package org.eclipse.jetty.security;

import java.io.IOException;
import java.security.Principal;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.servlet.DispatcherType;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.authentication.DeferredAuthentication;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpChannel;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Response;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.handler.HandlerWrapper;
import org.eclipse.jetty.server.session.AbstractSession;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;

/* loaded from: classes13.dex */
public abstract class SecurityHandler extends HandlerWrapper implements Authenticator.AuthConfiguration {

    /* renamed from: t, reason: collision with root package name */
    private Authenticator f146235t;

    /* renamed from: v, reason: collision with root package name */
    private String f146237v;

    /* renamed from: w, reason: collision with root package name */
    private String f146238w;

    /* renamed from: y, reason: collision with root package name */
    private LoginService f146239y;

    /* renamed from: z, reason: collision with root package name */
    private IdentityService f146240z;
    private static final Logger B = Log.getLogger((Class<?>) SecurityHandler.class);
    public static final Principal __NO_USER = new b();
    public static final Principal __NOBODY = new c();

    /* renamed from: s, reason: collision with root package name */
    private boolean f146234s = false;

    /* renamed from: u, reason: collision with root package name */
    private Authenticator.Factory f146236u = new DefaultAuthenticatorFactory();
    private final Map<String, String> x = new HashMap();
    private boolean A = true;

    /* loaded from: classes13.dex */
    public class NotChecked implements Principal {
        public NotChecked() {
        }

        @Override // java.security.Principal
        public String getName() {
            return null;
        }

        public SecurityHandler getSecurityHandler() {
            return SecurityHandler.this;
        }

        @Override // java.security.Principal
        public String toString() {
            return "NOT CHECKED";
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes13.dex */
    public class a implements HttpSessionListener {
        a() {
        }

        @Override // javax.servlet.http.HttpSessionListener
        public void sessionCreated(HttpSessionEvent httpSessionEvent) {
            Request request;
            HttpChannel<?> currentHttpChannel = HttpChannel.getCurrentHttpChannel();
            if (currentHttpChannel == null || (request = currentHttpChannel.getRequest()) == null || !request.isSecure()) {
                return;
            }
            httpSessionEvent.getSession().setAttribute(AbstractSession.SESSION_KNOWN_ONLY_TO_AUTHENTICATED, Boolean.TRUE);
        }

        @Override // javax.servlet.http.HttpSessionListener
        public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {
        }
    }

    /* loaded from: classes13.dex */
    static class b implements Principal {
        b() {
        }

        @Override // java.security.Principal
        public String getName() {
            return null;
        }

        @Override // java.security.Principal
        public String toString() {
            return "No User";
        }
    }

    /* loaded from: classes13.dex */
    static class c implements Principal {
        c() {
        }

        @Override // java.security.Principal
        public String getName() {
            return "Nobody";
        }

        @Override // java.security.Principal
        public String toString() {
            return getName();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes13.dex */
    public static /* synthetic */ class d {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f146243a;

        static {
            int[] iArr = new int[DispatcherType.values().length];
            f146243a = iArr;
            try {
                iArr[DispatcherType.REQUEST.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f146243a[DispatcherType.ASYNC.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                f146243a[DispatcherType.FORWARD.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityHandler() {
        addBean(this.f146236u);
    }

    public static SecurityHandler getCurrentSecurityHandler() {
        ContextHandler.Context currentContext = ContextHandler.getCurrentContext();
        if (currentContext == null) {
            return null;
        }
        return (SecurityHandler) currentContext.getContextHandler().getChildHandlerByClass(SecurityHandler.class);
    }

    protected IdentityService N() {
        return (IdentityService) getServer().getBean(IdentityService.class);
    }

    protected LoginService O() throws Exception {
        Collection<LoginService> beans = getServer().getBeans(LoginService.class);
        String realmName = getRealmName();
        if (realmName == null) {
            if (beans.size() == 1) {
                return (LoginService) beans.iterator().next();
            }
            return null;
        }
        for (LoginService loginService : beans) {
            if (loginService.getName() != null && loginService.getName().equals(realmName)) {
                return loginService;
            }
        }
        return null;
    }

    protected abstract boolean P(Request request, Response response, Object obj);

