package com.ecyrd.jspwiki.auth;

import com.ecyrd.jspwiki.TextUtil;
import com.ecyrd.jspwiki.WikiEngine;
import com.ecyrd.jspwiki.WikiException;
import com.ecyrd.jspwiki.WikiSession;
import com.ecyrd.jspwiki.auth.authorize.Role;
import com.ecyrd.jspwiki.auth.authorize.WebContainerAuthorizer;
import com.ecyrd.jspwiki.auth.login.WebContainerCallbackHandler;
import com.ecyrd.jspwiki.auth.login.WikiCallbackHandler;
import com.ecyrd.jspwiki.event.WikiEventListener;
import com.ecyrd.jspwiki.event.WikiEventManager;
import com.ecyrd.jspwiki.event.WikiSecurityEvent;
import java.io.File;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Properties;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/ecyrd/jspwiki/auth/AuthenticationManager.class */
public final class AuthenticationManager {
    public static final String COOKIE_MODULE;
    public static final String LOGIN_CONTAINER = "JSPWiki-container";
    public static final String LOGIN_CUSTOM = "JSPWiki-custom";
    public static final String PROP_STOREIPADDRESS = "jspwiki.storeIPAddress";
    protected static final Logger log;
    private static Boolean m_allowsAssertions;
    public static final String SECURITY_OFF = "off";
    protected static final String SECURITY_CONTAINER = "container";
    public static final String SECURITY_JAAS = "jaas";
    public static final String PROP_SECURITY = "jspwiki.security";
    private static final String PROP_JAAS_CONFIG = "java.security.auth.login.config";
    private static final String PROP_POLICY_CONFIG = "java.security.policy";
    private static final String DEFAULT_JAAS_CONFIG = "jspwiki.jaas";
    private static final String DEFAULT_POLICY = "jspwiki.policy";
    private static boolean m_useJAAS;
    static Class class$0;
    static Class class$1;
    protected boolean m_isJaasConfiguredAtStartup = false;
    protected boolean m_isJavaPolicyConfiguredAtStartup = false;
    private WikiEngine m_engine = null;
    private boolean m_storeIPAddress = true;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r1v7, types: [java.lang.Throwable] */
    static {
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("com.ecyrd.jspwiki.auth.login.CookieAssertionLoginModule");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        COOKIE_MODULE = cls.getName();
        Class<?> cls2 = class$1;
        if (cls2 == null) {
            try {
                cls2 = Class.forName("com.ecyrd.jspwiki.auth.AuthenticationManager");
                class$1 = cls2;
            } catch (ClassNotFoundException unused2) {
                throw new NoClassDefFoundError(cls2.getMessage());
            }
        }
        log = Logger.getLogger(cls2);
        m_allowsAssertions = null;
        m_useJAAS = true;
    }

    public final void initialize(WikiEngine wikiEngine, Properties properties) throws WikiException {
        this.m_engine = wikiEngine;
        this.m_storeIPAddress = TextUtil.getBooleanProperty(properties, PROP_STOREIPADDRESS, this.m_storeIPAddress);
        this.m_isJaasConfiguredAtStartup = PolicyLoader.isJaasConfigured();
        this.m_isJavaPolicyConfiguredAtStartup = PolicyLoader.isSecurityPolicyConfigured();
        m_useJAAS = SECURITY_JAAS.equals(properties.getProperty(PROP_SECURITY, SECURITY_JAAS));
        if (m_useJAAS) {
            log.info("Checking JAAS configuration...");
            if (this.m_isJaasConfiguredAtStartup) {
                log.info("JAAS already configured by some other application (leaving it alone...)");
            } else {
                URL findConfigFile = findConfigFile(DEFAULT_JAAS_CONFIG);
                log.info(new StringBuffer("JAAS not configured. Installing default configuration: ").append(findConfigFile).append(". You can set the ").append(PROP_JAAS_CONFIG).append(" system property to point to your ").append("jspwiki.jaas file, or add the entries from jspwiki.jaas to your own ").append("JAAS configuration file.").toString());
                try {
                    PolicyLoader.setJaasConfiguration(findConfigFile);
                } catch (SecurityException e) {
                    log.info(new StringBuffer("Ingoring: Could not configure JAAS: ").append(e.getMessage()).toString());
                }
            }
            log.info("Checking security policy configuration...");
            if (this.m_isJavaPolicyConfiguredAtStartup) {
                return;
            }
            URL findConfigFile2 = findConfigFile(DEFAULT_POLICY);
            log.info(new StringBuffer("Security policy not configured. Installing default policy: ").append(findConfigFile2).append(". Please set the ").append(PROP_POLICY_CONFIG).append(" system property, if you're not happy with the default.").toString());
            try {
                PolicyLoader.setSecurityPolicy(findConfigFile2);
            } catch (SecurityException e2) {
                log.info(new StringBuffer("Ignoring: Could not install security policy: ").append(e2.getMessage()).toString());
            }
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public final boolean isContainerAuthenticated() {
        if (!m_useJAAS) {
            return true;
        }
        try {
            Authorizer authorizer = this.m_engine.getAuthorizationManager().getAuthorizer();
            if (authorizer instanceof WebContainerAuthorizer) {
                return ((WebContainerAuthorizer) authorizer).isContainerAuthorized();
            }
            return false;
        } catch (WikiException e) {
            return false;
        }
    }

