics.instrumentation.JoinPoint, boolean] */
    /* JADX WARN: Type inference failed for: r1v32, types: [weblogic.diagnostics.instrumentation.DynamicJoinPoint, weblogic.diagnostics.instrumentation.JoinPoint, boolean] */
    /* JADX WARN: Type inference failed for: r1v42, types: [weblogic.diagnostics.instrumentation.DynamicJoinPoint, weblogic.diagnostics.instrumentation.JoinPoint, boolean] */
    public boolean checkAccess(javax.servlet.http.HttpServletRequest r8, javax.servlet.http.HttpServletResponse r9, boolean r10) throws java.io.IOException, javax.servlet.ServletException {
        /*
            Method dump skipped, instructions count: 455
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean):boolean");
    }

    public WebAppSecurity getWebAppSecurity() {
        return this.webAppSecurity;
    }

    public void setLoginConfig(LoginConfigBean loginConfigBean) {
        this.webAppSecurity.setLoginConfig(loginConfigBean);
        this.delegateModule = SecurityModule.createModule(this.context, this.webAppSecurity);
    }

    public void setAuthRealmName(String str) {
        this.delegateModule.setAuthRealmBanner(str);
    }

    private RequestDispatcherImpl invokePreAuthFilters(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        RequestDispatcherImpl authFilterRD = this.webAppSecurity.getAuthFilterRD();
        if (authFilterRD == null) {
            return null;
        }
        httpServletRequest.setAttribute(SecurityModule.REQUEST_AUTH_RESULT, new Integer(-1));
        Throwable th = (Throwable) SecurityServiceManager.runAs(KERNEL_ID, SubjectUtils.getAnonymousSubject(), new AuthFilterAction(httpServletRequest, httpServletResponse, authFilterRD));
        if (th != null) {
            HTTPLogger.logAuthFilterInvocationFailed(this.webAppSecurity.getAuthFilter(), "pre-auth", httpServletRequest.getRequestURI(), th);
        }
        httpServletRequest.removeAttribute(SecurityModule.REQUEST_AUTH_RESULT);
        return authFilterRD;
    }

    private void invokePostAuthFilters(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestDispatcherImpl requestDispatcherImpl, boolean z) throws IOException {
        AuthenticatedSubject authenticatedSubject = null;
        if (httpServletRequest.getAttribute(SecurityModule.REQUEST_AUTH_RESULT) == null) {
            if (z) {
                authenticatedSubject = SecurityModule.getCurrentUser(this.context.getServer(), httpServletRequest);
                httpServletRequest.setAttribute(SecurityModule.REQUEST_AUTH_RESULT, new Integer(0));
            } else {
                httpServletRequest.setAttribute(SecurityModule.REQUEST_AUTH_RESULT, new Integer(1));
            }
        }
        if (authenticatedSubject == null) {
            authenticatedSubject = SubjectUtils.getAnonymousSubject();
        }
        Throwable th = (Throwable) SecurityServiceManager.runAs(KERNEL_ID, authenticatedSubject, new AuthFilterAction(httpServletRequest, httpServletResponse, requestDispatcherImpl));
        if (th != null) {
            HTTPLogger.logAuthFilterInvocationFailed(this.webAppSecurity.getAuthFilter(), "post-auth", httpServletRequest.getRequestURI(), th);
        }
        Integer num = (Integer) httpServletRequest.getAttribute(SecurityModule.REQUEST_AUTH_RESULT);
        if (num != null && z && num.intValue() == 1) {
            this.delegateModule.sendError(httpServletRequest, httpServletResponse);
        }
    }
}