    protected abstract RoleInfo Q(String str, Request request);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.jetty.server.handler.AbstractHandler, org.eclipse.jetty.util.component.ContainerLifeCycle, org.eclipse.jetty.util.component.AbstractLifeCycle
    public void doStart() throws Exception {
        ContextHandler.Context currentContext = ContextHandler.getCurrentContext();
        if (currentContext != null) {
            Enumeration<String> initParameterNames = currentContext.getInitParameterNames();
            while (initParameterNames != null && initParameterNames.hasMoreElements()) {
                String nextElement = initParameterNames.nextElement();
                if (nextElement.startsWith("org.eclipse.jetty.security.") && getInitParameter(nextElement) == null) {
                    setInitParameter(nextElement, currentContext.getInitParameter(nextElement));
                }
            }
            currentContext.getContextHandler().addEventListener(new a());
        }
        if (this.f146239y == null) {
            setLoginService(O());
            LoginService loginService = this.f146239y;
            if (loginService != null) {
                unmanage(loginService);
            }
        }
        if (this.f146240z == null) {
            LoginService loginService2 = this.f146239y;
            if (loginService2 != null) {
                setIdentityService(loginService2.getIdentityService());
            }
            if (this.f146240z == null) {
                setIdentityService(N());
            }
            IdentityService identityService = this.f146240z;
            if (identityService != null) {
                unmanage(identityService);
            } else if (this.f146237v != null) {
                setIdentityService(new DefaultIdentityService());
                manage(this.f146240z);
            }
        }
        LoginService loginService3 = this.f146239y;
        if (loginService3 != null) {
            if (loginService3.getIdentityService() == null) {
                this.f146239y.setIdentityService(this.f146240z);
            } else if (this.f146239y.getIdentityService() != this.f146240z) {
                throw new IllegalStateException("LoginService has different IdentityService to " + this);
            }
        }
        Authenticator.Factory authenticatorFactory = getAuthenticatorFactory();
        if (this.f146235t == null && authenticatorFactory != null && this.f146240z != null) {
            setAuthenticator(authenticatorFactory.getAuthenticator(getServer(), ContextHandler.getCurrentContext(), this, this.f146240z, this.f146239y));
        }
        Authenticator authenticator = this.f146235t;
        if (authenticator != null) {
            authenticator.setConfiguration(this);
        } else if (this.f146237v != null) {
            B.warn("No Authenticator for " + this, new Object[0]);
            throw new IllegalStateException("No Authenticator");
        }
        super.doStart();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.jetty.server.handler.AbstractHandler, org.eclipse.jetty.util.component.ContainerLifeCycle, org.eclipse.jetty.util.component.AbstractLifeCycle
    public void doStop() throws Exception {
        if (!isManaged(this.f146240z)) {
            removeBean(this.f146240z);
            this.f146240z = null;
        }
        if (!isManaged(this.f146239y)) {
            removeBean(this.f146239y);
            this.f146239y = null;
        }
        super.doStop();
    }

    @Override // org.eclipse.jetty.security.Authenticator.AuthConfiguration
    public String getAuthMethod() {
        return this.f146238w;
    }

    public Authenticator getAuthenticator() {
        return this.f146235t;
    }

    public Authenticator.Factory getAuthenticatorFactory() {
        return this.f146236u;
    }

    @Override // org.eclipse.jetty.security.Authenticator.AuthConfiguration
    public IdentityService getIdentityService() {
        return this.f146240z;
    }

    @Override // org.eclipse.jetty.security.Authenticator.AuthConfiguration
    public String getInitParameter(String str) {
        return this.x.get(str);
    }

    @Override // org.eclipse.jetty.security.Authenticator.AuthConfiguration
    public Set<String> getInitParameterNames() {
        return this.x.keySet();
    }

    @Override // org.eclipse.jetty.security.Authenticator.AuthConfiguration
    public LoginService getLoginService() {
        return this.f146239y;
    }