    public final boolean login(HttpServletRequest httpServletRequest) throws WikiSecurityException {
        if (httpServletRequest == null) {
            throw new IllegalStateException("Wiki context's HttpRequest may not be null");
        }
        WikiSession wikiSession = WikiSession.getWikiSession(this.m_engine, httpServletRequest);
        if (wikiSession == null) {
            throw new IllegalStateException("Wiki context's WikiSession may not be null");
        }
        boolean z = true;
        if (m_useJAAS) {
            z = doLogin(wikiSession, new WebContainerCallbackHandler(httpServletRequest, this.m_engine.getAuthorizationManager().getAuthorizer()), LOGIN_CONTAINER);
        }
        return z;
    }

    public final boolean login(WikiSession wikiSession, String str, String str2) throws WikiSecurityException {
        if (wikiSession != null) {
            return doLogin(wikiSession, new WikiCallbackHandler(this.m_engine.getUserManager().getUserDatabase(), str, str2), LOGIN_CUSTOM);
        }
        log.error("No wiki session provided, cannot log in.");
        return false;
    }

    public final void logout(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            log.error("No HTTP reqest provided; cannot log out.");
            return;
        }
        HttpSession session = httpServletRequest.getSession();
        String id = session == null ? "(null)" : session.getId();
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer("Invalidating WikiSession for session ID=").append(id).toString());
        }
        WikiSession wikiSession = WikiSession.getWikiSession(this.m_engine, httpServletRequest);
        Principal loginPrincipal = wikiSession.getLoginPrincipal();
        wikiSession.invalidate();
        WikiSession.removeWikiSession(this.m_engine, httpServletRequest);
        session.invalidate();
        fireEvent(44, loginPrincipal, null);
    }

    public static final boolean allowsCookieAssertions() {
        if (!m_useJAAS) {
            return true;
        }
        if (m_allowsAssertions == null) {
            m_allowsAssertions = Boolean.FALSE;
            Configuration configuration = (Configuration) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ecyrd.jspwiki.auth.AuthenticationManager.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    return Configuration.getConfiguration();
                }
            });
            if (configuration != null) {
                for (AppConfigurationEntry appConfigurationEntry : configuration.getAppConfigurationEntry(LOGIN_CONTAINER)) {
                    if (COOKIE_MODULE.equals(appConfigurationEntry.getLoginModuleName())) {
                        m_allowsAssertions = Boolean.TRUE;
                    }
                }
            }
        }
        return m_allowsAssertions.booleanValue();
    }

    public static final boolean isRolePrincipal(Principal principal) {
        return (principal instanceof Role) || (principal instanceof GroupPrincipal);
    }

    public static final boolean isUserPrincipal(Principal principal) {
        return !isRolePrincipal(principal);
    }

    private final boolean doLogin(WikiSession wikiSession, CallbackHandler callbackHandler, String str) throws WikiSecurityException {
        try {
            LoginContext loginContext = (LoginContext) AccessController.doPrivileged(new PrivilegedAction(this, wikiSession, str, callbackHandler) { // from class: com.ecyrd.jspwiki.auth.AuthenticationManager.2
                final AuthenticationManager this$0;
                private final WikiSession val$wikiSession;
                private final String val$application;
                private final CallbackHandler val$handler;

