package org.apache.tomcat.modules.aaa;

import java.io.File;
import org.apache.tomcat.core.BaseInterceptor;
import org.apache.tomcat.core.Container;
import org.apache.tomcat.core.Context;
import org.apache.tomcat.core.ContextManager;
import org.apache.tomcat.core.Request;
import org.apache.tomcat.core.Response;
import org.apache.tomcat.core.TomcatException;
import org.apache.tomcat.util.buf.Ascii;
import org.apache.tomcat.util.buf.MessageBytes;
import org.apache.tomcat.util.io.FileUtil;

/* loaded from: input_file:org/apache/tomcat/modules/aaa/AccessInterceptor.class */
public class AccessInterceptor extends BaseInterceptor {
    ContextManager cm;
    int secMapNote;
    int reqRolesNote;
    int reqTransportNote;
    boolean ignoreCase;

    public AccessInterceptor() {
        this.ignoreCase = false;
        this.ignoreCase = File.separatorChar == '\\';
    }

    public void setIgnoreCase(boolean z) {
        this.ignoreCase = z;
    }

    public void engineInit(ContextManager contextManager) throws TomcatException {
        super.engineInit(contextManager);
        this.cm = contextManager;
        this.secMapNote = contextManager.getNoteId(1, "map.security");
        this.reqRolesNote = contextManager.getNoteId(2, "required.roles");
        this.reqTransportNote = contextManager.getNoteId(2, "required.transport");
    }

    public void contextInit(Context context) throws TomcatException {
        String authMethod = context.getAuthMethod();
        if (((BaseInterceptor) this).debug > 0) {
            log(new StringBuffer().append("Init  ").append(context.getHost()).append(" ").append(context.getPath()).append(" ").append(authMethod).toString());
        }
        if (!"FORM".equals(authMethod)) {
            if ("BASIC".equals(authMethod)) {
                BasicAuthHandler basicAuthHandler = new BasicAuthHandler();
                basicAuthHandler.setModule(this);
                context.addServlet(basicAuthHandler);
                context.addErrorPage("401", "tomcat.basicAuthHandler");
                return;
            }
            return;
        }
        String formLoginPage = context.getFormLoginPage();
        String formErrorPage = context.getFormErrorPage();
        if (formLoginPage == null || formErrorPage == null) {
            context.log(new StringBuffer().append("Form login without form pages, defaulting to basic ").append(formLoginPage).append(" ").append(formErrorPage).toString());
            BasicAuthHandler basicAuthHandler2 = new BasicAuthHandler();
            basicAuthHandler2.setModule(this);
            context.addServlet(basicAuthHandler2);
            context.addErrorPage("401", "tomcat.basicAuthHandler");
            return;
        }
        if (!formLoginPage.startsWith("/")) {
            context.log(new StringBuffer().append("FORM: login page doesn't start with / ").append(formLoginPage).toString());
            formLoginPage = new StringBuffer().append("/").append(formLoginPage).toString();
        }
        if (!formErrorPage.startsWith("/")) {
            context.log(new StringBuffer().append("FORM: error page doesn't start with / ").append(formErrorPage).toString());
            formErrorPage = new StringBuffer().append("/").append(formErrorPage).toString();
        }
        String path = context.getPath();
        if (!formLoginPage.startsWith(path)) {
            formLoginPage = new StringBuffer().append(path).append(formLoginPage).toString();
        } else if (!"".equals(path) && !"/".equals(path)) {
            context.log(new StringBuffer().append("FORM: WARNING, login page starts with context path ").append(formLoginPage).append(" ").append(path).toString());
        }
        if (!formErrorPage.startsWith(path)) {
            formErrorPage = new StringBuffer().append(path).append(formErrorPage).toString();
        } else if (!"/".equals(path) && !"".equals(path)) {
            context.log(new StringBuffer().append("FORM: WARNING, error page starts with context path ").append(formErrorPage).toString());
        }
        context.setFormLoginPage(formLoginPage);
        context.setFormErrorPage(formErrorPage);
        FormAuthHandler formAuthHandler = new FormAuthHandler();
        formAuthHandler.setModule(this);
        context.addServlet(formAuthHandler);
        FormSecurityCheckHandler formSecurityCheckHandler = new FormSecurityCheckHandler();
        formSecurityCheckHandler.setModule(this);
        context.addServlet(formSecurityCheckHandler);
        context.addErrorPage("401", "tomcat.formAuthHandler");
        String substring = formLoginPage.substring(path.length());
        int lastIndexOf = substring.lastIndexOf("/");
        String stringBuffer = lastIndexOf > 0 ? new StringBuffer().append(substring.substring(0, lastIndexOf)).append("/j_security_check").toString() : "/j_security_check";
        context.addServletMapping(stringBuffer, "tomcat.formSecurityCheck");
        if (((BaseInterceptor) this).debug > 0) {
            context.log(new StringBuffer().append("Map ").append(stringBuffer).append(" to tomcat.formSecurityCheck for ").append(formLoginPage).toString());
        }
    }

