package org.apache.catalina.authenticator;

import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
import java.util.Random;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import org.apache.catalina.Authenticator;
import org.apache.catalina.Container;
import org.apache.catalina.Context;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.Pipeline;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.Valve;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.deploy.SecurityConstraint;
import org.apache.catalina.util.LifecycleSupport;
import org.apache.catalina.util.StringManager;
import org.apache.catalina.valves.ValveBase;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.xpath.compiler.PsuedoNames;
import org.eclipse.jdt.internal.compiler.impl.CompilerOptions;

/* loaded from: input_file:WEB-INF/lib/deegree-tomcat-3.3.8.jar:lib/catalina.jar:org/apache/catalina/authenticator/AuthenticatorBase.class */
public abstract class AuthenticatorBase extends ValveBase implements Authenticator, Lifecycle {
    protected static final String DEFAULT_ALGORITHM = "MD5";
    protected static final int SESSION_ID_BYTES = 16;
    protected static final String REALM_NAME = "Authentication required";
    protected static final String info = "org.apache.catalina.authenticator.AuthenticatorBase/1.0";
    private static Log log = LogFactory.getLog(AuthenticatorBase.class);
    protected static final StringManager sm = StringManager.getManager(Constants.Package);
    private static final String DATE_ONE = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US).format(new Date(1));
    protected String algorithm = "MD5";
    protected boolean cache = true;
    protected boolean changeSessionIdOnAuthentication = true;
    protected Context context = null;
    protected MessageDigest digest = null;
    protected String entropy = null;
    protected boolean disableProxyCaching = true;
    protected boolean securePagesWithPragma = true;
    protected LifecycleSupport lifecycle = new LifecycleSupport(this);
    protected Random random = null;
    protected String randomClass = "java.security.SecureRandom";
    protected SingleSignOn sso = null;
    protected boolean started = false;

    public String getAlgorithm() {
        return this.algorithm;
    }

    public void setAlgorithm(String str) {
        this.algorithm = str;
    }

    public boolean getCache() {
        return this.cache;
    }

    public void setCache(boolean z) {
        this.cache = z;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Contained
    public Container getContainer() {
        return this.context;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Contained
    public void setContainer(Container container) {
        if (!(container instanceof Context)) {
            throw new IllegalArgumentException(sm.getString("authenticator.notContext"));
        }
        super.setContainer(container);
        this.context = (Context) container;
    }

    public String getEntropy() {
        if (this.entropy == null) {
            setEntropy(toString());
        }
        return this.entropy;
    }

    public void setEntropy(String str) {
        this.entropy = str;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve
    public String getInfo() {
        return info;
    }

    public String getRandomClass() {
        return this.randomClass;
    }

    public void setRandomClass(String str) {
        this.randomClass = str;
    }

    public boolean getDisableProxyCaching() {
        return this.disableProxyCaching;
    }

    public void setDisableProxyCaching(boolean z) {
        this.disableProxyCaching = z;
    }

    public boolean getSecurePagesWithPragma() {
        return this.securePagesWithPragma;
    }

    public void setSecurePagesWithPragma(boolean z) {
        this.securePagesWithPragma = z;
    }

    public boolean getChangeSessionIdOnAuthentication() {
        return this.changeSessionIdOnAuthentication;
    }

    public void setChangeSessionIdOnAuthentication(boolean z) {
        this.changeSessionIdOnAuthentication = z;
    }