                {
                    this.this$0 = this;
                    this.val$wikiSession = wikiSession;
                    this.val$application = str;
                    this.val$handler = callbackHandler;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    try {
                        return this.val$wikiSession.getLoginContext(this.val$application, this.val$handler);
                    } catch (LoginException e) {
                        AuthenticationManager.log.error(new StringBuffer("Couldn't retrieve login configuration.\nMessage=").append(e.getLocalizedMessage()).toString());
                        return null;
                    }
                }
            });
            if (loginContext == null) {
                log.error("No login context.  Please double-check that JSPWiki found your 'jspwiki.jaas' file or the contents have been appended to your regular JAAS file.");
                return false;
            }
            loginContext.login();
            fireEvent(30, null, wikiSession);
            if (wikiSession.isAnonymous()) {
                fireEvent(31, wikiSession.getLoginPrincipal(), wikiSession);
                return true;
            }
            if (wikiSession.isAsserted()) {
                fireEvent(32, wikiSession.getLoginPrincipal(), wikiSession);
                return true;
            }
            if (!wikiSession.isAuthenticated()) {
                return true;
            }
            fireEvent(40, wikiSession.getLoginPrincipal(), wikiSession);
            return true;
        } catch (FailedLoginException e) {
            log.info(new StringBuffer("Failed login: ").append(e.getLocalizedMessage()).toString());
            fireEvent(43, wikiSession.getLoginPrincipal(), wikiSession);
            return false;
        } catch (SecurityException e2) {
            log.error("Could not log in.  Please check that your jaas.config file is found.", e2);
            return false;
        } catch (LoginException e3) {
            log.error(new StringBuffer("Couldn't log in.\nMessage=").append(e3.getLocalizedMessage()).toString());
            return false;
        } catch (CredentialExpiredException e4) {
            log.info(new StringBuffer("Credentials expired: ").append(e4.getLocalizedMessage()).toString());
            fireEvent(42, wikiSession.getLoginPrincipal(), wikiSession);
            return false;
        } catch (AccountExpiredException e5) {
            log.info(new StringBuffer("Expired account: ").append(e5.getLocalizedMessage()).toString());
            fireEvent(41, wikiSession.getLoginPrincipal(), wikiSession);
            return false;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    private final URL findConfigFile(String str) {
        File file = null;
        if (this.m_engine.getRootPath() != null) {
            file = new File(new StringBuffer(String.valueOf(this.m_engine.getRootPath())).append("/WEB-INF/").append(str).toString());
        }
        if (file != null && file.exists()) {
            try {
                return file.toURL();
            } catch (MalformedURLException e) {
                log.warn(new StringBuffer("Malformed URL: ").append(e.getMessage()).toString());
            }
        }
        Class<?> cls = class$1;
        if (cls == null) {
            try {
                cls = Class.forName("com.ecyrd.jspwiki.auth.AuthenticationManager");
                class$1 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        ClassLoader classLoader = cls.getClassLoader();
        URL resource = classLoader.getResource(new StringBuffer("/WEB-INF/").append(str).toString());
        if (resource == null) {
            resource = classLoader.getResource(new StringBuffer("/").append(str).toString());
        }
        if (resource == null) {
            resource = classLoader.getResource(str);
        }
        if (resource == null && this.m_engine.getServletContext() != null) {
            try {
                resource = this.m_engine.getServletContext().getResource(new StringBuffer("/WEB-INF/").append(str).toString());
            } catch (MalformedURLException e2) {
                log.fatal("Your code is b0rked.  You are a bad person.");
            }
        }
        return resource;
    }

    public final synchronized void addWikiEventListener(WikiEventListener wikiEventListener) {
        WikiEventManager.addWikiEventListener(this, wikiEventListener);
    }

    public final synchronized void removeWikiEventListener(WikiEventListener wikiEventListener) {
        WikiEventManager.removeWikiEventListener(this, wikiEventListener);
    }

    protected final void fireEvent(int i, Principal principal, Object obj) {
        if (WikiEventManager.isListening(this)) {
            WikiEventManager.fireEvent(this, new WikiSecurityEvent(this, i, principal, obj));
        }
    }
}