    public void removeContainer(Container container) throws TomcatException {
    }

    public void addContainer(Container container) throws TomcatException {
        Context context = container.getContext();
        Container container2 = context.getContainer();
        SecurityConstraints securityConstraints = (SecurityConstraints) container2.getNote(this.secMapNote);
        if (securityConstraints == null) {
            securityConstraints = new SecurityConstraints();
            container2.setNote(this.secMapNote, securityConstraints);
        }
        if (container.getRoles() == null && container.getTransport() == null) {
            return;
        }
        if (((BaseInterceptor) this).debug > 0) {
            log(new StringBuffer().append("addContainer() ").append(context.getHost()).append(" ").append(context.getPath()).append(" ").append(container.getPath()).toString());
        }
        securityConstraints.addContainer(container);
    }

    public int requestMap(Request request) {
        Context context = request.getContext();
        SecurityConstraints securityConstraints = (SecurityConstraints) context.getContainer().getNote(this.secMapNote);
        MessageBytes requestURI = request.requestURI();
        int length = context.getPath().length();
        if (requestURI.startsWithIgnoreCase("/META-INF", length) || requestURI.startsWithIgnoreCase("/WEB-INF", length)) {
            request.setAttribute("javax.servlet.error.message", "Forbidden directory");
            return 403;
        }
        if (securityConstraints == null || securityConstraints.patterns == 0) {
            return 0;
        }
        String substring = request.requestURI().toString().substring(length);
        String messageBytes = request.method().toString();
        if (((BaseInterceptor) this).debug > 1) {
            log(new StringBuffer().append("checking ").append(substring).toString());
        }
        for (int i = 0; i < securityConstraints.patterns; i++) {
            Container container = securityConstraints.securityPatterns[i];
            if (match(container, substring, messageBytes)) {
                request.setSecurityContext(container);
                String[] roles = container.getRoles();
                String[] methods = container.getMethods();
                String transport = container.getTransport();
                if (((BaseInterceptor) this).debug > 0) {
                    StringBuffer stringBuffer = new StringBuffer("matched ");
                    stringBuffer.append(container.getPath()).append(" ");
                    if (methods != null) {
                        for (String str : methods) {
                            stringBuffer.append(str).append(" ");
                        }
                    }
                    stringBuffer.append(transport).append(" ");
                    if (roles != null) {
                        for (String str2 : roles) {
                            stringBuffer.append(str2).append(" ");
                        }
                    }
                    log(stringBuffer.toString());
                }
                if (transport != null && !"NONE".equals(transport)) {
                    request.setNote(this.reqTransportNote, transport);
                }
                if (roles != null && roles.length > 0) {
                    request.setRequiredRoles(roles);
                }
            }
        }
        return 0;
    }

    public int authorize(Request request, Response response, String[] strArr) {
        if (request.getSecurityContext() == null && strArr == null) {
            return 0;
        }
        if (strArr == null) {
            strArr = request.getSecurityContext().getRoles();
        }
        String str = request.getSecurityContext() != null ? (String) request.getNote(this.reqTransportNote) : null;
        if (((BaseInterceptor) this).debug > 0) {
            log(new StringBuffer().append("Transport ").append(str).toString());
        }
        if (("CONFIDENTIAL".equalsIgnoreCase(str) || "INTEGRAL".equalsIgnoreCase(str)) && !request.scheme().equals("https")) {
            response.setContentType("text/html");
            response.setStatus(403);
            request.setAttribute("javax.servlet.error.message", "Invalid transport, CONFIDENTIAL required");
            return 403;
        }
        if (strArr == null || strArr.length == 0) {
            return 0;
        }
        String remoteUser = request.getRemoteUser();
        if (remoteUser == null) {
            return -1;
        }
        if (((BaseInterceptor) this).debug > 0) {
            log(new StringBuffer().append("Controled access for ").append(remoteUser).append(" ").append(request).append(" ").append(request.getContainer()).toString());
        }
        String[] userRoles = request.getUserRoles();
        if (userRoles == null) {
            return -1;
        }
        for (int i = 0; i < userRoles.length; i++) {
            for (String str2 : strArr) {
                if (userRoles[i] != null && userRoles[i].equals(str2)) {
                    return 0;
                }
            }
        }
        if (((BaseInterceptor) this).debug <= 0) {
            return -1;
        }
        log(new StringBuffer().append("UnAuthorized ").append(strArr[0]).toString());
        return -1;
    }

    boolean match(Container container, String str, String str2) {
        String path = container.getPath();
        int length = path.length();
        String[] methods = container.getMethods();
        if (methods != null && methods.length > 0) {
            boolean z = false;
            int i = 0;
            while (true) {
                if (i >= methods.length) {
                    break;
                }
                if (str2.equalsIgnoreCase(methods[i])) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z) {
                return false;
            }
        }
        switch (container.getMapType()) {
            case 1:
                return this.ignoreCase ? str.equalsIgnoreCase(path) : str.equals(path);
            case 2:
                if (str.length() < length - 2) {
                    return false;
                }
                int i2 = length - 2;
                if (str.length() > i2) {
                    i2++;
                }
                if (this.ignoreCase) {
                    for (int i3 = 0; i3 < i2; i3++) {
                        if (Ascii.toLower(str.charAt(i3)) != Ascii.toLower(path.charAt(i3))) {
                            return false;
                        }
                    }
                    return true;
                }
                for (int i4 = 0; i4 < i2; i4++) {
                    if (str.charAt(i4) != path.charAt(i4)) {
                        return false;
                    }
                }
                return true;
            case 3:
                return this.ignoreCase ? path.substring(1).equalsIgnoreCase(FileUtil.getExtension(str)) : path.substring(1).equals(FileUtil.getExtension(str));
            default:
                return false;
        }
    }
}