    @Override // org.eclipse.jetty.security.Authenticator.AuthConfiguration
    public String getRealmName() {
        return this.f146237v;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v17, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r1v18 */
    /* JADX WARN: Type inference failed for: r1v19 */
    /* JADX WARN: Type inference failed for: r1v21 */
    /* JADX WARN: Type inference failed for: r1v22 */
    /* JADX WARN: Type inference failed for: r1v24 */
    /* JADX WARN: Type inference failed for: r1v25 */
    /* JADX WARN: Type inference failed for: r1v37 */
    /* JADX WARN: Type inference failed for: r1v38 */
    /* JADX WARN: Type inference failed for: r1v39 */
    /* JADX WARN: Type inference failed for: r1v40 */
    /* JADX WARN: Type inference failed for: r1v41 */
    /* JADX WARN: Type inference failed for: r1v42 */
    /* JADX WARN: Type inference failed for: r1v5, types: [boolean] */
    /* JADX WARN: Type inference failed for: r1v6 */
    /* JADX WARN: Type inference failed for: r1v7 */
    /* JADX WARN: Type inference failed for: r1v8 */
    /* JADX WARN: Type inference failed for: r1v9 */
    @Override // org.eclipse.jetty.server.handler.HandlerWrapper, org.eclipse.jetty.server.Handler
    public void handle(String str, Request request, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        HttpServletResponse httpServletResponse2;
        IdentityService identityService;
        Authentication.User user;
        Object obj;
        HttpServletRequest httpServletRequest2 = httpServletRequest;
        HttpServletResponse httpServletResponse3 = httpServletResponse;
        Response response = request.getResponse();
        Handler handler = getHandler();
        if (handler == null) {
            return;
        }
        Authenticator authenticator = this.f146235t;
        if (!w(request)) {
            handler.handle(str, request, httpServletRequest2, httpServletResponse3);
            return;
        }
        if (authenticator != null) {
            authenticator.prepareRequest(request);
        }
        RoleInfo Q = Q(str, request);
        if (!x(str, request, response, Q)) {
            if (request.isHandled()) {
                return;
            }
            httpServletResponse3.sendError(403);
            request.setHandled(true);
            return;
        }
        boolean P = P(request, response, Q);
        if (P && authenticator == null) {
            B.warn("No authenticator for: " + Q, new Object[0]);
            if (request.isHandled()) {
                return;
            }
            httpServletResponse3.sendError(403);
            request.setHandled(true);
            return;
        }
        Object obj2 = null;
        try {
            try {
                Authentication authentication = request.getAuthentication();
                if (authentication == null || authentication == Authentication.NOT_CHECKED) {
                    authentication = authenticator == null ? Authentication.UNAUTHENTICATED : authenticator.validateRequest(httpServletRequest2, httpServletResponse3, P);
                }
                if (authentication instanceof Authentication.Wrapped) {
                    httpServletRequest2 = ((Authentication.Wrapped) authentication).getHttpServletRequest();
                    httpServletResponse3 = ((Authentication.Wrapped) authentication).getHttpServletResponse();
                }
                HttpServletRequest httpServletRequest3 = httpServletRequest2;
                httpServletResponse2 = httpServletResponse3;
                try {
                    if (authentication instanceof Authentication.ResponseSent) {
                        request.setHandled(true);
                    } else {
                        ?? r12 = authentication instanceof Authentication.User;
                        try {
                            if (r12 != 0) {
                                Authentication.User user2 = (Authentication.User) authentication;
                                request.setAuthentication(authentication);
                                IdentityService identityService2 = this.f146240z;
                                Object associate = identityService2 != null ? identityService2.associate(user2.getUserIdentity()) : null;
                                if (P) {
                                    try {
                                        user = user2;
                                        Object obj3 = associate;
                                        try {
                                            if (!y(str, request, response, Q, user2.getUserIdentity())) {
                                                httpServletResponse2.sendError(403, "!role");
                                                request.setHandled(true);
                                                IdentityService identityService3 = this.f146240z;
                                                if (identityService3 != null) {
                                                    identityService3.disassociate(obj3);
                                                    return;
                                                }
                                                return;
                                            }
                                            obj = obj3;
                                        } catch (ServerAuthException e8) {
                                            e = e8;
                                            r12 = obj3;
                                            obj2 = r12;
                                            httpServletResponse2.sendError(500, e.getMessage());
                                            identityService = this.f146240z;
                                            if (identityService == null) {
                                                return;
                                            }
                                            identityService.disassociate(obj2);
                                        } catch (Throwable th2) {
                                            th = th2;
                                            r12 = obj3;
                                            obj2 = r12;
                                            IdentityService identityService4 = this.f146240z;
                                            if (identityService4 != null) {
                                                identityService4.disassociate(obj2);
                                            }
                                            throw th;
                                        }
                                    } catch (ServerAuthException e10) {
                                        e = e10;
                                        r12 = associate;
                                    } catch (Throwable th3) {
                                        th = th3;
                                        r12 = associate;
                                    }
                                } else {
                                    user = user2;
                                    obj = associate;
                                }
                                handler.handle(str, request, httpServletRequest3, httpServletResponse2);
                                r12 = obj;
                                if (authenticator != null) {
                                    authenticator.secureResponse(httpServletRequest3, httpServletResponse2, P, user);
                                    r12 = obj;
                                }
                            } else if (authentication instanceof Authentication.Deferred) {
                                DeferredAuthentication deferredAuthentication = (DeferredAuthentication) authentication;
                                request.setAuthentication(authentication);
                                try {
                                    handler.handle(str, request, httpServletRequest3, httpServletResponse2);
                                    r12 = deferredAuthentication.getPreviousAssociation();
                                    if (authenticator != null) {
                                        Authentication authentication2 = request.getAuthentication();
                                        if (authentication2 instanceof Authentication.User) {
                                            authenticator.secureResponse(httpServletRequest3, httpServletResponse2, P, (Authentication.User) authentication2);
                                            r12 = r12;
                                        } else {
                                            authenticator.secureResponse(httpServletRequest3, httpServletResponse2, P, null);
                                            r12 = r12;
                                        }
                                    }
                                    obj2 = r12;
                                } catch (Throwable th4) {
                                    deferredAuthentication.getPreviousAssociation();
                                    throw th4;
                                }
                            } else {
                                request.setAuthentication(authentication);
                                IdentityService identityService5 = this.f146240z;
                                Object associate2 = identityService5 != null ? identityService5.associate(null) : null;
                                handler.handle(str, request, httpServletRequest3, httpServletResponse2);
                                r12 = associate2;
                                if (authenticator != null) {
                                    authenticator.secureResponse(httpServletRequest3, httpServletResponse2, P, null);
                                    r12 = associate2;
                                }
                            }
                            obj2 = r12;
                        } catch (ServerAuthException e11) {
                            e = e11;
                        } catch (Throwable th5) {
                            th = th5;
                        }
                    }
                    identityService = this.f146240z;
                    if (identityService == null) {
                        return;
                    }
                } catch (ServerAuthException e12) {
                    e = e12;
                }
            } catch (ServerAuthException e13) {
                e = e13;
                httpServletResponse2 = httpServletResponse3;
            }
            identityService.disassociate(obj2);
        } catch (Throwable th6) {
            th = th6;
        }
    }

