package com.ecyrd.jspwiki.auth.authorize;

import com.ecyrd.jspwiki.InternalWikiException;
import com.ecyrd.jspwiki.WikiEngine;
import com.ecyrd.jspwiki.WikiSession;
import com.ecyrd.jspwiki.auth.AuthorizationManager;
import java.io.IOException;
import java.net.URL;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import org.jdom.Document;
import org.jdom.Element;
import org.jdom.JDOMException;
import org.jdom.xpath.XPath;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:com/ecyrd/jspwiki/auth/authorize/WebContainerAuthorizer.class */
public class WebContainerAuthorizer implements WebAuthorizer {
    protected static final Logger log;
    protected WikiEngine m_engine;
    protected Role[] m_containerRoles = new Role[0];
    protected boolean m_containerAuthorized = false;
    private Document m_webxml = null;
    static Class class$com$ecyrd$jspwiki$auth$authorize$WebContainerAuthorizer;

    /* loaded from: input_file:com/ecyrd/jspwiki/auth/authorize/WebContainerAuthorizer$LocalEntityResolver.class */
    public class LocalEntityResolver implements EntityResolver {
        private final WebContainerAuthorizer this$0;

        public LocalEntityResolver(WebContainerAuthorizer webContainerAuthorizer) {
            this.this$0 = webContainerAuthorizer;
        }

        @Override // org.xml.sax.EntityResolver
        public InputSource resolveEntity(String str, String str2) throws SAXException, IOException {
            URL resource;
            Class cls;
            String substring = str2.substring(str2.lastIndexOf(47) + 1);
            if (this.this$0.m_engine.getServletContext() == null) {
                if (WebContainerAuthorizer.class$com$ecyrd$jspwiki$auth$authorize$WebContainerAuthorizer == null) {
                    cls = WebContainerAuthorizer.class$(AuthorizationManager.DEFAULT_AUTHORIZER);
                    WebContainerAuthorizer.class$com$ecyrd$jspwiki$auth$authorize$WebContainerAuthorizer = cls;
                } else {
                    cls = WebContainerAuthorizer.class$com$ecyrd$jspwiki$auth$authorize$WebContainerAuthorizer;
                }
                resource = cls.getClassLoader().getResource(new StringBuffer().append("WEB-INF/dtd/").append(substring).toString());
            } else {
                resource = this.this$0.m_engine.getServletContext().getResource(new StringBuffer().append("/WEB-INF/dtd/").append(substring).toString());
            }
            if (resource == null) {
                WebContainerAuthorizer.log.info(new StringBuffer().append("Please note: There are no local DTD references in /WEB-INF/dtd/").append(substring).append("; falling back to default behaviour.").append(" This may mean that the XML parser will attempt to connect to the internet to find the DTD.").append(" If you are running JSPWiki locally in an unconnected network, you might want to put the DTD files in place to avoid nasty UnknownHostExceptions.").toString());
                return null;
            }
            InputSource inputSource = new InputSource(resource.openStream());
            WebContainerAuthorizer.log.debug(new StringBuffer().append("Resolved systemID=").append(str2).append(" using local file ").append(resource).toString());
            return inputSource;
        }
    }

