package flex.messaging.security;

import flex.messaging.log.Log;
import flex.messaging.util.ExceptionUtil;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.Manager;
import org.apache.catalina.Realm;
import org.apache.catalina.Role;
import org.apache.catalina.Session;
import org.apache.catalina.Valve;
import org.apache.catalina.Wrapper;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.users.AbstractUser;
import org.apache.catalina.valves.ValveBase;

/* loaded from: input_file:flex/messaging/security/Tomcat7Valve.class */
public class Tomcat7Valve extends ValveBase implements Lifecycle {
    private static final String AUTH_TYPE = "flexmessaging";
    private static final String AMF_MATCH = "/amfgateway";
    private static final String GATEWAY_MATCH = "/flashgateway";
    private static final String MESSAGEBROKER_MATCH = "/messagebroker";
    private static String CUSTOM_MATCH = System.getProperty("flex.tomcatValveMatch");

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:flex/messaging/security/Tomcat7Valve$TomcatLoginImpl.class */
    public class TomcatLoginImpl implements TomcatLogin {
        private ValveBase valve;
        private Request request;

        TomcatLoginImpl(ValveBase valveBase, Request request) {
            this.valve = valveBase;
            this.request = request;
        }

        @Override // flex.messaging.security.TomcatLogin
        public Principal login(String str, String str2, HttpServletRequest httpServletRequest) {
            Principal authenticate;
            Realm realm = this.valve.getContainer().getRealm();
            if (realm == null || (authenticate = realm.authenticate(str, str2)) == null) {
                return null;
            }
            if (servletRequestMatches(httpServletRequest)) {
                this.request.setAuthType(Tomcat7Valve.AUTH_TYPE);
                this.request.setUserPrincipal(authenticate);
                Session session = Tomcat7Valve.getSession(this.request, true);
                if (session != null) {
                    session.setAuthType(Tomcat7Valve.AUTH_TYPE);
                    session.setPrincipal(authenticate);
                    if (str != null) {
                        session.setNote("org.apache.catalina.session.USERNAME", str);
                    } else {
                        session.removeNote("org.apache.catalina.session.USERNAME");
                    }
                    if (str2 != null) {
                        session.setNote("org.apache.catalina.session.PASSWORD", str2);
                    } else {
                        session.removeNote("org.apache.catalina.session.PASSWORD");
                    }
                }
            }
            return authenticate;
        }

        @Override // flex.messaging.security.TomcatLogin
        public boolean authorize(Principal principal, List list) {
            Realm realm = this.valve.getContainer().getRealm();
            Iterator it = list.iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                Wrapper wrapper = null;
                if (this.request != null) {
                    wrapper = this.request.getWrapper();
                }
                if (realm.hasRole(wrapper, principal, str)) {
                    return true;
                }
            }
            return false;
        }

        @Override // flex.messaging.security.TomcatLogin
        public boolean logout(HttpServletRequest httpServletRequest) {
            if (!servletRequestMatches(httpServletRequest)) {
                return false;
            }
            Session session = Tomcat7Valve.getSession(this.request, false);
            if (session == null) {
                return true;
            }
            session.setPrincipal((Principal) null);
            session.setAuthType((String) null);
            session.removeNote("org.apache.catalina.session.USERNAME");
            session.removeNote("org.apache.catalina.session.PASSWORD");
            return true;
        }

        private boolean servletRequestMatches(HttpServletRequest httpServletRequest) {
            return this.request != null && this.request.getRequest() == httpServletRequest;
        }

        @Override // flex.messaging.security.TomcatLogin
        public Principal convertPrincipal(Principal principal) {
            if (!(principal instanceof GenericPrincipal) && (principal instanceof AbstractUser)) {
                AbstractUser abstractUser = (AbstractUser) principal;
                ArrayList arrayList = new ArrayList();
                Iterator roles = abstractUser.getRoles();
                while (roles.hasNext()) {
                    arrayList.add(((Role) roles.next()).getName());
                }
                return new GenericPrincipal(abstractUser.getUsername(), abstractUser.getPassword(), arrayList);
            }
            return principal;
        }
    }

    public Tomcat7Valve() {
        TomcatLoginImpl tomcatLoginImpl = new TomcatLoginImpl(this, null);
        TomcatLoginHolder.setLogin(tomcatLoginImpl);
        TomcatLoginHolder.setNioBasedLogin(tomcatLoginImpl);
    }

    public void invoke(Request request, Response response) throws IOException, ServletException {
        invokeServletRequest(request);
        Valve next = getNext();
        if (next != null) {
            next.invoke(request, response);
        }
    }

    private void invokeServletRequest(Request request) {
        HttpServletRequest request2 = request.getRequest();
        if (request2 instanceof HttpServletRequest) {
            HttpServletRequest httpServletRequest = request2;
            if (checkIfPathMatches(httpServletRequest.getServletPath(), httpServletRequest.getRequestURI())) {
                handleMatch(request, httpServletRequest.getUserPrincipal());
            }
        }
    }

    private void handleMatch(Request request, Principal principal) {
        Session session;
        Principal principal2;
        TomcatLoginHolder.setLogin(new TomcatLoginImpl(this, request));
        if (principal != null || (session = getSession(request, false)) == null || (principal2 = session.getPrincipal()) == null) {
            return;
        }
        request.setAuthType(session.getAuthType());
        request.setUserPrincipal(principal2);
    }

    private boolean checkIfPathMatches(String str, String str2) {
        return str == null ? (str2 == null || (str2.indexOf(MESSAGEBROKER_MATCH) == -1 && str2.indexOf(AMF_MATCH) == -1 && str2.indexOf(GATEWAY_MATCH) == -1 && (CUSTOM_MATCH == null || str2.indexOf(CUSTOM_MATCH) == -1))) ? false : true : str.startsWith(MESSAGEBROKER_MATCH) || str.startsWith(AMF_MATCH) || str.startsWith(GATEWAY_MATCH) || (CUSTOM_MATCH != null && str.startsWith(CUSTOM_MATCH));
    }

    public void addLifecycleListener(LifecycleListener lifecycleListener) {
    }

    public LifecycleListener[] findLifecycleListeners() {
        return null;
    }

    public void removeLifecycleListener(LifecycleListener lifecycleListener) {
    }

    static Session getSession(Request request, boolean z) {
        Manager manager;
        HttpSession session = request.getRequest().getSession(z);
        if (session == null || (manager = request.getContext().getManager()) == null) {
            return null;
        }
        try {
            return manager.findSession(session.getId());
        } catch (IOException e) {
            Log.getLogger("Security").error("Error in TomcatValve getting session id " + session.getId() + " : " + ExceptionUtil.toString(e));
            return null;
        }
    }
}