    @Override // org.apache.catalina.valves.ValveBase, org.apache.catalina.Valve
    public void invoke(Request request, Response response) throws IOException, ServletException {
        String[] findAuthRoles;
        Session sessionInternal;
        Principal principal;
        if (log.isDebugEnabled()) {
            log.debug("Security checking request " + request.getMethod() + " " + request.getRequestURI());
        }
        LoginConfig loginConfig = this.context.getLoginConfig();
        if (this.cache && request.getUserPrincipal() == null && (sessionInternal = request.getSessionInternal(false)) != null && (principal = sessionInternal.getPrincipal()) != null) {
            if (log.isDebugEnabled()) {
                log.debug("We have cached auth type " + sessionInternal.getAuthType() + " for principal " + sessionInternal.getPrincipal());
            }
            request.setAuthType(sessionInternal.getAuthType());
            request.setUserPrincipal(principal);
        }
        String path = this.context.getPath();
        String decodedRequestURI = request.getDecodedRequestURI();
        if (decodedRequestURI.startsWith(path) && decodedRequestURI.endsWith("/j_security_check") && !authenticate(request, response, loginConfig)) {
            if (log.isDebugEnabled()) {
                log.debug(" Failed authenticate() test ??" + decodedRequestURI);
                return;
            }
            return;
        }
        Realm realm = this.context.getRealm();
        SecurityConstraint[] findSecurityConstraints = realm.findSecurityConstraints(request, this.context);
        if (findSecurityConstraints == null) {
            if (log.isDebugEnabled()) {
                log.debug(" Not subject to any constraint");
            }
            getNext().invoke(request, response);
            return;
        }
        if (this.disableProxyCaching && !"POST".equalsIgnoreCase(request.getMethod())) {
            if (this.securePagesWithPragma) {
                response.setHeader("Pragma", "No-cache");
                response.setHeader("Cache-Control", "no-cache");
            } else {
                response.setHeader("Cache-Control", CompilerOptions.PRIVATE);
            }
            response.setHeader("Expires", DATE_ONE);
        }
        if (log.isDebugEnabled()) {
            log.debug(" Calling hasUserDataPermission()");
        }
        if (!realm.hasUserDataPermission(request, response, findSecurityConstraints)) {
            if (log.isDebugEnabled()) {
                log.debug(" Failed hasUserDataPermission() test");
                return;
            }
            return;
        }
        boolean z = true;
        for (int i = 0; i < findSecurityConstraints.length && z; i++) {
            if (!findSecurityConstraints[i].getAuthConstraint()) {
                z = false;
            } else if (!findSecurityConstraints[i].getAllRoles() && ((findAuthRoles = findSecurityConstraints[i].findAuthRoles()) == null || findAuthRoles.length == 0)) {
                z = false;
            }
        }
        if (z) {
            if (log.isDebugEnabled()) {
                log.debug(" Calling authenticate()");
            }
            if (!authenticate(request, response, loginConfig)) {
                if (log.isDebugEnabled()) {
                    log.debug(" Failed authenticate() test");
                    return;
                }
                return;
            }
        }
        if (log.isDebugEnabled()) {
            log.debug(" Calling accessControl()");
        }
        if (realm.hasResourcePermission(request, response, findSecurityConstraints, this.context)) {
            if (log.isDebugEnabled()) {
                log.debug(" Successfully passed all security constraints");
            }
            getNext().invoke(request, response);
        } else if (log.isDebugEnabled()) {
            log.debug(" Failed accessControl() test");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void associate(String str, Session session) {
        if (this.sso == null) {
            return;
        }
        this.sso.associate(str, session);
    }

    protected abstract boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException;

    protected synchronized String generateSessionId() {
        byte[] bArr = new byte[16];
        getRandom().nextBytes(bArr);
        byte[] digest = getDigest().digest(bArr);
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < digest.length; i++) {
            byte b = (byte) ((digest[i] & 240) >> 4);
            byte b2 = (byte) (digest[i] & 15);
            if (b < 10) {
                stringBuffer.append((char) (48 + b));
            } else {
                stringBuffer.append((char) (65 + (b - 10)));
            }
            if (b2 < 10) {
                stringBuffer.append((char) (48 + b2));
            } else {
                stringBuffer.append((char) (65 + (b2 - 10)));
            }
        }
        return stringBuffer.toString();
    }

    protected synchronized MessageDigest getDigest() {
        if (this.digest == null) {
            try {
                this.digest = MessageDigest.getInstance(this.algorithm);
            } catch (NoSuchAlgorithmException e) {
                try {
                    this.digest = MessageDigest.getInstance("MD5");
                } catch (NoSuchAlgorithmException e2) {
                    this.digest = null;
                }
            }
        }
        return this.digest;
    }