    public boolean isCheckWelcomeFiles() {
        return this.f146234s;
    }

    @Override // org.eclipse.jetty.security.Authenticator.AuthConfiguration
    public boolean isSessionRenewedOnAuthentication() {
        return this.A;
    }

    public void logout(Authentication.User user) {
        B.debug("logout {}", user);
        LoginService loginService = getLoginService();
        if (loginService != null) {
            loginService.logout(user.getUserIdentity());
        }
        IdentityService identityService = getIdentityService();
        if (identityService != null) {
            identityService.disassociate(null);
        }
    }

    public void setAuthMethod(String str) {
        if (isRunning()) {
            throw new IllegalStateException("running");
        }
        this.f146238w = str;
    }

    public void setAuthenticator(Authenticator authenticator) {
        if (isStarted()) {
            throw new IllegalStateException("Started");
        }
        updateBean(this.f146235t, authenticator);
        this.f146235t = authenticator;
        if (authenticator != null) {
            this.f146238w = authenticator.getAuthMethod();
        }
    }

    public void setAuthenticatorFactory(Authenticator.Factory factory) {
        if (isRunning()) {
            throw new IllegalStateException("running");
        }
        updateBean(this.f146236u, factory);
        this.f146236u = factory;
    }

    public void setCheckWelcomeFiles(boolean z8) {
        if (isRunning()) {
            throw new IllegalStateException("running");
        }
        this.f146234s = z8;
    }

    public void setIdentityService(IdentityService identityService) {
        if (isStarted()) {
            throw new IllegalStateException("Started");
        }
        updateBean(this.f146240z, identityService);
        this.f146240z = identityService;
    }

    public String setInitParameter(String str, String str2) {
        if (isRunning()) {
            throw new IllegalStateException("running");
        }
        return this.x.put(str, str2);
    }

    public void setLoginService(LoginService loginService) {
        if (isStarted()) {
            throw new IllegalStateException("Started");
        }
        updateBean(this.f146239y, loginService);
        this.f146239y = loginService;
    }

    public void setRealmName(String str) {
        if (isRunning()) {
            throw new IllegalStateException("running");
        }
        this.f146237v = str;
    }

    public void setSessionRenewedOnAuthentication(boolean z8) {
        this.A = z8;
    }

    protected boolean w(Request request) {
        int i8 = d.f146243a[request.getDispatcherType().ordinal()];
        if (i8 == 1 || i8 == 2) {
            return true;
        }
        if (i8 != 3 || !isCheckWelcomeFiles() || request.getAttribute("org.eclipse.jetty.server.welcome") == null) {
            return false;
        }
        request.removeAttribute("org.eclipse.jetty.server.welcome");
        return true;
    }

    protected abstract boolean x(String str, Request request, Response response, RoleInfo roleInfo) throws IOException;

    protected abstract boolean y(String str, Request request, Response response, Object obj, UserIdentity userIdentity) throws IOException;
}