    @Override // com.ecyrd.jspwiki.auth.Authorizer
    public void initialize(WikiEngine wikiEngine, Properties properties) {
        this.m_engine = wikiEngine;
        this.m_containerAuthorized = false;
        try {
            this.m_webxml = getWebXml();
            if (this.m_webxml != null) {
                this.m_containerAuthorized = isConstrained("/Delete.jsp", Role.ALL) && isConstrained("/Login.jsp", Role.ALL);
            }
            if (this.m_containerAuthorized) {
                this.m_containerRoles = getRoles(this.m_webxml);
                log.info("JSPWiki is using container-managed authentication.");
            } else {
                log.info("JSPWiki is using custom authentication.");
            }
            if (this.m_containerRoles.length > 0) {
                String str = "";
                for (int i = 0; i < this.m_containerRoles.length; i++) {
                    str = new StringBuffer().append(str).append(this.m_containerRoles[i]).append(" ").toString();
                }
                log.info(new StringBuffer().append(" JSPWiki determined the web container manages these roles: ").append(str).toString());
            }
            log.info("Authorizer WebContainerAuthorizer initialized successfully.");
        } catch (JDOMException e) {
            log.error("Malformed XML in web.xml", e);
            throw new InternalWikiException(new StringBuffer().append(e.getClass().getName()).append(": ").append(e.getMessage()).toString());
        } catch (IOException e2) {
            log.error("Initialization failed: ", e2);
            throw new InternalWikiException(new StringBuffer().append(e2.getClass().getName()).append(": ").append(e2.getMessage()).toString());
        }
    }

    @Override // com.ecyrd.jspwiki.auth.authorize.WebAuthorizer
    public boolean isUserInRole(HttpServletRequest httpServletRequest, Principal principal) {
        return httpServletRequest.isUserInRole(principal.getName());
    }

    @Override // com.ecyrd.jspwiki.auth.Authorizer
    public boolean isUserInRole(WikiSession wikiSession, Principal principal) {
        if (wikiSession == null || principal == null) {
            return false;
        }
        return wikiSession.hasPrincipal(principal);
    }

    @Override // com.ecyrd.jspwiki.auth.Authorizer
    public Principal findRole(String str) {
        for (int i = 0; i < this.m_containerRoles.length; i++) {
            if (this.m_containerRoles[i].getName().equals(str)) {
                return this.m_containerRoles[i];
            }
        }
        return null;
    }

    public boolean isConstrained(String str, Role role) throws JDOMException {
        List<Element> selectNodes = XPath.selectNodes(this.m_webxml, new StringBuffer().append("//web-app/security-constraint[web-resource-collection/url-pattern=\"").append(str).append("\"]").toString());
        List selectNodes2 = XPath.selectNodes(this.m_webxml, new StringBuffer().append("//web-app/security-constraint[auth-constraint/role-name=\"").append(role.getName()).append("\"]").toString());
        if (selectNodes.size() == 0) {
            return false;
        }
        if (role.equals(Role.ALL)) {
            return true;
        }
        if (selectNodes2.size() == 0) {
            return false;
        }
        for (Element element : selectNodes) {
            Iterator it = selectNodes2.iterator();
            while (it.hasNext()) {
                if (element.equals((Element) it.next())) {
                    return true;
                }
            }
        }
        return false;
    }

    public boolean isContainerAuthorized() {
        return this.m_containerAuthorized;
    }

    @Override // com.ecyrd.jspwiki.auth.Authorizer
    public Principal[] getRoles() {
        return (Principal[]) this.m_containerRoles.clone();
    }

    protected Role[] getRoles(Document document) throws JDOMException {
        HashSet hashSet = new HashSet();
        Iterator it = XPath.selectNodes(document, "//web-app/security-constraint/auth-constraint/role-name").iterator();
        while (it.hasNext()) {
            hashSet.add(new Role(((Element) it.next()).getTextTrim()));
        }
        Iterator it2 = XPath.selectNodes(document, "//web-app/security-role/role-name").iterator();
        while (it2.hasNext()) {
            hashSet.add(new Role(((Element) it2.next()).getTextTrim()));
        }
        return (Role[]) hashSet.toArray(new Role[hashSet.size()]);
    }

    protected Document getWebXml() throws JDOMException, IOException {
        return null;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$ecyrd$jspwiki$auth$authorize$WebContainerAuthorizer == null) {
            cls = class$(AuthorizationManager.DEFAULT_AUTHORIZER);
            class$com$ecyrd$jspwiki$auth$authorize$WebContainerAuthorizer = cls;
        } else {
            cls = class$com$ecyrd$jspwiki$auth$authorize$WebContainerAuthorizer;
        }
        log = Logger.getLogger(cls);
    }
}