    protected synchronized Random getRandom() {
        if (this.random == null) {
            try {
                this.random = (Random) Class.forName(this.randomClass).newInstance();
                long currentTimeMillis = System.currentTimeMillis();
                for (int i = 0; i < getEntropy().toCharArray().length; i++) {
                    currentTimeMillis ^= ((byte) r0[i]) << ((i % 8) * 8);
                }
                this.random.setSeed(currentTimeMillis);
            } catch (Exception e) {
                this.random = new Random();
            }
        }
        return this.random;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean reauthenticateFromSSO(String str, Request request) {
        Realm realm;
        if (this.sso == null || str == null) {
            return false;
        }
        boolean z = false;
        Container container = getContainer();
        if (container != null && (realm = container.getRealm()) != null) {
            z = this.sso.reauthenticate(str, realm, request);
        }
        if (z) {
            associate(str, request.getSessionInternal(true));
            if (log.isDebugEnabled()) {
                log.debug(" Reauthenticated cached principal '" + request.getUserPrincipal().getName() + "' with auth type '" + request.getAuthType() + "'");
            }
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void register(Request request, Response response, Principal principal, String str, String str2, String str3) {
        if (log.isDebugEnabled()) {
            log.debug("Authenticated '" + principal.getName() + "' with type '" + str + "'");
        }
        request.setAuthType(str);
        request.setUserPrincipal(principal);
        Session sessionInternal = request.getSessionInternal(false);
        if (sessionInternal != null && this.changeSessionIdOnAuthentication) {
            request.getContext().getManager().changeSessionId(sessionInternal);
            request.changeSessionId(sessionInternal.getId());
        }
        if (this.cache && sessionInternal != null) {
            sessionInternal.setAuthType(str);
            sessionInternal.setPrincipal(principal);
            if (str2 != null) {
                sessionInternal.setNote(Constants.SESS_USERNAME_NOTE, str2);
            } else {
                sessionInternal.removeNote(Constants.SESS_USERNAME_NOTE);
            }
            if (str3 != null) {
                sessionInternal.setNote(Constants.SESS_PASSWORD_NOTE, str3);
            } else {
                sessionInternal.removeNote(Constants.SESS_PASSWORD_NOTE);
            }
        }
        if (this.sso == null) {
            return;
        }
        String str4 = (String) request.getNote(Constants.REQ_SSOID_NOTE);
        if (str4 == null) {
            str4 = generateSessionId();
            Cookie cookie = new Cookie(Constants.SINGLE_SIGN_ON_COOKIE, str4);
            cookie.setMaxAge(-1);
            cookie.setPath(PsuedoNames.PSEUDONAME_ROOT);
            cookie.setSecure(request.isSecure());
            String cookieDomain = this.sso.getCookieDomain();
            if (cookieDomain != null) {
                cookie.setDomain(cookieDomain);
            }
            response.addCookie(cookie);
            this.sso.register(str4, principal, str, str2, str3);
            request.setNote(Constants.REQ_SSOID_NOTE, str4);
        } else {
            this.sso.update(str4, principal, str, str2, str3);
        }
        if (sessionInternal == null) {
            sessionInternal = request.getSessionInternal(true);
        }
        this.sso.associate(str4, sessionInternal);
    }

    @Override // org.apache.catalina.Lifecycle
    public void addLifecycleListener(LifecycleListener lifecycleListener) {
        this.lifecycle.addLifecycleListener(lifecycleListener);
    }

    @Override // org.apache.catalina.Lifecycle
    public LifecycleListener[] findLifecycleListeners() {
        return this.lifecycle.findLifecycleListeners();
    }

    @Override // org.apache.catalina.Lifecycle
    public void removeLifecycleListener(LifecycleListener lifecycleListener) {
        this.lifecycle.removeLifecycleListener(lifecycleListener);
    }

    @Override // org.apache.catalina.Lifecycle
    public void start() throws LifecycleException {
        if (this.started) {
            throw new LifecycleException(sm.getString("authenticator.alreadyStarted"));
        }
        this.lifecycle.fireLifecycleEvent("start", null);
        this.started = true;
        Container parent = this.context.getParent();
        while (this.sso == null && parent != null) {
            if (parent instanceof Pipeline) {
                Valve[] valves = ((Pipeline) parent).getValves();
                int i = 0;
                while (true) {
                    if (i >= valves.length) {
                        break;
                    }
                    if (valves[i] instanceof SingleSignOn) {
                        this.sso = (SingleSignOn) valves[i];
                        break;
                    }
                    i++;
                }
                if (this.sso == null) {
                    parent = parent.getParent();
                }
            } else {
                parent = parent.getParent();
            }
        }
        if (log.isDebugEnabled()) {
            if (this.sso != null) {
                log.debug("Found SingleSignOn Valve at " + this.sso);
            } else {
                log.debug("No SingleSignOn Valve is present");
            }
        }
    }

    @Override // org.apache.catalina.Lifecycle
    public void stop() throws LifecycleException {
        if (!this.started) {
            throw new LifecycleException(sm.getString("authenticator.notStarted"));
        }
        this.lifecycle.fireLifecycleEvent("stop", null);
        this.started = false;
        this.sso = null;
    }
}
