package org.apache.geronimo.jetty6.handler;

import java.io.IOException;
import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.Principal;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.WebResourcePermission;
import javax.security.jacc.WebUserDataPermission;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.geronimo.common.GeronimoSecurityException;
import org.apache.geronimo.jetty6.JAASJettyPrincipal;
import org.apache.geronimo.jetty6.JAASJettyRealm;
import org.apache.geronimo.jetty6.JettyContainer;
import org.apache.geronimo.security.Callers;
import org.apache.geronimo.security.ContextManager;
import org.mortbay.jetty.HttpException;
import org.mortbay.jetty.Request;
import org.mortbay.jetty.Response;
import org.mortbay.jetty.security.Authenticator;
import org.mortbay.jetty.security.FormAuthenticator;
import org.mortbay.jetty.security.SecurityHandler;

/* loaded from: input_file:org/apache/geronimo/jetty6/handler/JettySecurityHandler.class */
public class JettySecurityHandler extends SecurityHandler {
    private String policyContextID;
    private JAASJettyPrincipal defaultPrincipal;
    private String formLoginPath;
    private JAASJettyRealm realm;
    static final /* synthetic */ boolean $assertionsDisabled;

    public JettySecurityHandler(Authenticator authenticator, JAASJettyRealm jAASJettyRealm, String str, Subject subject) {
        setAuthenticator(authenticator);
        this.policyContextID = str;
        if (authenticator instanceof FormAuthenticator) {
            String loginPage = ((FormAuthenticator) authenticator).getLoginPage();
            this.formLoginPath = loginPage.indexOf(63) > 0 ? loginPage.substring(0, loginPage.indexOf(63)) : loginPage;
        } else {
            this.formLoginPath = null;
        }
        this.defaultPrincipal = generateDefaultPrincipal(subject == null ? ContextManager.EMPTY : subject);
        setUserRealm(jAASJettyRealm);
        this.realm = jAASJettyRealm;
        if (!$assertionsDisabled && this.realm == null) {
            throw new AssertionError();
        }
    }

    public boolean hasConstraints() {
        return true;
    }

    public void doStop(JettyContainer jettyContainer) throws Exception {
        try {
            super.doStop();
            jettyContainer.removeRealm(this.realm.getSecurityRealmName());
        } catch (Throwable th) {
            jettyContainer.removeRealm(this.realm.getSecurityRealmName());
            throw th;
        }
    }

    public void handle(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i) throws IOException, ServletException {
        String contextID = PolicyContext.getContextID();
        Callers callers = ContextManager.getCallers();
        try {
            PolicyContext.setContextID(this.policyContextID);
            PolicyContext.setHandlerData(httpServletRequest);
            super.handle(str, httpServletRequest, httpServletResponse, i);
            PolicyContext.setContextID(contextID);
            ContextManager.popCallers(callers);
        } catch (Throwable th) {
            PolicyContext.setContextID(contextID);
            ContextManager.popCallers(callers);
            throw th;
        }
    }

    public boolean checkSecurityConstraints(String str, Request request, Response response) throws IOException {
        if (this.formLoginPath != null) {
            if ((str.indexOf(63) > 0 ? str.substring(0, str.indexOf(63)) : str).equals(this.formLoginPath)) {
                return true;
            }
        }
        try {
            String str2 = request.isSecure() ? "CONFIDENTIAL" : request.getConnection().isIntegral(request) ? "INTEGRAL" : "NONE";
            String str3 = str;
            if (str3.indexOf("%3A") > -1) {
                str3 = str3.replaceAll("%3A", "%3A%3A");
            }
            if (str3.indexOf(":") > -1) {
                str3 = str3.replaceAll(":", "%3A");
            }
            Authenticator authenticator = getAuthenticator();
            boolean z = false;
            if ((authenticator instanceof FormAuthenticator) && str.endsWith("/j_security_check")) {
                authenticator.authenticate(this.realm, str, request, response);
                return false;
            }
            if (request != null) {
                Principal authenticate = authenticator.authenticate(this.realm, str, request, (Response) null);
                if (authenticate == null || authenticate == SecurityHandler.__NOBODY) {
                    ContextManager.setCallers(this.defaultPrincipal.getSubject(), this.defaultPrincipal.getSubject());
                    request.setUserPrincipal(new SecurityHandler.NotChecked(this));
                } else if (authenticate != null) {
                    z = true;
                }
            }
            AccessControlContext currentContext = ContextManager.getCurrentContext();
            currentContext.checkPermission(new WebUserDataPermission(str3, new String[]{request.getMethod()}, str2));
            WebResourcePermission webResourcePermission = new WebResourcePermission(request);
            if (z) {
                currentContext.checkPermission(webResourcePermission);
            } else {
                try {
                    currentContext.checkPermission(webResourcePermission);
                } catch (AccessControlException e) {
                    Principal authenticate2 = authenticator.authenticate(this.realm, str, request, response);
                    if (authenticate2 == SecurityHandler.__NOBODY) {
                        return true;
                    }
                    if (authenticate2 == null) {
                        throw e;
                    }
                }
            }
            return true;
        } catch (AccessControlException e2) {
            if (response.isCommitted()) {
                return false;
            }
            response.sendError(403);
            return false;
        } catch (HttpException e3) {
            response.sendError(e3.getStatus(), e3.getReason());
            return false;
        }
    }

    protected JAASJettyPrincipal generateDefaultPrincipal(Subject subject) throws GeronimoSecurityException {
        if (subject == null) {
            throw new GeronimoSecurityException("Unable to generate default principal");
        }
        JAASJettyPrincipal jAASJettyPrincipal = new JAASJettyPrincipal("default");
        jAASJettyPrincipal.setSubject(subject);
        return jAASJettyPrincipal;
    }

    static {
        $assertionsDisabled = !JettySecurityHandler.class.desiredAssertionStatus();
    }
}
